The UK'S answer to Sarbanes-Oxley: Proposed changes to accounting and auditing practices in the UK

On 3 December the Government introduced the Companies (Audit, Investigations and Community Enterprise) Bill to the House of Lords. The Bill is intended to improve the reliability of financial reporting and the independence of auditors, and to strengthen the powers of company investigators. It also includes the legislative provisions needed to bring into being the new "Community Interest Company".

Many of the changes in the Bill have been expected since the publication in July 2002 of the Government's White Paper on Company Law and since the Government prioritised reform of the UK's accounting, audit and corporate governance rules in the light of the Enron and Worldcom scandals.

The Bill must now proceed to a second and third reading in the House of Lords, and then be scrutinised by the House of Commons. Under normal circumstances, in order to become law a Government Bill must complete all its stages in one Session of Parliament. In the 2001-2 Session all the Bills presented by the Government were passed in that Session. The current Session runs until November next year, so it is likely that the Bill will become law before then.

This article highlights the main changes proposed in the Bill against the background of recent developments in this area.

Background

Company Law White Paper

In July 2002 the Government published a White Paper designed to be part of a complete overhaul of UK Company Law. Amongst the proposed changes:

• public and large private companies would be required to publish in their annual report an audited operating and financial review (OFR), containing an assessment of the company's business, performance and prospects, as well as its community and environmental impact and relationships with staff;
• directors of all companies and their subsidiaries would be required to volunteer to the auditors all information which they need in order to carry out their audit – with criminal sanctions attached to a failure to do so;
• the Reporting Review Panel (RRP) should be the successor body to the Financial Reporting Review Panel, and should have a broader remit, including power to enforce the rules for public and larger companies on the form and content of accounts.

Although the Government has not yet set a timetable to take forward the majority of the reforms in the White Paper, in July this year the DTI announced that the Government intended to introduce the OFR through secondary legislation (which will not require significant Parliamentary time), and that those reforms which are aimed at preventing 'major corporate failures' would be introduced "as soon as parliamentary time allows". It is these reforms that are included in the Bill.

Although the DTI has consulted on the question of which matters should be deemed sufficiently 'material' to require inclusion in the OFR, no draft regulations have yet been published.

For further information on the White Paper see the LawNow article published on 12 August 2002.

DTI Review of Audit and Accounting issues

In January 2003 the DTI published two reports on audit and accounting issues in the UK. In the first, the Co-ordinating Group on Audit and Accounting Issues (CGAA) made recommendations for improving auditor independence and transparency, corporate governance, financial reporting standards and the monitoring of audit firms.

The second report contained the results of the DTI's October 2002 consultation on the 'Review of the Regulatory Regime of the Accounting Profession in the UK' and recommended that:

• the Financial Reporting Council (FRC) should take on the functions of the Accountancy Foundation with responsibility for setting, monitoring and enforcing accounting and audit standards, and overseeing the major professional accountancy bodies;
• the existing rules on independent regulation and review of audits should be significantly strengthened. Specifically, responsibility for setting independence standards for auditors and for monitoring the audit of listed companies and other significant entities should be transferred from the professional accountancy bodies to the independent regulator.
• There should be a risk-based, proactive approach to the enforcement of accounting standards. In particular, the Financial Services Authority (FSA) should have a greater role in identifying the risks to be investigated and the selection of company accounts for examination. The Inland Revenue should also help identify 'high-risk' accounts.

From March to June the DTI consulted further on the legislative changes needed to implement these recommendations, and the FRC has now taken over from the Accountancy Foundation, as the second report proposed.

Many of the recommendations in the Reports have already been implemented in guidance issued by the accounting bodies and through the incorporation into the new Combined Code on Corporate Governance of Sir Robert Smith's recommendations on audit committees. The Bill gives effect to the other recommendations in both reports.

The Reports are available at http://www.dti.gov.uk/cld/cgaai-final.pdf and http://www.dti.gov.uk/cld/accountancy-review.pdf , this will open a PDF in a new window.

For further information on the Combined Code see the LawNow article published on 21 August this year.

The Companies (Audit, Investigations and Community Enterprise) Bill

Many of the reforms proposed in the Bill echo those introduced in the US by the Sarbanes-Oxley Act of 2002 (SOX), and represent the Government's response to Enron and Worldcom scandals.

In particular, the Bill is intended to improve the reliability of financial reporting and the independence of auditors by:

• requiring directors to state that they have not withheld any relevant information from their auditors;
• requiring companies to publish details of non-audit services provided by their auditors;
• imposing independent auditing standards, monitoring and disciplinary procedures on the professional accountancy bodies;
• strengthening the role of the FRRP in enforcing good accounting and reporting, by giving it new powers to investigate potentially defective accounts and broadening its remit to include monitoring accounts or reports required under the UKLA's Listing Rules (such as interim results); and
• allowing the Inland Revenue to pass information about suspect accounts to the FRRP.

More detail on these proposals is given in the 'Audit and accounting issues' section below.

Changes are also included in the Bill which are designed to pave the way for the introduction of the rules on OFRs, and to strengthen the powers of inspectors appointed by the DTI to investigate the affairs of companies suspected of operating improperly.

Disclosure statement by directors

For all companies whose accounts have been subject to a statutory audit for that financial year, the directors' report will have to contain a statement to the effect that, at the time the report is approved, there is no information which has not been disclosed to the company's auditors which:

(a) a director of the company is aware of, or it would be reasonable for a director of the company to obtain by making enquiries;

(b) the director knows or ought to know would be relevant for the purposes of the auditors' determination whether the annual accounts have been properly prepared in accordance with the requirements of the Companies Act 1985; and

(c) the director knows or ought to know that the auditors are not aware of.

The Bill proposes that a director 'ought to have known' something if it would have been known by a reasonably diligent person having both the knowledge, skill and expertise of that director, and the knowledge, skill and experience that might be reasonably expected of a person carrying out the same functions as that director.

A director who makes such a statement knowing it to be false, or being reckless as to whether it is false, will be guilty of a criminal offence unless he can show that he took all reasonable steps to prevent the report from being approved. The penalties on indictment are imprisonment for up to two years and/or an unlimited fine and, on summary conviction, up to twelve months' imprisonment and/or a fine up to the statutory maximum (£5,000).

The prospect of having to give such a statement is designed to encourage directors to ensure that their company has in place a formal and effective procedure for managers to report to the board matters which could be relevant to the accounts or the audit process, and for the accounts to be checked and double-checked with all the relevant people before they are signed off.

Sarbanes-Oxley

These provisions are similar to the requirement imposed by SOX for CEOs and CFOs to certify that financial and other information contained in quarterly and annual reports filed with the SEC:

• does not contain any untrue statement of a material fact or omit to state a material fact necessary in order to ensure that the contents are not misleading; and
• fairly presents in all material respects the financial condition, results of operations and cash flows of the company for the period under review.

The CEO and CFO also have to certify that they have:

• designed the company's disclosure controls and procedures so as to ensure that material information is made known to them, particularly during the period in which the report is being prepared; and
• disclosed to the company's auditors and to the audit committee of the board of directors (i) all significant deficiencies in the design or operation of internal controls which could adversely affect the company's ability to record, process, summarise and report financial data; and (ii) any fraud that involves management or other employees who have a significant role in the company's internal controls.

An officer who gives a false SOX certification is guilty of a criminal offence which is punishable by substantial fines and lengthy terms of imprisonment. Other sanctions (such as repayment of remuneration) may also follow.

Disclosure of Non-Audit Services

The Bill would give the Secretary of State power to pass regulations requiring companies to publish more information about the nature of any services provided to them (or their associates) by their auditors or their associates (whether in an audit capacity or otherwise), and the remuneration, expenses and benefits-in-kind ('remuneration') received or receivable for such services.

Such disclosure is likely to be made either in notes to a company's annual accounts, in the directors' report or in the auditors' report. At present companies that do not qualify as 'small' or 'medium sized' have to include in a note to their accounts details of the aggregate remuneration paid to their auditors in respect of both audit and non-audit services. But under the new regulations it is anticipated that all or most companies will have to provide a breakdown of all services provided and the cost of each component part.

Such services could include bookkeeping services relating to accounting records or financial statements, financial information systems design and implementation, appraisal or valuation services and fairness opinions, actuarial services, internal audit outsourcing services, management functions or human resources, broker or dealer, investment adviser, or investment banking services, and legal and expert services unrelated to the audit.

Sarbanes-Oxley

The proposal in the Bill does not goes as far as SOX, which prohibits auditors from providing any such services to their clients, although tax advice and certain other services can be provided if the prior approval of the company's audit committee is obtained and the approval is disclosed in the company's periodic reports.

ICAEW Guidance for directors

In July this year the ICAEW published Tech 24/03, which contains guidance for directors of UK companies quoted on a regulated market as to the form and extent of disclosure in their annual reports of services provided by auditors. The guidance states that the annual report should disclose sufficient information about the services provided, and their cost, to enable a reader to make an informed judgement as to whether the potential for conflicts of interest has been satisfactorily addressed by the auditors and the company. In particular, the company should break down fees paid to the audit firm in the following categories: audit, further assurance (such as advice on accounting matters unrelated to the audit, and due diligence work), tax, and 'other' services such as financial information technology, internal audit, valuation and recruitment. Such companies should also give a narrative statement on the company's policy for ensuring that the auditor's independence has not been compromised. Tech 24/03 is available by clicking here.

In May this year the ICAEW also published guidance for audit committees, which includes guidance on 'Reviewing auditor independence'. This is available by clicking here.

Auditing Practices Board consultation on auditor independence

As part of the ongoing process of developing and updating professional standards for auditors, at the end of November the Auditing Practices Board issued for public comment five Exposure Drafts of proposed Ethical Standards dealing with (amongst other things) 'auditor integrity, objectivity and independence', 'fees, economic dependence, remuneration and evaluation policies, litigation, gifts and hospitality', and 'non-audit services provided to audit clients'. When the Ethical Standards are finalised, any audit of financial statements will have to be carried out in compliance with them. The Exposure Drafts can be found by clicking here.

Auditors' rights to information

Auditors' rights to information under section 389A of the Companies Act 1985 (which currently allows auditors to require information and explanations from the relevant company's directors, managers and company secretary) would be extended to employees of the company, to any person holding or accountable for its books, accounts or vouchers, and to any subsidiary undertaking incorporated in Great Britain (and to the officers, employees, auditors and persons holding the books of such subsidiary undertaking). Where a parent company has subsidiary undertakings which are not incorporated in Great Britain, auditors would be able to require the parent company to obtain the relevant information from the same categories of persons at that subsidiary.

Failure to supply information to auditors is not currently an offence. The Bill would introduce a new section 389(B) to the Companies Act 1985, under which a failure to comply without delay with a request for information from the auditors would constitute a criminal offence. The company and each of its officers who are in default would be liable to a fine. A failure by a parent company to take all steps reasonably open to it to obtain the information or explanations which an auditor has required it to obtain from subsidiary undertakings which are not incorporated in Great Britain would also constitute an offence (with a similar penalty).

There would also be a new offence of providing false or misleading information or explanations to an auditor where the auditor requires, or is entitled to require, such information under the revised section 389. A breach would be punishable by imprisonment or a fine (or both).

Defective accounts

At present, the FRRP is authorised by the Secretary of State to enforce the rules which require company accounts to be prepared in accordance with the Companies Act 1985 and UK GAAP. For this purpose, the FRRP checks the annual reports of companies that are incorporated under the Companies Act and, if it believes the accounts are defective, can apply to court for an order that revised accounts be prepared.

In future the FRRP's role will be performed by a FRRP committee known as the Review Panel. The Bill proposes that the FRRP's role should be enhanced in the following ways:

• The scope of the FRRP's activities should be extended to include monitoring interim reports and any other periodic reports required by Listing Rules, in addition to annual reports; and also to monitoring both the annual and interim reports of entities which are listed on the Official List but which are not Companies Act companies (such as overseas companies which have a primary listing in the UK, and issuers which are not companies but which issue equities or domestic debt). The FRRP will be expected to inform the Financial Services Authority of any suspected breaches of the Rules. This is likely to result in more fines being imposed by the FSA on listed companies and their directors which publish financial information that is false or misleading.
• Where it has reason to believe that accounts do not meet the applicable standards, the FRRP should be given power to compel companies to divulge relevant information. Currently the FRRP has no power to force companies to co-operate: it relies on explanations and documents which are not publicly available being disclosed voluntarily. The Government believes that, in taking a more proactive approach, the FRRP will be considering more cases, and that it is not enough to rely on voluntary co-operation.
• The Inland Revenue should be authorised to pass information to the FRRP where it believes that accounts may be defective.

OFR

The Secretary of State will be given power to specify a body to issue standards relating to directors' reports included in annual reports and accounts (which are not currently covered by accounting standards). This is intended to pave the way for the introduction of rules requiring public and very large private companies to publish an Operating and Financial Review, which will replace the directors' report.

Company Investigations

A number of changes will be made to the company investigations regime in order to strengthen the Secretary of State's powers to investigate the affairs of a company. These include:

• section 447 of the Companies Act 1985 will be revised to give DTI investigators power to force a company to produce any documents and information which they require. This will broaden the existing powers under section 447;
• a new section 448(A) will introduce a number of protections in relation to the disclosure of information, by providing immunity from legal liability for breach of confidence to persons making "a relevant disclosure";
• inspectors will also get new powers, under new sections 453(A) and 453(B) to the Companies Act 1985, to require access to and to remain on premises which they believe are used for the purposes of the business of the company they are investigating; and
• a failure to comply with a request for documents or information under the revised section 447, or to co-operate with investigations under section 453(A), will constitute an offence punishable as if it were a contempt of court.

Regulation of Auditors

The Companies Act 1989 requires company auditors to be members of a recognised supervisory body, and to hold a recognised professional qualification. The five recognised supervisory bodies (which include the ICAEW and ACCA) are required to observe certain requirements in carrying out their supervisory roles. Under the proposals in the Bill, the role of such bodies would be broadened to include the

• setting of auditing standards relating to professional integrity and independence,
• the setting of technical standards,
• the monitoring of audits of listed companies (and other companies whose financial condition is of particular importance), and
• the investigation and taking of disciplinary action in relation to public interest cases.

The Bill will also allow certain functions relating to company auditors and the recognition of supervisory bodies to be delegated to the Professional Oversight Board for Accountancy (POBA), which will be set up as part of the Financial Reporting Council.

Community Interest Companies

Unrelated to the changes described above, the Bill also sets out the draft legislation required to bring into being the new Community Interest Company (CIC) proposed by the DTI earlier this year. The CIC is a new type of company designed for use by social enterprises or businesses that use their profits for the benefit of the local community or the wider public (such as in childcare provision, social housing, leisure and community transport). CICs are intended to offer an alternative to charities: they will be subject to a lighter regulatory regime, but will not have the tax advantages of charities.

The provisions relating to CICs are not covered further in this article. For further information on the Government's proposals, see the LawNow article published on 14 April this year.

The full text of the Bill and the Explanatory Notes can be obtained by clicking on the above links.

Further information on auditor independence can be found on the ICAEW's website by clicking here.

***************

Reforms to liability of directors and auditors

On 16 December 2003 the DTI launched a consultation on amending section 310 of the Companies Act 1985, which imposes restrictions on the extent to which companies can indemnify or release their directors and auditors from liability in tort, contract or otherwise.

The section is notoriously uncertain in scope, and in June 2001 the Company Law Review Steering Group recommended that it should be amended to allow auditors - subject to the approval of the company's shareholders - to limit their liability in contract to the company or the shareholders in their audit engagement contract, and that auditors should be expressly permitted to limit their liability in tort to third parties. In both cases, such limitations would be presumed reasonable for the purposes of the Unfair Contract Terms Act 1977 provided they go no further than certain guidelines to be agreed after public consultation. Unsurprisingly, audit firms have been lobbying the Government to introduce such changes.

Nevertheless, the timing of the consultation is something of a surprise: the White Paper did not deal with the "difficult question of auditor liability", and instead the Government stated that it would announce its response to the question in due course. Subsequent signals from the DTI have suggested that reform of the section was unlikely to occur for some time. However, it seems that the Government has responded to pressure from audit firms, and to the recommendation of Derek Higgs, that the important issues of directors' and auditors' liability should be clarified.

The options put forward by the DTI include:

• allowing companies to pay up front the legal costs incurred by a director in defending himself successfully
• allowing companies to limit the liability of their directors for negligence
• allowing directors to be indemnified by third parties
• enabling a company to indemnify a director against a reasonable bona fide deductible under a D & O insurance policy
• allowing auditors to negotiate with their client a limit on their liability for breach of contract and negligence
• allowing audit firms to cap their liability to clients. The cap could be calculated by reference to:
• • a multiple of the audit fee;
  • a multiple of total fees paid to the auditor, including any non-audit services provided;
  • a multiple of the auditor's turnover; or
  • a fixed rate – for example, one rate could apply to the Big Four firms and a lower rate or rates to smaller firms
• requiring companies to disclose such arrangements in their annual report and accounts
• making such arrangements subject to shareholder approval or ratification.

A system of proportionate liability, whereby the courts would have to apportion liability between auditors, the company and its directors, has been considered and rejected.

The consultation closes on 12 March 2004. The consultation paper can be found at http://www.dti.gov.uk/condocs.htm.