Insights from the FRC Annual Enforcement Review 2024

FRC investigations, enforcement and penalties at a glance

Overall, the FRC Case Assessment team opened 40 cases in 2023/24 (85% of which were audit related), a significant decline from 70 in the previous year; this decrease was attributed to fewer internal referrals from other FRC teams to the Case Assessment team. 

In relation to investigations, the FRC Conduct Committee opened six new investigations in 2023/24, taking the total number of open investigations to 35 as of 31 March 2024 (28 of which relate to audit). As an alternative to investigations, the Review also sets out the FRC’s continued focus on utilising ‘Constructive Engagement’ to resolve cases, which the FRC considers appropriate for less serious cases where there is less likely to have been harm or risk of harm to the public (such as in the case of technical breaches). 

In terms of enforcement outcomes, the FRC reports it concluded nine cases in 2023/24, with two major outcomes reached in long-running cases on audit failings relating to Carillion plc and London Capital & Finance plc. The FRC also appears to be meeting its self-imposed targets for concluding investigations. In respect of the FRC’s key performance indicators (KPIs) for timeliness (i.e. the period between commencement of an investigation and it being concluded, settled or closed), 53% of cases met the two-year KPI (exceeding the 50% target) and 88% met the three-year KPI (again, exceeding the 80% target). 

The Review also covers the significant penalties imposed by the FRC in 2023/24 with the data suggesting that the FRC, like the FCA, may be targeting fewer, more impactful cases. While the total number of cases in which penalties were imposed has fallen for the second consecutive year (down to 8 concluded cases), the 2023/24 total of all financial penalties before any settlement discounts still reached a record high of £48.2 million due principally to the fine in the Carillion investigation, which accounts for £30.6 million of that total, becoming the FRC’s highest ever financial penalty. Similarly, the number of non-financial penalties (e.g. severe reprimands and exclusions) also fell in 2023/24, reflecting the overall lower number of cases concluded. 

Unusually, the FRC had no cases which were concluded through referral to the independent tribunal in 2023/24, i.e. where breaches or allegations of misconduct determined by the FRC are not accepted, such that an independent tribunal conducts a full public hearing to make its own determination. 

Finally, the FRC emphasises that proportionality is embedded in its enforcement approach, reporting that its filtering process (whereby an FRC Case Examiner conducts a first review of a case) resulted in fewer than 23% of cases reviewed by Case Examiners ultimately being referred to the Conduct Committee for potential investigation in 2023/24.   

Key themes

The Review identifies several key themes from the FRC’s 2023/24 enforcement activity, including: 

• failing to adequately understand the entity being audited: this resulted in failures to identify and assess risks of material misstatement and consequential failings in the design of audit procedures to address such risks; 
• failure to exercise the requisite professional scepticism (i.e. being alert to conditions which may indicate possible misstatement due to error or fraud): the FRC emphasises the importance of an auditor mindset which is alive to potential red flags and critically assessing evidence, both of which act as essential elements of an effective audit process; 
• failure to challenge that long-term contracts have been sufficiently accounted for (i.e. contracts where obligations extend across a number of accounting periods): the FRC highlights that such contracts require management to make subjective judgements and estimates about total revenue and costs, which can “present a heightened risk of misstatement from management bias” such that auditors need to sufficiently scrutinise these forecasts; 
• audit failings related to going concern assessments by management: the FRC flags that several investigations involved failures to properly follow audit procedures regarding management’s assessment of an entity’s ability to continue as a going concern, as well as failures to effectively consider management’s use of going concern assumptions; and
• ongoing failures in obtaining sufficient audit evidence and documentation: this impacted the ability of auditors to draw reasonable conclusions on which to base opinions, which in turn affected their compliance with FRC requirements. 

The FRC also identifies various other recurring themes in their current investigations, including objectivity and integrity, audit planning, revenue recognition, disclosures and risk of fraud.

Future enforcement areas

In relation to future enforcement, professional services firms should continue to take into account the key themes set out above and lessons learned from the FRC outcomes (and also recent FCA enforcement activity) with a view to avoiding such failings in future. Particular care will be needed in giving guidance to audit teams on recognising and reacting appropriately to potential ‘red flags’ in the course of an audit process. Audit partners may need to make difficult judgment calls and will require support from their legal and compliance advisers. Additionally, with the forthcoming transition to the ARGA, firms should be mindful that the scope of enforcement is expected to expand, potentially bringing company directors into ambit where there are serious failures in relation to their financial reporting and audit responsibilities.    

With thanks to Alexander Roper for his work on this briefing.