The Auditor - Whose Agent Is He Anyway? 1. Introduction This research paper is inspired by Peasnell (1982), who explores how a conceptual framework would improve the quality of financial reporting. Failing this framework, Peasnell questions whether the auditing function would be a viable alternative for ‘organising and policing’ corporate disclosure. He describes how there are those who view external auditing as a largely useless legal imposition. He refers to Briston and Perks (1977), who suggest that both financial statements and audits are of no practical use as shareholders are forward looking. However, Peasnell (1982, p.296) takes the opposite view, ‘agency theory suggests that published accounts are far from being “largely irrelevant” to shareholders nor are audits of the same.’ The aim of financial statements is to report on the company’s financial performance during the year and its position at the balance sheet date, to help the users make economic decisions. The main users can be taken as shareholders, creditors, banks, employees and the government. These users will only rely on what the statements purport to represent if there is an independent assurance of their credibility. The audit is this independent examination that verifies the credibility of the information provided in the financial statements. But what if the auditor is also an agent to himself, or to management? This paper will now discuss the need for the audit, citing its statutory origins, and emphasising user needs and agency theory as two of the main driving forces. Only then can it be discussed whether the audit function as it stands meets these requirements. 2. Introduction To Agency Theory Limited liability encouraged the growth of companies in the twentieth century, with productivity on a scale that was unlikely to happen with single entrepreneurs or even partnerships. Today, the corporate vehicle is one of the most complicated legislative areas. This is in part due to the principal-agent theory: 1 Owners seek to maximise their return on investment by the most efficient use of the organisation (including the workers). Agents, on the other hand seek to minimise their efforts and maximise their remuneration (Hodge, William and Lawrence, 1996, p.23). Companies represented a separation of ownership from control as managers were hired to look after the day-to-day affairs of the company. Unfortunately, the managers’ interests diverge from those of the owner. For example, share-options encourage managers to strive to maximise the reported profit of the company; by creating artificial profits they increase their own return. The downside is that a perceived increase in returns prompts shareholders to increase their share in the company, based on biased financial statements. The auditor’s duty is to monitor the agent (i.e. management) and ensure his objectives are aligned with the shareholders’. This paper will link the role of the agent to the explanation of why the auditor’s performance may diverge from expected, and asks whether more regulation and monitoring is required in that context. 3. Introduction To The Audit Function The statutory audit was thought necessary, as there was an irreconcilable gap between the objectives of management and the owners. A mandatory provision was made in the Companies Act 1963: … every company shall at each annual general meeting appoint an auditor or auditors to hold office from the conclusion of that until the conclusion of the next annual general meeting (Companies Act 1963, Section 160). The auditor has rights of access to the books of account of the company at reasonable notice as laid down by the same section. However, in practice external audits are only performed annually (supplemented by the interim audit). The auditor then reports to the shareholders on the accuracy of the financial statements, specifically on the following: whether the financial statements give a true and fair view 2 whether the financial statements agree with the books of account whether a financial situation exists whether all information and explanations have been received as necessary from directors whether all information from subsidiaries/branches complies with the final accounts whether the directors’ report is consistent with the financial statements 4. The Usefulness of Auditing As the saying goes, it’s easy to part a fool and his money. Fortunately most investors have enough intelligence to investigate an opportunity before investing, including studying the published results. All the users identified earlier in this paper have invested based on trust, and therefore rely on the financial statements. Shareholders invest money, as do creditors and lending institutions. Employees join the firm, hoping to have a secure long-term employment in most cases. The government needs to verify profit figures for the purposes of taxation and subsidisation. The aim of business is to maximise profit, and by ‘adjusting’ the reported figures management can affect the return to these vested interests and subsequently retain earnings for themselves. For example, a downward adjustment of profit results in a lower tax payment to government, while management bonuses may be based on retained cash flows instead. It is of vital importance that confidence remains in the reported figures, as credit, both through trade and lending capital, has been one of the main drivers of growth in the twentieth century. An end to credit would herald the end of the corporate vehicle, as shareholders wouldn’t be willing to take the risk due to the lower return: Theoreticians have linked the use of trade credit to a transaction motive - a desire to realise economies in cash management - and to a financing motive - use of trade credit because credit from other sources, particularly from financial institutions, is limited (Elliehausen and Wolken, 1993, p.16). In ensuring this confidence remains, the auditing industry is at a crossroads at the moment: 3 The accounting profession faces a variety of pressures … the pursuit of international harmonisation of standards, increasing competition between firms driving the development of more efficient auditing techniques and the constant manufacture of manipulative accounting policies (Dunn, 1996, p.13). Dunn’s statement clearly emphasises the importance of the auditor playing a vital and useful role as an independent verifier of the reported figures, acting as a watchdog over management and providing assurance to investors who are not up to speed on economic and regulatory developments. Empirical evidence from Peasnell (1982) suggests that the quality of financial reporting has increased since the implementation of the mandatory audit. However, as Dunn (1996) suggests, these ‘pressures’ can also lead to the downfall of some auditors, and therefore damage the profession as a whole. 5. The Pitfalls Of The Auditing Function So far, the conclusion is that on paper the audit is useful. However it is far from a precise science and is open to human judgement and frailty. An audit failure is ‘nonperformance of the auditor in achieving the objective of the audit role’ (Boyle, 2002, p.20). Porter’s Audit Expectations Gap (1993) can be used to expand on this: (i). Unreasonable Expectations: Society expects the auditor to guarantee that the statements are true and correct. There is an inherent danger in the auditor signing off on the financial statements. Many users believe that audited statements are an accurate reflection of company affairs simply because they have been audited. Many don’t even bother to read the audit report where the details of the audit programme, responsibilities and liabilities of the auditor and directors are held. A common misconception would be that the auditor checks all transactions, which is impossible. 4 To some extent the auditor relies on the internal control system of the organisation, to ensure the raw data is accurate, as it is impossible to check all the data. However, management is in charge of this control system and so can easily manipulate it to their own advantage. This makes fraud very difficult to detect, and so to a large extent, the auditor is not responsible for this area. But do shareholders realise this? (ii). Deficient Standards Gap: This area follows on from above as in some cases the standards aren’t detailed enough to fulfil the expectations of society. Reasonable expectations are sometimes justified, but aren’t part of the audit programme. The area of fraud is a classic example and has been much debated (Humphrey, Moizer, and Turley, 1992). This task puts quite a burden on the auditor as Boyle (2002, p.12) states, ‘tools that are used by the auditor are of limited use in the detection of a crime of such an intricate nature’. The Auditing Practices Board (1995a) doesn’t see fraud detection as a requirement of the audit, although many users of reported accounts would presume that it was. But if the auditor isn’t responsible for detecting fraud then who is? Gray and Manson (2000, p.519) are of the opinion that the auditor isn’t liable for a failed audit, if fraud is discovered post-completion, ‘it might be said that some companies are close to being unauditable because of the nature of their business’. They go on to discuss circumstances where top management was engaged in fraudulent activity, the company having complicated interests and financial arrangements. They specifically refer to Polly Peck, as discussed later, where the complex structure was combined with a dominant person in management, whose various roles allowed him to override all controls. Due to the spate of tax evasion highlighted in the 1990s, under Irish legislation (Company Law Enforcement Act, 2001) the auditor now has a duty to report any fraud found during an audit. As fraud can cripple a company, such as the Enron case discussed later, one would think this a reasonable piece of legislation: Generally, integrity in financial statement reporting is one of the linchpins of an efficiently operating business environment. (AccountingMalpractice.Com, 2003, p.3). 5 Perhaps the reluctance of the profession to fully adopt this reasonable expectation lies in the commercialisation of the auditing industry: … if auditors were to introduce procedures that would give a higher chance of detecting fraud, the cost of the audit would inevitably rise significantly (Gray and Manson, 2000, p.523). It is unlikely that management (as profit maximisers) will want this extra cost – perhaps the solution to this conflict is to take the decision out of the hands of management, as discussed later in this paper. A past concern was the going-concern basis, which had no structured responsibility for the auditor until the introduction of SAS 130 (APB, 1994), which meant a company could potentially be wound up without a qualified audit. Gray et al (2000, p523) state: … up to SAS130 being issued, auditors were not required to search actively for evidence that the company was a going concern, but merely to be alert to the possibility that the going concern concept was not applicable. At the moment, the compliance tests of the internal control system are not subject to external reporting although the audit function relies on it to a large extent in giving an audit opinion. The sample engagement letter in SAS 140 (APB, 1995b, p.9) states: 2.2 Our audit is not designed to identify all significant weaknesses in the company’s systems but, if such weaknesses come to our notice during the course of our audit which we think should be brought to your attention, we shall report them to you. Any such report may not be provided to third parties without our prior written consent. Perhaps these are more perceived than actual weaknesses, but any guidance issued for auditors in this regard will heighten the perceived reliability of financial reporting in the eyes of the users of accounts. Consequently, auditing today is a complex function that has to constantly evolve to keep up with the changing needs of users of accounts and the ease at which 6 management can manipulate the data. At the same time, the auditor is expected to cope immediately with these changes, although standards can take quite a large amount of time to draft and implement. For these reasons, sound judgement on the part of the auditor will be needed in expressing an ‘opinion’ of a true and fair view. For example, the introduction of FRS3 (ASB, 1992) introduced a new layout for the financial statements as well as some new reports. The new exposure draft issued in 2000, Revision of FRS3 ‘Reporting Financial Performance’, is still in the discursive stage awaiting implementation. (iii). Deficient Performance Gap: There have not been many cases in relation to deficient performance of the auditor relative to other areas of the expectations gap (see Enron discussed later for an example). Before specific cases are looked at, it is useful to ask the question, ‘the auditor – whose agent is he anyway?’ In legislation the auditor reports to the shareholders, however there are factors which provide the opportunity for the auditor’s loyalty to lie elsewhere. The auditing standards and the literature put emphasis on the perceived independence as well as the actual independence of the auditor, in retaining the credibility of the financial statements. If the auditor is not independent then he is influenced by the company and therefore is little more than an agent himself. This is apparent from Jacobson’s and O’Callaghan’s (1996, p.35) definition: … a principal who is usually the owner of an asset and the agent who makes decision which affect the value of that asset, on behalf of the principal. This definition suggests that the watchdog (the auditor) may also be an agent with diverging objectives from those of the principal (the shareholders). One would imagine that the auditor as a paid agent for shareholders, would see him holding their interests in supremacy. However, the auditor being charged with ensuring management’s objectives are aligned with the shareholders, may find due to potential 7 gain or otherwise, that working in the interests of the audit firm or management is more beneficial (they are the two active partners in the contract after all). If the auditor wants to keep his contract in a commercialised industry, he may feel it’s more beneficial to cut corners on the audit, thereby allowing himself charge a competitive fee (self interest threat). If the auditor is providing both audit and nonaudit services, he effectively is reviewing his own work. This conflict means he is unlikely to report any mistakes that come to light in case of repercussions. Long-term auditors will find themselves being ‘friends’ with management (familiarity threat), and perhaps entering into providing management advice (advocacy threat). In rare occasions a dominance threat may arise where management know the auditor fears losing their contract, and can play this to their advantage; e.g. refuse to report fraud found by the auditor (Porter, 1993). Even if the opportunity but no actual problem is present, shareholders need to know that they can rely on the financial statements– they only have the ‘outside view’: The closer the perceived alignment of incentives between the auditor and the client, the lower the value of the auditor’s opinion of the client’s financial statements to consumers of audit services (De Angelo, 1981, p.34). Performance problems also exist that are specific to the auditing industry, and the auditor has less control over them: Inexperienced Staff: The Audit Assurance Area is generally where new graduates start out. This means that audit-managers have to devote some of their vital time on the job to training and aiding new employees. The vast majority of audit staff moves into other areas after their three-and-a-half year contract is up, so a lack of knowledge of the client’s business is likely. This greatly increases the inherent and detection risk of the audit. Pierce and Kilcommins (1996, p.12) investigate whether evidence exists that the provision of auditing courses at third level business degree courses narrows the 8 expectations gap in relation to audit regulations. These findings are outside the scope of this paper, but it is interesting note that the: … results did indicate a significantly better understanding of audit regulations by those respondents who had gained some work experience in either accountancy or audit related work. As regards this study, it confirms the logical conclusion – duration of work experience increases the knowledge of the mechanics of the business. Auditor firms must try and create incentives to keep a higher proportion of their staff on after their initial contract. Lack of Time: Time management is of vital importance on the audit and often the auditor is under pressure here. Management wants to minimise the cost of the audit or need to publish their accounts as soon as possible. The auditor can have many clients needing to be audited at the same time of year. These reduce the nature, scope and effectiveness of the audit and it’s difficult to suggest how this could be improved. The key to a successful audit is to do adequate planning: Auditors should have or obtain a knowledge of the business of the entity to be audited which is sufficient to enable them to identify and understand the events, transactions and practices that may have a significant effect on the financial statements… (APB, 1995c, p.2). It could be argued that, as in the Polly Peck case as set out below, a wider knowledge of the business would highlight suspicious transactions by management. 6. Case Study Analysis One major audit failure in Western Europe in the 1980s was Polly Peck International (PPI). PPI went into liquidation in 1990 with debts of STG£551m. This brought into question the audited accounts of 1986, 1988 and 1989. BDO Stoy Hayward, senior auditors, failed to check the suitability of the secondary auditors, Erdal & Co. They also accepted unsubstantiated explanations regarding investments in the company’s subsidiary in the Turkish Republic of Northern Cyprus. There was virtually no 9 internal control system at its London office and huge sums of money were transferred from the bank accounts by the managing director without question (Perry, 2003). These areas are the responsibility of the auditor and therefore it is without surprise that BDO Stoy Hayward were found negligent and fined STG£325,000 (costs included). It took the collapse of the company to unearth its rocky foundations; it’s a classic example of deficient performance on the part of the auditors (e.g. knowledge of business, tests of controls and balances), which jeopardises the usefulness of the financial statements. In recent years with the Alfirst (AIB) scandal and the Enron scandal, auditor independence has come into question again. In the case of AIB, the loss of US$691m was compensated by the strong performance of the Irish management and consequently the share price didn’t collapse. But this doesn’t excuse the auditor’s failure to discover the lack of internal controls by management, or for not discovering the trading-irregularities themselves. In Enron, the auditors not only did not report the irregularities in the accounting presentation but instead were aiding management on their implementation and cover-up. Boyle (2002, p.12) sums it up well as he says the apparent willingness of Arthur Andersen, the auditors of Enron Inc. to conceal the occurrence of fraud through the destruction of documents (Howe, 2002), … perhaps provides an indication of why such perceptions of deficient performance are held. The case studies suggest the monitoring of the auditing profession was inadequate to avert the resulting auditing scandals of the 1990s. These are just a few cases which highlight that the industry needs to urgently reshape its structure to maintain investor confidence. 7. Efforts To Correct The Situation Review Group On Auditing The Review Group On Auditing was set up in February 2000 following the recent DIRT scandal and the general ill feeling towards the auditing profession in Ireland. 10 For the reasons set out earlier, it was seen as important to conduct a review so as to maintain the general high standard of auditing in Ireland amid the favourable entrepreneurial climate. The main recommendations of the group are summarised in Table 1 below (Review Group On Auditing, 2000). Table 1: Recommendations Summary Of The Review Group on Auditing implement a framework for auditor independence nature of non-audit fees paid to the audit firm disclosed in financial statements explain why non-audit fees exceeds audit fees if applicable, and confirm independence is not compromised. audit firms cannot receive more than 15% of total income from one company (10% limit for a listed company) audit firm should not audit their own work, provide non-audit services that affect figures in financial statements or provide internal audit services there should be effective communication between the audit firm departments so all knowledge relevant to the audit of the client is known risk to auditor independence should be documented in the letter of engagement and management letter the audit contract should be awarded annually by the audit committee Oversight Board should undertake a review after three years on the level of non-audit fees paid to the audit firm (Adapted From Chapter 12 Of The Report Of The Review Group On Auditing) Director of Corporate Enforcement (ODCE) The ODCE is one of the most radical new offices set up in recent times, set up under the Company Law Enforcement Act 2001. The director has wide sweeping powers including the power to investigate companies, prosecute directors for breaches of company law, seize books of account and require auditors to report to them on any fraud detected during the audit. While this may increase pressure on the auditor to report fraud, it reduces a grey area and an ethical dilemma as disclosure is mandatory above and beyond the auditor’s principle of confidentiality: … [it] leads them [the auditors] to form an opinion that there are reasonable grounds for believing that the company or an officer or 11 agent of it has committed an indictable offence … notify that opinion to the Director (Company Law Enforcement Act 2001, Section 74, 3B(e)). It is interesting to note that, although unhappy with some technicalities of the new Auditing & Accounting Bill (e.g. auditing the directors’ compliance statement), the profession admits the new arrangements were needed: We believe this new regulatory model, which is already attracting international interest, combines the best features of self and State regulation (ICAI, 2003). KPMG welcomes all of these recommendations which should assist in re-building public confidence in the profession and in improving overall audit quality (KPMG, 2003, p.5). ICAI Ethical Guide For Members The Institute of Chartered Accountants in Ireland has compiled a comprehensive guide to maintaining ethical standards for members, which ranges from advertising services, to minimising threats to independence and conflicts of interest. This is a welcome aid to the process, but will only be of use if carried out and enforced. Presently, it is difficult, if not impossible, to bring legal proceeding against auditors not following the code. Continuing Professional Education (CPE) There is a need to instil in professionals the importance of being ethical and competent. Mandatory attendance at courses and seminars can only be a good thing for first-rate auditing. It keeps the auditor up-to-date on new audit practices to provide the most efficient service possible. Auditing is changing at a rapid pace, especially in the area of information technology. The auditor must be able to use these facilities in his audit, to perform compliance tests on them and to monitor reporting through this medium. CPE also fosters an environment of personal responsibility where the auditor must stand over his work. That is to say, the auditor will be more aware of the high standards of other auditors and will feel more compelled to conform. Also, it gives him an opportunity to discuss practical problems and possible solutions with other auditors. 12 Members of the ICAI in practice now have a minimum of 20 hours of structured CPE and supplemented by 50 hours unstructured each year. 8. Further Improvements In the discussion of this paper so far, one would be of the opinion that the auditing industry is far too important to take a reactionary approach to problems as they arise. The following areas are regarded by the author, as necessary to cement the future confidence of the users of accounts. Internal Auditor Internal Auditors may be more likely to activate and access explanations that involve fraudulent financial reporting than otherwise (Church, McMillan and Schneider, 2001, p.68). This seems reasonable as: 1. The internal auditor is an employee of the company and can’t be dismissed easily. Therefore, the self-interest and dominance threats are removed. 2. Any pay-off for hiding fraud/irregularities is likely to be paid through an increase in salary. However, an external auditor will discover this and immediately query the reason if out of order in pay increases. 3. The internal auditor is less likely to risk jeopardising the company and so the advocacy threat is removed. 4. The internal auditor is an experienced staff member with in-depth knowledge of the business and has the time and resources to find and investigate irregularities. One can look to the case of Tony Spollen (Sunday Business Post, 2002) whom AIB sought to remove from his position as internal auditor when he alerted the bank that they faced a DIRT liability of approximately £100m. His in-depth knowledge of the company allowed the fraud come to light, and was a good estimation on the £90m approx. that was subsequently handed over to the Revenue Commissioners. Would the external auditor have been able to unearth these bogus account holders (whom he 13 wasn’t specifically looking for), and in the event that something was uncovered – would AIB have attempted to remove the audit firm? Consequently, an extension of the Supervisory Authority’s role (Auditing & Accounting Bill, 2003) in appointing internal auditors would be useful. They would be in charge of internal controls, fraud detection, and dealing with the external auditors/audit committee. This was recommended by the ICAS in 1993, and was similar to a system operated in Germany and the Netherlands. Baker and Wallace (2000, p.183) summarise the recommendation: Under the new [ICAS] financial reporting model, the work of the external auditors would be less procedural and more judgmental than under the accepted model of financial reporting. External Auditors In theory, it should be irrelevant to the shareholders who the auditors are as they follow the same standard setting body. The power to select the auditor is rarely used by the shareholder and, even more rarely an informed decision. They are likely to be willing to lose this power if it safeguards their interests. Companies should apply to the relevant Auditing Institute for the appointment of an external auditor. The scope of the audit could be lessened but the duration remaining unchanged. This would facilitate a more efficient audit through consultation with the internal auditor, better time management, and being able to concentrate on areas that have most inherent, control or detection risks. The internal auditor can concentrate on minimising the internal risks, including the risk of fraud by management or employees. Whether the audit firms would accept this proposal is another matter, as it would involve a large re-organisation of their staff from external audit duties to being sub-contracted as internal auditors. This would involve quite a large retraining expense. If management or the auditing committee wishes to replace the auditor, the reasons for it should be disclosed to the Supervisory Authority. The Authority would then have the power to deny or approve the replacement. This would ensure that management cannot manipulate the external auditor any more than the internal auditor. 14 An Agent For The Shareholder There is such a real physical gap between the auditor and the shareholder, being one of the few contracts where the paid agent has little or no interaction with the principal. The lack of accountability and liability of auditors through the courts also widens this gap. The external auditor is not an agent for management, and should leave interaction with them (that doesn’t compromise the value of the audit) solely through the internal auditor and the audit committee. Instead, the external auditor should present himself annually at a shareholders’ meeting, where he presents his report and is available to answer any questions. This would go a long way to enhancing the openness and transparency of the profession. Unfortunately, this process might only be used by institutional shareholders to gain a further insight into the company over individual shareholders who would fail to take advantage of the opportunity. There is also the danger that any reluctance on the part of the auditor to answer certain issues (due to confidentiality concerns etc.) could be perceived as hiding dubious information. Theory v Practice The responsibility for the expectations gap in standards lies with the Auditing Practices Board (APB). The board needs to urgently issue a general release to users of accounts stating what exactly the statutory audit covers. This also acts as a checklist for the auditor to make sure all areas are sufficiently covered. This may be in the form of a conceptual framework for auditing. Only when auditors have clear objectives, will there be uniformity and effective performance. The APB must recognise the various pressures highlighted herein, which are yet to be rectified. These include time pressure, lack of knowledge and inexperienced staff. The regulatory framework must be changed to bring these issues into the remit of the APB, perhaps in quantitative terms, as it strives to reach an adequate solution. They are perhaps too important, as issues which influence the objectivity of the audit, to leave the responsibility with the individual auditor. 9. Conclusion 15 The audit is an essential part of financial reporting today. However, users of financial statements in today’s business environment would be forgiven for questioning the usefulness of the audit function. This is partly due to an information deficit on their part, as they don’t investigate the substance of the audit. It is also due to the various pressures that are put on the individual auditor: These challenges must be dealt with in the light of a cohesive theoretical framework, otherwise auditing will lose all credibility (Dunn, 1996, p.13). It is quite ironic that Peasnell (1982) suggested the audit function as a temporary solution to a conceptual framework in accounting, when in fact the audit industry is one of the most piece-meal and evolving industries, lacking any comprehensive objectives that can provide assurance to users of financial statements and provide assistance to auditors in their role. Judgement makes up large portion of the audit, lacking any conceptual framework on what the audit ‘guarantees’ to users of accounts. Statements of Auditing Standards, while useful, involve limiting the scope of the audit due to time and money constraints, and also reducing the danger of the auditor being exposed to litigation. Herein lies the expectations gap: … no matter what action is taken to inform them otherwise, the public will continue to assume that auditors are responsible for fraud detection (Pierce and Kilcommins 1996, p.23). Following the recent corporate scandals, regardless of who is to blame, the auditor has to stand firm as the ‘watchdog’. The implementation in the form of the Director of Corporate Enforcement, the Supervisory Authority, the Audit Committee and heightened disciplinary procedures should go a long to way instil confidence and act as a deterrent against malpractice. But who knows what conflicts may emerge in the future of such a dynamic and complex industry. 16 In conclusion, some suggestions to further enhance the audit function were given, perhaps somewhat radical but they would certainly give assurance to whose agent the auditor really is. In essence, the audit is very useful to users of financial reporting but the profession is entering an era of change. The industry must embrace this change if it is to retain its credibility. 17