Audit Reform in Ireland
Audit reform introduces some rules that affect all audits undertaken in Ireland, in particular in the behaviour of audit committees, the way that statutory audits are regulated. So, what are the impacts?
In 2014 the European Parliament and Council introduced new rules in relation to audits carried out in Europe. These changes are contained in a Directive and related provisions of an EU regulation (the ‘Directive and Regulation’).
On the 15 June 2016 a Statutory Instrument (SI 312 of 2016) was signed in Ireland that give effect to the EU Directive and Regulation. SI 312 provides clarity on how the rules will be implemented in Ireland and what options allowed within the EU Directive and Regulation (so called ‘member state options’) will be taken.
- Who is affected by audit reform?
- The Key Impacts on PIEs?
- How audit reform affects the funds industry
- How can Deloitte Help?
- Appendix A: Audit Committee FAQ
Who is affected?
Audit reform introduces some rules that affect all audits undertaken in Ireland, in particular in the behaviour of audit committees, the way that statutory audits are regulated. Other rules, including the requirement for mandatory audit firm rotation, relate to audits of Public Interest Entities (‘PIE’).
The definition of a PIE has not been modified for Ireland and remains as defined the EU Directive. PIE’s include entities with transferable securities listed on an EU regulated market as well as credit institutions and insurance companies authorized by an EU authority. For example companies that are listed on the Irish Stock Exchange main market and insurance undertakings licensed by the Central Bank of Ireland are defined as PIEs.
So what are the Key Impacts on PIEs?
The changes that will impact on PIEs are in the following key areas:
All PIE’s will be required to have an audit committee except in limited circumstances(1). Where audit committees are required the following changes are relevant:
Composition of the Audit Committee:
- The majority’ of members of the audit committee needs to be independent of the audited entity;
- The members of the audit committee as a whole are required to have competence relevant to the sector in which the audited entity is operating;
- The chairman of the audit committee is to be appointed by its members and be independent of the audited entity;
(1)These exemptions are described in SI 312 Article 115 and apply to certain funds structures and subsidiaries of a parent undertaking which has an audit committee that meets certain conditions.
Audit Committee Functions:
The list of functions assigned to the audit committee has been extended to encompass, amongst other items:
- approving any permitted non-audit services following an assessment of the threats to independence and the safeguards that can be applied to mitigate or eliminate those threats. (Permitted non-audit services are services auditors are not prohibited by law from providing to their PIE audit clients); and
- to be responsible for the procedure for the selection of a statutory auditor or audit firm and recommend the statutory auditor or audit firm to be appointed; and
- reviewing and monitoring the independence of the statutory auditor.
Fulfilling these functions may be challenging for audit committees, particularly in the context of complex group structures involving multiple EU PIEs, and will require members to be alert to changes in requirements relating to the provision of non-audit services (see Audit Committee FAQ in Appendix A).
"Big 4" Clauses
The regulations sets out that all contractual clauses entered into between a PIE and a third party (e.g. a bank) that restrict the choice of that company’s shareholders to only appoint certain categories or lists of statutory auditors or audit firms to carry out the statutory audit of that entity ‘shall be null and void’.
Length of Audit Firm Tenure
SI 312 introduces mandatory rotation of audit firms after 10 years for each PIE. The transition arrangements depend on the length of the existing relationship, specifically relationships that have been established for longer than 11 and 20 years as of June 2014 have longer to transition. The table below sets out the transitional arrangements.
Years of audit appointment
Audit Relationship Commenced After
Audit Relationship Commenced Before
New Auditor to be appoints for Year Commencing On or After.
<20 but >=11
10 Years from first audit of PIE
The commencement of the audit relationship is the first day of the period that the audit firm first audited. Where an entity becomes a PIE after the appointment of an auditor, the period considered commences from the start of the first financial period after which the entity became a PIE.
It should be noted Ireland did not avail of the member state option to extend the period before required mandatory firm rotation by an additional ten years after a tender process or to 24 years where there is a joint audit. There is a provision allowing entities to apply to IAASA for approval to extend the maximum tenure of the audit firm by two years in exceptional circumstances. Exceptional circumstances could relate to mergers or acquisitions but ultimately will be a matter for IAASA to interpret.
The rules also set out the requirements for the running of an audit tender process. PIEs will be obliged to have a tender process when considering the selection of a new auditor; primary responsibility for this process will rest with the audit committee.
Prohibited Non-Audit Services
For a PIE the Statutory auditor and its network is prohibited from directly or indirectly providing to the audited entity, to its EU parent undertaking or to its EU controlled undertakings specified tax services, management decision making, bookkeeping, payroll, system and control, valuation, legal, internal audit HR and share transaction services. The specific details of the prohibited non-audit services are listed in Appendix B. Ireland has availed of an exemption set out in SI 312 for certain tax and valuation services.
For internal control and system design services a one year ‘cooling-in’ period applies, in that the audit is prohibited from providing such services in the financial year immediately preceding the first financial year subject to audit. This may prove problematic for tender processes when such services are procured from potential statutory audit firms.
SI 312 does allow for the provision of certain tax and valuations services which are not permitted under the Directive and Regulation where:
- they have no direct or have immaterial effect on the audited financial statements, and
- the estimation of the effect on the audited financial statements is comprehensively documented and explained in a report to the audit committee, and
- the principles of independence are complied with, and
- the audit committee may issue guidelines with regard to the non-audit services permitted.
Non Audit Services Fee Cap
In addition, there is a restriction on non-audit services is in relation to the overall fees paid to the audit firm. The total fees for non-audit services shall be limited to no more than 70 % of the average of the fees paid in the last three consecutive financial years for the statutory audit(s) of the audited entity and, where applicable, of its parent undertaking, of its controlled undertakings and of the consolidated financial statements of that group of undertakings. This fee cap does not have immediate effect as there is no requirement to look back to fees paid before the legislation became law. The first financial year starting on or after 17 June 2016 will be the first year to count towards the fee cap. So for instance, for an entity with a calendar year end the reference period will be the financial years ending in 2017, 2018 and 2019.
Audit Partner Rotation
There is also a new requirement that the audit partner on a PIE serves a maximum of five years; this provision is not subject to the transitional arrangements. Prior to SI 312 the professional standards applicable to audits in Ireland required rotation of audit partners of listed entities after five years. The key change is that the five year rotation comes into effect for unlisted banks and insurance companies and is underpinned by law.
There are a number of requirements relating to auditor reporting that should enhance investors’ understanding of the audit process including critical judgements made during the audit. The audit report will now include:
- Who appointed the statutory auditor (e.g. the members of the company or the Board of directors);
- The date of the statutory auditor’s appointment and the period of time since the statutory auditor was first appointed;
- A description of the most significant assessed risks of material misstatement, a summary of the auditor's response to those risks; and where relevant, key observations arising with respect to those risks;
- an explanation to what extent the statutory audit was considered capable of detecting irregularities, including fraud;
- A confirmation that the audit opinion is consistent with the auditor’s report to the audit committee;
- A declaration that the prohibited non-audit services were not provided and that the statutory auditor remained independent of the audited; and
- An indication of any services, in addition to the statutory audit, which were provided by the statutory auditor to the audited entity and its controlled undertaking(s), and which have not been disclosed in the management report or financial statements.
Where the requirement impacts on an audit the above requirements will apply to the first financial year starting after 17 June 2016. All other requirements have immediate effect. The application of these and other provisions will be impacted by the work of the applicable competent authority. Of particular relevance will be the activities of the Irish Auditing and Accounting Supervisory Authority (IAASA) which now tasked with determining the appropriate auditing standards to be applied in Ireland.
How audit reform affects the funds industry
Audit reform introduces some rules that affect all audits undertaken in Ireland, in particular in the way that audit firms are regulated, and other rules that relate to individual audit relationships that apply only to the audit of Public Interest Entities (‘PIE’).
The definition of a PIE has not been modified for Ireland and remains as defined in the EU Directive. PIE’s include, as well as credit intuitions and insurance companies, entities governed by the law of a Member State whose transferable securities are admitted to trading on a regulated market of any Member State.
For example Irish Funds that are listed on the Irish Stock Exchange main market (which is an “EU Regulated Market” ) would be defined as a PIE; also, ETF’s that are listed on other European Regulated Market would meet the definition. It is important to note the definition is related to listing of the transferable securities and not the regulatory structure of the fund such as UCITs or AIF.
How can Deloitte Help?
The implications of audit reform rules on PIE’s will impact on who can act as your audit firm, your provider of non-audit services such as tax services and the operation of your audit committee. These changes requiring careful planning in order to ensure that the new requirements are met. Our Deloitte team is available to advise on assessing the implications of the audit reform on your business.
This communication does not contain legal advice. Information outlined in this communication may evolve as the legislation is implemented.
Appendix A: Audit Committee FAQ
Are there any changes to the role of the audit committee?
In reality, most of the requirements for audit committees are already being performed today and represent ‘best practice’. So the main change of substance is the fact that these requirements are now being enshrined in law meaning those companies that have previously applied some but not all areas that are now covered by the law will need to take steps to comply.
In addition, there is a new requirement for a majority of the members of an audit committee to be independent from the entity. Previously, under company law, only one member needed to be independent.
One area where the Regulation is quite prescriptive relates to the appointment (or re-appointment) of the statutory auditor. Whilst in most cases the audit committee related requirements are accepted practice, there is clear encouragement to audit committees to consider smaller audit firms as part of the tender process.
There is a new report from the statutory auditor to the audit committee represents an important change. Whilst much of the content of this report would have already been discussed by the auditor as a matter of best practice, it now has the underpinning Law.
Finally, the Regulation brings in a new requirement for IAASA to assess the performance of audit committees.
Is there a requirement for audit committees to have a policy on tendering for non-audit services?
Is audit committee approval needed for any non-audit services?
Yes. The Regulation requires the audit committee (or the body performing equivalent functions) of a PIE to approve the provision of all permissible Non-Audit Services by the auditor or by a member of the auditor’s network to the PIE itself and to its EU controlled undertakings. It seems the approval of the audit committee of the PIE must also be obtained in the case of the provision of services to its EU parent undertakings. We understand that approval of permissible Non-Audit Services is only required from audit committees of entities that are located within the EU and in relation to services that will be provided within the EU.
Can audit committees of multiple PIEs in a group defer to the Audit Committee of the EU parent PIE?
The audit committee of the ultimate PIE parent undertaking in the EU should approve non-audit services to be provided to its PIE and non-PIE controlled undertakings in the EU. If the controlled undertaking is itself a PIE and is a direct recipient of these non-audit services (i.e. the service is being provided directly to the subsidiary), those services should also be approved by the audit committee of the controlled undertaking (to the extent that an audit committee is required). If the controlled undertaking is itself a PIE but is not a direct recipient of these non-audit services, we understand that the approval of the controlled undertaking’s audit committee would not be required.
Can audit committees of multiple PIEs in a group defer to the Group Audit Committee outside the EU to make Non-Audit Services approvals?
No. The Group Audit Committee to approve the provision of Non-Audit Services must be based in the EU. Approval by an EU-based Audit Committee (or equivalent) is required for all Non-Audit Services provided to EU PIE subsidiaries. An Audit Committee based outside the EU (e.g. the Audit Committee of an ultimate US parent) cannot give this approval.
Can the audit committee pre-approve a list of permissible non-audit services which an audit firm can provide to an audited entity?
There does not seem to be anything preventing audit committees giving approval for certain types of services in advance. Of course, parent entities of groups may decide that the audit committees at each level in the group need to assess the threats to independence and safeguards on a case-by-case basis.
Who can be on the audit committee? Are there any limits?
The audit committee should be composed of a majority of independent non-executive members of the Board of Directors. Audit committee members can also be directly appointed at the Annual General Meeting.
At least one member of the audit committee must have competence in accounting and/or auditing. The committee members as a whole should have competence relevant to the sector in which the company has its business.
What are the requirements for auditor reporting to audit committees?
Statutory auditors of PIEs will be required to provide a specific written report to the audit committee. This report will provide detailed information on the results of the audit, together with explanatory text. Auditors will be required to disclose, in particular, ‘the quantitative level of materiality applied to perform the statutory audit for the financial statements as a whole and where applicable the materiality level or levels for particular classes of transactions, account balances or disclosures, and disclose the qualitative factors which were considered when setting the level of materiality.’ Auditors will also be required to: ‘report and explain judgments about events or conditions identified in the course of the audit that may cast significant doubt on the entity's ability to continue as a going concern and whether they constitute a material uncertainty; and provide a summary of all guarantees, comfort letters, undertakings of public intervention and other support measures that have been taken into account when making a going concern assessment.’
Is an internal controls audit for a PIE required?
No, the regulation requires that the additional report to the audit committee shall explain the results of the statutory audit carried out and shall at least….:
‘report on any significant deficiencies in the entity's or, in the case of consolidated financial statements, the parent undertaking's internal financial control system, and/or in the accounting system. For each such significant deficiency, the additional report shall state whether or not the deficiency in question has been resolved by the management’.
Audit Committee approval is required for permissible services - however must the Audit Committee also approve the excepted immaterial tax and valuation services?
The audit committee is required to approve all permissible non-audit services. This will include any tax or valuation services that are exempted.
When do the new requirements for audit committees first apply?
The new requirements regarding the composition and competences of the audit committee will first apply for financial years starting on or after 17 June 2016.
Does the audit committee play a role in determining whether a service is a prohibited Non-Audited Services?
Yes, the audit committee should be the first point of call for discussion with the auditor. In addition, where there is doubt, consideration should be given to the need for consultation with the relevant competent authority.