The concept of an ‘expectation gap’ will be familiar to many in external audit. There can sometimes be a significant disconnect between the work we do and the understanding of it our stakeholders have. This is most prominent in cases of fraud or business failures, where users of financial statements can have higher expectations of what is possible than the reality.
However, another area where that disconnect manifests, perhaps in the opposite direction, is in audit reporting. Engagement teams often undertake many days and weeks of painstaking work but perhaps overlook the fact that, in many cases, the only evidence of that work seen by many stakeholders is an auditor’s report within the publicly available financial statements.
Does that always meet its aim of adequately and concisely explaining the auditor’s work and responsibilities? This is an issue the Financial Reporting Council (FRC) is looking to resolve with its latest proposed revisions to the ‘700’ series of the UK auditing standards (ISAs), which deal predominantly with the auditor’s reporting on the financial statements and other information, and communication of Key Audit Matters (KAMs) where relevant.
Background
It is a difficult balance to strike, auditors are naturally risk averse and, as these reports are public facing documents, firms will naturally be at pains to ensure that the reports are compliant, without assuming unnecessary liability.
Consequently, the text of these reports is often left to internal audit quality and reporting departments, with teams put ‘on rails’ and given minimal options to diverge from the firm’s standard text. Whilst understandable, this has a number of effects.
Content can tend towards the ‘boilerplate’, being heavily driven by internal templates which do not always adequately convey a full picture of the work undertaken. There is also a sense that reports can be ‘cluttered’ with inclusions which are not always comprehensible to users of financial statements without a background in accounting or finance.
As a result of their formulaic nature, auditors’ reports themselves, despite being the main public facing output of sometimes months of work, can feel like an afterthought, quickly drafted from an amended template.
The FRC’s amendments hope to change that by decluttering the content of the reports themselves and fostering both a greater sense of ownership over the document. This will also increase its usefulness to users of financial statements by removing requirements to report on certain areas of the engagement and instead encouraging auditors to provide a fuller description of work performed and judgments made.
What is the FRC proposing to remove?
As mentioned, the proposals are divided into two broad concepts; removal of requirements to report certain information and enhancement of reporting on what remains. In terms of ‘decluttering’ the reports, efforts in this area mainly focus on a reinforcement of the concept of reporting by exception. Currently, there are a number of items on which auditors are required to provide specific information only where misstatements, omissions or other issues are noted.
These include instances where the auditor was not provided with all required information (as is their right under the Companies Act 2006) and, in the case of listed entities, where there are departures from the UK Corporate Governance Code.
Whilst the auditor is only currently required to provide detailed explanations on these areas if exceptions are noted, current standards also require a general statement to the effect that there is nothing to report. General feedback received appears to indicate that this adds little value in most cases and serves as an example of ‘clutter’.
Recently, changes were introduced to require a description of the extent to which the audit procedures performed could detect ‘irregularities, including fraud’. Ironically, this is an opportunity for practitioners to take a more bespoke approach to report writing.
This has been regarding more complex engagements where specific, detailed procedures to address unique risks may have existed. However, in many instances (for example, reports on less complex, owner-operated entities) this resulted in a deluge of boilerplate descriptions, much of which did not necessarily reflect the reality of the work performed.
To address these issues, the FRC proposes to revert to a genuine ‘by exception’ reporting standard by removing the requirement to explicitly state where no issues were noted and remove the requirements around detecting irregularities for all but the most complex engagements for Public Interest Entities (PIEs).
And what is the FRC proposing to introduce?
By contrast, the proposals also include various suggestions around enhancement of the information provided by the reports. These include:
- An ‘overarching requirement for relevant information’; a new paragraph within ISA (UK) 701 will specifically ask auditors to focus on providing information that is relevant to users of the financial statements, helps those same users understand the relevance and relationship between that information and the financial statements as a whole and uses language which is tailored to the individual entity which is subject to the report.
- An expansion of the requirement to report on KAMs. Currently only auditors of PIEs and Listed Entities are required to report their observations on KAMs. The FRC’s proposals aim to expand that requirement to all auditors, including where those observations relate to the entity’s accounting practices.
This is a clear opportunity for engagement teams to provide more tailored and relevant content describing their risk assessment, planning process and judgments made with regards to the key areas of the work performed, including why the auditor judged them to be significant areas of focus.
- An enhancement of requirements around reporting on the entity’s system of internal control and how that impacted the audit risk assessment and work required, including a requirement for auditors to report any significant internal control deficiencies.
There are also a small number of ‘conforming amendments’ proposed to ensure continued alignment between the UK ISAs and their international counterparts. These include a removal of the distinction between Other Information and Statutory Other Information – a distinction seen as less relevant as audit reports have evolved – and changes to requirements around reporting on ethical issues with regards to PIE and Listed Entity engagements.
What’s next?
The FRC argues that they do not envisage a significant impact on the level of work required to incorporate these changes, given they principally relate to the inclusion of content on work performed by the engagement team which, in many cases, should already be documented in the audit file. However, there will inevitably be a transition period as engagement teams work to get a feel for the new format and requirements.
The FRC’s consultation period is open until 16 January 2026, providing the opportunity for stakeholders to feed back on the proposals. Mercia will continue to monitor and update our guidance and available support to reflect the final amendments and help audit professionals navigate the changes.
How can we help
If you are looking for further information on related topics, please visit our ISQM and Audit Quality hubs.