| 117. | The CASS auditor shall express unmodified opinions in a reasonable assurance report on client assets when as a result of performing its assurance procedures it has formed the opinion that the firm has both maintained systems adequate to comply with the relevant CASS rules throughout the period and was in compliance with relevant CASS rules at the end of the period. The process for forming these opinions is depicted in Appendix 1 and an unmodified opinion is illustrated in Appendix 4. |
| 118. | The CASS auditor is required to report all breaches identified by it or identified to it by any other party including the firm. Although a breach may be of minor significance, this is not a relevant consideration when determining if a CASS rule has been breached. The reporting of any breach of a CASS rules shall result in the CASS auditor expressing a modified opinion regarding the adequacy of systems during the period. The reporting of breaches may also result in the need for the CASS auditor to express a modified opinion regarding compliance with the CASS rules at the period-end date. |
| 119. | The FCA's report template includes a breaches schedule that is required to be completed by the CASS auditor in order to report all identified breaches of CASS rules by the firm, of which the CASS auditor becomes aware, occurring during the period subject to the Client Assets Report. The breaches reported shall include all the breaches the CASS auditor has become aware of either through its work or through disclosure to it by the firm or any other party. |
| 120. | The CASS auditor is not engaged to provide absolute assurance that all breaches committed by the firm are included in the breaches schedule. Where no breaches have been identified by, or disclosed to it, the CASS auditor provides a nil return. This is illustrated in Appendix 4. |
| 121. | The CASS auditor shall obtain a written representation from management of the firm that to the best of their knowledge and belief, either the list of breaches is complete or there have been no breaches identified. |
| 122. | If breaches arose during the period and were identified by or reported to the CASS auditor, but all have been rectified by the period end the CASS auditor shall issue a modified opinion as to the maintenance of adequate systems throughout the period and an unmodified opinion on compliance with the CASS Rules at the period end. This is illustrated in Appendix 2. |
| 123. | An absence of breaches may not preclude the need for a modified opinion on the adequacy of systems. A firm could have inadequate systems but through a combination of circumstances have avoided any reportable breaches; however, the requirements within CASS 6.2 and CASS 7.12 require firms to have adequate arrangements, organisational arrangements and robust systems in place. Similarly, the reporting of a specific breach does not necessarily mean that the systems are adequate in all other respects. |
| 124. | Where the CASS auditor determines that a modified opinion is required it shall determine whether to issue an "except for" or an "adverse" opinion in accordance with the requirements and guidance in the FCA's SUP rules. |
| 125. | SUP 3.10.9C (2) G provides the following guidance: "For the purpose of determining whether to qualify its opinion or express an adverse opinion, the FCA would expect an auditor to exercise its professional judgment as to the significance of a rule breach, as well as to its context, duration and incidence of repetition. The FCA would expect an auditor to consider the aggregate effect of any breaches when judging whether a firm had failed to comply with the requirements described in SUP 3.10.5R (1) to (4)". |
| 126. | The principle underlying the need for an adverse opinion arises from the CASS auditor concluding that identified weaknesses in control and/or breaches of rules are systemic, or pervasive (and therefore likely to give rise to fundamental issues of control), as opposed to isolated incidents. |
| 127. | A practical starting point, when deciding between an "except for" or "adverse" opinion, is for the CASS auditor to consider whether the rule breaches indicate that there has been a systemic or pervasive failure to comply with the principle of protecting client assets. If the firm's system design is significantly flawed or repeatedly fails, an adverse opinion is likely to be appropriate. If the system generally works but there have been isolated breaches, an "except for" opinion is likely to be appropriate. |
| 128. | Particular areas the CASS auditor considers which might give rise to an adverse opinion include: |
| The extent to which clients might have lost their assets/money if the firm had gone into administration while the breach persisted. |
| Whether there had been a breach of the requirement to keep proper records of client assets. |
| Whether the firm had failed to carry out, or incorrectly carried out to a significant extent, the reconciliations required by the CASS rules. |
 |
Licence and copyright | © 2018, LexisNexis Group a division of Reed Elsevier (UK) Ltd. All rights reserved. |