A parade of real or alleged financial issues at companies such as BHS, Carillion, London Capital & Finance and Patisserie Valerie has dominated news headlines in the past 12 months.
The 2008 financial crash was a clear sign that a complete overhaul of overall auditing processes was needed. But instead of carrying out a root and branch reform, regulators have sought to appease the auditing industry, rather than protect shareholders.
The industry’s fault lines are many, but the emphasis here is on just three: auditor independence, audit quality and auditor liability.
Auditor independence
‘Organisational culture is a key ingredient in the manufacture and quality of external audits, but is not the subject of any public disclosure’
The principle of auditor independence is a key cornerstone of external audits relating to areas such as health and safety, food hygiene, taxation and immigration controls. In no case is the auditee permitted to directly hire or remunerate the auditor. Auditors are also not permitted to give business advice to the auditee.
In the world of financial audits, however, such norms are overturned. Companies are permitted to appoint and remunerate auditors and, even worse, auditors can become business advisers to companies. Such arrangements could create subtle pressures upon audit firms to appease company executives.
The auditing industry and the big corporations have long resisted the independent appointment and remuneration of auditors. Yet this arrangement works well elsewhere. For example, following the Local Government Finance Act 1982, the Audit Commission appointed and remunerated auditors for local authorities and a range of public bodies. All auditors appointed by the commission were generally forbidden from selling non-auditing services to audit clients, with the exception of statutory returns.
The big four auditing firms – PricewaterhouseCoopers (PwC), KPMG, EY and Deloitte – had difficulty in penetrating this market and lobbied for change. The Local Audit and Accountability Act 2014 replaced the Audit Commission with Public Sector Audit Appointments (PSAA), a company limited by guarantee and owned by the Local Government Association. The PSAA is responsible for appointing auditors to the principal local bodies: fire and rescue, police, national parks, waste authorities and transport. It also sets audit fees. Contracts are independently awarded to create a portfolio of clients that match a firm’s capacity to deliver.
This model should also apply to about 7,500 large companies as defined under the Companies Act 2006. In addition, auditors of these companies must only conduct audits and no other business. This is to prevent them becoming part of the very transactions that they need to independently audit.
Some companies object to audit-only firms. Some claim that an organisational split, where audits and non-auditing services are separated by Chinese walls within one unified entity, is preferable. Such a structure, however, even where internal codes of conduct exist, does not curb the temptation for audit firms to sell consultancy services to clients. But a structural separation of audit from non-audit business is essential.
In resisting reforms, accounting firms may state that a structural separation would somehow constrain them from recruiting good staff. There is, however, no substance to this. You only have to look at the National Audit Office, HMRC and the Health and Safety Executive: all recruit multidisciplinary teams to conduct audits, made up of individuals familiar with accounting, tax, information technology, security, systems and law. There’s no reason why accounting firms can’t follow their example.
Separation anxiety
Some accounting firms also claim that a structural separation of audit from non-auditing business would somehow prevent them remaining part of their respective international networks. Again, such a claim has no substance. For example, many firms have offices in offshore jurisdictions. Such jurisdictions rarely require companies to publish audited financial statements. The firms in these boltholes have the ability to sell a variety of consultancy services, but are still part of international networks.
Organisational culture is a key ingredient in the manufacture and quality of external audits, but is not the subject of any public disclosure. At company AGMs, resolutions to (re)appoint auditors are not accompanied by any meaningful information. There is no information about the composition of the audit team, time budget, hourly charges, audit contract, major questions asked by auditors and the replies from directors, recent regulatory action against the firms or anything else. The public availability of such information would persuade firms to examine their organisational practices and also empower stakeholders.
Consider the case of former retailer BHS, which was audited by PwC. According to a published report by the FRC1, the audit partner spent just two hours on the audit and 31 hours doing consultancy work for the company and its directors. The audit senior manager recorded only seven hours and was not involved in the final stages of the audit – while an audit manager recorded 29.25 hours and a “junior” team recorded 114.6 hours. Despite a record of losses, cashflow problems and withdrawal of financial support from its parent company, BHS received an unqualified audit report. The investigation by the FRC showed that the audit work in relation to a number of areas was inadequate.
Now imagine what would have happened if audit reports and resolutions to (re)appoint auditors were accompanied by information about the composition of the audit team, its time and budgets. That requirement would have encouraged reflections on organisational practices and checked some of the more corrosive ones. The public availability of this information, together with the audit contract, management representations and a list of recent regulatory actions against the firm would have enabled stakeholders to make an informed assessment of the desirability of appointing the firm as an auditor.
For far too long the auditing industry has sheltered behind secrecy and confidentiality to organise its own accountability off the political agenda. The public availability of audit files would enable stakeholders to assess the quality of recorded audit work: stakeholders bear the cost of audits and should have the right to see the outcomes. In a consumer society, organisations from potato crisp manufacturers to airlines have to ensure that their product is fit-for-purpose and customers are compensated for poor quality of service. In contrast, successive governments have indulged auditors by granting them more liability shields without any quid pro quo. These shields include: no “duty of care” to any individual stakeholder; proportional liability under which auditors can only be held liable for losses arising from their own negligence; contributory negligence; limiting liability by trading as a limited liability partnership (LLPs) or limited company; and disclaimers of responsibility. It is almost impossible to sue auditors for delivering shoddy audits.
Audit liability
‘The FRC’s 2018 annual report showed that 27% of the audits it inspected needed more than limited improvements’
It is difficult to think of an economic theory or practice that suggests that the weakening of producer liability and of consumer or societal recourse incentivises producers to improve the quality of goods and services. This is even less so in the state-guaranteed market of auditing, reserved for accountants belonging to a few trade associations.
The FRC’s 2018 annual report showed that 27% of the audits it inspected needed more than limited improvements. Lax liability laws have weakened incentives for diligent audits and do not encourage partners to police each other or strengthen the desire to improve the quality of audits.
Key reforms must include pinning personal liability on audit partners and their firms for the delivery of poor audits. Individuals and society at large must be empowered to sue negligent auditors, and auditors should owe a duty of care to individual stakeholders.
An audit is manufactured within the organisational context of the firm, which provides training, personnel, commitment, communicative and operational competence, technology, client recruitment and infrastructure necessary for the production of all audits. The firm receives the fee and its name appears on the audit report. The firm is central to the production of audits and must be held liable for any shortcomings. Any agreement enabling auditors to escape liability must be null and void. The veil of incorporation upon LLPs must be lifted and the Companies Act 2006 should be amended to state that where a partner of the audit firm acts negligently, fraudulently or colludes with directors, civil and criminal liability shall fall upon the partners concerned and upon the firm jointly and severally.
Inevitably, all this will be resisted by an industry that has got used to having its way. Audits are a means of securing trust and public accountability of businesses, and protecting stakeholders from financial malpractices. Governments have two basic choices: impose reforms in the teeth of opposition and/or develop alternative ways of delivering audits.
FRC Report into PwC’s auditing of BHS, published by the FRC, August 2018. To download the report, visit: https://bit.ly/2nBSMo6
