External auditors review financial statements to ensure they are a ‘true and fair’ account of past financial performance and current financial position. In the spate of recent company failures the public were quick to blame the auditors for failing to identify issues.
In October 2019 for example, Thomas Cook’s auditor, EY, faced a barrage of criticism from MPs who called it ‘inconceivable’ that its auditor judged it a sustainable business in the year leading to its collapse. However, to a professional auditor it was far from inconceivable how this happened. It seems clear that the public misconceptions about the role of the auditor have led to an expectation gap regarding auditing.
Who can blame the public from not understanding what an audit is anymore when the length of audit reports continues to increase at such pace? In 20 years, audit reports have doubled in size and this has created confusion over exactly what the role of an auditor is.
The Independent Review into the Quality and Effectiveness of Audit by Sir Donald Brydon CBE recommended that the Audit Reporting and Governance Authority (ARGA) “explain clearly what the different elements of an audit report mean” and “what, just as importantly, they do not mean” to help clarify the responsibilities and accountability of the auditors.
Despite such lengthy audit reports we could still offer greater transparency. For example, many users may expect that an auditor would undertake testing of controls during an audit. However, the reality is that most audits which are not conducted on behalf of Public Interest Entities do not usually test the operating effectiveness of controls and rely upon other methods for collecting audit evidence.
If the audit report stated whether or not the auditor had undertaken tests of controls, and the results thereof, this would give a much stronger indication of the controls in place at the entity.
Over the last 30 years, we have also seen a significant increase in the scope and complexity of auditing standards. While many might expect that the regulation is improving the industry, the truth of the matter is that it is driving auditors to become good box tickers rather than good thinkers.
Recently, in response to the well-publicised corporate failures in the UK, the Financial Reporting Council (FRC) issued a revised set of standards which aims to strengthen the auditing requirements in the UK and make them tougher than those required by current international standards. This gold-plating of international standards on auditing in the UK is only adding to the volume we all try to grapple with.
It is disappointing that the auditors are the ones that the press and public are so quick to blame, yet the role of the directors and their actions in the run up to any collapse has not made the same headlines.
One potential solution is for UK audit regulators to take a notice of the changes which were implemented in the US following the collapse of Enron in 2001 – where they introduced the Public Company Accounting Reform and Investor Protection Act, also known as Sarbanes Oxley, in July 2002.
Back then, there had been a significant number of corporate accounting scandals from WorldCom, Tyco and Enron where the directors of these companies claimed they had been unaware of the accounting discrepancies. Sarbanes Oxley tightened the requirements on directors, bringing in more legislation and an emphasis on internal controls and governance.
Perhaps the most significant issue in our industry is the fact that the same legislation applies to companies of all sizes. After many years where the focus has been on maintaining a single set of auditing standards relevant to the audits of all entities regardless of size, nature and complexity, it is increasingly apparent that this model may no longer be fit for purpose.
The auditing standards, as published, are increasingly focused on the needs of regulated entities, such as Listed Entities and Public Interest Entities with the requirements of the International Standards on Auditing (ISAs) increasingly onerous and, equally importantly, ever more rigorously applied by audit regulators.
The time may have come to look at alternative approaches for less regulated entities and we may be reaching a tipping point where a separate set of auditing standards, or perhaps even a new form of assurance, is required. 46% of jurisdiction are already looking at what can be done in relation to audits of Less Complex Entities.
If we wish to maintain international standards for these entities, which are critical to many jurisdiction, it is imperative that the International Auditing and Assurance Standards Board (IAASB) and others take timely action as a matter of priority in this area.
Auditing is at a crossroads. The practice is increasingly misunderstood, with ever more onerous regulations adding to the volume of reports, without bringing any additional clarity. If we want to change this we need the government to lay down clear rules regarding who is responsible for ensuring a company’s accounts are really robust; to desist from gold plating international regulation for no good purpose and to seriously consider adopting different standards for different types of organisations.
Andrew Moyser, partner at MHA MacIntyre Hudson