The Financial Reporting Council appears to be taking a
tougher stance. Aziz Rahman explains what auditors must do to avoid falling
fall of it.
Accountancy regulator the Financial Reporting Council (FRC)
has announced that it is investigating PwC’s auditing of BT, following a huge
financial scandal at the telecom company’s Italian operation.
The FRC, which monitors and enforces accounting standards,
is focusing on PwC’s auditing of BT's financial statements from 2015 to 2017, which
is when a £531M fraud is alleged to have been committed by employees.
FRC investigators will be looking to see how the fraud
failed to show up on the audits. Reports into the scandal have indicated that
contracts, invoices and revenue from BT-installed phone lines were inaccurately
recorded or exaggerated by staff so that they could show they had met targets.
BT itself has stated there were improper sales, purchase and leasing
transactions and improper accounting practices.
The FRC, which is partially funded by the U.K. government, has
the power to issue fines or bans to companies it deems to be found in serious
breach of its rules. The 2010 “International Standard on Auditing (UK and
Ireland) 240’’ expects auditors to identify and assess the risks of fraud, seek
evidence of it and “respond appropriately’’ to fraud or suspected fraud if it
is identified during an audit.
And it seems to be taking a very close look at the behaviour
of the accounting and auditing profession.
At Rahman Ravelli, we have been urging accountants to not
only be aware of the standards they must maintain but also recognise what they
must do to keep maintaining them. The FRC’s recent activities are a reminder of
In May, the FRC dropped its investigation into PwC's auditing
of Tesco after the supermarket group admitted a £326M black hole in its 2014 accounts
was due to incorrect booking of payments from suppliers.
But the FRC will be unwilling to drop any more
investigations. It appears to be taking an increasingly tough stance on those
it believes are falling short in their duties.
In May, it fined PwC a record £5m for “misconduct” in
relation to the audit of Connaught, the social housing maintenance group that
went into administration seven years ago. Last year, PwC had to pay £3M in
fines and costs due to its audit of the collapsed financial services group,
But this is not just about PwC. Earlier this year, the FRC
warned companies after finding faults in a third of the accounts it examined
from the UK’s six largest audit firms.
Such penalties indicate that the FRC is looking to come down
hard on those it feels are not fully meeting their obligations. While it does
not have the unique range of powers that the Serious Fraud Office (SFO) can
boast, the cases mentioned earlier prove that it can and will punish those it
believes are failing in their duties as accountants or auditors.
Auditors are regarded as the ones who examine the accounts
that the accountants have compiled. Directors and senior management attach
great weight to the “health check’’ that an auditor’s report gives to a
company. And with good reason. It is the auditors who are expected to examine
the finances and internal workings of a company, use statistical sampling to
gain an accurate picture of its wellbeing and raise any concerns they may have
after assessing all this.
It may be unfair to expect an auditor to detect all fraud.
Fraud prevention must be the company’s responsibility. But it is the
accountants who compile all the relevant information and the auditors who check
it. The argument, therefore, is that the auditors – and, arguably, company
accountants – should be seeing any fraud before anyone else.
While this argument may have some merit, it would be unfair
to expect someone coming into a company, as an auditor is, to instantly
When the auditors do go in, however, they should be asking
detailed questions about the company’s approach to preventing or recognising
Questions such as:
* The exact nature of the company’s business.
* What are the fraud risks to this company?
* is the risk of fraud due to the geographical area or
sector of business it trades in?
*What has been done to minimise the risks?
* What could indicate that fraud is being committed?
* What opportunities or incentives exist for those looking
to commit fraud?
* What level of scrutiny is given to this by those in
* The reasons for any patterns in the company’s finances.
If a company has an anti-fraud policy in place, the auditor
must insist on having it explained to them. Only then can they hope to see the
full picture when they come to do the audit – and identify anything that may
indicate that fraud has been committed.
If there is no fraud prevention at a company about to be
audited, it is in the auditor’s interests to seek explanations about why there
isn’t any. They should also insist on a detailed, thorough explanation of the
company’s workings so that they are fully informed before carried out the
While it may sound obsessive, they should also keep clear
and detailed records of all communication they have with staff or other
representatives of the company they are auditing.
It may also be worth instigating a series of on-the-spot,
unannounced audits. These will provide a valuable snapshot of a business’
workings and make it difficult for anyone committing fraud to cover their
Such an approach outlined here will minimise the chances of
an auditor missing fraud. But if fraud is still missed by an auditor and they
become the subject of an FRC investigation, they must seek immediate advice
from a legal firm that specialises in business crime.
Auditors should also equip themselves with a working
knowledge of the Proceeds of Crime Act and Money Laundering Regulations, so
that they do not miss any obvious signs of money laundering; which could also
attract the attention of the FRC. They have to be aware of all relevant law –
and seek legal assistance if they are not.