Keeping pace with a rapidly changing risk landscape for accountancy firms

The speed and scale of change within the accounting profession is rising, requiring constant scrutiny of the adequacy of existing risk responses, and the detection and evaluation of new, evolving, and emerging risks.

The drivers of change include geo-economic dislocation, geopolitical factors, government and regulatory reform and more complex governance and operating structures.

Adding further challenges is the pressure to create a digital ecosystem aligned to an environmental, social, governance (ESG) strategy, a race for digital innovation and agility, increased societal expectations on ESG objectives, safeguarding reputation equity, as well as the acquisition and retainment of specialist talent.

The landscape is shifting not just for accountancy firms, but also for clients, businesses, and the communities they serve. This is resulting in new services and activities, new products and solutions, different and innovative ways of working and different methods of delivery, as well as critical external influences. Consequently, accountancy firms face a range of new or evolving risks.

The environment cultivates opportunity, but also uncertainty and risk volatility. Accountancy firms therefore need robust measures to monitor and report risks, as well as a risk strategy that delivers resilience whilst retaining flexibility to respond to changing trends and opportunities.

Against this background, Lockton’s Global Professional & Financial Risk team launches its inaugural risk bulletin discussing some of the key thematic issues and trends impacting the accounting profession. Each quarter we will focus on specific issues, including:

  • The proposals outlined in the UK government’s May 2022 response to the consultation paper on audit, corporate reporting and corporate governance reform which will see the creation of a new regulator in the UK, the Audit, Reporting and Governance Authority (“ARGA”) as successor to the Financial Reporting Council (“FRC”), changes to the definition of Public Interest Entities (“PIEs”) and accountability and reporting obligations of PIE directors, and for UK-incorporated FTSE 350 companies, appointing a challenger audit firm as sole or group auditor, or conducting a meaningful element of subsidiary audits within a shared audit.

  • The FRC Position Paper on Restoring Trust in Audit and Corporate Governance (July 2022).

  • The FRC setting out the framework and principles to support operational separation of the UK Big 4 firms by June 2024, including separate governance (a separate Audit Board), no material cross-subsidies between the audit practice and the rest of the firm, and a separate profit and loss account.

  • The FRC consultation paper (June 2022) on Audit Quality Indicators (“AQIs”) focusing on aspects such as firm culture, quality inspection results and staff workloads.

  • A more active regulatory environment and more active regulators with enhanced focus on the assessment of a firm’s operational stability, financial resilience, and liquidity risk.

  • The USA Securities and Exchange Commission (“SEC”) investigation into possible conflicts of interest at the US Big 4 firms focusing on whether audit and non-audit services sold by US firms undermine their ability to conduct audits independently.

  • Regulatory investigation and enforcement action with the Public Company Accounting Oversight Board (“PCAOB”) in the US, the Australian Securities & Investments Commission (“ASIC”), and the Canadian Public Accountability Board (“CPAB”), among others, remaining active in this space.

  • In the UK, the FRC continues to sanction firms and individuals for misconduct, not exercising sufficient professional scepticism or misleading the regulator, by imposing fines and penalties on the firm and/or individuals, with individuals being banned from the profession for a defined period. In some cases, the firm and/or individuals may face a permanent or temporary ban on the provision of certain services to clients, impacting both revenue and reputation. In a recent case it was reported that the regulator enforced a sizeable fine against an employee of a Big 4 firm, a relatively junior, part-qualified, individual, leading to press speculation that hanging junior staff “out to dry” would eventually damage staff acquisition, engagement, and retention.

  • Recent press traction pursuant to EY’s plans to explore a global restructuring that could see it spinoff the audit practice from the rest of the firm, including the potential for complete separation and rebrand. There is speculation that EY may look to float the consulting business. If this proceeds, it could change the profession. At present, the other Big 4 firms have all insisted that their existing multidisciplinary business models will remain unchanged. In the wake of EY’s announcement, there is further press coverage relating to Deloitte’s potential spin-off of its consulting business. The larger firms have been active in this area with both KPMG and Deloitte disposing of their respective restructuring practices, KPMG selling its Pension Advisory practice to avoid audit conflict risk, and most recently, PwC selling its mobility services arm.

  • Talent acquisition and retention remains a concern. The ability to recruit, retain, re-skill and up-skill for the future digital ecosystem plays directly into a firm’s capability and thus growth ambitions. Capacity versus market share is becoming a real concern with certain areas across the functions potentially subscale relative to demand. Managing human capital and mitigating the pre and post implications of human capital flight risk, are now critical risk considerations.

  • Brand frailty and reputation risk, or the “risk of other risks”, is also a significant source of trepidation for accountancy practices. Reputation damage may arise and endure pursuant to, say, significant litigation or regulatory investigation, inappropriate conduct by the firm and/ or individuals, the failure of internal controls, policies or procedures, or the failure to protect confidential data. It is critical to manage reputation exposure both proactively, predicting potential adverse behaviours or indicators, and reactively post event, through rehearsed scenario planning and solutions to mitigate the cost of brand rehabilitation.

  • Cyberattacks are becoming more prevalent and sophisticated. Bad actors seek to exploit vulnerabilities and access critical systems and infrastructure. The growth in ransomware is a concern. Failure to protect confidential data, both client and personal, or failure to recover from a large-scale technology event, or identify and respond to emerging technology risk or single /multiple application platform disruptors, is a critical concern as firms pursue digital growth opportunities. This means the firms must be resilient to cyber risks and the possibility of a large-scale IT failure, internally or by a third-party cloud provider, whilst pursuing digital innovations.

Failure to protect confidential data, both client and personal, or failure to recover from a large-scale technology event, or identify and respond to emerging technology risk or single/multiple application platform disruptors, is a critical concern as firms pursue digital growth opportunities.

  • As technologies shape the service offering and delivery channel, the protection of proprietary software, tools, databases, and methodologies, becomes critical.

  • ESG is ubiquitous across all businesses. Accountancy firms need to deliver against prescribed internal strategies, but also optimise the opportunity ESG presents. ESG measurement frameworks, calculations, assurance testing and reporting will open-up green accounting opportunities. The associated risks need to be defined and owned in areas such as disclosure, supply chain reliance, investments, greenwashing and environmental avoidance/evasion detection, ESG data protection and privacy, investor reliance and implications of poor performance.

No high-level assessment framework would be complete without a brief commentary on some other key considerations including, for example, litigation risk in an environment of high profile large scale audit failures; the impact on litigation risk of changes in business models - digitalisation, AI, automation, the ESG ecosystem - particularly insofar as it relates to the type and quantum of future risks and potential aggregation concerns; and the increasing concern on the scope and scale of financial crime pursuant to fraud, financial irregularities, cyberfraud and employee embezzlement emerging from the various pandemic financial protection schemes.

In parallel to the risk bulleting, the Global Professional & Financial Risk team at Lockton is undertaking a more focused, deeper-dive, analysis, into the relevant issues facing the accounting profession. The aim is to garner insights and intelligence from accountancy firms and practitioners to research and, as appropriate, cultivate creative solutions in areas that are both relevant and meaningful to the profession, including reputation, human capital flight risk, intellectual property, partner asset protection, Working Capital protection (Living Will) and non-damage business interruption. The catalysts for change in the accounting profession provide stimulus for meaningful and relevant risk-transfer or risk-financing solutions.

We encourage and welcome your feedback and would value the opportunity to open a dialogue with you on any of these topics.

Talk to us:

George Harding, Head of Global ProFin, Australia

+61 403 360 139

Warren Hattwich, Manager, ProFin Australia

+61 455 794 931

George Harding

by  George Harding

National Manager, Global Professional & Financial Risks

Alert