KPMG fined $5.2M by U.K. regulator for Co-op Bank audits

The United Kingdom’s Financial Reporting Council has fined KPMG’s U.K. firm £5 million (discounted through a settlement to £4 million, or about $5.2 million) for its fiscal year 2009 audits of the Co-operative Bank.

The FRC also severely reprimanded the firm for its audits and imposed sanctions against KPMG and one of its audit partners after they admitted misconduct in the case. The firm will also pay £500,000, or about $650,000, towards the FRC’s costs. The audit partner was fined £125,000 (discounted by settlement to £100,000, or around $130,000) and severely reprimanded.

On top of that, the FRC said that all of KPMG’s audit engagements with credit institutions for audits with 2019, 2020 and 2021 year-ends will be subjected to an additional review by a separate KPMG Audit Quality team, who will provide reports to the FRC.

                                     Simon Dawson/Bloomberg

The misconduct in the case happened shortly after the Co-op Bank’s merger with the Britannia Building Society and involved the audit of fair value adjustments in relation to loans within the commercial loan book acquired from Britannia; and the audit of fair value adjustments and liabilities under a series of loan notes that were also acquired from Britannia.

The FRC pointed to failures to obtain sufficient appropriate audit evidence, failure to exercise sufficient professional skepticism, and failure to inform Co-op Bank that the disclosure of the expected lives of “Leek Notes” in the financial statements wasn’t adequate.

The FRC separately considered the behavior of Co-op Bank’s CFO, who has previously admitted misconduct and was excluded from membership in the Institute of Chartered Accountants in England and Wales for six years.

KPMG said it has taken steps to improve its audit procedures and training. “We note the FRC’s announcement regarding our audit of the Coop Bank for the year ended 31 December 2009,” said a statement from a KPMG spokesman emailed to Accounting Today. “We regret that some of our audit work around specific elements of the Bank’s Fair Value Adjustments did not meet the appropriate standards. The work in question was conducted almost a decade ago and we have significantly enhanced our procedures and training around the areas in question since then.”

Last week, the FRC fined KPMG in a separate case involving its audits of Equity Syndicate Management Ltd., an auto insurance company affiliated with Lloyd's of London.

By

• Michael Cohn

Source: accountingTODAY | May 08, 2019

Read More

What's Next for VAT Function? VAT Risk Management

Since last one year from the induction of Indirect tax, professionals in UAE have earned several badges for successful VAT registration, Implementation, Lodging of VAT returns, Payments & refunds. Some are done with VAT Audit, some are planning for appeal while others are on Que...

But what's next for tax function? .. is this the limit of their role?

What about Risk identified during the whole process?

Were those Risks managed? 

Is there a Risk control strategy? 

Nature of businesses are dynamic and keep changing, to gauge what challenges the future may hold. It is vital to have systematic framework to ensure that significant VAT risks are identified & managed.

VAT is not just simply cost neutral “a cash in and cash out” scenario. Errors in VAT calculations create not only financial risk but it can be devastating for company reputation.

VAT function have prime responsibility for the management risk –ensuring that the right skilled people and appropriate processes & procedures are in place to manage VAT Risk.

What are VAT Risks? Where have you identified them?

"Tax risk is the likelihood that tax outcome differs from what is expected, due to a variety of reasons, for example, the judicial process, changes in the law, changes in business assumptions, an increased intensity of audits, and uncertainty in the interpretation of the law" Arlinghaus (1998)

How to control these Risks?

In 1992 the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released its Internal Control Integrated Framework. It is recognized as a leading framework for designing, implementing, and conducting internal control and assessing the effectiveness of internal control . The framework is being used on a global basis and is used for VAT Risk Management.

Framework sets three objectives and five components with 17 principles.

How to correlate COSO Objectives with VAT Risk Management?

COSO Framework three objectives, operations, reporting and compliance can be correlated to our identified VAT Risk as follows;

What does each COSO component mean in terms of VAT risk management?

COSO Framework five inter-related components and 17 principles supports an organization to achieve its three objectives as follows;

Control environment is the foundation for all the other components of internal control. Main key players are Board and senior management, through policy and objectives, set culture & tone, how VAT risks are controlled in the organization and sets accountability for ongoing monitoring.

"VAT function" is responsible for managing the actions and activities that create VAT risk, assist senior management to understand and set "VAT risk appetite" (how much risk they are willing to take), and manage the VAT risk profile to remain within this appetite.

VAT functional head is responsible to formally drafting "VAT risk management policy" and Board is responsible to approve it formally, although in practice it is likely to be CFO or the CEO who would take ownership of it. Once approved, the policy should be communicated to those responsible for the implementation of the policy and to other interested stakeholders such as the audit committee and the chief risk officer.

Second component is VAT Risk assessment, the awareness and response of an organization to different types of VAT risk it faces. Organization needs to establish "processes & procedures" to identify, evaluate and manage VAT risks.

• VAT risk identification: Risks could arise from changes in VAT laws & regulations or from changes in the business on going day-to-day activities. First step is to identify the type of VAT risk i.e., Operational, Compliance or financial accounting Risk.
• VAT Risk Analysis : Having identified the VAT risks the second part of the risk assessment phase is to consider the potential VAT impact & likelihood of risks of the underlying event occurring which needs to be to be ranked and prioritized. Various qualitative and quantitative techniques are used for quantification of risk.
• VAT Risk Response: Once the potential significance of Risk has been assessed consideration is given how the VAT risk should be managed and whether to accept, avoid, reduce or share the risk.

Third component are VAT Control activities these are "Policies and Procedures", built into to the day-to-day operations of the business ,and responsibility of activities are assigned to responsible persons to ensure achievement of organization’s VAT risk objectives.

Various Transaction control activities are used to mitigate VAT risks such as authorizations and approvals, verification, reconciliations, reviews and segregation of duties.

Technology risks control are built to supports not only completeness & accuracy of information processing , but also timely identification of changes in VAT laws, regulations and decisions and should be both preventative and detective.

Fourth component is the Information and communication, it is a continual, iterative process & supports other four components by providing, sharing and obtaining necessary information that ensures the VAT risks are documented communicated to the relevant people for action.

Various Communication are used such as dashboards, formal and informal emails, memorandum, website or documents on intranet site, policies and procedures. This component ensures that all VAT risks which are identified, quantified and control are designed to manage those risks are documented and communicated across the organization.

Fifth component is Monitoring, these activities assess whether each of the five components of internal control and relevant principles are present and functioning.

Here "Internal Audit Function" is the main player and performs monitoring to assess the effectiveness of the operating of the internal controls over VAT risks and uses evaluations techniques “ongoing or separate evaluations” or combination of both.

These evaluations identify and allow remedial action to be taken where controls are not operating effectively and "early identification of deficiencies" where new risks are not being properly managed. It facilitates the internal control system to be responsive to changing conditions both within and from outside the organization.

You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.

Disclaimer: This article expresses the opinion of author, readers are free to express their differences and are advised to exercise their discretion.

Read More