EC Audit Reform

January 2012

 Introduction
Timeline and process Audit-only firms Mandatory audit firm rotation Mandatory audit tendering Restrictions on non-audit services Audit committee requirements Fee limits imposed on auditors Audit report Private report to the audit committee

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Introduction
The proposed Directive and Regulation issued by the European Commission on 30 November, represent the latest stage in a consultation process that started with the publication of the Green Paper Audit Policy Lessons from the Crisis in October 2010.
The proposals have two main thrusts: To reduce concentration in the market for audits, with new requirements imposed for audit tendering and auditor appointment; and To address perceived threats to auditor independence, such as long tenure and non-audit services, by mandating audit firm rotation and imposing significant new limits on non-audit services, and potentially requiring the largest networks to be composed of audit-only firms within the EU.

The Commission is also proposing changes to the form and content of an auditors report to shareholders, the requirements relating to audit committees and to the structure and regulation of the audit market in the EU. The proposals introduce an expanded definition of a Public Interest Entity (PIE) which, in addition to listed entities, encompasses a range of financial institutions and a new Large PIE category (broadly listed companies with a market capitalisation, or relevant financial institutions with balance sheet/assets under management, in excess of 1 billion). The Directive amends the current Statutory Audit Directive, applying to all statutory audits. A final Directive would need to be implemented by EU member states into national law. The Regulation, which contains many of the more controversial proposals would, in its entirety, apply directly in all Member States when it comes into force.

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Timeline and process

The proposals now pass from the EC to be discussed and negotiated within the parameters of the Economic and Financial Affairs (ECOFIN) Council in the Council of Ministers and the Legal Affairs (JURI) Committee in the European Parliament. This process may take two years or more as many Member States and MEPs are against some of the more radical proposals, and there is disquiet amongst some of the other commissioners. As a result, there is a long way to go and many hurdles to overcome before the final regulations become clear.
Companies wishing to influence the debate need to be cognizant of the ongoing process and the individuals involved. In the European Parliament, Sajjad Karim (UK Conservative MEP) is the Rapporteur in the JURI Committee. Negotiations will begin with an exchange of views within the Committee so that the Rapporteur can work towards producing a draft report. Once the draft report has been presented, the Committee will discuss the draft report and table amendments before a set deadline. Once the amendments have been considered in the JURI Committee, the Rapporteurs report (with the then consolidated amendments) will then be voted upon. The report then needs to receive a majority vote in the European Parliaments plenary session in Strasbourg before it is adopted. The EU presidency is also key as once the ECOFIN Council has adopted its position, a representative of the relevant rotating presidency (the current presidency is Denmark, Cyprus take over on 1 July 2012 and then Ireland will take over on 1 January 2013), the responsible Commissioner (Michel Barnier, DG Internal Market and Services) and the responsible Rapporteur (Sajjad Karim) will negotiate a position in trialogue discussions. If successful, then a joint text will be adopted. If not, then the dossier will return to the European Parliament for a Second Reading.

30 November 2011 Proposals published

Spring 2012 Debate in ECOFIN and JURI expected to begin

End of 2012 Final texts expected to be adopted. Regulation and directive come into force 20 days from publication date

End of 2014 Most of the provisions apply two years from the date the Regulation comes into force

End of 2015 Prohibition on large firms providing non-audit services applies three years from the date the Regulation comes into force

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Audit-only firms
Proposal
This requirement would apply to any network: whose member firms have combined annual audit revenues within the EU over 1,500 million; and which has at least one member firm that generates more than one third of its annual audit revenues from audits of Large PIEs. If these thresholds are exceeded then all of the member firms of that network, including those outside the EU, would be banned from providing non-audit services within the EU. This requirement seems intended to apply only to the Big 4 networks. It could impair the ability of member firms of the affected networks to access the breadth and depth of expertise they currently bring to their audits.

Implication
In our view, audit only firms would undermine the ability to recruit top quality staff (both audit staff and other specialists) with consequent impact on audit quality and value for audit clients. Furthermore, the reduced financial scale of audit only firms would impact on their ability to invest and also therefore impact on quality. We therefore remain committed to being a full Multi-Disciplinary Firm (MDF) and do not consider prevention from continuing as a MDF to be the probable (or, indeed most likely) outcome.

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Mandatory audit firm rotation

Proposal
Under the Regulation, the initial audit appointment would have to be for at least two years. The appointment may be renewed only once and the maximum appointment term would be: 6 years (extendible to 8 years on an exceptional basis by audit regulator) 9 years (extendible to 12 years on an exceptional basis by audit regulator) if joint audit A cooling off period of a minimum of 4 years applies before the same auditor can be reengaged.

Implication
As currently drafted, this proposal contains an implicit criticism of the audit committees ability to determine whether and when to change auditor. Furthermore, this proposal represents a major change with significant cost implications due both to the frequent rotation of audit firms and also the tendering requirements noted below. It will also constrain the audit committees (and shareholders) choice of audit firm which could be detrimental to audit quality. The proposed ban on auditors providing many non-audit services (see below) means that these may also need to be rotated when a new auditor is appointed.

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Mandatory audit tendering

Proposal
The audit committee will be required to identify at least two choices, unless it is proposing reappointment of the incumbent auditor (subject to the maximum six or nine year tenure described above). It would identify which firm it preferred and would have to provide a justification of its recommendation. At least one of the firms invited to tender at the start of the process must be a smaller firm, i.e., one that has less than a 15 percent share of the audit fees of Large PIEs in that member state. The Regulation contains specific requirements for the process that the audit committee must follow. European regulators (EBA, ESMA and EIOPA) will produce guidance on appropriate auditor selection criteria and a competent authority will produce an annual list of eligible smaller audit firms. It is unclear at the moment how frequently eligible smaller firms will accept tender invitations.

Implication
As currently drafted, the Regulation would impose new statutory requirements on all PIEs (irrespective of size) in respect of the audit tender process and will most likely: restrict the flexibility currently available; and increase cost become more time-consuming be impractical (as the audit committee will have to negotiate two contracts with the two potential firms before presenting the choice to the AGM create unnecessary bureaucracy as smaller firms are unlikely to be appointed if the audit committee wouldnt naturally include them in the tender process

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Mandatory audit tendering transitional provisions

These are the transitional rules as currently drafted. However, these may change as there is a long way to go and many hurdles to overcome before the final regulations become clear.

Date audit contract entered into

Pre adoption date Between the date of adoption and the date the Regulation comes into force

Maximum engagement period

4 accounting years from the date the Regulation comes into force 5 accounting years from the date the Regulation comes into force

Maximum renewal period

5 years if auditor provided not more than 10 years of continuous service 4 years if auditor provided between 10 and 20 years of continuous service 3 years if auditor provided between 21 and 50 years of continuous service 2 years if auditor provided between 51 and 100 years of continuous service 1 year if auditor provided more than 100 years of continuous service

Maximum total term

Between 5 and 9 years Between 6 and 10 years

From the date the Regulation comes into force and two years thereafter (The mandated audit tender process under the Regulation will not apply when a new auditor is appointed during this period, but will apply after the two year transitional period has elapsed)

6 years for single auditor audits (extension to 8 years might be possible) 9 years for joint audits (extension to 12 years might be possible) Minimum engagement period of 2 years applies

Engagement can be renewed once, but the total engagement period is limited to a maximum of 6 years (9 years for joint audits)

6 years (9 years for joint audits)

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Restrictions on non-audit services

Proposal
Under the Regulation, there would be very few non-audit services that could be provided by the audit firm or other firms within the audit firms network to a PIE or its parent/subsidiaries within the EU. Permitted related financial audit services would be limited to: audits and reviews of interim financial statements; assurance on regulatory reporting by financial institutions; certification on compliance with tax requirements when such attestation is required by national law; and assurance on corporate governance and social responsibility statements. However, the fees for related financial audit services to an audit client would be limited to 10% of the audit fees paid by that entity. A limited number of non-audit services would be permitted. Within the EU, they would be subject to preapproval on a case-by-case basis by the audit committee (e.g. comfort letters for investors and human resource services) or the relevant competent authority (e.g. acquisition due diligence services and designing and implementing financial information technology systems). It would be possible for non-audit services to be provided by the auditor (or by a member of the audit firm s network) to a non-EU entity that is controlled by the EU entity. However, before such services are provided the auditor would have to assess whether their independence would be compromised by such services, using a threats and safeguards approach.

Implication
Providing adequate safeguards are in place, the provision of non-audit services by the auditor can both enhance the quality and reduce the cost of the services (and potentially the audit) with no loss of independence. This was in effect the conclusion of the recent review by the auditing Practices Board in the UK. Furthermore, provisions already exist in the UK Corporate Governance Code and associated guidance relating to both the pre-approval and disclosure of non-audit services. The extensive prohibitions currently being proposed may result in narrowing the choice both of auditor available to a company and providers of non-audit services. .

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Audit committee requirements

Proposal
The Regulation requires all PIEs, with certain concessions for subsidiaries and certain types of financial institution, to have an audit committee (or a body performing equivalent functions) comprised of nonexecutive directors the majority of which must be independent. At least one member must have competence in auditing and another must have competence in accounting and/or auditing. The committee members as a whole must have competence relevant to the sector in which the audited entity is operating. The audit committees responsibility with respect to the oversight of the audit and the appointment and dismissal of the auditor is made more explicit. In particular, the audit committee is to: supervise the completeness and integrity of the draft audit reports; be responsible for the procedure on the selection of the statutory auditor(s); and authorise on a case by case basis, the provision by the statutory auditor [of those non-audit services that are still permitted]

Implication
While most UK listed companies already have established audit committees, the new Regulation looks set to impose stricter requirements in terms of composition and the qualifications of audit committee members. If the proposals remain unchanged, boards and nomination committees will need to consider the current composition of the audit committee and any changes necessary to meet the new requirements. The role and responsibilities of the audit committee described in the UK Corporate Governance Code are similar, but not identical to those currently being proposed. Some of the new requirements, for example more frequent audit tendering, will require a greater time commitment from audit committee members. As a result, audit committee terms of reference and standing agenda may need to be updated to reflect the new requirements.

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Fee limits imposed on auditors

Proposal
Auditors will be restricted or in some cases prohibited from providing audit and related financial audit services to PIEs if the fees generated from these services exceed certain limits. An audit firm must not receive more than 20% of its total fee income from one PIE audit client in any given year (or more than 15% of fees from the same PIE audit client over two consecutive years). If this threshold is breached, safeguards, for example an independent quality review, must be put in place by the audit committee. A competent authority may also decide that the audit firm cannot continue the audit or that the auditor must resign within two years. Auditors are permitted to provide related financial audit services which include for example the review of interim accounts. The fees generated from related financial audit services must not exceed 10% of the fee paid for the statutory audit.

Implication
The fee caps for total fees generated from a single audit client imposed by the new Regulation should not cause a problem for most audit firms, as limits under current Ethical Standards are lower. However, the limit on fees currently proposed on revenues generated from related financial audit services will be a new requirement and may restrict to what extent an auditor can perform such services. Since theses services are in the main dictated by law or regulators it is difficult to see the logic in such proposals.

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Audit report
Proposal
The proposals identify over 20 items that would have to be addressed in the auditors report, including:

Implication
As currently drafted, auditors will be required to report on more matters and in greater detail than is currently the case. As a result, issues previously covered by client confidentiality and reported privately to the audit committee or board will potentially be made public in the audit report. The proposed requirement to report on the assessment of the entitys ability to meet its obligations in the foreseeable future and therefore continue as a going concern potentially goes further than the current requirements imposed on directors. The proposed requirement that auditors report publicly on their assessment of the internal control system is not fleshed out in any detail, but it could imply something similar to SOX 404 (perhaps extended beyond internal controls over financial reporting).

the auditors assessment of the entitys ability to meet its obligations in the foreseeable future and therefore continue as a going concern;
how much of the balance sheet has been tested substantively and how much has been audited based on system and compliance testing; the variation in the weighting of substantive and compliance testing compared to the previous year; the levels of materiality applied to perform the audit; the key areas of risk of material misstatements of the financial statements; an assessment of the internal control system, including significant internal control deficiencies identified during the statutory audit, as well as the bookkeeping and accounting system (note that this appears to cover only the parent entity in the case of a group); violation of accounting rules, laws, articles of incorporation, and accounting policy decisions and other matters significant to the governance of the entity; whether the statutory audit was designed to detect irregularities, including fraud; The identity of each audit team member and a confirmation of the audit teams independence; in the event of a qualified or adverse opinion or a disclaimer of opinion, the reasons for such a decision; any non-audit services provided; and consistency of the audit opinion with the additional report to the audit committee. The length of the audit report would be limited to four pages or 10,000 characters.

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

Private report to the audit committee

Proposal
In addition to the audit report, the auditor also would be required to provide an additional, more detailed report to the audit committee which explains in detail the results of the audit, presenting and justifying inter alia: the scope of the audit; the auditors risk assessment; audit work carried out; judgements about material uncertainties that raise questions about the entitys ability to continue as a going concern; whether the bookkeeping, accounting, financial statements and additional reports covered by the audit show appropriateness; all instances of non-compliance, including non-material instances if they are considered important to the audit committee; an assessment of the valuation methodologies used to prepare the financial statements full details of all guarantees, letters of support or public undertakings relied upon to support a going concern conclusion; and how audit work was distributed between different audit firms including the involvement of any thirdcountry (ie non-EU) auditors including identifying what work they performed. The report to the Audit Committee would not generally be public, however, it could be disclosed to shareholders in general meeting if the board so decides. Furthermore, upon request the auditor should make the report available to regulators without delay.

Implication
While auditors should already engage in a two way regular dialogue with those charged with governance (generally the audit committee), the proposed Regulation will make part of this communication process mandatory and will impose more prescriptive rules. As currently drafted, the Regulation also provides the Board with a statutory right to disclose the report from the auditor to the audit committee to shareholders. Given the commercial sensitivity attached to much of the information currently reported to Audit Committees, Boards may be reluctant to exercise this right. Nonetheless shareholders expectations may be raised somewhat. There is therefore a danger therefore that the existence of this right together with the detailed prescriptive list of matters to be included could lead to boilerplate disclosure and thus reduce the quality of existing communications between auditors and audit committees

2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved

 2012 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. All rights reserved. The KPMG name, logo and "cutting through complexity" are registered trademarks or trademarks of KPMG International Cooperative ("KPMG International").