Comprehensive regulation of the financial reporting ecosystem
Authored by: Carla Budricks
Deloitte Africa Public Policy and Regulatory Lead
Carla Budricks is the Deloitte Africa Regulatory and Public Policy Lead and has worked in the
professional services industry for 17 years with specific focus on laws that impact professional
services firms, auditors and accountants. Carla is an admitted attorney and certified compliance
practitioner. She started her career with Legal Wise where she was involved in the establishment of
two branches for Legal Wise with the aim of bringing affordable legal services to communities. She
has previously worked as Compliance Officer of PwC Africa for 12 years and Regulatory Specialist in
the Absa Group Compliance function for 5 years.
What is the concern?
Corporate failures trigger pressing questions about what went wrong and who is to blame. We start
to question our laws and enforcement mechanisms. We start to solve for problems without exploring
the core issues underpinning the failure. Compliance requires improved scrutiny of the entire
ecosystem, particularly in the case of public interest entities and entities with increased technological
complexity and cross-border activities.
A holistic approach is needed by all the participants in the financial reporting process, to prevent
corporate failure from happening in the first instance. Currently, we see fragmented pieces of
legislation regulating some of the participants or some of their activities in the financial reporting
process. Ideally, the regulatory framework should extend to all the key role players in the ecosystem
in relation to the activity of financial reporting:
- Accountants as the preparers of the financial statements - this includes the CFO and CEO.
- Approvers of the financial statements. In the case of a company the approval rests on the shoulders of the Board as a collective in terms of the Companies Act, 2008. A director signs off on the financial statements on behalf of the Board.
- Those charged with governance, such as the members of the governing body or Board and the audit committee plays a pivotal role in the financial reporting process, also to challenge and ask difficult questions.
- Internal assurance providers such as the internal auditors expressing an internal opinion over the internal controls of the entity or its compliance with laws and regulations.
- External assurance providers - these include external auditors and independent reviewers who are responsible for providing assurance on the financial statements once it has been approved by the Board.
The aim of such a holistic regulatory approach would be to create a consistent, fair, and certain
regulatory regime governing the entire financial reporting ecosystem and holding to account all role
players within this ecosystem. The current regulatory framework applicable to auditors and directors
should be supplemented with a range of overarching measures to fill the gaps in the regulation of accounting officers and preparers of financial information (CEO’s and CFO’s, accountants), and those
charged with governance (Boards and audit committees).
This may require a completely new regulatory regime authorised by overarching legislation. The
current regulatory regime unfortunately applies a very light touch to the financial reporting
ecosystem, with an almost exclusive reactive focus on the assurance provider. As a result, it neglects
to effectively and pro-actively oversee the other crucial players in the financial reporting ecosystem.
Preparers of financial statements
Currently accountants are mostly members of voluntary professional and member associations. These
professional bodies are not statutory bodies or regulators and do not necessarily have regulatory
authority to enforce conduct and adherence to standards. Membership is underpinned by compliance
to professional codes and the membership rules instead of regulation. A consistent regulatory
minimum fit and proper standard and competency requirements for preparers of financial statements
may assist to proactively and consistently close the accountability and liability gaps in the financial
statements’ preparation process.
Those charged with governance
Board members are jointly and severally liable for all Board decisions, including the approval of the
financial statements. However, accountability and enforcement are hampered due to fragmentation
in the law and a multiple of regulators across the spectrum.
The differing and fragmented requirements for audit committees across sectors and types of entities
include for example the Companies Act, JSE Listing Requirements, Banks Act, Public Finance
Management Act, King IV and industry specific laws such as the Banks Act. These differences relate to
membership, qualifications, skill and experience, independence, duties, and disclosures for those
charged with governance.
The primary responsibility for the management and direction of a company vests in its Board of
directors and senior management. In discharging their duties, they are subject to strict fiduciary duties
and duty-of-care, skill and diligence. Directors of state-owned companies are also bound by the Public
Finance Management Act. A directorship is not a profession with entry qualification requirements. It
is crucial that directors must on appointment, and on an ongoing basis thereafter, be required to
undergo education and training on the law in respect of their duties and responsibilities.
With specific reference to the duties of the audit committee, clarity and consistency is needed on the
role of the audit committee as it relates to:
- Overseeing the appointment and continuous independence of the external auditor
- Monitoring audit quality
- Overseeing the effective design and implementation of the internal financial controls
Assurance providers
Unlike internal auditors that voluntarily affiliate with professional bodies and member associations,
the external auditor is subject to direct regulatory oversight. In terms of the Auditing Profession Act,
the Independent Regulatory Board for Auditors (IRBA) is tasked with the registration of auditors and
ensuring the adherence to auditing standards and audit quality. This is achieved through periodic
inspections and disciplinary action where required. Sanctions may include a pecuniary fine or deregistration.
The scope of the audit as currently framed in terms of the auditing standards remains a concern. There
appears to be an expectation gap regarding the financial statement audit, i.e., what is required of an
audit in terms of the International Standards on Auditing, and the users of financial statements
expectations of an audit. Questions are being asked about the auditor’s role in amongst others fraud
detection and prevention, assurance of internal controls (including internal financial controls), business viability and going concern status of the business, as well as the company’s performance in
the public interest.
The users of financial statements require the auditor’s opinion to provide an informed view on not
only the financial statements of the business, but also other matters required to form a holistic view
of the soundness of a business.
The IRBA’s authority and functions extend only to the external auditor in the ecosystem. The World
Bank published its Report on the Observance of Standards and Codes: Accounting and Auditing (ROSC)
in June 2013. One of the key recommendations contained in this report is that appropriate legislation
should be enacted to provide for the regulation of both accountancy organisations and an audit
regulatory body. While the auditing profession is highly regulated, there is no national supervision
over the accountancy bodies or its members.
Conclusion
The development of a shared orientation to the financial reporting process and create an environment
for improved regulatory harmony would go a long way. It could see a single overarching regulator
responsible for closing accountability and liability gaps in the financial reporting process between the
fragmented legislation and various regulators and member associations.
This could be achieved by identifying high-impact practices that have delivered desirable results in
some jurisdictions (e.g. Sarbanes-Oxley legislation in the US) and through the use of stakeholder
forums to move toward consensus regarding a preferred model, and discouraging “add-on” interim
regulatory measures that do not address the core of corporate failures holistically.
As an example, the Financial Reporting Council (FRC) in the UK takes a holistic approach to regulating
the UK financial reporting ecosystem by acknowledging the inextricable links across the different
players therein. The FRC’s remit spans across investors, companies, auditors, institutes who train
individuals to become qualified accountants, and actuaries. It also sets the UK’s Corporate Governance
and Stewardship Codes. In line with recommendations from recent reviews, the FRC will soon be
replaced by the Audit, Reporting and Governance Authority (ARGA) which will have broader powers.
But will comprehensive regulation of the financial reporting ecosystem eliminate corporate failures?
For one, it may yield positive results in improved assistance to law enforcement agencies to prosecute
the perpetrators of white-collar crime. It will certainly hone management’s focus on internal controls
over financial reporting by elevating the emphasis on fraud in the control environment and propel the
audit profession into a state of audit quality, consistent with the views of a former Board Member of
the US Public Company Accounting Oversight Board.
CISA News Letter Issue 1- Comprehensive regulation of the financial reporting ecosystem.pdf