The Financial Reporting Council has issued its final decision notice after its investigation into KPMG Audit plc and the Audit Engagement Partner, Anthony Sykes, in respect of the statutory audit of Rolls-Royce Group for the financial year to December 2010. The action stemmed from failures to address matters identified in the audit that indicated a risk of non-compliance with laws – specifically in respect of 2 sets of payments to agents in India which subsequently formed part of the SFO investigation that led to the deferred prosecution agreement between SFO and Rolls Royce in respect of 12 counts of bribery.
The FRC said that allegations of bribery and “malpractice” were prominent at the time, and that, among other things, KPMG was aware that a defence company (for whom it also acted as auditor) had paid large fines to settle UK and US investigations on the use of intermediaries.
The FRC found that the firm and Mr Sykes should have included a summary of the issues in the audit documentation and, having been party to (albeit privileged) advice about the potential non-compliance had themselves (wrongly, and on their own undocumented subsequent account) decided there was no breach and therefore the possible effect on the financial statements could not be material. They purported to rely on an external law firm’s advice without understanding its scope, evaluating whether it was an appropriate basis for them to rely on as not evidencing non-compliance, and they did not explore whether the privileged advice might be made available to them. So they lacked evidence to show that either the suspected breach was no longer suspected to be a breach or that, even if it were, there would not be material effects on the financial statements. They then did not inform the internal engagement quality control review of the issues, but also Mr Sykes instructed one relevant paragraph to be removed from the draft before review. The paragraph that was removed had noted that Mr Sykes had discussed the issue with KPMG’s MLRO to establish whether KPMG should make a SAR, but it had been decided there was insufficient evidence for it to do so.
The findings did not result in material misstatement of Rolls Royce’s financial statements and related to a discrete but important part of the audit for one financial year. However, the FRC said there were serious failures to “exercise professional scepticism” to obtain sufficient, appropriate audit evidence and document it on file, and to achieve sufficient “Engagement Quality Control”.
- fined KPMG £3,375,000 (reduced from £4.5m for admissions and early disposal), issued a Severe Reprimand, required it to commission an independent external review of its policies, guidance and procedures relating to an audited entity’s compliance with laws and regulations, and made a declaration that the Statutory Report for the audit did not satisfy relevant requirements; and
- fined Mr Sykes £112,500 (reduced from £150,000), and issued a Severe Reprimand and declaration the audit report did not satisfy relevant requirements.
FRC said there had been no findings of breach in relation to the audits for the three subsequent years.