On Friday 12th November 2021 ICAEW held a hybrid event to discuss the exposure draft for the less complex entity audit standard, headlined by a conversation with Tom Seidenstein, International Auditing and Assurance Standards Board (IAASB) Chair.
Less complex entities, or LCEs for short, is a topic very close to my heart. While my time in practice was in a Big 4 firm, I largely worked in a regional office. I enjoyed working with the smaller end of the client base – owner managed businesses and scale up tech firms – trying to share my experience with businesses who valued my perspective.
During the last 18 months I also participated in the development of the new LCE standard, as a member of the IAASB’s Reference Group. As part of this work, I shared my views on the standard’s development, reviewed initial drafts, and provided the perspective of both a former auditor and the leader of an audit methodology and platform provider. I was one of two representatives from the United Kingdom on the Reference Group, and the only UK based audit methodology and platform provider. So, I joined the session keen to hear the views the IAASB representatives, the UK standard setter and UK practitioners. The session included:
Here are my key takeaways from the session.
Across the UK audit market, firms are unanimously experiencing capacity challenges. The regulatory pressures at the top of the audit market are increasing workload to address quality, with the largest firms both recruiting from other firms and stepping away from their higher risk, less profitable clients.
This is fuelling a high level of opportunity for mid-tier and smaller firms to win larger clients and is fuelling strong growth. But can firms deliver this extra work to a high standard?
The new standard is viewed by many firms as a silver bullet, to make the audits of LCEs more effective and free capacity.
"The IAASB have done a great job actually taking this forward and coming out with the standard. I don’t think they have gone far enough though. I think there are still requirements in the standard which aren’t necessarily going to add anything to an audit of less complex entities."
Ah, the expectation gap. But this time, audit firms are the ones with an expectation not aligned with the standards. This silver bullet mindset may not be appropriate. The IAASB has been uncompromising in their view that no two-tier audit system should be created, and an LCE audit opinion should represent reasonable assurance. The LCE standard has been developed through a full review of the International Standards on Auditing (ISAs), extracting the requirements which are relevant to an LCE audit. So, the fundamental requirements are comparable.
The reordering of the requirements to match the natural workflow of an audit and rewording the requirements to make them easier to read will both be helpful. I also expect the extent of documentation can be reduced in some areas, including understanding the entity and internal controls. But a truly innovative and more efficient audit approach is unlikely to be the direct result of the LCE standard.
"The new standard will achieve the same level of quality. We have tried to write them in a more direct way, so that you get to the same level, but you might go a different way to get there."
Kai Morten Hagen
The exposure draft was released quickly by the IAASB to advance this high priority project in a more agile way. The exposure draft development has been quick for an international standard and the extended response period recognises some key questions remain unresolved.
The most emotive of these for UK firms is undoubtedly group audits. The current standard categorises all group audits as being complex, and thus the LCE standard cannot be used. But in the UK market where statutory audits are required for all entities in a group, and with the impact of Brexit further removing the ability for some groups to exempt subsidiaries, UK firms appear unanimous in calling for at least some groups to be categorised as less complex.
In my opinion, group engagements aren’t necessarily complex, and a different delineation is needed. I believe group audits are complex where other firms are performing component audits and reporting to the group engagement team and that this would be a more acceptable delineation.
"I don’t think groups should be excluded. We have a large number of groups. We have very simple charities who have a trading subsidiary which works for tax reasons. We then have holding companies which may just hold the property of the group with simple trading entities underneath there, nothing complex. All of those entities individually are not complex, and the consolidation process is not complex. So, it seems difficult for me to understand why those sorts of entities won’t be able to apply the standard."
The Financial Reporting Council (FRC), as both audit regulator and standard setter, does not appear supportive of the LCE standard. I had heard of concerns behind the scenes before this event, but this was the first time I’d witnessed open critique over its suitability to the UK market. The FRC’s view appears to be that the audit threshold, where businesses under £10m turnover (plus other criteria) are exempt from audit, sufficiently addresses the need to make audit requirements proportionate to the entity.
This seems at odds with the view of practitioners who are crying out for a better approach to LCEs. It will be interesting to monitor the FRC’s formal response to the exposure draft and whether their position softens over time.
"IAASB is working to provide standards that can be applied in any jurisdiction, we have particular characteristics in this jurisdiction which make me think that there is less need for a standard of this type in the UK than in other jurisdictions where every entity is required to have an audit.
"It's really important that we don’t move into a two-tier audit market in the UK. We have a resilient audit market and need to manage risk that there is always a perception around the LCE standard is it ISA minus, rather than delivering what stakeholders want to see. You have to be careful in being seen as less than an ISA audit, which is for us the gold standard that delivers consistent high-quality work."
Despite all this, the largest UK firms are already utilising LCE methodologies within their firm – something I was heavily involved in developing in 2012. These methodologies take a comparable approach to how the LCE standard was developed, achieving compliance with the existing ISAs by identifying the requirements relevant to an LCE and eliminating those only relevant to complex entities.
This is another example of where the in-house development of audit methodology and related technology is providing a significant competitive advantage to the largest firms. But what this does make clear is that the LCE standard is not critical to a better approach to LCE audits. It could also be achieved through methodology and technology rather than standards.
"In practice today, some of the firms already have their own methodologies being built for this area and they do already account for that in their training."
Kai Morten Hagen
Practitioners appear sceptical that UK methodology providers will make the investment required to develop a new LCE methodology. The approach to draft the standard means it may not be viewed as sufficiently different to warrant the investment, or that an approach to iterate on the existing may be more likely.
After years of under investment in third party methodologies compared to the innovations made by the largest firms, UK firms appear resigned that a new approach to LCEs may not be forthcoming from the incumbent audit methodology providers.
"We have relied far too much on the checklist approach and we see trainees are ticking boxes without probably applying too much brain power to what that question is. This is dangerous because when they do come across good questions, they have not considered how to answer it properly."
Taking a step back, why is it that the current standards are considered ineffective for audits of LCEs?Per the IFAC survey aimed at better understand LCE challenges, the top two issues raised related to ISA requirements not being applicable, and onerous documentation requirements.
The proposed LCE standard is one resolution the IAASB is advancing to attempt to address this challenge, as they also consider revisions to the existing ISAs. In certain territories across the world, local standard setters have themselves developed and implemented their own LCE standards.
Methodology innovation is another lever that has already been pulled by the largest firms. But is greater automation where UK firms should be focusing on right now? Auditors are increasingly using advanced technology and data. This may be to perform powerful data analytics – which some consider most relevant to the largest audits - or to deliver greater value to clients. However, a significant opportunity exists to increase how technology and data drives automation of requirements which are lower value, particularly in LCE audits.
Digital technology and data can hugely benefit less complex audit work, automating documentation and instantly addressing the more functional requirements of an audit. So, rather than waiting for a new standard which is years away (2023 internationally) and may never be available in the UK, should firms shift their focus away from standard and invest in technology and automation?
"One of the things we understood is that our auditing standards were becoming more complex, and that’s that natural outgrowth of complexity in the economy and more demands of regulators and auditors. 90% of all entities are SME or probably fit in to context of LCE, so interest demands we meet the needs of these users."