Auditor Regulation
Qualification
The Companies (Statutory Auditors) Act 2018 implemented the EU Directive on statutory audits. Approval is granted to firms on the basis of thier good reputation. The application is made to one of the relevant accountancy bodies.An applicant for approval as a statutory auditor must be a member of a recognised accountancy body and have the appropriate qualifications
Third country auditors may be approved as a statutory auditor subject to conditions. In the case of EU member state auditors and audit firms, they are presumed to be of good repute unless their regulatory authority or body indicate otherwise.
The recognised accountancy body registers and keeps a register of auditors and audit firms. It issues identification numbers to registered firms and persons
A statutory audit may be carried out only by an approved auditor or audit firm. It is unlawful to act as a statutory auditor without being so approved. It is subject on summary conviction to a class A fine and/ or imprisonment up to 12 months or a fine up to €50,000 and/or imprisonment for a term of five years or both on conviction on indictment.
Third Country Auditors
An audit firm approved in another EU state may be recognised where the key audit partner who carries out audits is approved in the State as a statutory auditor.
An auditor from another state must have passed the relevant aptitude test and one from outside the EU must pass the aptitude test and meet other statutory requirements. There are transitional provisions applicable to certain firms in existence prior to the legislation.
The qualification must be awarded by a recognised accountancy body whose standards and training meet the specified requirements (Schedule 19). Once recognised as qualified, the auditor may undertake an audit required by EU law which will include the audits of most corporate entities in particular Irish companies and their equivalents in others EU states. Accountancy bodies may approve an auditor notwithstanding that the required qualification is not held if it is satisfied that equivalent qualifications are sufficient.
In the case of an auditor outside the State who wishes to act as a statutory auditor, he or she must pass an aptitude test unless the recognised accountancy body is satisfied as to the relevant level of knowledge. The standards which must be applied in the aptitude test are provided for in the legislation. They must be approved by IAASA.
Audit Firms
A firm may be registered as a statutory audit firm.
- Individuals carrying out audits on behalf of the firm must be approved statutory auditors
- the majority of voting rights must be held by individuals eligible for approval as statutory auditors or audit firms and
- the majority of the administrative / management body must be individuals eligible for approval as statutory auditors or an audit firm.
They may be a combination of audit firms and auditors.
The Corporate Enforcement Authority may require evidence of approval as a statutory auditor or audit firm. Failure to produce evidence when required is an offence.
Bodies’ Standards
Statutory auditors and audit firms must be independent, objective and exercise professional scepticism in accordance with the principles in the legislation. Recognised accountancy bodies must have adequate standards and codes of conduct to ensure that auditors and audit firms comply with the requirements regarding continuing education, professional ethics, independence, scepticism and objectivity.
They must put in place arrangements to monitor and enforce compliance. There are to be sanctions for failures of compliance. This must include withdrawal of approval, penalties, sanctions and disciplinary measures. Disciplinary measures and sanctions must be published.
IAASA puts in place quality assurance systems for statutory audit of quality public interest entities and third country auditors and audit entities. IAASA may oversee the quality assurance systems put in place by recognised accountancy bodies. It is to cover the members’ activities as statutory auditors and audit firms of non-public interest entities.
There are criteria for the quality assurance scheme. It must be independent, and the resources and funding must be secure and free from undue influence. There are to be reviews by appropriately qualified and experienced persons.
The reviews are to include a written report which should take place every six years, be appropriate and proportionate. Statutory auditors and audit firms must seek to implement recommendations from the review within a reasonable time.
The overall results of reviews must be published. Assurance reviewers must meet certain criteria in relation to education experience training independence et cetera. The review is to take account of the fact that the application of auditing standards to the smaller undertakings is proportionate.
Confidentiality & Access to Documents
The confidentiality rules continue to apply to the statutory auditor and audit firm after the cessation of engagement. Confidentiality of professional secrecy requirements are not to prevent recognised accountancy bodies from meeting their obligations under the legislation.
There is provision for confidentiality and professional secrecy in the case of transfers of documents relating to audits where a business is part of a group whose holding company is in a third country, if this is necessary for the audits of consolidated financial statements of the holding company where the undertaking has issued securities in a third country or as part of a group issuing consolidated financial statements the third country. Only the relevant papers may be transferred to the authorities in the relevant country. Data protection legislation must also be complied with.
Where there is a change in the statutory auditor, the former auditor must provide all relevant information relating to the audited undertaking and the most recent audit to the incoming auditor.
Recognised accountancy bodies have access to all documents subject to procedures in relation to performing the task. They must make a request in writing which may be based on a complaint that the auditor firm has breached its obligations.
Persons may be required to attend and explain the contents of documents. Failure to do so is an offence. The recognised accountancy body may apply to the High Court for an order compelling compliance with specified requirements or make an appropriate or order . The IAASA may inspect and take copies of documents held by recognised bodies carrying out its functions where a complaint has been made. It may require persons to attend and explain the contents of documents.
Standards
The IAASA adopt reporting standards to be applied. Standards relate to professional ethics internal quality control and auditing standards. Statutory auditors and all firms must carry out statutory audits in accordance with the standards.
Where the EU Commission adopts international auditing standards ,statutory audits must be carried out in accordance with the standards. They may be added to by the Authority to give effect to national requirements regarding the scope of statutory audits or to add to the credibility of financial statements. Such additional requirements must be notified to the EU commission.
Auditing standards must be applied in a proportionate way to small undertakings/businesses.
The group auditor must bear responsibility for the audit report in relation to the consolidated financial accounts of the group. In the case of a public interest entity the group auditor must bear responsibility for the additional requirements and the additional report to the audit committee.
The authority may request additional documentation and audits by third country auditors from the relevant authorities under agreed arrangements. Where they are not in place the group auditor must ensure delivery of the documents and provide explanations as to any legal or other impediments to so doing.
Independence
There are requirements for independence on the part of statutory auditors relative to the audited company or entity. Persons involved in the audit must not be involved in decision-making within the entity concerned. Independence must be maintained by the statutory auditor or audit firm in all its relationships that may affect the audit. There are requirements that owners and shareholders must not intervene in the execution of the statutory audit.
Statutory auditors and audit firms must maintain professional scepticism when carrying out audits regardless of past experience of honesty and integrity on the part of the entity’s management.
Certain listed categories of relationships are not permitted between statutory auditors and the entity audited. Certain relationships of a financial nature involving beneficial interests, which might be perceived to cause a conflict of interest are prohibited. Soliciting and accepting pecuniary or nonpecuniary gifts is prohibited unless a third party would consider their value trivial.
Where there is a merger or acquisition of an audited entity, any new interest or relationship that compromises independence must be terminated within three months.
The audit working papers must document significant threats to independence including safeguards to mitigate those traits. There are mandatory requirements to assess and document certain issues and risks before accepting a continuing engagement for statutory audit.
There are provisions applicable to statutory auditors and audit firms designed to reinforce the objective of independence. Appropriate policies and procedures must be established and followed. Threats to independence must be managed and arrangements for dealing with instances which impact integrity must be put in place. Policies and procedures must be documented and communicated to employees of the statutory auditor or audit firm.
Organisation
The Companies (Statutory Audit) Act 2018 provides for the organisation of the audit. The statutory auditor must consider the scale and complexity of the activities when complying with organisational requirements and demonstrate to the recognised accountancy body or the authority that policies and procedures to achieve compliance are appropriate in the particular context.
The Audit firm must appoint at least one key audit partner for each audit it undertakes. There are rules which seek to ensure that the audit is adequately resourced. There are requirements for keeping of records including in relation to breaches of legislation and request for external advice. An annual report must be prepared containing an overview of measures taken regarding breaches communicated to the management of the audit firm.
There are detailed obligations in relation to client accounts and audit files. Records must include fees charged for the audit and for other services provided. Records must be retained for at least six years.
Recognised accountancy bodies must include standards and provisions that fees for statutory audits are not to be influenced and determined by the provision of other services or to be contingent in any way. The Authority may on application from an auditor or audit firm grant an exemption on an exceptional basis from the 70% threshold for non-audit services income for a period of up to 2 financial years. Decisions regarding an extension are to be published.
Non-audit services may be supplied to a public interest client if certain conditions are met. The audit committee or the directors of the entity if applicable must issue guidelines regarding the services.
The obligation of professional secrecy applies to a member director employee professional or other adviser of the Authority the recognised accountancy bodies or the registrar of companies.
Authority / EU Cooperation
The Authority is responsible for cooperation between public oversight systems at EU level. Cooperation applies to providing information, grounds for refusal of request information, requests for investigations to be carried out and grounds for refusing it.
Information obtained performing functions under the Directive or Regulation may not be disclosed. Breach is a category 3 offence.
The Authority or a recognised accountancy body is to notify counterparty authorities where they consider that there have been activities of non-compliance with the Directive or Regulation in the latter’s territory and include details of the grounds for the opinion and notification.
Discipline
A recognised accountancy body can take disciplinary action or impose sanctions on statutory auditors and audit firms. They must put in place procedures, systems of investigation and penalties in respect of its members.
Recognised accountancy bodies are to set out in their rules and byelaws, contractual and other arrangements, provisions to enable them to impose penalties for failure to carry out audits in line with audit requirements. The penalties should be effective proportionate and dissuasive.
There are procedures applicable to discipline and sanctions. Where a body has decided to withdraw approval, the statutory auditor or audit firm may apply to the High Court to suspend withdrawal pending an appeal. The court may vary an order if it considers just to do so.
Removal
There is provision for removal of approval of statutory auditors. This may occur if good repute has been seriously compromised which may involve professional misconduct or want of professional skill.
Approval may be withdrawn if good repute is seriously compromised or the auditor no longer qualifies under the conditions for approval as an auditor or in the case of individual auditor,
- no longer qualifies
- is not registered in the register or
- subject to the regulation of a recognised accountancy body.
The recognised accountancy body acts as disciplinary committee. It may specify the steps necessary to rectify the position and the timeline. If they are not met, approval may be withdrawn. Some of the steps may be shortened or varied as it deems appropriate
Appeals are to be dealt with promptly. There is provision for application for court for an order of suspension pending conclusion of an appeal.
Where the body has made a final decision to withdraw approval, the auditor may apply to the High Court for an order suspending the withdrawal pending determination by the High Court of an appeal. The court may on application vary or discharge an order as considers fit having regard to certain criteria.
There is provision for mandatory withdrawal of approval of a statutory audit firm. The process is broadly similar to that in respect of individual auditors. Procedures apply analogous to those above.
Where the approval of the statutory auditor or firm is withdrawn by a recognised body it is to notify regulators in other EU states where the auditor is approved.
Register
The public register of auditors is to include certain information including
- the name and address of the auditor
- the name and address of the recognised accountancy body or EU State authority responsible for regulation.
It is an offence to hold oneself out as entitled to be entered in the register or registered when this is not the case.
There are obligations on auditors and audit firms to notify changes of the particulars to the registrar. Auditors must take part in appropriate programs of continuing education to maintain their theoretical knowledge, professional skills and values at a sufficiently high level. IAASA issue guidelines to the recognised accountancy bodies regarding compliance with this requirement.