systems against specific standards and potential risks. Within the NHS, the Audit
Commission appoints external auditors, from a “long list” of companies. The long list is
includes companies who are able to demonstrate they satisfy the standards laid down by the
Audit Commission.
However, it should be noted that each NHS trust agrees a three year rolling audit plan
which identifies the work to be carried out across nine standards. The agreement is reached
by the Accountable Officer and the external auditors. The decision on the audit priorities
will be based on the results of a risk-assessment process.
4. Audit Committees
Audit Committees were established as a result of the Cadbury report into business conduct.
It was recognised that senior executives within organisations needed to be monitored to
ensure the appropriate use of resources. Within the NHS the membership is drawn from
non-executive directors, this is to “reflect the need for independence and objectivity”
(Department of Health 2002).
The audit committee will oversee the governance agenda, including clinical governance
systems to ensure “the delivery of patient centred, safe, high quality care, within a reporting
and learning culture” (Department of Health 2002). A key role for the audit committees is
to ensure the organisation responds effectively and quickly to weaknesses identified by the
internal or external auditors.
5. Strengthening the Audit Framework
Following the scandals involving Robert Maxwell, Polypeck and the BICC bank there has
been an increased regulatory framework governing the financial performance and reporting
of organisations. The reviews and reports, such as Cadbury, Greenbury, Hempel and
Turnbull are now familiar to companies quoted on the stock exchange and increasingly other
organisations, including the public sector. Her Majesty’s (HM) Treasury have used the good
practice identified in these reports to improve the public sector audit processes.
The process of audit has become part of the corporate governance agenda for organisations
which incorporates financial management and control and risk management. The term
governance, within the business context, describes a company’s systems and processes
used to maintain internal management control. Within the NHS this has been developed
under the Controls Assurance initiative, which now has 21 areas of governance control
(Controls Assurance Support Unit - 2001).
The Institute of Chartered Accountants in England and Wales (1999) state that the Turnbull
report highlighted the importance of reviewing an organisation’s systems of internal control
through a risk assessment and management approach. The aim is to minimise the possibility
of errors or malpractice and to develop effective contingency plans should problems arise.
A key element of such a review is to report to shareholders the findings of the review. For
public sector organisations Parliament and the general public can be viewed as the
shareholders.
6. Audit Organisations and Framework
There is a legal framework which governs the conduct of audits, however, during the
process of researching this report a range of organisations and documents were identified as
involved in shaping the audit process. The table below provides a summary of the
information:
Table 1 Organisations and Documents relating to Audit
Organisation
example document
HM Treasury
Government Internal Audit Standards 2001
Accounting Standards Board
Statement of Standard Accounting Practice (SSAP)
Financial Reporting Standards (FRS)
National Audit Office
A Good Practice Guide for co-operation between
internal and external auditors
The Audit Commission
Code of Audit Practice (2002).
Department of Health
Internal Audit Manual
Controls Assurance Support Unit
21 governance controls, of which financial controls is
one, within which there are 12 standards.
In order to comply with HM Treasury regulations the accountable officer within all NHS
trusts must submit a Statement of Internal Control (SIC) to the Department of Health. The
scope of the SIC includes organisational and clinical controls, as well as financial controls.
Moreover, the Accounting Standards Board (ASB) which was established, in 1990, to
establish rules for reporting on accounts, requires companies to state that their accounts
have been prepared in accordance with the relevant accounting standards and detail any
variations from the standards. The ASB have published 16 FRS that companies must
follow, although not all are applicable to NHS organisations. One of the roles for external
auditors is to confirm, whether, in their opinion the “financial statements present a true and
fair view of the body’s financial position and its expenditure and income for the financial
year” Audit Commission (2002a).
The Audit Commission has a statutory responsibility to appoint external auditors to local
government, as well as NHS organisations. However, Trusts can become involved in the
tendering process to select external auditors. The external auditors are normally appointed
for five years, however, this does not prevent contracts being extended. There are
advantages in developing a long term relationship as the auditors gain greater insight into the
specific risks within each organisation.
The Audit Commission (2002a) states “it is clearly important to guard against too close a
relationship developing between auditors and the body they audit” due to the risk of the
relationship “being perceived as cosy.” To overcome this risk there are a number of steps
the Audit Commission take to avoid a potential loss of objectivity of the auditors, including
rotation of individual audit staff and companies.
At this time approximately “70 per cent of audits are carried out by District Audit, the
Commission’s own arm’s length audit agency.” Audit Commission (2002b).
7. Output from Audit
Within financial audit there are a number of obligations that organisations, and individual
officers are responsible for producing, assessing and thereby signing to confirm appropriate
action. The Audit Commission (2002a) have identified four main areas for audit:
* “The legality of financial transactions
* The financial standing of the audited body, (in terms of Income and Expenditure, the
balance sheet and cash flow statements)
* Systems of internal financial control (such as Standing Financial Instructions)
* Standards of financial conduct, and the prevention and detection of fraud and
corruption.”
The information below sets out a number of key responsibilities for the financial aspects of
audit, it is not intended to be an exhaustive list, but provides an indication of the work
involved.
The annual accounts have to be sign by the accountable officer, and external auditors, to
demonstrate that they are satisfied that the accounts reflect the actual financial position, that
they comply with statutory requirements and that proper practices have been observed in
compiling the accounts. The account standards are laid out in the FRS and SSAP (taken
from xrefer website).
NHS Trusts “submit a Statement of Internal Control (SIC) as part of the audited annual
financial statements” (Department of Health 2002). This process is repeated at the higher
levels of the NHS hierarchy and ultimately the Chief Executive of the NHS has to sign a SIC
on behalf of the whole service and must answer to Parliament through the Public Accounts
Committee (PAC).
For NHS Trusts the Head of Internal Audit must produce an annual report for the Audit
Committee to consider and accept, or amend, as appropriate. There is an annual audit
report from Audit Committee that demonstrates its internal control work.
External auditors have a duty, for NHS bodies to inform the Secretary of State (or the
National Assembly for Wales) when they believe NHS Trusts have made, or will make
decisions that are potentially illegal, or will result in misappropriation of resources.
8. Added value of Audit
NHS Trusts are under constant pressure to manage, and reduce costs, any increase,
particularly for an indirect patient care service will raise concerns with the Trust Board.
Therefore, it is important to consider what added value audit brings to the organisation
beyond confirming internal control systems.
The findings of the external auditors will be reported within the annual financial statements,
therefore it is important for the accountable officer and the organisation, as a whole, to
demonstrate proper control systems and the appropriate use of resources.
An integrated model of audit can add benefit to organisations by responding to the
complexity of services and performance management requirements. An example where the
integrated models adds benefit is in considering all the aspects of “delayed discharges”
across the whole health and social care sectors.
Audit develops and strengthens internal systems of control as part of an ongoing process. In
taking a risk assessment approach it allows the organisation to objectively consider the
various risks that could occur and assessment them against levels of probability and
likelihood.
A matrix for risk assessment can be developed to indicate which areas require more
immediate action, and which require less vigorous monitoring. The framework can be set
out as follows in diagram one.
Diagram 1 Risk Assessment Framework
Decreasing Likelihood
Low impact
High likelihood
3
Medium impact
High likelihood
2
High impact
High likelihood
1
Low impact
Medium likelihood
4
Medium impact
Medium likelihood
3
High impact
Medium likelihood
2
Low impact
Low likelihood
4
Medium impact
Low likelihood
4
High impact
Low likelihood
3
Increasing impact
Box 1 represents the areas that will need immediate action to rectify the risks,
Box 2 represent the second level of risk, that do not require urgent action, however, action
is necessary.
Box 3 represent areas of work once levels 1 and 2 have been resolved.
Box 4 represent areas for monitoring, although immediate action is not required. The
position needs to be monitored to ensure the risk remains, relatively low.
The value of external audit is to ensure all areas are monitored and that the risk assessment
is validated through a separate process. Another advantage in using external auditors is that
they gain expertise and experience through working with other organisations and they
become familiar with risk assessments from various organisations. This allows external
auditors to, in effect, benchmark different organisations to ensure there is a level of
consistency in the risk assessment, whist maintaining client confidentiality.
9. Increasing costs of audit
One of the reasons for the increasing costs of audit is the use of an integrated audit model
which attempts to deliver corporate governance through a common approach to auditing the
accounts, the financial aspects of the corporate governance and the use of performance
management information (Audit Commission 2002a). It is now recognised that there is a
need to monitor more than financial systems and transactions. However, in order to carry
out the integrated approach there are two possible reasons for costs having to increase,
these are:
1. the need for more detailed audits and therefore more working days of audit to
complete the work and
2. the need for the auditors to have more skills to understand the nature of the
business, or additional staff, with specialist skills.
When appointing an external auditor the skills of the specific auditors must be considered.
There is increasing scope to employ people from other professional backgrounds to carry
out elements of the audit, in order to provide different views points and add further value to
the process. This may increase costs of carrying out an audit, another factor in the cost of
audit is the increasing complexity of the legal framework within which auditors have to
operate and therefore must understand.
The above reasons may lead to a decrease in the number of organisations who can
demonstrate they have the capacity and capability to meet the Audit Commissions standards
for audit. In terms of supply and demand, there appears to be an ever increasing demand
for audit time, due to the complexity and broader range of issues being covered. However,
this may have the effect of reducing the number of suppliers of skilled audit. Following the
basic economic principles of demand and supply this may increase the costs to the
organisation being audited.
10. Problems with Audit
Corzine (2002) notes that “America has witnesses a wave of revelations about corporations
defrauding investors, employees and the public trust.” through “shady accounting practices
that created the appearance of earning where none actually existed.” The American
situation has impacted across the world, due to the global markets and the fact that many
companies are directly, or indirectly linked to American companies and markets.
Enron and Worldcom used their balance sheets to indicate increased profits. The
companies’ auditors had failed to identify the problem, and in the case of Enron the auditors,
Andersen, appeared to destroy documents, thereby helping the company hide the fraud.
This has lead to many people questioning the role of auditors, Skapinker and Parker (2002)
note that companies “appoint the auditors, pay them and often ask them to provide
additional services such as management consulting.”
The Institute of Chartered Accountants have claimed that because of the impact of Maxwell,
Polypeck and BICC in the late 1980’s the UK has responded to the risks and thereby fraud
on this scale is not possible. They are clearly creating a distance between themselves and
the USA model, however, similarities remain, such as commercial audit companies also
providing additional management consultancy services.
It is worth noting that the public sector should be more protected from the risks of a close
relationship forming between external auditors and the audited body because of the
regulations and monitoring role of the Audit Commission.
Although not a direct problem with audit there are wider implications caused by the auditing
scandals. Corzine (2002) identifies the loss of confidence in the financial markets and
national economies as having a real impact, particularly in raising the cost of capital and
damping investment and although the NHS does not play a role in the stock market, the
scope of the Private Finance Initiative (PFI) may be influenced by the cost of borrowing and
the willingness of companies to invest. Therefore the cost of PFI borrowing may increase,
however, the uncertainty over the global stock markets may make PFI, as a government
backed initiative, a more attractive investment proposition. The position is likely to remain
fluid for sometime.
11. Drivers For Change
Parker et al (25/7/2002) reported that Patricia Hewitt, Trade and Industry Secretary in
announcing an “immediate review of accountancy profession’s regulation” had “warned that
accountants might face sweeping reforms because of the lack of confidence in audited
accounts.” A number of reforms have been mentioned such as the “mandatory rotation of
audit firms around companies as well as possible restrictions on the ability of audit firms also
to offer non-audit services to clients.” It is not clear whether this will include the Audit
Commission and its arm’s length audit agency, District Audit. A final report will be
published later this year.
There is likely to be a strengthening of the role of the Financial Reporting Review Panel
(who investigate complaints regarding the reporting of company accounts) and changes to
Audit Committees of companies. Although the review will focus on the private sector there
will be an impact on the public sector, through the possible adoption of the new private
sector rules by the Government and through the availability of firms who are able and willing
to provide audit services.
It will be interesting to see if changes in the accountancy profession regulation mirror those
of healthcare professions, where the government’s response to various scandals has been to
increase the role of the public in the processes of regulation.
The announcement by the Secretary of State for Health (2002) of a new Commission for
Health Audit and Inspection (CHAI) will “bring together the health value-for-money work of
the Audit Commission, the work of the Commission for Health Improvement and the private
healthcare role of the National Care Standards Commission.” The new body is intended to
be more independent than the Audit Commission with a different appointments process for
key posts. There is more detail required on this initiative before the full impact on audit can
be assessed.
A problem facing the Audit Commission and individual organisations appointing external
auditors is the number of organisations now requiring auditing. Following the publication of
“Shifting the Balance of Power” (Department of Health 2001) Primary Care Trusts have
been established with their own financial budgets to commission and deliver services. Due
to the dual commissioning and provider roles Primary Care Trusts may require more
detailed audits to ensure the internal control systems are in place.
This is also linked to the drive for integrated audit model which may introduce more
organisations to the system who need to be assessed within the scope of an audit.
A future trend is likely to see external auditors requiring additional time to ensure that an
organisation has safe systems and has used the resources appropriately. The BBC on 21st
July reported that “KPMG (one of the “top-4” auditing companies) is already reviewing is
auditing procedures to become more comprehensive in examining management systems.”
12. Future of Audit
The immediate future of audit is uncertain due to the US and UK governments reviews of
auditors and auditing scandals which are presently receiving significant media attention.
However, the results of the reviews are likely to result in a greater demand for auditors time
and skills. One outcome may see other skilled people being required to become involved in
audit, as the function broadens out more from the financial systems of the organisation.
The drivers for change within audit are likely to put pressure on increasing the cost of
conducting an audit. This is primarily due to the integrated audit approach, increasing the
regulation of auditors (and the associated costs of regulation), the possible restriction on
company activities beyond audit and the increasing numbers of organisations requiring an
audit process.
A general management trend, which increases the need for audit, is the devolution of
managerial and budgetary responsibility to service managers, this makes systems of internal
financial control more complex and therefore the associated risks for internal control are
increased.
The use of Information and Communication Technology (ICT) can reduce the complexity of
work, however, it increases the need for control in terms of security systems and monitoring
transactions.
There are a number of initiatives to reduce the burden and impact of audit, these include
collaboration between internal and external auditors, as set out in the NAO good practice
guide on the subject. The role of the new CHAI may also reduce the time spent on separate
audits. There will be a need to share the findings and reports by the different auditing
bodies, in order to minimise duplication of work.
The development of the pilot for shared services for the high volume transactional financial
processes may negate some of the complexity of audit, however, the trail for audit to follow
may not necessarily become simplified. The pilots for shared services commenced in 2002
and the evaluation process includes “governance arrangements” (National Shared Services
Initiative 2002).
13. Conclusions
The impact of US scandals have made auditing a high profile subject. The primary purpose
of audit within the public sector remains to demonstrate the appropriate use of resources. It
is important that the perception of the public and Parliament, through the PAC, are satisfied.
In specific terms the future of audit is uncertain, however, given the facts identified in this
report the demand for and the costs of auditing public sector organisations are likely to
become more difficult to control.
A key element in delivering effective audit will be the supply of a skilled audit workforce.
There may be scope and a need for recruiting people from different professional
backgrounds in order to support audit processes.
References
Audit Commission (2002a) Code of Audit Practice March 2002 Audit Commission
Publications Wetherby
Audit Commission (2002b) How your external auditors are appointed and how you can
influence the choice Audit Commission Publications Wetherby
Audit Commission (2002c) Who Audits the Auditors? Audit Commission Publications
Wetherby
BBC News (2002) UK mulls tougher audit rules BBC News Business 21 July 2002
news.bbc.co.uk/hi/english/business/newsid_214000/2141964.stm
Collins (1988) Collins Concise English Dictionary (second edition) Collins and Sons & Co.
Ltd Glasgow
Controls Assurance Support Unit (2001) Financial Management Standard Controls
Assurance Support Unit www.casu.org.uk
Corzine J “Auditors need to be audited” FT.com 2 July 2002 www.FT.com
Department of Health (2001) Shifting The Balance of Power within the NHS: Securing
delivery Norwich: The Stationary Office
Department of Health 2002 Governance in the NHS: Statement on internal control 2001/02
and beyond Department of Health London
HFMA and the NHS Executive (2001) Introductory Guide: NHS Finance in the UK (5th
edition) HFMA and NHS Executive Department of Health London
HM Treasury (2001) Government Internal Audit Standards www.hm-treasury.gov.uk
National Audit Office (2001) State audit in the European Union National Audit Office
www.nao.gov.uk/publications/state_audit/st_ack.pdf
National Audit Office and HM Treasury (not dated) Co-operation between internal and
external auditors: a good practice guide National Audit Office
www.nao.gov.uk/guidance/internalAudit.pdf
National Shared Service Initiative (2002) Progress to date, challenges ahead: National
Shared Services Initiative Shared Service Task Force Leeds
Parker A, Eaglesham J and Alden E (25/7/2002) DTI pledges sweeping reforms Financial
Times Thursday 25 July 2002
Secretary of State for Health (2002) Delivering the NHS Plan: next steps on investment,
next steps on reform HMSO Norwich
Skapinker M and Parker A “An inappropriate relationship” FT.com 4 July 2002
www.FT.com
The Institute of Chartered Accountants in England and Wales (1999) Internal Control:
Guidance for Directors on the Combined Code Accountancy Books, London
Xrefer website (2002a) Definitions of Statement of Standard Accounting Practice (SSAP)
www.xrefer.com/entry/166590
Xrefer website (2002b) Financial Reporting Standard (FRS)
www.xrefer.com/entry.jsp?xrefid=447985
1