The collapse of construction and services contractor Carillion in January 2018 was the worst financial scandal in the UK since the financial crisis a decade earlier. It has rightly triggered reform of audit regulation and audit firms’ behaviour.
Last month’s record fines of £30m, plus £5.3m costs, imposed by the Financial Reporting Council on Carillion’s auditor KPMG should close this sorry episode for the firm. They follow last year’s Carillion-related fine of £20m. All penalties have been reduced by 30% because of co-operation and admissions. KPMG has also settled a £1.3bn civil claim lodged by the company’s liquidators for an undisclosed sum.
‘Many of the breaches involve failing to adhere to the most basic audit concepts’
Elizabeth Barrett, FRC executive counsel, said KPMG’s ‘exceptional’ audit deficiencies undermined the credibility of audit opinions and public trust in audit. ‘Many of the breaches involve failing to adhere to the most basic and fundamental audit concepts, such as to act with professional scepticism and to obtain sufficient appropriate audit evidence.’
The failures spanned audit work from 2013 to 2017, the year in which Carillion announced more than £1bn in provisions, mainly for loss-making contracts. Carillion and its leading executive directors have been punished for market abuse by the Financial Conduct Authority (which would have imposed a fine of £37.9m if the company were not bust).
Where has this street of shame led us? First, to a more assertive regulator. The FRC has ratcheted up both enforcement and supervision of audit firms. A more rigorous approach to audit quality inspections of Tier 1 firms saw the percentage of audits assessed as good or requiring only limited improvements plummet to 67% in 2019-20, since when they have recovered to 77%.
‘I am upset and angry that these failings should have happened in our firm’
Second, the firms have responded with quality transformation plans and investment in staff. The ring-fencing of audit from consulting has helped to focus minds on serving the public interest, rather than management’s interests. At KPMG, the leadership has changed. Catherine Burnet, UK head of audit, said the sanctions were ‘entirely appropriate. I am upset and angry that these failings should have happened in our firm.’
The red flags
The FCA identified dangerous gaps at Carillion. One was that red flags were raised internally over big construction projects, but the top executives hid them from the board and audit committee. An auditor should be aware of internal evidence that actual performance is diverging from the target and work with the audit committee to get to the bottom of this.
Accounting standards also play a role. According to the FCA, Carillion was not complying with IAS 11 on accounting for contracts. IFRS 15, Revenue from Contracts with Customers, effective from the month Carillion went bust, is tougher in preventing too-early recognition of revenue. It emphasises transfer of control of goods/service to the customer as the key moment, tackling management abuse of the ‘percentage of completion’ model.
IFRS 15 is now subject to a post-implementation review. Detailed questions have been raised about the way it works in practice. But the key point must remain that revenue should not be recognised before control has been transferred to the customer or, more technically, before a performance obligation has been fulfilled.
Numerous red flags were waving over Carillion. Contract wins and bank-funded supplier payments obscured its debt position; profits on thin margins were not translating into cash; it couldn’t manage its overseas expansion.
People under intense pressure may first bend the rules and then break them. Auditors should be aware of these pressures when challenging management and helping non-executive directors do their job.