What is an audit for?
Lawmakers, auditors, investors and courts all have different expectations
AUDITS get noticed only when things go wrong … Last week British MPs issued a scathing attack on KPMG, an auditor, for failing to avert the collapse of Carillion, a contracting company. South African authorities are looking into Deloitte’s audit of Steinhoff, a retailer. PwC, another auditor, could face a court-damages verdict for hundreds of millions of dollars for not spotting fraud at Colonial Bank, a failed American lender. It is also fighting a $3bn lawsuit in Ukraine and a two-year ban in India.
Investors are also waking up to audits. They almost never vote against management’s choice of auditor. But last month over a third of shareholders at General Electric, an industrial conglomerate, voted against the reappointment of KPMG. Investors in Steinhoff are suing the company and Deloitte for $5bn for their losses.
These actions challenge an industry dominated by four big firms: Deloitte, EY, KPMG and PwC. Between them they earned $47bn from auditing most of the world’s largest firms in 2017, and $87bn more from selling consulting and tax advice. Regulators have tried to increase competition and limit conflicts of interest. But auditors argue that another problem is being ignored: that lawmakers, investors and courts all disagree about what an audit should be. They worry that they are being seen as providing insurance against corporate failure. Repeated large payouts could erode quality, they say, and even threaten the viability of the big firms.
Developments in auditing have always been driven by corporate scandals. Until the mid-19th century investors used to look over the books themselves, checking that directors were not frittering away their capital. After a spate of accounting fraud during Britain’s railway mania, investors turned to professional accountants to do the job. The stockmarket crash in 1929 led to laws requiring listed firms in America to be audited. Scandals in the 2000s took down Enron, WorldCom and their auditor, Arthur Andersen. That led to more regulation intended to protect auditors’ objectivity, which comes under pressure because of limited competition and because they are paid by the firms they scrutinise, rather than the investors they serve. The tighter rules have had some success: measures of audit quality are improving.
But as Carillion shows, things can still go badly wrong. Incensed British MPs have called for a competition review to consider whether the Big Four in Britain should be broken up. The firms are braced for trouble. But they also argue that they cannot always get things right. People think of auditors as charged with seeking out fraud and failure, says Andrew Gambier from the Association of Chartered Certified Accountants, a trade body. But today’s professional standards set out a more limited role. Auditors give an opinion on whether the accounts are a “true and fair” representation of reality; they consider the risk of fraud, but do not hunt it down.
Robin Litjens from Tilburg University says there are several good reasons why failures may not always be detected. For one, a company’s books are so vast that audits can only realistically assess a sample of transactions in selected markets. Auditors hope that better data-analysis techniques should allow for larger samples and better anomaly detection. But for now, for large firms, looking at less than 5% of transactions is not unusual.
Similarly, auditors look only for errors that are “material” compared with profits or assets. The threshold is often in the range of 0.5% to 10%. These limitations might help explain why, according to the Association of Certified Fraud Examiners, auditors picked up only 4% of occupational fraud in 2017. Although some firms offer more forensic audits, they cost so much in time and money that companies choose them only if they already suspect wrongdoing.
Below the line
Another reason audits cannot offer any guarantees is that, despite involving numbers and spreadsheets, they are subjective. Accounts contain plenty of assumptions, for example concerning provisions for uncertain future payments. Auditors must use their judgment to decide if those assumptions are reasonable. They could be wrong, sometimes because of information that emerges after the audit is complete.
Other parts of the expectations gap are, however, in their power to close. Auditors complain that they are judged solely on the few audits that go wrong. Of the 93,000 done in Britain alone each year, they say, most are uneventful. In a handful, they may even have spotted fraud or mismanagement. These are shared with regulators, but not widely publicised, says David Sproul of Deloitte, because auditors are reluctant to provoke stockmarket volatility. “They are not equity analysts.”
Yet investors are clamouring for just such information. Rules in many countries, which also come into force in America next year, require auditors to elaborate on the main risks to their audit opinion. That helps, says Liz Murrall from the Investment Association, a trade body for British asset managers. Many investors would like also to hear how auditors challenged the management’s judgments. Others want auditors to go beyond financial statements to assess companies’ projections for sales and profits.
Natasha Landell-Mills from Sarasin & Partners, an investment firm, compares the audit to a homebuyers’ survey. It may not guarantee there will never be a leak, but it should give reasonable assurance that there are none. She wonders if some auditors are skipping the most basic checks. According to the International Forum of Independent Audit Regulators (IFIAR), a group of national authorities, two-fifths of audits worldwide that are inspected are found to be flawed. Some auditors are not even sure about their responsibility to consider fraud. On top of that, they have been given free rein over their professional standards.
Reconciling all these views requires rethinking the purpose and scope of statutory audit. Brian Hunt, the head of IFIAR, agrees that audits need modernising so that they stay relevant to investors and help align expectations. But getting everyone involved, including regulators, standard-setting bodies, investors, companies and auditors themselves, to agree on what needs to be done is so complex that no one expects speedy progress.
As long as misconceptions regarding audits exist, confrontations with angry investors and lawmakers seem likely. And the courts could side against auditors. Jim Peterson, who was an in-house lawyer for Arthur Andersen and has represented many of the large firms, points out that professional and legal standards differ. Auditors could have done what they see as their job, but still be found liable.
Critics scoff that bringing a case against auditors is so hard that this is not a real risk: federal courts in America are increasingly likely to throw out claims against auditors. But PwC’s Colonial Bank case shows that firms can still be on the hook for large amounts. Mr Peterson reckons that penalties totalling more than $3bn in a year could sink one of the Big Four, with disruption spilling over to the surviving three, and to capital markets.
With litigation and reputational risks hanging over the sector, investing in …