Unfortunate but true. Auditing could be blotted. And it matters a lot when general perceptions take the front seat and reasoning and understanding the one at the back or more appropriately thrown out the window. It’s the internal audit that suffers the most from the general perceptions on auditing that are actually shaped by external auditing. Though it’s not that the internal audit has entirely nothing to blame itself about; it has a nominal share of its own!
But let’s first address the elephant in the room, the external audit. Would they continue to hide behind the legislation providing justification for them? Would they continue to benefit from regulation allowing for an ever increasing role they are being tasked with? Of course, it helps when both the legislation and regulation are on your side, and it helps even more when the regulators have more people from amongst the external audit fraternity rather than the businessmen.
But is it really what the external auditors should be focused on? Shouldn’t they be concerned about creating a demand for themselves purely by virtue of their work? Shouldn’t they be looking for having a reputation beyond necessary evil through the value they could add? And does this situation help any of the two, the external auditors and their clients?
Certainly not! No matter how wider their scope continues on becoming (including sustainability, corporate governance, non-financial disclosures, etc.), the external audit is still considered a necessary evil. Something that adds no value to the process, let alone create it! Don’t believe in the zero value addition part? Well, what else to expect from an audit of historic financial information.
And this zero value adding contribution is most amply and in fact forcefully brought to the fore when external auditors are expected to take responsibility of their inadequate audit procedures and instead what they come up with are disclaimers, client’s board and management responsibilities declarations, a verbose audit report and measured opinions. With these aids available, it’s not surprising that at times they even disown the work they did.
Year after year, the business world has a story a tell about the role played by external auditors. All these stories make way to corporate newsrooms, get published and trigger regulator / watchdog scrutiny. Eventually, fines and penalties are slapped. But what happens afterwards is even more interesting. The corporate business world gets a new case study out of the whole affair!
The rival external audit firms are rejoiced that the subject of the case study was one of them but not them. The affected business entity’s competitors are overjoyed as they have got an opportunity (just out of nowhere) to dominate the market.
The rest of the business world is divided into two distinct groups; those who have the same external audit firm as their auditors would ensure nothing of the sort comes up with their audits, even if something similar is being done. The other group is the one who would ensure that they never hire the now ‘infamous’ audit firm.
Exactly these are the most ‘profound’ lessons one could draw out of the case study!
Business entities and external auditors who could use news like this to improve and evolve are a rare find. Because diligent work comes at a cost which business entities are not willing to pay for an audit of historical financial information. Not to mention the lack of competence and ability at most of the external audit entities, who cannot work diligently even if they wanted to!
So, it’s always beneficial to cover your tracks and not get caught rather than improving. And so, year after year we see external auditors failing to detect:
- New accounting disasters (manipulative interpretations of accounting standards, creative accounting).
- Internal control lapses (design flaws, compliance issues, etc.).
- Omissions / concealments (most noticeably of liabilities).
- Misstatements of income, expenses, assets and liabilities (both Under and Over, depending on suitability to diverse stakeholders like equity holders, creditors and tax authorities).
Resultantly we continue having financial statement frauds out of schemes designed to boost stakeholder value and perceptions by keeping reality aloof from the records!
But keeping things interesting for the shareholders might be the core motivation but it is definitely not the sole motivation for business entities to indulge in accounting and internal controls malpractices. And mind you when a business entity is a good taxpayer, even the regulators don’t much care about malpractices either.
The other incentives include using non-financial information (like directors report, reviews, statements of compliances, corporate commentary, financial health indices, etc.) to their advantage when the numbers are not that interesting. And this incentive becomes more workable when the external auditors are tasked with reviews of non-financial information.
Surprised? Don’t be. Because even with diminishing value the external audit fee is increasing, and these additional reviews are then covered. With the incentives of a ‘mutually beneficial’ commercial relationship, comes the added incentive of having the non-financial information or rather imagination of the management and board certified by the external auditors!
And the external auditors can now pin the blame on these additional reviews, drifting their attention away from the core review of financial statements or at least dividing the same time available as before between so many more review requirements.
The financial statements ever increasing complexity and the sheer size of the external audit report ensure that most average stakeholders look away from the financial statements and direct their focus at the non-financial information for ascertaining the financial health of the businesses in plain and simple language.
Now that we have covered the different motivations of both the external auditors and their clients causing them to indulge in accounting and internal control malpractices, let’s move on to how things could improve for the better, if external audit is still not past its lifetime!
What could be done to save the external audit’s dying grace?
- External auditors performance evaluation by clients. The clients should evaluate their external audit performance in submissions to the regulators. Such evaluations should primarily be focused upon documented accounting and internal control improvements brought about by the external audits.
- Internal auditors may also rate their coordination with the external auditors in submissions to the regulators. Internal auditors may pinpoint significant control weaknesses unearthed by them which have not been identified by external auditors when there was every likelihood of not missing these.
- Evaluations of external auditors by clients and their internal auditors need to be reviewed by regulators against the external audit report and review statements.
- Introduction of a 2-stage external audit. Internal Controls Audit followed by Financial Statements Audit, if and only if the internal controls (1st stage) audit results in an adequate assessment.
- Professional bodies have terrestrial rights, and territorial hegemony won’t be interested in performing evaluations and assessments of adherence of the external auditors work. Especially when it is these bodies that register external audit firms and issue practitioner licenses. The external auditors’ evaluation, assessment, registration, suspension and deregistration should be the task of the regulator. It is the regulators that should issue satisfactory ratings to the external auditors.
- Whilst professional bodies might be tasked with the detailed evaluation of adherence with all requirements of International Standards on Auditing (ISAs), adherence with requirements of standards that aid in core financial statement assertions of completeness, existence, accuracy should be assessed by regulators.
How does internal auditing also contribute to blotted auditing perception even though the regulation around it is subdued and it is not responsible for financial statement frauds?
The simple answer is not understanding the meaning behind the keywords in internal audit definition, independence, objectivity, systematic and disciplined approach, evaluation and improvement in effectiveness of risk management, control and governance processes.
A staunchly independent internal audit function that’s entirely unbiased in its approach needs to ensure orderly conduct of the internal audit services. This orderly conduct requires alignment of client’s risk universe with the internal audit universe to begin with and develop formal client specific mechanisms to evaluate and improve core business processes. Read how to internal audit here.
It is high time external auditing starts adding value since grandiose financial statements are not the value they contribute to the process even if such statements earn corporate reporting laurels.
Their part is the value created behind the scenes leading to the credibility and usefulness of financial information and accurate depiction of the financial affairs of the entity. Maybe the first step in that direction could be a year free of any financial statement fraud! That would be a year when external auditors realize they’ve a reputation to build and maintain even if it costs them business (dirty business definitely).
In so doing, it wouldn’t be a bad idea to take a leaf from a professional internal auditor’s playbook!