The art of conversation: the expanded audit report

Abstract

The new generation of expanded audit reports includes disclosures about significant matters in a company’s financial reporting and its audit. These disclosures are a landmark change in auditors’ responsibility to provide information to the public. I examine expanded reports in various jurisdictions, why they became mandatory, what the evidence from their implementation is, and whether they have fulfilled the expectations of regulators and other stakeholders. Expanded reports are intended to increase the information content and usefulness of audit opinions, to increase external monitoring of auditors and management, and to foster a more open conversation between auditors and users of financial reporting. However, existing regulatory requirements, conflicting auditors’ incentives to provide new information, and evidence from the expanded reports’ implementation call into question whether these objectives have been met. It is my hope that expanded reports are only a first step towards enhanced auditor reporting.

1. Introduction and overview

The new generation of expanded audit reports includes disclosures about significant matters in a company’s financial reporting and its audit. These disclosures are a landmark change in auditors’ responsibility to provide information to shareholders.¹ Historically, in the United Kingdom (UK), the Companies Act of 1900 required an annual audit for all registered companies.² In the United States (US), mandatory audit opinions date as far back as 1934, when the New York Stock Exchange required registrants to provide an annual audit report, including standardised paragraphs for the audit scope and opinion. Since then, incremental changes in audit standards have permitted auditors to issue unqualified (i.e. ‘clean’), modified but unqualified, qualified, disclaimer, and adverse opinions. However, for the most part, the majority of companies listed in large stock markets receive standard unqualified opinions. In this article, I examine expanded reports in various jurisdictions, why they became mandatory, what the evidence from their implementation is, and whether they have fulfilled the expectations of regulators and other stakeholders. I also emphasise a number of exciting research opportunities for academics and offer insights for regulators and auditors.

Over the past two decades, three factors have resulted in regulators around the world fundamentally changing the content of the audit report. (Vanstraelen et al. 2012; Asare and Wright 2012; Mock et al. 2013; Bédard et al. 2016; FRC 2013a; IAASB 2012; PCAOB 2012). First, following the 2008 financial crisis and previous high-profile corporate scandals, the public has lost some confidence in the global capital markets and increasingly questioned the credibility of auditors. Second, a wide array of knowledgeable users of financial reporting perceived a gap between the information they desire, and the information provided in the audit report.³ This information gap is a component of a broader disparity between users’ beliefs about the auditor’s responsibilities and the auditor’s procedures, objectives, and responsibilities. Third, regulators and standard setters perceived a growing need to revisit the audit report to make it more relevant than a pass/fail opinion indicating whether a company’s financial statements comply with accounting standards.

In response to the public’s demand for more information about the audit, expanded reports discuss significant matters in a company’s financial reporting and its audit. Under the most current rules issued by the U.K. Financial Reporting Council (FRC) and the International Auditing and Assurance Standards Board (IASSB), these issues are called Key Audit Matters (KAMs) (FRC 2020b, IAASB 2015b), which are ‘those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance.’ Under the current rules issued by the U.S. Public Company Accounting Oversight Board (PCAOB), these issues are called Critical Audit Matters (CAMs) (AS 3107, PCAOB 2017), which are ‘defined as any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that (a) Relates to accounts or disclosures that are material to the financial statements; and, (b) Involved especially challenging, subjective, or complex auditor judgment.’ The regulatory changes to the audit report format also restructured some standardised components (e.g. the overall opinion is presented early in the text) and include other jurisdiction-specific requirements (e.g. discussing the audit’s scope and materiality in the UK and including auditor tenure in the US).⁴

Expanded reports are intended to increase the information content and usefulness of audit opinions, to increase external monitoring of auditors and management, and to foster a more open conversation between auditors and users of financial reporting.⁵ Embedded in these objectives is a broad expectation that additional auditor disclosures could directly or indirectly help users to assess a company’s financial reporting and audit quality or significant risks (FRC 2013a; IAASB 2015d; PCAOB 2017; Gutierrez et al. 2018). One can think of the transition from pass/fail audit opinions to expanded reports as similar to a mandatory vehicle emissions test. A number of owners would like to know not only whether their car passes the minimum bar set by the test (i.e. a pass/fail opinion), but also how their car performs relative to others (i.e. relative financial reporting and audit quality, even when the auditor issued an unqualified opinion). However, the expectations for expanded reports are at odds with the longstanding view that the auditor’s role is not to provide information; but instead to provide an opinion regarding whether financial statements fairly present the financial condition of a company, in accordance with the prescribed accounting standards.⁶

In section 2 of this article, I start by providing a timeline of the development and implementation of the expanded report requirements in multiple jurisdictions. The regulatory process to change the audit report format gained momentum around 2009 and continues to this day. In 2013, the FRC was a pioneer in mandating an expanded report, and nearly 70 other jurisdictions have adopted similar rules issued by the International Auditing and Assurance Standards Board (IAASB 2019). As an example of the inherent intricacy of the regulatory process, as of 2020 the FRC, the IAASB, and the PCAOB and US Securities and Exchange Commission (SEC) as of 2020 have collectively received 1,037 stakeholders’ letters that provided feedback on preliminary discussions, drafts of new and revised rules, and post-implementation analysis. These regulators also engaged in multiple rounds of public meetings and roundtables that gathered the opinions from accounting firms, reporting companies, investor representatives, professional associations, and academics.

In Section 3, I provide an overview of the definition, content, and sources of KAMs and CAMs. I underscore the processes that result in the auditor’s (1) identification of significant issues that can become KAMs and CAMs, and (2) determination of the language used to describe each issue (i.e. the risk and how the auditor addresses it). The definitions of KAMs and CAMs are somewhat similar, but the implementation of expanded reports in jurisdictions with different regulatory, legal, and market environments has resulted in noticeable variation in the number, the types, and the level of detail in KAMs and CAMs. However, despite differences between jurisdictions, the language of the existing reporting requirements and regulatory guidance issued by the IAASB and PCAOB, gives auditors only a small window to convey incremental information about unexpected threats (i.e. ‘unknown unknowns’) or about the quality of financial reporting and the audit. Instead, it is rather straightforward to meet the KAM and CAM requirements without having to disclose sensitive or new information.

Even if auditors commit to using ‘company-specific’ or ‘non-boilerplate’ language in their disclosures, the identification of KAMs and CAMs among the matters communicated to the audit committee (and typically disclosed in other sections of the company’s annual report, such as critical accounting policies and estimates), can follow a somewhat generic process that is unlikely to reveal new information.

I next discuss conflicting auditors’ incentives to provide incremental or new information in their reports. This is an issue that is seldom mentioned in the debate about the cost and benefits of expanded reports. Unfortunately, auditors do not benefit from being forthcoming (at least directly). For instance, auditors’ remuneration is not directly tied to corporate transparency and the move to expanded reports has not noticeably increased audit fees (Gutierrez et al. 2018). Instead, auditors face significant costs if they disagree with the client’s management and could be targeted by shareholder litigation linked to voluntary disclosures. Next, KAMs and CAMs, which focus on risks, do not necessarily communicate to users all the good actions that a company and its auditor have taken to produce what appears to be an ‘uninformative’ report (some stakeholders may even call this a ‘boring’ report). Finally, it is very difficult for users to ascertain variation in audit quality, because audits have the attributes of a credence good and it is not easy to decide whether to punish or reward auditors that agree with management’s views and estimates pertaining to high risk areas.

In Section 4, I discuss contemporary academic studies that examine the consequences of expanded reports. Generally, in a laboratory setting that simulates real-life situations, experimental studies show that the expanded report can provide information to investors and jurors. Existing experimental studies propose that auditor disclosures may have different purposes, including (1) to provide new information, (2) to add credibility to existing information, (3) to direct investors’ attention to high-risk areas, and (4) to provide a forewarning or disclaimer for potential audit problems. In contrast, data-driven analysis of the expanded reports under the FRC, IAASB, or PCAOB standards does not systematically support the claim that the report’s disclosures provide incremental information to investors or influence the quality of audits. Overall, as noted by Leuz and Wysocki (2016), studies of disclosure regulation struggle in implementing identification strategies that provide credible evidence about regulatory effects and their economic consequences. Moreover, it is difficult to isolate disclosure outcomes from the underlying economics.

In Section 5, I comment on challenges for the audit profession, including recent high-profile corporate scandals in the UK and Germany and whether enhanced auditor reporting could be a tool in tackling financial reporting and audit quality problems. Regrettably, the expanded reports that preceded these recent scandals question the usefulness of KAMs and whether companies and auditors view the expanded report requirements only as a compliance exercise. For instance, in the 2016 expanded report of the large UK contractor Carillion, the auditor KPMG includes three KAMs related to (1) recognition of contract revenue, (2) recognition of revenue in a licensing agreement, and (3) carrying value of goodwill. Although these KAMs touch upon areas in which alleged irregularities subsequently appeared, I believe the KAMs language seems unlikely to trigger additional scrutiny by investors about the reasonability of the company’s estimates. Subsequently, Carillion revealed severe financial problems in 2017 and collapsed a year later. KPMG allegedly failed to challenge management on highly questionable assumptions about revenue from construction contracts and accumulated goodwill from acquisitions (Banham 2018; Work and Pensions and BEIS UK Parliament Committees 2018). Despite the limitations of expanded reports, four recent reviews of the UK’s audit environment mention enhanced auditor reporting as part of a comprehensive solution to systemic audit quality problems (Kingman 2018; BEIS Select Committee 2019; Brydon 2019; CMA 2019).

In conclusion, I believe that expanded reports offer a promise that is yet to be fulfilled. Regulators, auditors, and companies have collectively spent considerable efforts and resources in making expanded reports a reality over the last 10 years, but it remains unclear whether these efforts have increased (or will increase) the usefulness of audit opinions. It is my hope that existing auditor reporting requirements constitute only a first step towards enhanced auditor reporting. Otherwise, the collective struggles in changing the audit report’s format may later be judged as fruitless.

2. The arduous journey of the expanded report requirements

This section gives an overview of the historical journey from standardised to expanded reports in multiple jurisdictions. The main objective of this overview is to provide a summary of the key milestones in a long and complex deliberative process. Below, I provide a separate timeline of the development and implementation of the expanded report standards by the FRC, IAASB, PCAOB, and other regulators.⁷

2.1. Timeline of the Financial Reporting Council standards

The UK’s FRC was a pioneer in mandating an expanded report. Between 2011 and 2016, the FRC took actions that culminated in the first major overhaul of the audit report format in the world. The FRC rules became effective on two dates, September 2013 and June 2017, for different types of companies. At the time there was a sense of urgency for audit reforms in the UK and the EU and enhanced auditor reporting was just one of many other initiatives considered at the time, such as mandatory auditor rotation and periodic tendering of audit engagements.

In January 2011, the FRC issued an initial discussion paper proposing enhancements to the audit report format and received responses from 34 stakeholders. The following year, in April 2012, the FRC issued a consultation paper with proposed standards on the format and content of the auditor’s opinion and received 21 stakeholder responses.⁸ In February 2013, the FRC issued yet another consultation paper on a revised auditor’s opinion standard (International Standard on Auditing ISA [UK and Ireland] 700), and received 31 stakeholder responses (FRC 2013a; FRC 2013b). Overall, the top concerns raised in the 31 responses were: technical difficulties in adopting the standards (55% of responses), boilerplate wording (52% of responses), inconsistency with requirements for international counterparts (35% of responses), increases in the cost of audits (32% of responses), increases in auditor litigation or reputation risk (32% of responses), and failure to increase the users’ ability to assess audit quality (16% of responses). Regarding the potential benefits, there was an expectation that the proposed requirements would increase users’ ability to assess audit quality (58% of the responses) and that benefits of the changes would outweigh costs (35% of the responses). Finally, in June 2013, the FRC issued a revised ISA 700 (UK and Ireland) ‘The Independent Audit Report on Financial Statements,’ the standard requires auditors to: (1) describe the most significant risks of material misstatement (RMMs) that had the greatest effect on the overall audit strategy; (2) disclose how the auditor applies materiality, including a materiality threshold for the statements as a whole and performance materiality; and, (3) explain the scope of the audit (ISA 700 [UK and Ireland] paragraph 19A; FRC 2013c).

The FRC expanded report requirements soon became effective for a subset of UK companies, with a premium listing of equity shares on the London Stock Exchange (LSE) Main Market and fiscal year-ends on or after September 2013.⁹ Subsequently, the FRC conducted two post-implementation reviews – in March 2015 and January 2016—based on 153 and 278 audit reports issued in the first two years of the rules, respectively. Also, in September 2014, noting that the 2013 FRC standards did not exactly align with the IAASB proposed standards on the expanded report, the FRC issued a revision to ISA 700 (UK and Ireland) (FRC 2014a).¹⁰

In June 2016, the FRC further revised its standards (ISA [UK] 700, FRC 2016a; ISA [UK] 701, FRC 2016b) to fully converge with the IAASB’s recently approved standards. A notable development was a new and separate standard that provided the requirements and guidance applicable to the discussion of KAMs, including a description of the most significant RMMs and how the audit addressed them (ISA [UK] 701). The requirements applicable to the discussion of the audit’s materiality and scope also moved to the new ISA (UK) 701. According to ISA (UK) 701 (paragraph 2), the purpose of KAMs is to enhance the communicative value of the audit report by providing greater transparency about the audit. Communicating KAMs provides additional information to users of the financial statements to assist them in understanding those matters that, in the auditor’s professional judgment, were of most significance in the audit. Communicating KAMs may also assist users in understanding the company and areas of significant management judgment in its financial statements. Importantly, although RMMs in the 2013 rules and KAMs in the 2016 rules are largely similar, the more recent rules and accompanying regulatory guidance provide an enhanced framework to guide the auditor in discussing KAMs. The revised FRC rules became effective for all companies listed on the LSE, including the Main and the Alternative Investment Markets, and also for Public Interest Entities (PIEs) with fiscal year-ends on or after June 2017.¹¹

At present, the most important requirements of the UK expanded report are in ISA (UK) 700 and 701 (FRC 2020a; FRC 2020b). These standards were revised again in November 2019 and January 2020 to include conforming amendments arising from the revision of related rules on auditing accounting estimates and disclosures (ISA [UK] 540). Finally, several other standards linked to the auditor’s opinion were revised during the process between 2013 and 2019, for example ISA (UK) 260, 570, 705, and 706, on communications with those charged with governance, going concern opinions, modified opinions, emphasis of matter, and other matter paragraphs.

2.2. Timeline of the International Auditing and Assurance Standards Board (IASSB) standards

The IAASB undertook a regulatory process between 2009 and 2016 that overlapped with the FRC efforts. In September 2009, the IAASB received the results of commissioned research studies that aimed to identify and provide information and insights on stakeholders’ perceptions about the audit and the audit report.¹² In May 2011, the IAASB issued a consultation paper on enhancing the value of audit reports, and received 82 stakeholder responses. In June 2012, the IAASB issued an invitation to comment (ITC) that featured a revised audit report with a number of suggested improvements (IAASB 2012). The IAASB solicited feedback in a series of roundtables, and also received 165 written responses.¹³ In July 2013, the IAASB issued an exposure draft that was approaching the final version of the standards, and received another round of feedback in 139 stakeholder responses. Finally, in January 2015, the IAASB issued revised and new standards (ISA 700 ‘Forming an Opinion and Reporting on Financial Statements’ IAASB 2015a; ISA 701 ‘Communicating Key Audit Matters in the Independent Auditor's Report’ IAASB 2015b). The overhaul of the old audit report format brought other technical changes to the text, for example the overall opinion is now presented more prominently in the first section of the report (ISA 700, paragraph 49). The IAASB expanded report requirements became effective for audits of listed entities with fiscal year-ends on or after December 15, 2016 for jurisdictions where local regulators enforce the IAASB rules (e.g. the European Union).

2.3. Timeline of the Public Company Accounting Oversight Board standards

The US PCAOB started its own regulatory process around the same time as its international counterparts, but the PCAOB final rules were not approved until 2018. The PCAOB rules also became effective on two dates—June 2019 and December 2020— first for large accelerated filers and next all other issuers.

In June 2011, the PCAOB issued an initial concept release to solicit public comments on a proposed standard-setting project targeting the content and form of the audit report for US issuers (PCAOB 2012).¹⁴ The PCAOB proposals attracted a lot of attention and received even more comments than the IAASB proposals. The 2011 PCAOB concept release received 155 comment letters. More than two years later, in August 2013, the PCAOB issued a proposal for two new auditing standards on the audit report and received 248 comment letters. After a long review process, in May 2016, the PCAOB issued a re-proposal of the audit report standard AS 3101, ‘The Audit Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion’ (PCAOB 2012). The 2016 re-proposal received 88 comment letters, summarised as follows: 34% of the responses agree with the proposed requirements, 50% of the responses disagree with the proposed requirements, and 16% of the responses are neutral or cannot rate the comments.¹⁵ Moreover, there are 83 mentions of information issues (e.g. auditors’ disclosures could result in a conflict if they provide original information that is not contained in other disclosures prepared by management, or conversely if auditors’ disclosures provide information that has little value relevance) and 69 mentions of undesired unexpected consequences (e.g. leading to inconsistencies or low comparability between issuers and motivating users to question the pass/fail nature of the auditor’s opinion). Finally, in June 2017, the PCAOB issued a revised audit report standard, AS 3101 (PCAOB 2017). In July 2017, the US SEC made a final consultation round before releasing the 2017 PCAOB rules and received 51 comment letters. In October 2017, the SEC approved the revised PCAOB standard AS 3101 (SEC 2017).

Although the intent of the PCAOB rules is somewhat similar to that of the IAASB and FRC rules, there are some technical distinctions, primarily that the PCAOB rules (1) have unique language to define and identify significant risks (i.e. CAMs); (2) specify that CAMs relate to a component of an account or disclosure that is material to the financial statements; (3) include an additional requirement to disclose the auditor’s tenure in the report; and, (4) do not require the auditor to discuss the materiality or scope of the audit (PCAOB 2017). The PCAOB expanded report requirements became effective for large accelerated filers with fiscal years ending on or after June 30, 2019. In March 2019, the PCAOB published staff guidance on CAMs, based on the PCAOB’s review of CAM methodologies, practice aids, training materials, and examples submitted by 10 US audit firms that collectively audit approximately 85% of large accelerated filers (PCAOB 2019a). In May 2020, the PCAOB issued a request for comment as part of the post-implementation review of CAM requirements and received 23 letters. CAMs will be required for all US issuers with fiscal years ending on or after December 15, 2020.

2.4. Regulatory developments in other jurisdictions that have adopted the IAASB standards

In January 2020, an IAASB post-implementation update reported that 67 jurisdictions worldwide had adopted its expanded report standards (IAASB 2020). Below, I summarise some related regulatory developments in the European Union (EU), Hong Kong, and Mainland China.

In 2014, the EU passed new laws as part of a comprehensive audit reform. The reform mandated an expanded report based on the IAASB standards for listed companies in European stock exchanges with fiscal years ending on or after June 2016. The reform also included requirements for all PIEs on mandatory audit firm rotation, audit committee oversight, and restrictions for non-audit services.

Other notable milestones in the regulatory process include the adoption of the IAASB expanded report standards in Hong Kong and Mainland China in December 2016 and 2017, respectively. The combined stock exchanges in these jurisdictions constitute one of the largest capital markets requiring an expanded report. Notably, adoption of the expanded report rules in these jurisdictions in 2016 and 2017 independently occured in the form of a one-time switch that involved thousands of listed companies (many times the number of companies that adopted the FRC rules in 2013).

In August 2015, the Hong Kong Institute of Certified Public Accountants (HKICPA) adopted the IAASB expanded report standards. The HKICPA rules became effective for companies listed in the Stock Exchange of Hong Kong Limited, with fiscal year-ends on or after December 15, 2016.¹⁶ Subsequently, in October 2017 and November 2018, the HKICPA published two post-implementation analyses.¹⁷

A little more than a year after the HKICPA, December 2016, the Chinese Institute of Certified Public Accountants (CICPA) released new and revised China Standards on Auditing, converged with equivalent IAASB ISAs. The CICPA rules became effective for companies listed in Mainland China stock exchanges, with fiscal year-ends on or after December 15, 2017.

3. What is the information in KAMs and CAMs?

This section provides the definition, content, and sources of KAMs and CAMs. In my discussion of the sources of these disclosures, I review the processes that result in the auditor’s identification of matters that can become KAMs and CAMs (e.g. significant risks) and in the determination of the language used to describe each matter (i.e. the description of the risk and the audit procedures to address the risk). The objective of this overview is to shed light on whether the new requirements give auditors a narrow or wide latitude to provide incremental information for the report’s users, primarily investors, about a company’s financial reporting and audit quality (or significant risks). Lastly, I discuss how auditors have weak incentives —beyond regulatory requirements— to voluntarily disclose new information in KAMs and CAMs.

3.1. The process that generates KAMs

IAASB’s ISA 701 (paragraph 9; IAASB 2015b) defines KAMs as: ‘Those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements of the current period. Key audit matters are selected from matters communicated with those charged with governance.’ In determining KAMs, the auditor should take into account three criteria: (1) areas of high risk of material misstatement; (2) areas involving significant auditor and management judgment, including estimates with high estimation uncertainty; and, (3) significant events or transactions that occurred during the period. Each KAM typically includes a title (i.e. topic), a description of the matter, and a description of the auditor’s procedures to respond to or address the matter.

A number of stakeholders have paid considerable attention to the definition of KAMs and the criteria to identify them; however, an aspect that is somewhat overlooked is that the source of KAMs are ‘matters communicated with those charged with governance.’ For companies listed in large stock exchanges, typically the audit committee is the primary entity among ‘those charged with governance.’ Although some stakeholders may argue that all significant financial reporting and auditing issues are openly discussed between the auditor and the audit committee, in practice, the auditor’s communications are tightly scripted to comply with the requirements of ISA 260 ‘Communication with Those Charged with Governance’ (IAASB 2015c). Thus, we must therefore consider how auditors fulfill the requirements of ISA 260 to find the subset of significant matters that can become KAMs.

Although the auditor and the audit committee may meet multiple times during the year to review the audit’s progress and the company’s interim financial results, ISA 260 (paragraphs 14–17) mandates the auditor to communicate only four aspects about the audit: (1) the auditor’s responsibilities, (2) planned scope and timing, (3) significant findings, and (4) the auditor’s independence. An explicit discussion of financial reporting and audit risks appears in (2) and (3), which I describe below.

The auditor must communicate an overview of the planned scope and timing of the audit, including significant risks involved (ISA 260, paragraph 15).¹⁸ This communication occurs in the initial stages of the engagement and is typically supported by a document or presentation delivered to the audit committee during a meeting. This document or presentation includes a high-level qualitative discussion of a relatively small number of risks (sometimes called significant assessed risks or areas of audit focus). The discussion provides a risk topic or area, brief descriptions of each risk, and general audit procedures recommended to address each risk. Sometimes, the auditor also gives a ‘gradation’ for each risk (e.g. high or medium). In most cases, risks come from known sources, including: (a) the client’s current and prior year financial reports (e.g. critical accounting policies, judgments, estimates, and sources of estimation uncertainty); (b) large or unusual transactions occurring during the year (e.g. a business acquisition); (c) changes to accounting standards (e.g. revised leased standard IFRS 16 becomes effective on 2019); (d) the audit team’s experience (e.g. similar issues within the client’s industry); and, (e) the audit firm’s methodology (e.g. common format of the audit committee presentations and a ‘catalogue’ of areas of audit focus). Importantly, the level of detail in the communication of risks is limited because the auditor must find a balance between helping the audit committee understand significant risks (ISA 260, paragraph A11–12) and preserving the effectiveness of the audit (ISA 260, paragraph A16).

The auditor must also explain significant findings from the audit (ISA 260, paragraph 16), a communication that typically occurs when the engagement is substantially completed and is documented in a similar fashion as the audit plan. Importantly, the auditor goes back to the high-level risks in the planning communication and explains how they were addressed during the audit. The communication of findings also provides other disclosures to meet additional requirements of ISA 260. Specifically, the auditor must also provide (ISA 260, paragraph 16): (1) views about significant qualitative aspects of the entity’s accounting practices, including accounting policies, accounting estimates, and financial statement disclosures; (2) significant difficulties, if any, encountered during the audit; (3) significant matters discussed with management and written representations requested by the auditor; (4) the form and content of the audit report; and, (4) any other matters relevant to the oversight of the financial reporting process. In meeting the requirement for (2) above, the auditor may refer to a summary of significant accounting policies or make reference to ‘critical accounting estimates’ or ‘critical accounting policies and practices’ (ISA 260, paragraphs A19 – A20). Arguably, these provisions foster the circularity between the company’s and the auditors’ disclosures.

Given the sequence of communications requirements previously described, the communication of findings from the audit constitutes a primary source of KAMs. Within the communication of findings, there are two likely sets of qualitative risks that make their way into KAMs: (1) those already discussed in the planning (or interim) communications; and (2) those already discussed in the client’s financial reporting, such as critical accounting policies and estimates or significant transactions. I acknowledge that there are differences in the communications process that depend on the company, the audit firm, and the audit partner. In some cases, KAMs can also come from interim communications (e.g. large impairment in the first quarters of the fiscal year). However, it is unlikely that the communication of findings does not refer back to those risks or that such risks are not described in the company’s quarterly reports. Overall, these conditions make it unlikely that a number of the KAMs topics will reflect previously unknown financial reporting or audit risks.

There is a possibility that the language in KAMs (i.e. description of the matter and audit procedures) could provide incremental information, beyond other disclosures already made by the company; however, the application material in ISA 701 (IAASB 2015b) gives auditors little opportunity to provide any ‘original information.’ ISA 701, Paragraph 34 states, ‘The nature and extent of information provided by the auditor is intended to be balanced in the context of the responsibilities of the respective parties (i.e. for the auditor to provide useful information in a concise and understandable form, while not inappropriately being the provider of original information about the entity).’ Next, paragraph 35 delimits the boundaries of original information as ‘any information about the entity that has not otherwise been made publicly available by the entity … Such information is the responsibility of the entity’s management and those charged with governance.’ ISA 701, paragraph 35 also discourages original information in the KAMs description, ‘It is appropriate for the auditor to seek to avoid the description of a key audit matter inappropriately providing original information about the entity. The description of a key audit matter is not usually of itself original information about the entity, as it describes the matter in the context of the audit … the auditor may encourage management or those charged with governance to disclose additional information, rather than the auditor providing original information in the audit report.’

Finally, perhaps KAMs may have other effects, such as a ‘spillover’ or ‘added credibility’ for other company disclosures pertaining to high-risk areas. Nevertheless, from an observer’s perspective, these effects are highly uncertain. It is not possible to determine whether information flows from KAMs to company disclosures or the other way around. Overall, the processes that generate KAMs make it unlikely that their topics and language could provide incremental information to users about the company’s financial reporting and audit quality (or significant risks).

3.2. The process that generates CAMs

Despite the regulatory differences, the processes that generate CAMs and KAMs are somewhat similar in concept and practice. For brevity, I only discuss some relevant aspects of the PCAOB’s CAM requirements. The definition and determination of CAMs is given in AS 3101 (paragraphs 11-12, PCAOB 2017). Notably, materiality is a determining factor in whether a matter communicated or required to be communicated to the audit committee is a CAM. In practice, however, the identification of a significant versus a material matter is unlikely to differ (i.e. under ISA 701 versus AS 3101). Next, under the PCAOB standard on communications with audit committees AS 1301 (PCAOB 2012), significant risks also appear in the communications of the audit strategy (planning) and the results of the audit (findings). Furthermore, AS 1301 is more prescriptive than ISA 701, and some argue that the US legal and regulatory environment is focused on compliance. Therefore, US auditors are more likely to ‘tick all the boxes’ in satisfying the requirements in AS 1301 and may even include a checklist in their workpapers and results document that demonstrate compliance with the requirements.

The definitions of KAMs and CAMs are somewhat similar, but I highlight that the implementation of expanded reports in jurisdictions with different regulatory, legal, and market environments has resulted in noticeable variation in the number, the types, and the level of detail in KAMs and CAMs. For example, UK KAMs include additional information on year-over-year changes in the risk level, references to other sections of the annual report where management describes the issue (sometimes the KAM also gives a dollar amount, if it is tied to a particular financial statement account), and what was communicated to the audit committee about the matter. This last piece of information gives unique insights on the communications between the auditor and the audit committee.¹⁹ Finally, the IAASB rules give auditors relatively more flexibility to discuss in KAMs significant risks that do not necessarily relate directly to a financial statement account or disclosure, for example information technology issues.

In contrast, US CAMs specifically relate to material accounts or disclosures and do not provide additional information beyond the title, description, and auditors’ response (although in some cases there are references to other sections of the annual report). While the typical number of KAMs in the UK is between three and four, the typical number of CAMs in the US is between one and two (Gutierrez et al. 2018; Bochkay et al. 2020; Burke et al. 2020). Notably, some dual-listed companies even have different numbers of KAMs and CAMs in their audit reports under the PCAOB and IAASB rules. For instance, in Unilever PLC’s 2019 Form 20-F (PCAOB rules), there are only two CAMs, related to the assessment of tax contingent liabilities in Brazil and assessment of uncertain direct tax transfer pricing positions. In contrast, in the company’s 2019 Annual Report (IAASB rules), the KAMs include the same two matters in CAMs plus three others related to revenue recognition, investment in subsidiaries, and indefinite intangible assets.

Another noteworthy issue of the US rules is the high similitude between the language the SEC uses to describe critical accounting policies and estimates and the language the PCAOB uses to describe CAMs. The SEC rules for the Management Discussion & Analysis and PCAOB Appendix A to AS 1301 (SEC 2011; PCAOB 2012) describe these critical policies as those that ‘are both most important to the portrayal of the company's financial condition and results, and require management's most difficult, subjective, or complex judgments, often as a result of the need to make estimates about the effects of matters that are inherently uncertain.’ The PCAOB rules (PCAOB 2017) state that a CAM ‘is defined as any matter arising from the audit of the financial statements that was communicated or required to be communicated to the audit committee and that (a) Relates to accounts or disclosures that are material to the financial statements; and, (b) Involved especially challenging, subjective, or complex auditor judgment.’ The parallel language suggests a conceptual circularity between critical policies and estimates in the MD&A and CAMs in the audit report.

Lastly, the PCAOB rules and guidance also address the ‘original information’ issue. On the one hand, the PCAOB 2017 rules release mentions that ‘no PCAOB standard, SEC rule, or other financial reporting requirement prohibits auditor reporting of information that management has not previously disclosed’ (PCAOB 2017, p. 33); on the other hand, in its 2019 review of the largest firms’ methodologies, the PCAOB staff states that ‘when communicating CAMs in the audit report, the auditor is not expected to provide information about the company that has not been made publicly available by the company unless such information is necessary to describe the principal considerations that led the auditor to determine that a matter is a CAM or how the matter was addressed in the audit’ (PCAOB 2019b, p. 2).²⁰

3.3. Do auditors have incentives to disclose information that differentiates the quality of audits?

In the previous discussion, I explain how the existing rules give auditors a narrow latitude to convey information about threats that arise from situations that are unexpected (i.e. ‘unknown unknowns’) or incremental information about a company’s financial reporting and its audit. Moreover, it seems relatively easy to meet the KAM and CAM regulatory requirements without having to disclose sensitive information. Note that these two concerns are distinct from some stakeholders’ claims that KAMs and CAMs would be filled with boilerplate or ‘disclaimer’ language (Kachelmeier et al. 2020). Even if auditors commit to using ‘company-specific’ or ‘non-boilerplate’ language, the identification of KAMs and CAMs among the matters communicated to the audit committee can follow a somewhat generic process that is unlikely to reveal new information.

Throughout the regulatory debate, there is little discussion of how auditors would benefit from issuing transparent and informative reports. An extensive theoretical and archival literature on voluntary disclosure has demonstrated that managers and companies benefit from transparent financial reporting, primarily by getting increased access to cheaper external financing (e.g. Beyer et al. 2010). Auditors, however, could only indirectly benefit from providing new information if it (a) reveals the relative quality of audits or audit firms, and (b) leads to higher compensation or market share for those firms that provide high-quality audits and differentiate themselves through expanded reports. This possibility is explicitly mentioned in the PCAOB’s rules release (PCAOB 2017, p. 83): ‘If expanded auditor reporting allows investors to differentiate among accounting firms and engagement partners, it should provide a more nuanced signal of audit quality and financial reporting reliability.’ Furthermore, (PCAOB 2017, p. 85): ‘the communication of critical audit matters, potentially in conjunction with disclosures regarding the identity of the engagement partner and other accounting firms that participated in the audit, and other relevant information should enable differentiation among engagement partners and accounting firms on that basis’.

Nevertheless, several conditions call into question that KAMs or CAMs are a differentiator of audit quality or a mechanism to police low audit quality. First, auditor remuneration is not tied to corporate transparency and the move to expanded reports has not noticeably increased audit fees or affected auditors’ market share (Gutierrez et al. 2018; CMA 2019). Second, disclosure alone is unlikely to address the problem that clients may not want aggressive auditing, which discourages auditors to compete based on the quality of their services and instead motivates them to adopt a cost-minimization strategy (Coffee 2019). Third, auditors could be targeted by shareholder litigation linked to KAMs or CAMs (or their absence), especially if they disagree with management’s disclosures. Fourth, KAMs and CAMs disclosures, which focus on risks, do not necessarily show users all the good actions that a company and its auditor have taken to produce what appears to be an ‘uninformative’ report (some may call this a ‘boring’ report). Finally, it is very difficult for users to ascertain variation in audit quality (Causholli and Knechel 2012) or to weight the overall benefits and unintended costs of increasing audit quality through regulation (Knechel 2016). In the case of KAMs and CAMs, it is not clear whether auditors’ agreement (or redundancy) with management’s estimates reflects high or low audit quality.²¹

4. Review of the academic literature on expanded reports

This section discusses a growing body of academic research on the consequences of expanded reports. I caution readers that research in this area is evolving and there is much we still need to learn.

I start the discussion with early studies that examine stakeholder perceptions of the audit report. Second, I briefly discuss a related stream of studies on departures from the standard unqualified audit report. Third, I review the experimental and archival evidence on the consequences of the expanded report, placing emphasis on research examining the 2013 adoption of the FRC rules. Generally, in a laboratory setting that simulates real-life situations, experimental studies show that the expanded report can provide information to investors and jurors. In contrast, data-driven analysis of the expanded reports under the FRC, IAASB, or PCAOB rules does not support the claim that the report’s disclosures systematically provide incremental information about a company’s financial reporting and audit quality (or significant risks). Finally, I also discuss some general limitations of the existing archival studies and offer my views on opportunities for future research in this area.

4.1 Early studies (primarily discussion papers and literature reviews)

Concurrent with the initial regulatory steps toward the expanded report, a number of early studies examine stakeholders’ perceptions about the audit report. Church et al. (2008) summarise historical information about the auditor’s opinion in the US and provide a synthesis of the extant literature. They highlight that the wording and pass/fail nature of the report allow users to easily distinguish departures from a standard unqualified opinion. After reviewing the existing literature, Church et al. (2008) note that (a) the discussion on the audit report leaves out factors that are assumed to be irrelevant (e.g. how auditors collect evidence); (b) the audit report has symbolic value but lacks communicative value; and, (c) the report’s users are confused about the auditor’s responsibilities and the audit’s process and level of assurance. Finally, Church et al. (2008) suggest that including additional disclosures can enhance the communicative value of the audit report.

Three subsequent studies by Gray et al. (2011), Vanstraelen et al. (2012), and Asare and Right (2012) respond to regulators’ interest in revising the audit report. Using focus groups, structured interviews, and an experiment, these studies document users’ and auditors’ perceptions of the report. The three studies conclude that there is a substantial expectations gap between users’ and auditors’ views of the audit process and its outcomes.

Two subsequent literature reviews by Mock et al. (2013) and Bédard et al. (2016) reassess contemporary research. The most recent of these two, Bédard et al. (2016), reviews initial findings on the proposed or issued expanded report rules. They review 40 studies that appeared between 2007 and mid-2015. However, at the time of the publication of Bédard et al. (2016), a number of those studies were still in-progress, and their combined evidence appeared limited or inconsistent.²² In the sections below, I revisit a number of studies on the consequences of the expanded report that are now published.

4.2. Studies of departures from the standard unqualified audit report

A stream of related studies investigates whether the audit report provides incremental information when there are departures from a standard unqualified opinion (i.e. going concern, additional explanatory language, and other modifications).

First, there are somewhat mixed findings regarding the incremental information content of going concern opinions (GCOs). Studies of GCOs typically use short-window market reaction (e.g. abnormal stock returns or trading volume in the days surrounding announcements of GCOs), or default prediction models (e.g. association between GCOs and subsequent bankruptcy) as indicators of the information content of these opinions. Some studies find that the market reacts negatively to GCOs in the US and other jurisdictions (e.g. Menon and Williams 2010). However, a recent study by Myers et al. (2018) shows that the market reaction to GCOs in the US is largely attributable to contemporaneous information released by companies around GCOs, and specifically to concurrent earnings announcements. After controlling for the effect of earnings announcements, GCOs seem to convey little incremental information. Also, Ogneva and Subramanyam (2007) do not find a market reaction to GCOs in Australia.²³ Regarding the ability of GCOs to predict default, some early studies claim that GCOs are inferior to default models that use financial information as input (e.g. Koh 1991). However, Hopwood et al. (1994) demonstrate that GCOs are just as good as models of default that use financial ratios and client size as inputs. Next, Willenborg and McKeown (2001) document that GCOs have both information content and predictive content for initial public offerings. More recently, Gutierrez et al. (2020) show that adding GCOs to a number of default models increases the models’ predictive ability. It seems, therefore, that GCOs summarise a complex set of conditions not captured entirely by other predictors of default and could be a useful signal of high risk of default for some investors.

Second, there are somewhat mixed findings regarding the information content of opinions with explanatory language in the US.²⁴ On the one side, Czerney et al. (2014) find that financial statements with audit reports containing explanatory language predict future restatements. They conclude that explanatory language communicates some information about financial reporting quality. On the other side, Czerney et al. (2019) find a nominal short-window market reaction to the release of reports with explanatory language. They attribute this lack of response to investors’ incomplete reactions to auditor’s disclosures and to previous disclosure of information by other sources.²⁵

Third, another stream of studies has used departures from a standard unqualified opinion as an indicator of audit quality. For example, after controlling for the client’s financial condition and other factors, a high incidence of GCOs among Big N auditors is interpreted as evidence of high audit quality (Carson et al. 2013). However, the association between financial reporting quality and modified opinions is not straightforward (DeFond and Zhang 2014). Bartov et al. (2000) find a negative link between earnings management (i.e. discretionary accruals) and modified audit opinions. In contrast, Butler et al. (2004) demonstrate that previous findings are attributable to an association between GCOs and large negative accruals for companies in financial distress and not to earnings management.

Overall, existing studies on departures from a standard unqualified opinion are relevant to the nascent literature on the expanded report.²⁶ As explained above, there is some evidence of incremental information in GCOs and additional explanatory language. Also, the short-window market reaction stands out as a primary indicator to determine whether departures from a standard unqualified opinion provide incremental information. However, the theory, arguments, and findings in prior studies do not provide a direct expectation about the consequences of the unique expanded report disclosures.

4.3. Experimental studies

A number of experimental studies have investigated the consequences of the expanded audit report, focusing primarily on the effect of KAMs and CAMs on investors’ decisions and on jurors’ perceptions of auditor liability. Interestingly, the laboratory setting allowed these studies to test early examples of CAMs language proposed by regulators without waiting until the rules were approved. Hence, these studies could potentially offer insights regarding pressing concerns raised during the regulatory process. For instance, a number of stakeholders warned that the expanded report could increase legal liability for auditors and companies (PCAOB 2016, 2017). The collective findings of these studies support the notion that some proposed elements of the expanded report provide useful information to investors and potential jurors. Also, these studies propose that auditor disclosures may have different purposes, including (1) to provide new information, (2) to add credibility to existing information, (3) to direct investors’ attention to high-risk areas, and (4) to provide a forewarning or disclaimer for potential audit problems.

Three studies by Christensen et al. (2014), Sirois et al. (2018), and Elliott et al. (2020) examine the consequences of the proposed expanded report for investors. Christensen et al. (2014) investigate how nonprofessional investors react to a CAM referring to the audit of fair value estimates. The study’s participants who receive an expanded report with a CAM are more likely to change their investment decisions than are (a) those participants who receive a standard report, or (b) those participants that receive the same information in other sections of the annual report. They, therefore, identify ‘information’ and ‘credibility’ roles for CAMs. However, the effect of a CAM decreases if it is followed by a clear resolution of the issue. Sirois et al. (2018) conduct a unique experiment of the effect of KAMs on investors using an eye-tracking device. The study’s participants inspect more rapidly any KAM-related company disclosures and pay more attention to Kam-related disclosures when KAMs are communicated by the auditor. They conclude, therefore, that KAMs have an ‘attention-directing’ role. More recently, Elliott et al. (2020) argue that company-specific auditor commentary (which may be provided as part of KAMs) could serve as a way for auditors to credibly convey information about financial reporting quality to investors. The study’s participants assign higher value to companies that have a relatively higher financial reporting quality.²⁷ Also, Dennis et al. (2019) find that disclosures from managers and auditors provide different value-relevant information about the same underlying issue. These two last studies are interesting because they confirm that investors could respond to information if it helps to grade a company’s financial reporting quality.

Other experimental studies have examined how CAMs affect jurors’ perceptions of auditor liability after a misstatement has been discovered. Gimbar et al. (2016) suggest that CAMs increase jurors’ perceptions of auditor’s liability. However, Brasel et al. (2016) and Kachelmeier et al. (2020) find that CAMs have the opposite effect and suggest that a ‘disclaimer’ or ‘forewarning’ effect may drive auditors to include a large number of CAMs in order to decrease their expected liability. Kachelmeier et al. (2020) reconcile these differences, which are attributable to measurement uncertainty. Asbahr and Ruhnke (2019) show another aspect of the ‘forewarning’ effect by examining the implications of KAMs for audit quality. The study’s participants show lower levels of auditor skepticism (i.e. proposed adjustment amounts) when an accounting estimate is reported as a KAM. They argue that KAMs may serve as a moral license to waive an adjustment.²⁸ Finally, Vinson et al. (2019) show that jurors assess higher auditor negligence when a CAM is removed than when a CAM is reported, and also when a CAM is reported for multiple years than for one year.

4.4. Archival studies of the UK experience

Three studies by Gutierrez et al. (2018), Reid et al. (2019), and Lennox et al. (2019) examine data from the first wave of expanded reports in the UK after September 2013 and focus on the consequences of the expanded report for investors, audit quality, and costs of audits. A fourth study by Porumb et al. (2019) takes a somewhat different direction and examines the consequences of the expanded report for private debt contracting. Finally, Sierra-García et al. (2019) examine the content of KAMs for FTSE 100 companies.

A primary concern is whether the expanded disclosures increase the information content and relevance of the audit report. However, simply disclosing financial reporting and audit risks may not materially change users’ perceptions of a company’s value. The usefulness of the expanded report depends on at least three underlying assumptions. First, the expanded report itself provides incremental information, or the expanded report indirectly forces companies to provide incremental information in other disclosures. Second, the incremental information is relevant to users in making investment decisions. Third, the incremental information reveals a threat that may not have been sufficiently addressed during the audit (i.e. residual risk). Without meeting these assumptions, the expanded report is unlikely to have valuation consequences, even if it provides more information about the audit than the previous pass/fail auditor’s opinion.

Gutierrez et al. (2018) and Lennox et al. (2019) conclude that the first wave of expanded reports in the UK provide little incremental information to investors. The arguments, research designs, and findings in these studies are complementary.²⁹ Gutierrez et al. (2018) use a difference-in-differences research design that compares the effects of the audit report between LSE premium and AIM companies over four years, including two years before and after September 2013, when the rules became mandatory only for premium companies.³⁰ Their main measures of incremental information are based on the short-window market reaction to the public distribution of a company’s annual report, which includes the audit report (i.e. cumulative absolute abnormal returns and abnormal trading volume). They do not find evidence that these outcomes changed incrementally for LSE premium companies in the two years after September 2013. They also fail to find evidence that variation in (a) the length of the audit report; (b) the total number of risks; (c) the number of unique risks (i.e. those not discussed in the concurrent audit committee’s report); and (d) the materiality threshold had incremental effects on short-window market reaction.³¹

Lennox et al. (2019) focus on the effect of the RMMs. Using short-window market reaction analyses (i.e. cumulative signed abnormal returns), they also demonstrate that investors do not respond to RMMs, even after isolating unexpected RMMs. Next, using equity valuation models, they demonstrate that although RMMs capture uncertainty about financial reporting, they lack incremental information about a company’s value.³² An interesting aspect of Lennox et al. (2019) is that they perform a manual search of RMMs in other disclosures previously made public by the company (e.g. annual reports, earnings announcements, and conference calls). The results of this search confirm that investors were already informed about the vast majority of RMMs.

A secondary concern is whether the expanded report has a spillover effect on audit quality. A broad section of the literature has generally demonstrated that auditors’ reputation, litigation, and regulatory forces shape auditors’ incentives to provide high-quality audits (DeFond and Zhang 2014). The expanded report may influence audit quality by placing companies and their auditors under relatively more careful scrutiny, especially when it comes to risk disclosures (PCAOB 2017; Christensen et al. 2014). However, the correspondence between the expanded report and audit quality is uncertain. Conceptually, at least three conditions have to be met in order to make expanded reports an incremental driver of audit quality. First, there is a relation between the expanded report’s disclosures and audit quality. Second, the cost of increasing audit quality is lower than the expected marginal cost of litigation and reputational concerns. Third, the expanded audit report will reveal suboptimal audit quality that was previously unknown.

Gutierrez et al. (2018) and Reid et al. (2019) reach divergent conclusions on the consequences of the expanded report for audit quality. Gutierrez et al. (2018) use a difference-in-differences research design to examine incremental changes in audit quality for LSE premium companies (as previously described). Their main proxy for audit quality is the absolute value of discretionary accruals.³³ They do not find evidence that the expanded report is associated with a change in this audit quality proxy. In contrast, Reid et al. (2019) conclude that the changes in reporting requirements are associated with a significant improvement in audit quality. They document decreases in companies’ absolute abnormal accruals and in their propensity to meet or beat analyst forecasts as well as an increase in earnings response coefficients after the adoption of the expanded report rules. Some may argue that the findings are ‘mixed,’ but Gutierrez et al. (2018) attempt to reconcile the evidence. First, they document that the results of Reid et al. (2019) based on absolute abnormal accruals are sensitive to the calculation of this measure and the years included in the sample. Second, they fail to replicate other results in Reid et al. (2019) based on the propensity of meeting or beating analyst forecasts and the magnitude of earnings response coefficients.

Next, the three studies by Gutierrez et al. (2018), Reid et al. (2019), and Lennox et al. (2019) concur that the expanded report did not result in noticeable audit fee increases. More broadly, if audit fees are taken as an indicator of auditor effort, the result of these studies provide some support for the claim that the expanded report has not appreciably increased auditor effort. It is interesting to mention, however, that companies with a relatively high number of RMMs and long auditor reports pay comparatively higher audit fees, after controlling for the effects of company size, profitability, and complexity (Gutierrez et al. 2018). Hence, the RMMs reflect some variation in financial reporting risks or quality that is not captured by other general variables (e.g. company size, ROA, etc.). Nevertheless, simply disclosing RMMs does not in itself cause a change in audit fees.³⁴

Porumb et al. (2019) conclude that the expanded report had consequences for private lenders. They argue and present evidence that the expanded report decreases adverse selection problems by improving lenders’ ability to assess borrowers’ risk, which, consequently, leads to less stringent loan contracting terms. Moreover, they show some evidence that lenders perceive borrowers with fewer risks of material misstatement in the audit report as less risky, which translates into incrementally more favorable loan contracting terms. Finally, Sierra-García et al. (2019) examine the KAMs of FTSE 100 companies during the period 2013-2016. They focus on the number and types of KAMs (i.e. entity-level and account-level, representing 41% and 59% of the number of reported KAMs, respectively). They show that (a) client characteristics are associated with the number and types of KAMs, and (b) there are differences in the types of KAMs between auditors.

Lastly, Rousseau and Zehms (2020) examine within-partner and audit firm similarities in KAM reporting in the U.K., focusing on the volume of KAMs, their topical diversity, and their linguistic properties. Partner fixed effects explain between 10–19 percent of the variation in KAM characteristics. In contrast, audit firm fixed effects explain only between two to five percent of the variation in KAM characteristics.

4.5 Other archival studies (mainly research in-progress or that needs corroboration)

The consequences of the adoption of expanded report requirements in multiple jurisdictions constitutes an active area of research. Emerging studies are trying to extend the evidence beyond the first wave of adopters in the UK, focusing, for example, on New Zealand, Australia, Hong Kong, Mainland China, the UK AIM, and the US large accelerated files. Most of these studies are either in progress or require additional corroboration. There is also related evidence from France’s parallel requirement to disclose Justifications of Assessment.

Li et al. (2019) examine the adoption of the expanded report in New Zealand after December 2016. New Zealand has also converged its standards with the IAASB. Li et al. (2019) find that the adoption of the expanded report rules is associated with an improvement in audit quality and an increase in audit fees. Their paper is one of the few published studies that examines non-UK data. However, its research design is based only on pre–post adoption analyses (i.e. without a control group), and relies on small samples (i.e. including with 91 and 122 firm-year observations). Although interesting, this additional evidence only suggests changes in the quality and costs of audits associated with the expanded report.

Kend and Nguyen (2020) examine the KAMs of listed Australian companies during the period 2017-2018, after the adoption of the IAASB rules in 2017. This study provides descriptive evidence on the number and topics of KAMs and examine the changes between 2017 and 2018. They show that (a) companies report, on average, two KAMs in both years, (b) 70% of companies have the same KAM topics in both years, and (c) that client characteristics and auditor type influence the year-over-year changes in KAMs.

Three studies examining Hong Kong and Mainland China reach divergent conclusions on the consequences of the expanded report in these two jurisdictions. The transition to the IAASB expanded report rules in these jurisdictions involved a large number of companies, from all sizes and industries.³⁵ Liao et al. (2019) examine the adoption of the expanded report in Hong Kong and Mainland China. They take advantage of the one-year gap between the effective dates in these jurisdictions and use the companies in one market as a control group for the other market, resulting in including large samples of adopters and non-adopters in the test. They do not find evidence of an association between the introduction of KAMs and the information value of the audit report or audit quality in any of the two jurisdictions. Their study also focuses on the potential effect of variations of a number of salient KAMs characteristics (e.g. types of issues and language used by the auditor). They do not find evidence of an incremental association between their outcomes of interest and the characteristics of the KAMs.³⁶ In contrast, another study by Zeng et al. (2020) finds an incremental audit quality after the adoption of the expanded report for companies in Mainland China. Finally, Goh et al. (2019) find an incremental market reaction to the expanded report for companies in Mainland China. Liao et al. (2019), Zeng et al. (2020), and Goh et al. (2019) take different approaches in dealing with the one-time implementation of the rules in these jurisdictions. The divergence in their conclusions may be partially attributable to research design choices. The two latter studies use a small sample of Mainland China companies listed in Hong Kong as a control group (i.e. a group of 90 AH firms).

In a follow-up study, Gutierrez et al. (2020b) take advantage of the staggered regulatory approach in the UK to examine the consequences of the expanded report for the second wave of companies, listed in the LSE AIM, that adopted the revised FRC standards in 2017. AIM companies are small and have a relatively poor information environment.³⁷ These conditions lead us to expect that investors of AIM companies could especially benefit from any disclosures in the expanded report. However, Gutierrez et al. (2020b) find only a marginal increase in market reaction (i.e. abnormal trading volume) to AIM companies’ annual reports, and this result is highly sensitive to using alternative measures of market reaction. Further, this study does not find evidence of incremental changes in the cost or quality of audits.³⁸

A recent study by Burke et al. (2020) provides some of the first available evidence on the consequences of the expanded report for US large accelerated filers. This study pushes the boundaries of existing research not only by examining new data, but also by proposing new analyses. Some of these new analyses, examining the characteristics of the CAMs text and comparing them to other elements of the annual report, are only feasible using US data.³⁹ They find that a company’s complexity, the nature of financial reporting issues, and the magnitude of accounts that require high degrees of judgment predict the number and topics of CAMs. Next, using textual analysis, they document changes in the financial statement footnotes directly referenced by CAMs, providing new evidence of a potential spillover effect of CAMs on other disclosures. Also, using similar outcome variables as prior studies in the UK, Burke et al. (2020) do not find a detectable market reaction or overall changes in audit quality for large accelerated filers after the CAM requirements.⁴⁰ Another recent study of CAMs by Klevak et al. (2020) finds associations between the characteristics of CAMs and (1) market reaction to a company’s annual report (i.e. returns and volatility), and (2) the properties of analysts’ forecasts (i.e. dispersion, change in dispersion) and recommendations. However, this second study is only cross-sectional, focusing in the relatively short post-adoption period from July 2019 and May 2020, and does not support strong causal inferences about the consequences of the CAM requirements.

Another study focuses on the unique institutional requirement in France to include Justifications of Assessment (JOA) in the audit report. This requirement evolved somewhat separately from the regulatory developments discussed in prior sections. Bédard et al. (2019) examine the association between the introduction of Justifications of Assessment (JOA) in 2003 and investor reaction, publication lag, abnormal accruals, and audit fees. They do not find evidence of an association between the first-time disclosure of JOAs, following the introduction of this requirement, and any of the potential consequences of the JOAs. They also do not find an effect of new JOA disclosures in subsequent years. The study concludes that the French expanded disclosures failed to produce the intended outcome for either investors or auditors. A primary limitation of this study is that although JOA relate to audit risks, they can be considered only a precursor of RMMs or KAMs as viewed by the IAASB recent rules.

4.6. Limitations of existing studies and future research opportunities

Some general limitations of existing studies on the consequences of the expanded report include (1) the differences between jurisdictions limit the generalizability of local findings and should prompt researchers to adapt their studies’ designs for each setting; (2) the characteristics and number of companies listed in some markets, particularly in the UK, constrain the types of analyses that researchers can conduct; (3) the single effective date for the expanded report standards questions the availability of ‘obvious’ control groups; and, (4) the market-based tests of incremental information provide only indirect support for the claim that the expanded report provide useful information. These limitations stand in the way of reaching definitive conclusions on the consequences of the expanded report. In the paragraphs below, I elaborate on these issues.

First, each jurisdiction and market setting have unique features that cannot be directly generalised to other settings. For example, in a strict sense, in the UK, the first and second waves of expanded reports in 2013 and 2017 were based on different rules.⁴¹ Importantly, although RMMs in the earlier rules and KAMs in the more recent rules are largely similar, the more recent rules and accompanying regulatory guidance provide an enhanced framework to guide the auditor in discussing KAMs. Researchers must be careful when referring to prior findings to motivate new studies and adapt their research designs to capture features of the expanded report in their setting.⁴²

Second, the first wave of UK expanded reports is subject to four limitations, inherent to the characteristics and number of the companies that adopted the 2013 FRC rules. In that setting, (1) it is unlikely that the auditors’ reports of typically large premium companies listed in the LSE —or even their annual reports— will be a significant source of news for investors; (2) there is a relatively small number of LSE premium companies, and statistical power is a problem, especially when researchers want to examine sub-samples of the data (e.g. Big 4 versus non-Big 4 auditors); (3) the adoption of the expanded report coincided in time with the adoption of the UK Corporate Governance Code (FRC 2014b) that mandated overlapping disclosures on significant accounting risks by the audit committee; (4) auditors, companies, and investors had little time to adapt to the expanded reports in the first years of the new rules; and, (5) although it is possible to use UK AIM non-adopters as a control group for UK premium adopters of the expanded report, these two groups of companies have notable differences in the typical size and regulatory environments. Unfortunately, these differences cannot be mitigated by matching companies in the two groups in the pre-adoption period, due to sample size limitations.⁴³ In light of these limitations, researchers and other parties must interpret the evidence from this setting with caution.

Third, there is no ‘obvious’ or within-country control group in markets where there is a single effective date for the implementation of expanded report standards. For example, regulators in Hong Kong and Mainland China made the expanded report mandatory for the vast majority of companies in December 2016 and December 2017, respectively. There was no staggered adoption of the rules in each of these markets, except for a very small subset of companies including 95 Mainland China companies dually listed in Hong Kong (known as A + H shares) that adopted the expanded report requirements in 2016. In these cases, researchers must demonstrate that their identification strategy effectively isolates the effect of the expanded report rules from other time trends. For example, audit fees typically increase every year, and documenting that audit fees increase after the adoption of the expanded report rules constitutes weak causal evidence that the new requirements are costly.⁴⁴

Fourth, there are a number of inherent limitations of market-based tests of incremental information content. Researchers and consumers of research should be aware of three known limitations of short-window market reaction tests: (1) the audit report is issued within the annual report, and the research design must isolate the content of these two sources; (2) the public release of the annual report barely ‘moves’ the market for a number of actively traded companies in sophisticated stock markets, and when this is the case researchers must carefully control for the confounding effect of pre-announcements (Li and Ramesh 2009; Myers et al. 2018); and (3) the typical tests capture the average effect of the expanded report and cannot be taken as conclusive evidence auditors’ disclosures do not have any incremental information for some investors.⁴⁵ Next, if researchers wish to use other market-based outcomes (e.g. cost of capital, crash risk, and stock return synchronicity), they must explain why these alternative outcomes capture investors’ behavior in unique ways that short-window market reaction outcomes do not. Finally, researchers should be very cautious when using tests involving the interaction between the market’s reaction to earnings announcements and the content of the audit report (i.e. earnings response coefficients ERCs), because (1) in markets outside the US, the depth of analyst coverage and the availability of earnings forecasts needed to calculate earnings surprises are typically limited; (2) it is highly uncertain at what point in time stock prices would reflect the effect of KAMs or CAMs in the earnings announcement that corresponds to the same period when risks are disclosed, or in the next earnings announcement(s); and (3) it is highly uncertain whether KAMs or CAMs are the direct cause of cross-sectional variation in ERCs, or KAMs or CAMs simply reflect uncertainty in financial reporting, known by investors, but not ‘controlled for’ in an incomplete ERC model.⁴⁶

Given the high degree of uncertainty regarding the expected consequences of the expanded report, a number of studies in this area will continue to face ‘null results.’ However, the academic community, including authors, reviewers, and editors, has a known preference for ‘statistically significant’ findings, and studies documenting ‘null results’ are simply less likely to stand out and get published. Academics and other consumers of research must exercise care in describing, interpreting, and aggregating conflicting findings. We must walk a fine line between tolerating divergent evidence and stopping progress because we do not have yet any definitive evidence.⁴⁷

Going forward, I envision a number of research opportunities to extend the literature by (1) developing an expectations model for KAMs and CAMs to isolate expected and unexpected information in these disclosures, a task that will become more important as we conduct market reaction analyses far from the first years of the adoption of the rules;⁴⁸ (2) determining the overlap and discrepancies between the expanded report and other company disclosures to pinpoint the new information provided by the auditor; (3) determining whether and how any non-overlapping information provided by the auditor could be relevant for investment decisions (e.g. it is difficult to infer much about a company’s value from audit procedures used to address each matter); (4) providing evidence on the ‘credibility’ and ‘attention-directing’ roles of KAMs and CAMs, including determining what friction(s) impede investors to trust or understand related disclosures; (5) examining the effect of the expanded report on communications between the auditor and the audit committee; (6) examining the effect of the expanded report on auditors’ time constraint during the closing phase of the audit; (7) providing evidence on the ‘forewarning’ and ‘disclaimer’ roles of KAMs and CAMs, including whether the expanded report influences the incidence of litigation actions against issuers and auditors and the way litigation actions are resolved; (8) determining whether and how the expanded report affects the auditor’s process, effort, and quality; and (9) determining whether common KAMs and CAMs topics have unique effects on complex aspects of financial reporting (e.g. revenue recognition, impairments, and deferred taxes).

Moreover, I stress that although the intended consequences of the expanded disclosures are to increase the usefulness of the audit report and indirectly increase audit quality, there could be several unintended consequences. So far, the literature has focused on two unintended negative consequences, increases in litigation risk (primarily in experimental studies), and increases in audit fees (primarily in archival studies). However, there are opportunities to examine other potential problems, such as changes in the nature of communications between the auditor and the audit committee and consuming auditors’ time and resources towards the end of the audit. Furthermore, there could be other unintended positive consequences, such as improvements in the annual report disclosures pertaining to matters mentioned in the audit report.

Pursuing these research opportunities would require a mix of publicly available and private data from multiple jurisdictions as well as gathering insights on the complex behavioral mechanisms that involve management, audit committees, auditors, and users. It is imperative to keep conducting research in this area, given the considerable efforts invested in making the expanded report a reality and the unrealised promise of making the audit report more informative.

5. Challenges for the audit profession and future opportunities for the expanded report

This section comments on challenges for the audit profession, including recent high-profile corporate scandals in the UK and Germany and whether enhanced auditor reporting could be a tool in tackling financial reporting and audit quality problems. I provide some anecdotes of the expanded reports that preceded some of those scandals and try to ascertain whether KAMs could have alerted investors about high risk areas. Next, I discuss four recent regulatory reviews of the UK’s audit environment and highlight references to expanded reports.

5.1. Could KAMs have alerted investors about high-risk areas in recent corporate scandals?

A number of recent high-profile scandals in the UK and Germany have again put the efficacy of auditors into question. These scandals primarily involve business failures and possibly a combination of severe financial reporting issues and management misconduct. These scandals will have direct consequences for the auditors involved and wide indirect consequences for the audit market.⁴⁹

The UK had at least 14 major corporate scandals between 2014 and 2020, including: Tesco, Rolls-Royce, Autonomy Corporation, Redcentric, Mitie, Carillion, Conviviality, Quindell (Watchstone group), BHS, M&C Saatchi, Patisserie Valerie Holdings, Thomas Cook, Interserve, Serco Geografix, Ted Baker, and Eddie Stobart. Among these examples, I found 11 companies with expanded reports preceding the scandal. In 2020, Germany experienced the demise of Wirecard, a company that also had expanded reports in the previous years. Unfortunately, after reading the expanded reports of these companies in detail, I feel that none of them conveys information that would have helped users to determine that the company had low-quality financial reporting or that would have triggered intense external scrutiny. For further illustration, I review the Carillion and Wirecard cases below.

Carillion described itself as an integrated support services business. The company had a network of multinational operations, including the UK, Canada, the Caribbean, and the Middle East. The company held about 450 UK government contracts, spanning the education, justice, defense, and transport ministries. The company was also an important supplier of construction services to the Canadian government. In 2016, the company had sales of £5.2bn, and until July of that year a market capitalisation of almost £1bn. However, in 2017, the company lost money on large and risky contracts that proved unprofitable and also faced significant payment delays. During that year, the company issued three profit warnings in a period of five months and wrote off more than £1bn of client contracts. In January 2018, the company collapsed under too much debt. It was the largest insolvency in UK history, endangering over 20,000 jobs and a larger number of pensions. The company went into liquidation with liabilities of $9 billion. The global firm KPMG, Carillion’s auditor for all 19 years of the company’s existence (since 1999) allegedly failed to challenge management on highly questionable assumptions about revenue from construction contracts and accumulated goodwill from acquisitions (Banham 2018; Work and Pensions and BEIS UK Parliament Committees 2018).

In the company’s 2016 expanded audit report (fiscal year ending on December 31, 2016), KPMG includes three KAMs related to (1) recognition of contract revenue, (2) recognition of revenue in a licensing agreement, and (3) carrying value of goodwill. The KAMs refer to related disclosures in the annual report. Importantly, although these KAMs touch upon areas where the alleged irregularities appeared, the KAMs language seems unlikely to trigger additional scrutiny by investors about the reasonability of the company’s estimates. For example, here is the first KAM (p. 86, Carillion):

Recognition of contract revenue, margin, and related receivables and liabilities; Risk vs 2015(decreased).

The risk – The Group recognises revenue based on the stage of completion of construction contracts by reference to the proportion of costs incurred to the balance sheet date compared with the estimated final costs of the contract at completion and therefore relies on estimates in relation to the final out-turn of costs on each contract. Changes to these estimates could give rise to material variances in the amount of revenue and margin recognised. Contingencies may also be included in these estimates of cost to take account of specific risks, or claims against the Group, arising within each contract. These contingencies are reviewed by the Group on a regular basis throughout the contract life and adjusted where appropriate. Finally, variations and claims are recognised on a contract-by-contract basis, both on service and construction contracts, where the Group believes the rights and obligations exist given the progress of negotiations. There is therefore a high degree of judgement in: assessing the level of the cost contingencies to recognise; appropriately recognising variations and claims; and estimating the revenue recognized by the Group based on the projected final out-turn on contracts.

Our response – We evaluated the controls designed and implemented by the Group to monitor amounts owed on service and construction contracts, and in particular, the claims and variation elements across the Group. We attended a sample of, and inspected minutes from all, the Major Projects Committee meetings, which form a key part of the Group’s risk process to fully challenge, at an executive level, both new tenders and contract bids and ongoing performance on existing contracts. We then selected a sample of contracts using a variety of quantitative and qualitative factors in order to assess and challenge the most significant and more complex contract positions. In this area our procedures, which varied by contract, included …  [the KAM proceeds to list seven generic audit procedures that apply to revenue recognition of contract revenue].

In Germany, the demise of the fintech company Wirecard in 2020 left a number of stakeholders stunned at the magnitude of the company’s fraud that allegedly involved inappropriate revenue recognition and significant inflation of cash balances. In June 2020, the global firm EY, Wirecard’s auditor for over a decade, refused to give an opinion on the company’s 2019 accounts, claiming that Wirecard provided false information and that cash balances worth almost two billion euros held by related parties could not be verified.⁵⁰ This amount represented around a quarter of Wirecard’s balance sheet, all the profits that the company made in more than a decade, and more than one quarter of the company’s total revenue between 2016 and 2019. Some argue that clear warning signs of accounting malpractice appeared over a long period. The Financial Times questioned the company’s accounting and business practices for more than 18 months. Also, a special audit by KPMG was unable to substantiate some of the company’s revenues in 2016-2018. With few exceptions, auditors, investors, analysts, and regulators seemingly ignored the red flags (Kowsmann et al. 2020; Storbeck 2020).

In the company’s 2017 expanded report (fiscal year ending on December 31, 2017), EY includes four KAMs (p. 290-294) related to (1) the acquisition of a business, (2) valuation of goodwill, (3) valuation of customer relationships, and (4) recoverability of receivables and presentation of revenues from acquiring partners. None of these KAMs conveys a heightened level of risk that would meaningfully alert the company’s shareholders.

In the company’s 2018 expanded report (fiscal year ending on December 31, 2018), EY includes a new KAM related to allegations of misreporting by a whistleblower in Singapore (p. 219). However, the KAM’s text ends with the conclusion that ‘our audit procedures did not lead to any reservations regarding the accounting treatment of matters on the basis from investigations, which were performed in response to allegations of a whistleblower in Singapore.’ The issue is mentioned, but there is little sense of urgency in the discussion of this highly irregular matter.

The anecdotal evidence in these cases leads us to question whether companies and auditors take the expanded report requirements as a compliance exercise. There is, however, hope that the content of the expanded report will make it more evident that auditors failed in assessing the issues that they identified as KAMs.

5.2. References to the audit report in recent reviews of the UK’s audit environment

Four recent reviews of the UK’s audit environment include references to changes in the audit report format. Some comments and recommendations provided in the reviews suggest that expanded reports are part of a comprehensive solution to systemic audit quality problems but also mention that more needs to be done to increase the effectiveness of auditor reporting.⁵¹

First, Sir John Kingman’s Independent Review of the Financial Reporting Council (Kingman 2018) mentions an unresolved audit expectations gap (p. 29-30). The review notes that the UK was the first country to introduce expanded reports and praises some auditors for presenting judgmental views as ‘graduated’ findings—for example, describing management estimates as cautious, balanced, or optimistic (pp. 51–52). The review’s Recommendation 53 supports further enhancements to the audit report in this direction (p. 52).

Second, the Competitions & Markets Authority’s (CMA) Statutory Audit Services Market Study (CMA 2019) (p. 16) recommends that auditors engage more directly with investors —for instance delivering a presentation at the company’s annual general meeting showing how auditors challenged management— and that the audit report be published at the same time as the announcement of the company’s results (i.e. on the earnings announcement date). The study also mentions that audit quality is difficult to observe and measure (p. 36), even for audit committees (p. 60), an issue that is linked the information gap and the credence good of audits. Next, the study mentions explicitly that investors have welcomed the information in expanded reports, but that many feel more could be done to provide greater transparency over management’s assumptions and auditors’ key judgments (p. 75).

Third, The House of Commons Business, Energy and Industrial Strategy (BEIS) Committee’s report The Future of Audit (BEIS Committee 2019) Summary (p. 3) recommends the use of ‘graduated’ findings to make audits more transparent and useful, and encourages further discussion of how the audit’s scope might be widened to give auditors more opportunities to express forward-looking opinions and report on other issues affecting stakeholders. The report further explains the idea of ‘graduated’ findings (pp. 17–18) and points out that a shortcoming of the current expanded report is that auditors do not present enough details about their opinion.

Fourth, Sir Donald Brydon’s Report of the Independent Review into the Quality and Effectiveness of Audit (Brydon 2019) recommends, among other actions, a change to the language of the opinion and improved auditor communication and transparency. More specifically, the report recommends (p. 7) ‘clarity and reinforcement of the need for auditors to provide useful information to the users of audit reports. Significantly that information should, on occasion, include original information (that is, to say, information not produced by the audited company for disclosure) that is likely to have a material impact on users’ decision.’ However, the report also recommends (p. 78) that ‘the evolution of graduated findings be left to the marketplace for audit services.’

An extensive body of the academic literature supports the notion that corporate disclosure is helpful to valuing companies and mitigating agency problems (e.g. Beyer et al. 2010). Expanded reports can aid companies and investors in accomplishing these objectives. I emphasise, however, that there is only so much that auditor reporting can do to tackle the complex causes of financial reporting and audit quality problems. As noted by Leuz and Wysocki (2016, p. 527) ‘disclosure mandates are increasingly used in lieu of regulation that explicitly stipulates or prohibits certain behaviors, the idea being that mandated disclosure and transparency incentivize desirable behaviors ad discourage undesirable ones.’ To illustrate some limitations of disclosure regulation without additional regulatory actions, I discuss the lessons learned after a recent major crisis in another industry.

In 2018 and 2019, worldwide aviation authorities intervened after two accidents involving the Boeing 737 MAX airplane. The root causes of the accidents included technical and managerial problems at Boeing and enforcement lapses at the US Federal Aviation Administration. Given the extremely low probability of two similar accidents within a short period of time, aviation authorities quickly recognised the possibility of a systemic problem and took decisive actions —for instance, ensuring the safety of passengers by grounding all 737 MAX planes, conducting exhaustive forensic reviews of the accidents, and determining the technical causes of the accidents (i.e. allegedly a combination of software failures and insufficient pilot training) (Pasztor 2020). Following these early actions, a number of corrective measures are now in place and many others will surely follow, but it is unlikely that those measures would include disclosing to passengers the most significant risks of flying.

6. Conclusions on the future of expanded reports

After reviewing the institutional background and academic findings on the adoption of expanded reports, as well as concerns about systemic audit quality problems, I believe expanded reports offer a promise that is yet to be fulfilled. For academics, I emphasise exciting opportunities for future research on this topic—where there is still a need for definitive answers. For regulators and auditors, I underscore that existing requirements can simply be a first step toward enhanced auditor reporting that truly help users to infer variation in financial reporting and audit quality (or significant risks).

I encourage regulators to reflect on the following issues: (1) the relevance of comprehensive post-implementation reviews and the need to implement decisive enforcement actions to discourage auditors from taking an ‘easy’ compliance approach; (2) the advantages of convincing auditors and companies that there is value in providing incremental information in expanded reports, going as far as creating some incentive scheme to reward transparent reports; (3) the need to carefully and continuously manage the costs and benefits of lengthy and repetitive risk disclosures;⁵² (4) the importance of conducting a comprehensive re-examination of how the combination of auditing standards on risk assessment, auditor communications, and auditor reporting ultimate affects the way in which risks are identified and addressed in the audit (i.e. are auditors discussing ‘known’ risks with the audit committee and that arise from a generic or highly circular process?); and (5) the possibility of allowing auditors to discuss internal and external business risks as part of KAMs and CAMs (e.g. high levels of leverage, loss of major clients, industry competition, capital markets pressure, etc.).

Beyond the relatively direct recommendations listed above, I encourage regulators to continue evaluating alternative approaches that provide gradation of companies’ performance in some pre-determined aspect. Compared to the potentially ambiguous disclosures in KAMs and CAMs, the recommendations of other trusted advisors (e.g. financial analysts, proxy advisors, and credit rating agencies) offer rankings and choices for investors.⁵³ However, regulators must weigh these alternatives against the costs of a regime change and also convince stakeholders that auditors’ responsibilities should evolve outside of providing an opinion regarding whether financial statements are truly prepared and fairly presented in accordance with the prescribed accounting standards.

I encourage professional accountants to reflect on the importance of their professional role as auditors, which regrettably diminishes when audits are simply perceived as another ‘business line’ of worldwide service organizations. The future of the profession is at stake if society no longer regards auditors as a crucial and reliable control mechanism. I urge auditors to stop using the ‘expectations gap’ as an excuse to avoid providing information that a wide set of stakeholders is demanding. At a more practical level, I suggest that auditors consider whether it is in their best interest to provide only the ‘minimum’ information to comply with the expanded report requirements, or instead to push for more latitude to report on relevant issues for stakeholders.

Acknowledgements

I thank Pietro Bianchi, Alison Dundjerovic, Robert Hodgkinson, Jere Francis, Robert Knechel, Jake Krupa, Gillian Knight, Estrella Malca, Mark Peecher, Jeffrey Pittman, Linette Rousseau, Jaime Schmidt, Joe Schroeder, Kay Tatum, Maria Vulcheva, Michael Willenborg, Allister Wilson (discussant), Yini Wang, and an anonymous reviewer for helpful comments and suggestions. I thank the Institute of Chartered Accountants in England and Wales (ICAEW) for their kind invitation to deliver the 2020 PD Leake Lecture, accompanying this paper. I also thank Yini Wang for her excellent research assistance. All errors are my own.

Disclosure statement

No potential conflict of interest was reported by the author(s).

Notes

1 Regulators, academics, and other stakeholders refer to recent audit reports that include additional non-standardized disclosures as ‘expanded’ or ‘extended’ reports. Throughout this paper I use the term ‘expanded report(s)’.

2 Auditors had to sign a certificate at the foot of the balance sheet, stating whether audit requirements were met and report to shareholders on the accounts that were examined. Subsequent changes to the Act in 1907, 1928, and 1948 extended the scope of the auditor’s opinion and introduced the requirement to report specifically on whether the accounts gave a ‘true and fair view’ (Stettler 1994).

3 These knowledgeable users of financial reporting primarily include investors and other parties interested in understanding a company’s business model and financial reporting. Throughout my discussion I refer to this group mostly as ‘users’ or ‘report’s users’.

4 The discussion of KAMs and CAMs are the most salient requirements of the expanded reports. However, there are some additional requirements that differ across jurisdictions. Additional requirements are discussed in section 2.

5 For instance, the PCAOB explains that ‘In the view of some investors, critical audit matters will add to the total mix of information, providing insights relevant in analyzing and pricing risks in capital valuation and allocation, and contributing to their ability to make investment decisions’ (PCAOB 2017, p. 3).

6 The language of the standard auditor opinion slightly differs between jurisdictions. For example, in the UK the opinion says ‘ the company’s financial statements give a true and fair view of the state of the company's affairs at [date] and of the company’s profit and cash flows for the year then ended; have been properly prepared in accordance with IFRS as adopted by the European Union; and have been prepared in accordance with the requirements of the Companies Act 2006.’ In the US the opinion says ‘the financial statements present fairly, in all material respects, the financial position of the corporation at [date] and the results of its operations and its cash flows for the period ended at [date], in conformity with US generally accepted accounting principles’.

7 The FRC is a UK organization that reports to the UK Parliament and regulates auditors, accountants and actuaries in the public interest. It has powers to set financial reporting and auditing standards and also to enforce compliance with those standards. The International Auditing and Assurance Standards Board (IAASB) is an independent standards body that issues standards, quality control guidelines, and other services, to support the international auditing of financial statements. It is a body supported by the International Federation of Accountants (IFAC). Both the FRC and IAASB rules are called International Standard on Auditing (ISA). The IAASB ISAs are international standards devised to align auditing around the globe. While not all jurisdictions require compliance with the ISAs, most at least use the standards as a guide for their own systems. The IAASB ISAs are applied throughout the European Union member states for audits of Public Interest Entities. According to the European Union 2006 EU Statutory Audit Directive, PIEs include: (1) companies with transferable securities listed on EU regulated markets and governed by the law of an EU member; (2) credit institutions authorized by EU member states’ authorities; (3) insurance undertakings authorized by EU member states’ authorities; (4) other entities a member state may choose to designate as a PIE. The FRC ISAs are significantly converged with the IAASB ISAs; however, an important naming convention is that the FRC ISAs also mention their scope, which changed from ‘UK and Ireland’ to only ‘UK’ for standards issued on or after 2016.

8 Concurrently, the FRC also issued a consultation on changes to the UK Corporate Governance Code and Guidance for Audit Committees.

9 The exact wording of the standard is based on fiscal years beginning on or after October 1, 2012.

10 This revision allowed UK auditors to assert compliance with both sets of standards (e.g., providing KAMs that included the auditor’s response to each RMM).

11 The exact wording of the standard is based on fiscal years beginning on or after June 17, 2016.

12 This was a joint project with the American Institute of Certified Public Accountants (AICPA).

13 Overall, 10.3% of the responses support the proposed changes, 64.1% of the responses support the changes with some qualification, 20.5% of the responses do not support the changes, but gives some qualification, 4.5% of the responses do not support the changes, and 6.1% of the participants are ambivalent or did not respond to question one of the survey. See Simnett and Huggins (2014, Question 1, p. 730) for additional details on the stakeholders’ responses to the ITC.

14 Previously, in October 2008, the Advisory Committee on the Auditing Profession delivered a report to the US Department of the Treasury that discussed a number of challenges and provided recommendations for the audit profession (ACAP 2018).

15 The 88 responses are summarized in a comment letter for the PCAOB’s post-implementation analysis written by Bochkay et al. (2020).

16 This group of companies included 95 companies from Mainland China dually listed in Hong Kong, known as A+H shares companies.

17 These reports are based on a review of 456 and 479 auditors’ reports from the first and second years after the adoption of the rules, respectively. The majority of the reports are for entities listed on the Main Board of the Hong Kong Exchange, but the review also included some reports for entities listed on the Growth Enterprise Market.

18 The source of significant risks is a detailed assessment required by ISA 315 (Revised 2019), ‘Identifying and Assessing the Risks of Material Misstatement’ (IAASB 2019). ISA 315 Paragraph 12 identifies a risk as ‘significant’ if it is close to the upper end of the spectrum of inherent risk due to a combination of high likelihood of misstatement and large magnitude of the potential misstatement. Also, ISA 315 paragraph A7 and Appendix 2, provide five characteristics of qualitative inherent risk factors: complexity, subjectivity, change, uncertainty, and susceptibility to misstatement due to management bias or other fraud risk factors.

19 See, for example the Royal Dutch Shell PLC Annual Report 2019. The first KAM in the audit report relates to estimation of oil and gas reserves. The auditor includes a ‘third column’, describing key observations communicated to the company’s audit committee ‘In January 2020 we communicated to the Audit Committee that, based on the testing performed, we had not identified any significant errors in the oil and gas reserves estimates and concluded that the inputs and assumptions used to estimate proved reserves were reasonable. We also reported that we saw no evidence that the recognition of the reserve volumes expected to be lifted beyond 2030 results in the overstatement of Shell’s balance sheet by overstating the recoverable amounts of Shell’s production assets or understatement of D&R liabilities.’

20 The additional latitude of the ‘unless’ clause is uncertain; for example, see Robert N. Waxman’s comment letter, submitted in response to the PCAOB 2017 rules release: ‘the auditor should not be the source of original information about the company, but when following the ‘unless’ clause the auditor will now be responsible for financial statement information. Not a desirable consequence of CAM reporting’ (Waxman 2017, p. 12).

21 The Investment Association, a UK organization that represents investment managers, started giving annual Auditor Reporting Awards since 2014, focusing on expanded reports. Liz Murrall, Director of the Association’s Stewardship & Reporting, commented in the announcement of the 2015 awards that ‘The investor community has welcomed and embraced the changes the FRC introduced as they have significantly improved the transparency and value of the audit. https://www.theia.org/media/press-releases/investment-association-announces-winners-its-second-auditor-reporting-awards. However, the Investment Association stopped giving these awards after a few years and it remains unclear whether these awards could identify variation in audit quality. Another effort to pinpoint the new information in UK expanded reports came from Citi Research, that issued two analyses of the FTSE 100 audit reports in 2014 and 2015. Unfortunately, there were no subsequent private-sector reports on the information content or usefulness of expanded reports.

22 Table 1 of Bédard et al. (2016) includes 22 studies on the disclosure of KAMs and CAMs; from these 22 studies, 18 were in-progress.

23 The incidence of GCOs in Australia is significantly higher than in other countries, and it is possible that investors in Australia are able to anticipate these opinions (Simnett et al. 2016).

24 Interestingly, in contrast to the infrequent nature of GCOs, approximately two-thirds of the audit reports examined in Czerney et al. (2014, 2019) include explanatory language.

25 There is also evidence that lenders incorporate the information contained in modified opinions into the terms of debt contracts (Chen et al. 2016).

26 Another stream of relevant studies focuses on the market reaction to the disclosure of risk factors in the MD&A section of the annual report, see for example Kravet and Muslu (2013) and Campbell et al. (2013).

27 Elliot et al. (2020) use the auditor’s (KPMG) commentary in the 2016 Rolls Royce expanded report as an example. Unfortunately, despite the appeal of this specific report, it is not representative of the majority (or typical) expanded reports in the UK and other jurisdictions because of the large size and high complexity of this company. Moreover, the effectiveness of the Rolls Royce report is questionable ex post, given a subsequent restatement of the company’s financial reports.

28 Other studies substantially completed—but still not published—are Backof et al. (2018) and Brown et al. (2020). These two studies examine additional aspects of jurors’ decisions in the presence of CAMs. The review by Gimbar et al. (2016) provides additional details about the experimental studies on the effect of CAMs on auditor liability.

29 An early study by Reid et al. (2015) cited by the FRC post-implementation review showed some market reaction to the expanded reports; however, this study is not published and is no longer in circulation.

30 In this setting, it is crucial to control for market-wide trends and to provide triangulated evidence from multiple proxies for investors’ reaction. During 2013, there was a market-wide increase in stock prices and a decrease in trading volume.

31 In the first two years year after the adoption of the new requirements in the UK, the expanded reports typically had approximately 2,500 words or three pages, three to four risks, and only one risk that was not mentioned in the audit committee report. The reported materiality, scaled by total assets, had a median 0.5, or half a percent of total assets. The four most common risks were impairment of assets (excluding goodwill), impairment of goodwill, accounting for income taxes, and revenue recognition (including potential for fraud in revenue recognition). There were small differences in the topics between the first and second year after adoption of the requirements. For example, in the second year, auditors avoided a somewhat boilerplate risk of fraud in revenue recognition (FRC 2015; FRC 2016; Gutierrez et al. 2018).

32 More specifically, using a ‘value-relevance’ model, RMMs do not change the relationship between a company’s earnings and its value.

33 This is an aggregate measure of a company’s accounting estimates that are not explained by changes in sales, property plant and equipment, and profitability. Despite its limitations, this measure is the most widely used indicator of audit quality in academic research, especially outside of the US (Simnett et al. 2016).

34 According to a survey of finance executives by the Financial Education & Research Foundation, in the US the hourly audit fees have climbed 31% between 2008 and 2018 (Maurer 2020). The survey’s respondents mention changes in accounting standards as the primary reason for changes in audit fees, especially the revision to the revenue recognition standard in recent years. A survey by Ernst & Young LLP in 2019 estimates that complying with the revised revenue recognition standard will entail costs of $3.3 million per company, on average (Shumsky 2019). In contrast, there is little anecdotal evidence that the expanded report has resulted in excessive compliance costs for companies and auditors.

35 In the first year after the adoption of the new requirements in Hong Kong and Mainland China, the expanded reports in these two jurisdictions had similar characteristics, including typically two KAMs, with individual KAM descriptions and auditor’s responses spanning approximately 500 words. The four most common risks were impairment of assets (excluding goodwill), impairment of goodwill, accounting for income taxes, and revenue recognition (including potential for fraud in revenue recognition). There were small differences in the most common topics. In Hong Kong the top concerns were impairments of loans and receivables, impairments of goodwill and intangibles, revenue recognition, and property valuation. In Mainland China inventory is a higher concern than property valuation. These risks reflect differences in some types of companies in these two jurisdictions (Liao et al. 2019).

36 These characteristics include (1) number of KAMs, (2) length of the risk discussion, (3) length of the auditor’s response, (4) common topics within the company’s industry, (5) topics related to a company-specific transaction, (6) overlapping topics with the company’s significant accounting estimates in the prior year’s annual report, and (7) topics of KAMs.

37 For example, AIM companies have little analyst coverage, non-Big 4 auditors, focus on retail investors, high risk, low profitability, and limited regulatory oversight.

38 In the first year after July 2017, the expanded reports of AIM companies typically included two or three KAMs and approximately 2,500 words, while the expanded reports of premium companies typically included one additional KAM and approximately 4,000 words. However, both types of companies have expanded reports of comparable length (Gutierrez et al. 2020).

39 Conducting large-scale textual analysis of annual reports from jurisdictions other than the US is difficult, as one often finds that there is no centralized repository of corporate information or reports are collected in non-standardized machine-readable formats. For example, in the UK there is a National Storage Mechanism (NSM), supported by the Financial Conduct Authority, but it is time-consuming to systematically download companies’ annual reports (available only in pdf format) and convert them to text that can be analyzed using natural language processing. El-Haj et al. (2020) propose a method for automatically retrieving and analyzing text from digital PDF annual report files published by firms listed on the LSE. The availability of data in the US may allow researchers to examine the effect of CAMs on specific accounts or estimates. For example, a study in-progress by Drake et al. (2020) investigates whether tax-related CAMs indirectly benefit investors by constraining tax-related earnings management.

40 A comment letter written by Bochkay et al. (2020), responding to the PCAOB’s post-implementation review, confirms the Burke et al. (2020) early findings on the nominal incremental market reaction and change in fees after the CAM requirements. Bochkay et al. (2020) examines audit opinions of large accelerated filers from June 2019 until April 2020 (2,142 filers and 3,575 unique CAMs). The average number of CAMs was 1.7, and the maximum was five. Notably, 31% of issuers only reported a single CAM, while over 70% reported no more than two CAMs. In contrast, only 7% of issuers reported four or more CAMs. Overall, US issuers have reported a relatively low number of CAMs compared to UK companies. The average length of CAM disclosures is approximately 700 words, which is evenly distributed between the description of matters and the auditor responses. The most common CAM topics were revenue recognition, business combinations and consolidation, goodwill valuation and impairment, and accounting for income taxes.

41 As previously discussed, the FRC issued new and revised standards to converge with the IAASB on June 2016.

42 See also the excellent comments on the generalizability issue in the Francis (2019) discussion of Reid et al. (2019).

43 There are approximately 800 LSE premium companies, but more than half are financial companies and are not included in prior studies. The FRC final rules were issued in June 2013, and the first reports appeared almost immediately in September 2013.

44 Regarding cross-sectional variation, we cannot take an association between audit fees and the number of KAMs or CAMs as evidence that disclosing a higher number of risks causes audit fee increases. The most promising research designs are carefully constructed difference-in-differences analyses, controlling for company characteristics and including company-level fixed effects.

45 The second issue has a potentially ambiguous effect on researchers’ inferences. On the one side, if the annual report has typically a muted market reaction, it is easier to attribute any estimated pre-post or difference-in-differences effect to the expanded audit report (if the expanded report is the only new significant change to the annual report). On the other side, it is very difficult to conclude that a muted reaction to the combination of annual and audit report is the result of lack of information content in the report or of some form of investor inattention (e.g., see the discussion in Czerney et al. 2019).

46 For instance, if some companies have complex revenue recognition practices, they may have a low ERC, even without a KAM or CAM related to revenue recognition, but it is difficult to capture this type of uncertainty using other general proxies typically used in ERC models. In other words, KAMs or CAMs could be simply an observable proxy for known risks.

47 See Leuz (2018) for a detailed discussion of the role of research in evidence-based policymaking.

48 These rules are typically simple in prior studies, such as whether an expanded report includes a relatively large number of risks, whether a risk is ‘commonly reported’ by the industry, or whether the length of the report’s text is above the median. However, these rules do not seem to capture meaningful or systematic variation in financial reporting and audit quality (or significant risks). Arguably, market participants only respond to the revelation of unexpected information. However, it is very challenging to develop an expectation model that captures three dimensions of the problem: (1) the topics of individual KAMs or CAMs, (2) the language to describe each matter, and (3) the combination of issues in a report that includes multiple KAMs or CAMs.

49 For instance, the intense competition for audit clients and the costly consequences of high-profile scandals have led Grant Thornton, a global firm competing with the Big 4 in multiple markets, to announce in 2018 that it would no longer tender for FTSE 350 audit work.

50 In 2008 Wirecard hired EY to conduct a special audit, following allegations of financial reporting deficiencies raised by the German shareholder association. EY cleared the company and became the auditor in 2009.

51 For an in-depth discussion of the audit environment and the conditions that possibly led to recent corporate scandals, see the articles in the 2019 Accounting and Business Research International Accounting Policy Forum by Camfferman and Wielhouwer (2019), Coffee (2019), Gandy (2019), Izza (2019), Tett (2019), and Toms (2019).

52 For example, recently, the SEC revised the rules for companies’ discussion of risk factors in the MD&A. Going forward, companies must provide a summary of no more than two pages if their risk factor section exceeds 15 pages. The SEC argues that including many general risks increases the complexity of the MD&A without providing investors much additional insight (Maurer 2020).

53 As noted by Coffee (2019), the audit report must frame choices in order to be more relevant for investors. Another interesting ranking is the 100-year old Michelin Guide star rating system. The system has three levels, or ‘stars,’ indicating the quality of a restaurant, and it is awarded on reviewers’ judgment. Michelin reviewers (commonly called ‘inspectors’) are anonymous; they do not identify themselves and their meals and expenses are paid for by Michelin. This system is a significant departure from the ‘issuer pay’ business model of auditors and credit rating agencies.