The changing audit landscape

Home · Insights · The Changing Audit Landscape
Date posted
24 May 2021
Reading time
5 minutes

Kainos Audit Principal, Qadir Quayum, outlines how the changing landscape of audit will have a greater impact on organisations than ever before, as more stringent fiscal regulations call for a new level of preparedness—operationally, and technologically.

In 2001, the Enron accounting scandal fundamentally altered the world of corporate governance. Through clever use of accounting loopholes, corporate structures, and weaknesses in financial reporting, Enron was able to hide billions of dollars in debt. The resulting scandal led to the bankruptcy of the company, collapse of Arthur Andersen (one of the accounting world's Big Five players), and was followed by the enactment of the Sarbanes Oxley (SOX) Act by US Congress.  

SOX laid out a number of provisions–including penalties for destroying financial records–but perhaps the most burdensome element was section 404, which placed an obligation on management of all SEC listed entities to implement and demonstrate the operation of a sound system of internal control for financial reporting purposes. It also made it the auditor's responsibility to attest to the soundness of management’s control assessment and use this as a basis to report back on the state of financial control. 

Despite the protests of corporate leaders at the time, who (quite correctly) anticipated costlier and more time-consuming audits along with a plethora of new reporting requirements, SOX has endured with its emphasis on internal control. However, it would be a mistake to think that the fallout from Enron and SOX was restricted to US shores—overseas subsidiaries of SEC-listed entities soon found themselves in the cross hairs and over the years, similar legislation has passed in several countries including Japan (JSOX), Canada (C-SOX) and South Africa, amongst others. 

Today, there is little doubt that SOX has driven a greater sense of accountability from management and as a consequence, has strengthened internal control. This in turn has promoted increased investor confidence, improved financial reporting, plus enhanced oversight for audit committees. Companies that run an effective system of controls often find themselves in a better position to identify and drive efficiencies through process optimisation leveraging both manual processes and technology. Such companies also tend to be more risk aware and by implication, more agile in the way that they respond to the changing risk landscape. However this does come at a cost.

The cost of compliance for SOX requirements continues to rise with auditors demanding ever more evidence and documentary trails be maintained. As well as this, technology advances within finance functions has led to more sophisticated (and in turn harder to monitor) controls.  

So where does the UK market stand? To date, the UK & Ireland have escaped relatively lightly with only audits of SEC-listed entities operating here caught up by stringent SOX rules. However, all that could be about to radically change.  

In response to a growing number of UK corporate scandals – Patisserie Valerie, Carillion, Interserve and Thomas Cook to name but a few – the government commissioned reviews of the audit market and profession. The first of these reviews was the Kingman report (published 2018) that recommended the establishment of a new audit regulatory body with enhanced powers.  

The second and arguably more seismic review was the Brydon report (published December 2019) which sets out a series of recommendations concerning internal control within UK companies. Specifically, it proposes a SOX style system of internal control and governance be introduced to the UK market. It also urges the increased use of data and technology in order to promote a better quality audit and the potential use of joint auditors for larger FTSE 350 companies.  

Both papers are under consideration and the government will shortly be publishing a white paper on corporate governance. To my mind, two important questions to be answered are: 

  1. Scope – will the scope of any enhanced UK regime cover only internal controls over financial reporting (as in the US) or will it cover broader operational and non-financial controls? 
  2. Application – to which companies will it apply? There is an argument that it be restricted (initially) and in a post-COVID business environment to the very largest companies—for example, the FTSE 350 and companies where there is a significant public interest although this may include large private companies. 

If a strengthened UK internal controls regime does feature in the government’s white paper proposals for the corporate governance system, we are likely to see a once in a generation change.  

If SOX is a barometer and indicator of the past, being prepared will be critical.

Qadir Quayum – Audit Principal, Kainos

Free Workday audit eBook

In this white paper, we suggest a few simple things every company can do to maintain a state of audit-readiness by harnessing the power and truth of Workday.

Download this guide

Complete the form opposite to download this guide.