An introduction to using electronic signatures to sign an audit report
Many auditors are working remotely more and more, and this presents logistical challenges for the signing of the auditor’s reports on financial statements. In such circumstances there is a choice of either coordinating the signing of the relevant pages by post using handwritten (‘wet ink’) signatures or signing with a type of electronic signature. The former may be time consuming and whilst the latter is speedier, many are unsure whether it is permissible.
This brief guide from ICAEW’s Audit and Assurance Faculty and Business Law Department provides an introduction to the main factors for auditors to consider around the use of electronic signatures in auditors’ reports. A more comprehensive guide, Using an electronic signature to sign an audit report, is available to Audit and Assurance Faculty members and Faculties Online subscribers.
This guide focuses on UK auditing requirements and the law regarding electronic signatures applicable in England and Wales but its principles may also apply to other reporting engagements. It is intended to provide practical guidance to ICAEW members but if in doubt members are advised to seek legal advice.
In brief
Wet ink signatures are no longer required in most cases as confirmed by the Law Commission’s September 2019 report: Electronic execution of documents.
The Law Commission took into account EU law, UK legislation and case law, and stated that electronic signatures can be used to execute documents, including where there is a statutory requirement for a signature, provided that the signatory intends to authenticate the document.
The UK government confirmed that it agreed with the Law Commission’s conclusion that electronic signatures have a legal basis (see Ministry of Justice announcement of 3 March 2020).
If the entity’s constitutional documents do not specify how the financial statements must be signed, electronic signatures are presumed to be valid, unless the contrary can be proven.
What are the legal and regulatory requirements regarding signatures?
The Companies Act 2006 states that the auditor’s report must be ‘signed’, but as the Act has not been updated to keep pace with technological developments, electronic signatures are not referred to in the legislation. However, this does allow for interpretation of the term ‘signature’. Where there is a statutory requirement for a signature, but the form of the signature is not stipulated. UK law has generally recognised the validity of a wide variety of electronic signatures.
Similarly, the regulations for unincorporated charities[1], and Limited Liability Partnerships[2], state only that the auditor’s report must be ‘signed’. For co-operative societies and community benefit societies, the regulations do not refer to signature, stating only that – ‘the auditors must make a report to the society’[3].
UK legislators and regulators can specify further requirements regarding signatures. In the UK, for example, The Land Registry and tax authorities (HMRC) expressly require handwritten signatures for certain letters and other documents.
The auditor’s signature is not required on the auditor’s report on the financial statements filed with Companies House or the Charity Commission, although for Companies House filings, the name of the auditor (or in the case of a firm, the senior statutory auditor and the firm) must be printed clearly on the auditor’s report.
With respect to independent examinations, the Charity Commission’s CC32[4] states only that an independent examination report must be ‘signed’.
What should an auditor consider before deciding to use electronic signatures?
A number of practical considerations will determine whether the use of an electronic signature is appropriate. These will vary with risk appetite, security needs, cost implications, audit timetable and filing deadlines of the auditor (or their client) but include:
- The type of electronic signature that is most appropriate, for example Simple, Advanced or Qualified Electronic Signatures (see Appendix 1 of our guide ‘Using an electronic signature to sign an audit report’ for an explanation of the different types of electronic signature)
- What is acceptable to the regulator?
- Availability of software
- Attitude of the auditor’s insurers
- Ability of the client to use electronic signatures
- Whether the entity’s constitution permits the use of electronic signatures?
- Whether the condition ‘intention to authenticate’ can be met (see below)?
More details and examples will be published in the Audit and Assurance Faculty guide planned for July 2020.
What is meant by 'intention to authenticate'?
The Law Commission noted in 2001 that in order for courts to determine whether or not there is an ‘intention to authenticate’, they should apply the following objective test:
Would the conduct of the signatory indicate an authenticating intention to a reasonable person?
The courts will use the same test for authenticity of electronic signatures as for wet ink signatures. Some electronic signatures provide better evidence of the intention to authenticate the document than others. ‘Advanced Electronic Signatures’ and ‘Qualified Electronic Signatures’ have digital audit trails and only the named individual is able to use them.
What quality management procedures should firms be considering?
The following is a brief list of issues an auditor may wish to consider before agreeing to use an electronic signature:
- Has the ‘intention to authenticate’ been evidenced to create a robust audit trail? The auditor may consider including wording in the email to the client attaching the signed auditor’s report to clarify that they have signed the report.
- The auditor or firm should also consider updating their quality management procedures if they are adopting electronic signatures for the first time. This should cover controls over access and the risk of fraud or error.
- We understand that the views of ICAEW’s Quality Assurance Department and of the FRC are that, from their perspective, they do not see any reason why firms cannot use electronic signatures on audit reports provided provisions are put in place so that electronic signatures are made under the same provisions set out in European Law, and partners meet the requirements of ISA (UK) 700, including section A64-11 which states that no-one else other than the senior statutory auditor can sign the auditor’s report.
- As with ‘wet ink’ signing, the auditor should still check that the directors (or equivalent) who have signed the annual report and financial statements were entitled to do so.
Further information
The Law Society has published a useful guide Our position on the use of virtual execution and e-signature during the coronavirus (COVID-19) pandemic on the use of electronic signatures generally in England and Wales. Although primarily aimed at solicitors it does include an explanation of the law and some tips on best practice that members may find helpful.
The Law Society of Scotland has also published its own Electronic Signatures Guide as the requirements for the use of electronic signatures in Scotland are slightly different.
In addition, ICAEW has published a brief guide on using an electronic signature. Click here to learn more about the guide.
[1] The Charities (Accounts and Reports) Regulations 2008
[2] The Limited Liability Partnerships (Accounts and Audit) (Application of Companies Act 2006) Regulations 2008
[3] The Co-operative and Community Benefit Societies Act 2014
[4] Independent examination of charity accounts: Directions and guidance for examiners (CC32)