We believe that the scope of application of the guidelines should also include a clear reference to the communication between competent authorities and auditors collectively in line with Article 12(2) of Regulation (EU) No 537/2014 on specific requirements regarding statutory audit of public-interest entities (PIEs) and as stated under Principle 7 in section 4.3 of the Consultation Paper.
With particular reference to communication related to a credit institution, in which institution-specific information should be provided, at the individual or consolidated level, to the competent authority by the auditor or the group auditor, further guidelines – other than the one provided in paragraph 19 in section 4.1 of the Consultation Paper – are required in order to clarify how to ensure that sharing of information did not constitute a breach of any confidentiality obligation of the auditor, as stated in Article 12(3) of the Audit Regulation for the statutory audit of PIEs.
We recommend and support the approach to develop in local jurisdictions specific guidance so that terms, nature and scope of the communication are clear both to the supervisor and external auditor. In this context we also believe that appropriate communication protocols should be secured, addressing matters like confidentiality of information
Yes, we consider that date appropriate.
In general terms we consider the general framework of the communication appropriate; particularly, mutual understanding and building trust between the parties, without discharging respective responsibilities, will be key to open and constructive communication. More detailed guidelines how to cultivate them should be useful.
We note that Paragraph 15 refers to adequate processes that competent authorities and auditors should establish in order to build and ensure effective communication; also, the Consultation Paper defines “in-depth communication” – to be exercised with auditors of G-SIIs and O-SIIs – as “communication held on a more regular, formalized and documented basis” (paragraph 11 in section 2.4). We do not think that documentation of communication and meetings should necessarily be a key component of an effective sharing of information between competent authorities and auditors and that constructive dialogue often occurs in meetings which are neither formal nor documented. In accordance with International Standards on Auditing (and equivalent local auditing standards), auditors are required to express an opinion on the financial statements as a whole and, therefore, reports and/or documentation prepared by the auditor ad hoc or before the close of the financial statements could be a source of misunderstanding
We therefore suggest a drafting change of wording. Alternatively, more detailed guidance should be provided about how a formal documentation process should take place.
We agree with the proportionality approach proposed in paragraph 21 at section 4.1 and reiterated in subsequent paragraphs 22 and 23 referring to “in-depth communication” to be exercised with auditors of G-SIIs and O-SIIs given the risks those credit institutions pose to financial stability and with auditor of any credit institutions in case of “ad hoc” or emerging issues. Consistently, in the flow of information from competent authorities to auditors, in the context of an effective “two-way” communication, it should always be made clear to the auditors which credit institutions are considered as posing, at a domestic or global level, a systemic risk or are considered institutions where a greater supervisory effort is needed and applied.
We consider the areas and matters identified at section 4.2.1 as appropriates areas and matters of discussion and sharing of information, but in order to avoid any ambiguous interpretation we recommend to made clearer in the guidelines that auditors should not be obliged to provide competent authorities written materials on them or to ensure access to related detailed working papers.
In Italy all credit institutions are considered PIEs (Public Interest Entities) by law with application of auditors’ quality control policies and rules applicable to listed entities, including access to the auditor’s working papers by the audit oversight body. Working papers could not be usually at disposal of banking supervisor.
Moreover, some information (and documentation) should be already available to competent authorities or specifically requested by them to the management of the credit institutions, which remain in any case the main source of information for prudential supervision.
With specific regard to the content of Annex I which includes examples of issues on which information could be shared between competent authorities and auditor of an individual credit institution (or auditors collectively) we believe that some drafting change of wording, or clarification, would be welcome. Such matters and issues should be consistent with auditor’s responsibilities in conducting an audit in accordance with applicable auditing standards.
For instance, the suitability of the members of the management body, the senior management or the audit committee, where applicable, in a credit institution – included in Annex I with reference to corporate governance and internal controls – is a matter that goes beyond responsibility of the external auditor and requirements of internationally accepted auditing standards. In general terms, the assessment of internal controls of a credit institution required to its external auditor is critical to the audit of that credit institution but, according to International Standards on Auditing (ISA) the auditors should gain an understanding of the control environment and internal controls designed by the credit institution which are relevant to financial reporting objectives. In accordance with ISA, the objectives of an auditor when conducting an audit of financial statements of a credit institutions is, and remain, to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement and to report on the financial statements.
For these reasons, we recommend that the specification “relevant to financial reporting” be added to letters b. and c. in, respectively, paragraph 30 and 33 at section 4.2.1 of the Consultation Paper.
Also, we agree with the proposed approach to promote sharing of information on accounting matters, as outlined in Annex 1 with reference to financial statements, assets and liabilities’ valuation and disclosures. Nevertheless, with particular regard to critical accounting estimates and indications of management bias specifications in letter c. bullet i) and ii) appear to us too detailed and consequently not consistent with declared purpose of Annex 1 to illustrate examples of issues on what information could be shared.
For these reasons, we suggest to remove them.
Finally, among other issues outlined in Annex 1, we note that guidelines include issues related to appointment, change, dismissal or resignation of the auditor appointed to perform the statutory audit. On this regard, we deem appropriate consider that, in several legislations, and in particular in Italy, appointment, reappointment, removal, and more in general the oversight of external auditors are addressed by law and specific rules are provided for credit institutions which, as mentioned above, are included within the notion of PIEs. Therefore we believe that this matter, and related issues, should not be dealt with supervisory authorities.
As already indicated in our response to Question 3 in this letter, we do not think that written communication should necessarily be an effective form of communication as constructive dialogue often occurs in meetings which are neither formal nor documented. Moreover, an adequate written communication can take time to prepare and therefore, in some cases, it could not be a timely communication.
Nevertheless, if the expectation is for written, we deem appropriate a clearer indication of when the communication should be in writing, in particular restricting it to specific facts and circumstances stated by specific regulations which outline content and timing of communication. In that context, we believe also that written communication should not include communication sent by e-mail or fax in order to preserve confidentiality of information shared.
With particular reference to the provision that written communication “should be used at least when it is related to auditors’report” in paragraph 36, we consider appropriate a clarification, As auditors’ report are public once it has been published along with the credit institution’s financial statement, there would be no need for competent authorities to obtain it from the auditor and consequently we believe that there is no need to include the above provision in the guidelines. Alternatively, more detailed guidance should be provided
We consider guidelines on the participants in the communication in paragraphs 38 – 41 and 43 appropriate and, in particular, we agree with the usefulness of organising trilateral meetings with participation of management or specific individual in the credit institution as necessary.
We do not support reference to “other relevant authorities (such as those responsible for the supervision of financial markets or for the public oversight of auditors)”, in paragraph 42, without more detailed guidance on the reasons for inviting them to the meetings between competent authorities and the auditors of a credit institution; we understand that the purpose of these meetings do not relate to audit oversight activity nor to financial markets supervision. Accordingly, the wording should be revised or further guidance should be provided.
Our view is that no other participants would be required.
Yes, we consider appropriate and sufficiently clear the proposed guidelines. In particular we support the approach aimed to ensure adequate flexibility for meetings to be held as necessary and consultation with auditors on the appropriateness of the frequency and timing scheduled.
We agree with the proposed approach to encourage periodic and timely exchange of views between competent authorities and auditors collectively in order to ensure the developing a common understanding of matters or issues relevant to the audit of more than one credit institution or the general credit institutions’ industry. More detailed guidelines on manner and structure of those communication and meetings could be useful
We agree that costs expected to arise for auditors in relation to the meetings with competent authorities should be adequately considered in determining the frequency; additionally, we note that the form in which communication should take place (written or oral, formal or informal) would also have an implication for costs
We strongly support the EBA’s objective to increase the effectiveness of dialogue and communication between the competent authorities supervising credit institutions and auditors as a contributing factor to the effectiveness of the prudential supervision, on the one hand, and the improvement of quality of statutory audit of credit institutions, on the other hand.
The promotion of effective communication between competent authorities and auditors should lead to contribute to fostering financial stability and the safety and soundness of the banking system by facilitating the respective objectives and tasks of supervision of those institutions and of audit of their financial statements.
We noted that the Consultation Paper emphasize in a special manner the request to the auditor to communicate information on any issues which are relevant to the supervision of the credit institutions in order to facilitate the exercise of supervisory tasks. And, even when the guidelines state that competent authorities should share information with auditor, relevant information relate to issues that could be of relevance to the statutory audit of the credit institution in the judgement of the competent authority. More information about supervisory assessment and approach could instead be useful to auditors.
We believe that, in order to improve audit quality, a dialog based on reciprocity and on an effective “two-way” communication between auditors and competent authorities, so that supervisors also alert external auditors regarding areas of particular concern or enabling the external auditor to access to the supervisor’s communications to the credit institutions and to other useful information (such as supervisory risk assessments or other supervisory reviews) should be more clearly recommended and encouraged. The flow of information from supervisors to auditors is equally important than the one from auditors to authorities. Requiring a more open approach from supervisors towards auditors could be supportive of an audit with an enhanced level of quality.
We have no further comments.