Auditors under fire: lawsuits, investigations and the looming culture battle

Recent headlines have brought the audit industry and its role in preserving the integrity of the UK economy back into sharp focus.

First, the Post Office saga is to begin a new chapter with the Financial Reporting Council (FRC) opening an investigation into EY’s statutory audits of Post Office Ltd between 2015 and 2018, which will include particular reference to matters related to the Horizon IT system.

Second, and perhaps more significantly, EY is currently embroiled in a High Court battle, having been sued for a staggering $2.7billion by NMC Health (NMC), which fell into administration in 2020. NMC alleges that EY’s audits between 2012 and 2018 were negligent, having failed to uncover $4billion in hidden borrowing. EY is contesting the claim, accusing NMC of ‘pervasive and collusive fraud’ orchestrated by senior officers and shareholders of which EY was also a victim. In other words, EY says NMC misled it through the various audit processes. The trial is ongoing and due to conclude this year.

Completing the trifecta, the FRC has also announced its intention to open an investigation into Deloitte over potential audit failings of the Glencore group between 2013 and 2020.

All of the ‘Big Four’ firms – as well as the majority of the FRC’s Tier 1 audit firms – have been on the receiving end of enforcement action in the last five years, with the FRC fining the ‘Big Four’ more than £154m (pre-discount) over this period. As such, this is by no means an isolated or unusual issue and poses interesting questions about current audit practices and what proper engagement between auditors and those they audit should look like.

The importance of the auditor

The role of the auditor is pivotal in ensuring the accuracy, transparency and therefore reliability of financial statements published by corporate entities. An audit serves as a safeguard for both stakeholders and regulators but also to the general public, who rely heavily on the presumed integrity and competence of those who conduct them. It is little wonder, therefore, that external scrutiny has ramped up in these times of relative trouble.

The obligations of an auditor are many, but their overarching duties are to detect and report material misstatements, occurring through either fraud or simple error, and so ensure that the financial statements of those they audit accurately reflect the financial health of an organisation. Despite this, recent history of major corporate collapses in the UK has called into question the efficacy of the audit process and the ‘Big Four’ accounting firms have attracted the watchful eyes of Government and UK regulators. Events like the failures of Carillion, Patisserie Valerie, BHS, London Capital & Finance (LCF) and now potentially the Post Office, NMC and Glencore have highlighted the dire consequences should auditors miss critical warning signs of financial irregularity.

Through these high-profile failings, the auditing profession has been subject to growing calls for reform, enhanced oversight, and more rigorous standards.

Why has it gone wrong?

In the instances mentioned above, auditors have been criticised for relying too heavily on representations from senior management, failing to apply professional scepticism and for not challenging the degree of detail provided by the companies they audit. By way of example, the collapse of Patisserie Valerie raised serious questions about Grant Thornton’s failure to properly interrogate information provided to it by senior management. The FRC went as far as to describe it as ‘a serious lack of competence in conducting audit work.’ As is well publicised, these were the reddest of flags that have since led to fraud charges against individuals by the SFO.

In the LCF case, failings were such that the FCA (rather than the FRC) saw fit not just to involve itself with the substantive investigation of LCF but also to take action against the auditor. It fined PwC £15 million in August 2024 for failing to report to the FCA its reasonable belief that LCF might be involved in fraudulent activity. To mitigate PwC’s blame somewhat, the FCA’s Final Notice also reported that LCF had ‘failed to co-operate with PwC (including by failing to provide basic information to PwC), acted aggressively towards auditors at PwC, and provided inaccurate and/or misleading information to PwC’.

Despite this, sympathy for PwC’s position extended only as far as a substantial fine – the first of its kind but almost certainly not the last, and a clear indication that the profession is in another regulator’s crosshairs, even where there has been serious misconduct by the client firm.

What is being done?

These scandals have prompted a wholesale interrogation of the audit sector. In 2018, a review of the FRC’s role, function and effectiveness took place in the form of the Kingman Review. The review concluded that the FRC had failed to hold auditors accountable and called for a radical overhaul of the UK’s audit regulatory system. It led to the proposal for the creation of the Audit, Reporting and Governance Authority (ARGA). ARGA was expected to take over the FRC's responsibilities and implement stricter standards in due course, but this proposal has stalled somewhat.

In September 2023, Jonathan Reynolds, now Secretary for Business and Trade, spoke publicly on the desire for ARGA to be installed sooner rather than later.

‘”We would replace the FRC with the new proposed Arga, which will be the new body with teeth at the heart of this, which does require legislation,” he said. “I cannot see an argument for it not progressing.”’

The Government went further, proposing an Audit Reform and Corporate Governance Bill in the King’s Speech just over a year ago. Unfortunately, this bill appears to have been filleted recently in the face of shifting priorities on economic growth but it is clear that audit reform remains major issue, even if it has fallen down the list of priorities.

With the Government’s proposals for reform stalling, is it incumbent on auditors and prosecutorial agencies to take the first step? To that end, are we about to enter the era of the offence of misleading auditors? Uncharted waters may be an overstatement but not many white-collar criminal defence lawyers will have dealt with charges under section 501 of the Companies Act 2006 (CA2006).

Section 501 CA2006 creates the criminal offence of misleading auditors. The offence captures conduct in which individuals, usually company directors or officers but not exclusively so, provide false or misleading information to auditors during the course of an audit.

Section 501 reads:

(1) A person commits an offence who knowingly or recklessly makes to an auditor of a company a statement (oral or written) that–
(a) conveys or purports to convey any information or explanations which the auditor requires, or is entitled to require, under section 499, and
(b) is misleading, false or deceptive in a material particular.

(2) A person guilty of an offence under subsection (1) is liable–
(a) on conviction on indictment, to imprisonment for a term not exceeding two years or a fine (or both);
(b) on summary conviction–
(i) in England and Wales, to imprisonment for a term not exceeding twelve months or to a fine not exceeding the statutory maximum (or both);
[…]

(3) A person who fails to comply with a requirement under section 499 without delay commits an offence unless it was not reasonably practicable for him to provide the required information or explanations.

(4) If a parent company fails to comply with section 500, an offence is committed by–
(a) the company, and
(b) every officer of the company who is in default.

(5) A person guilty of an offence under subsection (3) or (4) is liable on summary conviction to a fine not exceeding level 3 on the standard scale.

(6) Nothing in this section affects any right of an auditor to apply for an injunction (in Scotland, an interdict or an order for specific performance) to enforce any of his rights under section 499 or 500.

Despite its relatively scant use, the FCA has recently demonstrated a willingness to prosecute the offence. In the case of Redcentric plc, the FCA prosecuted individuals, including the former finance director who pleaded guilty to, inter alia, seven counts of making false statements to Redcentric plc’s auditors, pursuant to section 501. She received a three-year custodial sentence, even after the discount received for a guilty plea. Although the sentence included punishment for other offences, it nonetheless shows the seriousness with which the offence is considered. It is not slap on the wrist misconduct.

What next?

The audit world has a culture battle on its hands. A theme runs through the examples cited above of disdain (and sometimes worse) by auditees for the intrusion of the audit process. That attitude manifests itself as adverse behaviours towards auditors such as dishonesty, deception and even downright aggression in certain instances. It is a unique challenge that the audit industry faces, both in terms of how to eradicate such behaviours but also how to ensure proper process in the face of them.

Looking to the future, it remains to be seen whether there will ever be a new regulator in the shape of ARGA. However, the FRC is acutely aware of the problem and appears disinclined to hand over responsibility for finding the solution just yet. In the spring of 2025, the FRC launched a new initiative: the Future of Audit Supervision Strategy (FASS). Its purpose was to ‘undertake a comprehensive review of [its] supervisory and approach’ so that it can ‘evolve its supervisory approach to support an environment that promotes a resilient audit market and enables firms of all sizes to deliver high-quality while driving accountability, and improvement.’ No doubt, a welcome sentiment to all auditors.

Following a roundtable discussion with stakeholders in May 2025, phase two of FASS was announced last month alongside a consultation paper. Therein, a number of proposals were detailed but the most significant is an increased focus on ensuring good systems of quality management within audit firms. It is a shift from inspection-heavy regulation to an attempt to make sure that firms have the tools to maintain internally the high levels of quality expected. The FRC note in their paper that such a shift in focus will ‘promote a culture of quality by embedding proactive, risk-based thinking into every aspect of a firm’s operations.’ Crucially, the FRC believe that this approach will foster ‘accountability, continuous improvement, and a shared commitment to high standards’ as well as creating a ‘learning environment and system accountability, and place a focus on behaviours.’

Although FASS and its recent proposals are a welcome initiative from the FRC, reshaping the audit process will be an inevitably lengthy process, as reflected by its inclusion in the FRC’s three-year strategy published in March this year. Clearly, FASS is at an extremely early stage of its lifespan and the reality of how these promising proposals will eventually trickle down into the audit world is as distant as it is unknowable. Nonetheless, the long-term message is clear: audit firms must be accountable for safeguarding the integrity and value of their industry.

For the immediate to mid-term, the waters remain treacherous for auditors. Still, the same type of solution, albeit with greater urgency and a slightly different application, has to be the answer. If audit firms are to protect themselves from statutory investigations and multibillion dollar lawsuits in the here and now, they have to seize the initiative. Taking a more robust, no-nonsense position in the face of obstructive behaviour, as well as introducing lower thresholds for reporting potential foul play to the authorities, must be the necessary interim measure.

With significant external pressure being put on the audit profession, it feels inevitable that some of the burden will be passed on to those responsible for instructing them. My prediction is that this will likely manifest in auditors adopting a similar safety-first approach to the sort of reporting seen in the Suspicious Activity Reports, Defence Against Money Laundering and Suspicious Transaction and Order Reports (SAR, DAML and STOR) regimes. If that is the case, we may see prosecutorial bodies step in to fill the current regulatory void We should perhaps expect an upturn in criminal investigations and subsequent prosecutions under s501 CA2006. For lawyers advising corporates and their officers, the need for vigilance and an appreciation of the evolving risk landscape has never been greater.