New report says auditors need to go beyond scepticism and become suspicious of clients. From Moneyweb.
A report by former head of the London Stock Exchange Sir Donald Brydon published in December says it’s time to split audit from accounting and establish it as an independent profession with its own standards and qualifications.
The new, improved audit should be a profession separate from accounting with its own governing principles, qualifications and standards. “At present it is an extension of the accounting profession, whose ethics and (arguably) mindset it largely adopts,” says the report.
It would embrace non-financial disciplines such as cybersecurity and environmental behaviour and provide more informative reports to different interest groups. Gone are the days of executives being responsible only to shareholders, as economist Milton Friedman suggested. Auditors need to go beyond scepticism and become suspicious, says Brydon.
There is unspoken acknowledgement in Brydon’s report that the audit profession is failing as a public watchdog.
Shareholders want to know how the watchdogs failed to pick up the signs of accounting fakery at Tongaat and Steinhoff, to name just two fairly recent examples.
Part of the problem is the nature of the audit itself: it is expected to provide a reasonable level of assurance that the financial statements are fundamentally true and fair based on a tiny sample of transactions. That said, audit teams are expected to identify areas of high risk and focus on these. New technologies are fast emerging which allows a far higher level of sampling and, aided by blockchain technology, we may soon be able to verify all transactions in real-time.
Many of these problems of the external audit could be improved by strengthening internal audit teams. But here again, there are difficulties: overbearing CEOs often surround themselves with weak internal auditors who can be bullied. Audit committees are supposed to buffer against executive bullying but this too is no guarantee of independence.
The profession has long been dogged by suspicions of corporate capture.
No matter how robust the audit standards, there is a perception that audit independence has been compromised by the accounting business model: the Big Four firms undercharge clients for audit services in the expectation of picking up higher-paying work elsewhere. As Richard Brooks points out in The Bean Counters: The Triumph of the Accountants and How They Broke Capitalism, every crisis is an opportunity for the Big Four accounting firms, whose profit and revenue growth barely skipped a beat during the 2008/9 financial crisis.
Various solutions have been proposed:
- Breaking up the Big Four to separate consulting from audit (which would raise the cost of auditing);
- Mandatory audit firm rotations; and
- Establishing an independent body to appoint and reimburse auditors, rather than allow companies to select their own auditors.
Nicolaas van Wyk, CEO of the SA Institute of Business Accountants (Saiba), says the entire concept of the audit needs to be reformulated. “There should also be different audits for different users of information. As things stand, the audit is designed to satisfy all users of the information but it is severely lacking in the kind of detail different users require.
“For example, if the company wants to take out a loan with a bank, it should provide an audit that specifically addresses the kind of information that the bank requires.”
The Independent Regulatory Board for Auditors (Irba) has introduced mandatory 10-year audit firm rotations (MAFR) as one method of maintaining audit independence. CEO Bernard Agulhas says as of September 2019, 21% of companies on the JSE had rotated auditors – with 41% of those companies citing the early adoption of MAFR as the reason for rotation. All listed companies have until 2023 to comply with mandatory audit rotation.
The Big Four accounting and audit firms – EY, PwC, Deloitte and KPMG – account for the vast majority of audits of the 40 largest JSE companies and 100% of FTSE 100 firms.
“The cost of MAFR will always be insignificant when compared to the cost to investors and pensioners when there is an audit failure, resulting in billions of rands lost, as illustrated by recent failures,” says Agulhas.
“The lead time allowed for the introduction of MAFR of five years has allowed companies and audit firms to plan for this process and for firms offering other prohibited services to cool off in compliance with the Companies Act in order to be eligible to take on audits where they previously did not audit.”
Irba is also in favour of ‘joint audits’ to allow smaller firms an opportunity gain experience and break the Big Four stranglehold. That, however, is easier said than done.
The overwhelming dominance of the Big Four as a repository of skills and know-how may take a generation to overturn.
There have been several radical suggestions in recent years to strengthen the audit: Professor Piet Delport, retired professor of mercantile law at the University of Pretoria, suggests making the audit voluntary, with different stakeholders demanding more focused audits as and when they are needed. Asking audit firms to provide audits that satisfy all users is no longer feasible. If you’re a bank being asked to extend a credit facility to a company, you will want an audit that looks at the company’s realistic ability to repay the loan. Banks are already having to adjust published financial statements to firm up estimates and non-cash transactions – something accounting standards setters have battled with for years.
Auditors not paid enough?
Jodi Joseph, divisional executive at audit and financial software group CaseWare Solutions, says auditors simply aren’t paid enough to provide the kind of audit expected of them. “I think the auditors of the future are going to have to be well versed in data analytics, for the simple reason that technology is going to be a vital part of the audit going forward. The sample sizes are going to have to get bigger. Blockchain will form part of the solution since it can help verify what is a trusted transaction.”
One of the key changes recommended in the Brydon report is to redefine the audit as a means to “establish and maintain deserved confidence in a company, in its directors and in the information for which they have [the] responsibility to report, including the financial statements”.
Agulhas says Irba supports this redefinition and “in particular has been stressing the importance of aligning the audit function to investor needs”.
He explains: “Projects are underway to look at strengthening the fraud risk identification standard, as well as auditor competencies. It may be that more training and competency is required in the area of identifying fraud, which up until now has not been an auditor’s responsibility.”
Principles instead of rules
Another key recommendation from Brydon is the creation of a corporate auditing profession governed by principles rather than rules – for the simple reason that rules are too rigid and easily side-stepped, while principles (such as ‘Do not lie’) are more difficult to fudge.
Irba recently adopted an updated and strengthened code of ethics that was already principles-based. It is also looking at ways to expand the audit beyond financial reporting to provide assurance in areas such as environmental compliance.