It may be time to liberate auditors from the accounting profession

A report by former head of the London Stock Exchange Sir Donald Brydon published in December says it’s time to split audit from accounting and establish it as an independent profession with its own standards and qualifications.

The new, improved audit should be a profession separate from accounting with its own governing principles, qualifications and standards. “At present it is an extension of the accounting profession, whose ethics and (arguably) mindset it largely adopts,” says the report.

It would embrace non-financial disciplines such as cybersecurity and environmental behaviour and provide more informative reports to different interest groups. Gone are the days of executives being responsible only to shareholders, as economist Milton Friedman suggested. Auditors need to go beyond scepticism and become suspicious, says Brydon.

There is unspoken acknowledgement in Brydon’s report that the audit profession is failing as a public watchdog.

Shareholders want to know how the watchdogs failed to pick up the signs of accounting fakery at Tongaat and Steinhoff, to name just two fairly recent examples.

Part of the problem is the nature of the audit itself: it is expected to provide a reasonable level of assurance that the financial statements are fundamentally true and fair based on a tiny sample of transactions. That said, audit teams are expected to identify areas of high risk and focus on these. New technologies are fast emerging which allows a far higher level of sampling and, aided by blockchain technology, we may soon be able to verify all transactions in real-time.

Many of these problems of the external audit could be improved by strengthening internal audit teams. But here again, there are difficulties: overbearing CEOs often surround themselves with weak internal auditors who can be bullied. Audit committees are supposed to buffer against executive bullying but this too is no guarantee of independence.

The profession has long been dogged by suspicions of corporate capture.

No matter how robust the audit standards, there is a perception that audit independence has been compromised by the accounting business model: the Big Four firms undercharge clients for audit services in the expectation of picking up higher-paying work elsewhere. As Richard Brooks points out in The Bean Counters: The Triumph of the Accountants and How They Broke Capitalism, every crisis is an opportunity for the Big Four accounting firms, whose profit and revenue growth barely skipped a beat during the 2008/9 financial crisis.

Various solutions have been proposed:

• Breaking up the Big Four to separate consulting from audit (which would raise the cost of auditing);
• Mandatory audit firm rotations; and
• Establishing an independent body to appoint and reimburse auditors, rather than allow companies to select their own auditors.

Nicolaas van Wyk, CEO of the SA Institute of Business Accountants (Saiba), says the entire concept of the audit needs to be reformulated. “There should also be different audits for different users of information. As things stand, the audit is designed to satisfy all users of the information but it is severely lacking in the kind of detail different users require.

“For example, if the company wants to take out a loan with a bank, it should provide an audit that specifically addresses the kind of information that the bank requires.”

Rotation

The Independent Regulatory Board for Auditors (Irba) has introduced mandatory 10-year audit firm rotations (MAFR) as one method of maintaining audit independence. CEO Bernard Agulhas says as of September 2019, 21% of companies on the JSE had rotated auditors – with 41% of those companies citing the early adoption of MAFR as the reason for rotation. All listed companies have until 2023 to comply with mandatory audit rotation.

The Big Four accounting and audit firms – EY, PwC, Deloitte and KPMG – account for the vast majority of audits of the 40 largest JSE companies and 100% of FTSE 100 firms.

“The cost of MAFR will always be insignificant when compared to the cost to investors and pensioners when there is an audit failure, resulting in billions of rands lost, as illustrated by recent failures,” says Agulhas.

“The lead time allowed for the introduction of MAFR of five years has allowed companies and audit firms to plan for this process and for firms offering other prohibited services to cool off in compliance with the Companies Act in order to be eligible to take on audits where they previously did not audit.”

Joint audits

Irba is also in favour of ‘joint audits’ to allow smaller firms an opportunity gain experience and break the Big Four stranglehold. That, however, is easier said than done.

The overwhelming dominance of the Big Four as a repository of skills and know-how may take a generation to overturn.

There have been several radical suggestions in recent years to strengthen the audit: Professor Piet Delport, retired professor of mercantile law at the University of Pretoria, suggests making the audit voluntary, with different stakeholders demanding more focused audits as and when they are needed. Asking audit firms to provide audits that satisfy all users is no longer feasible. If you’re a bank being asked to extend a credit facility to a company, you will want an audit that looks at the company’s realistic ability to repay the loan. Banks are already having to adjust published financial statements to firm up estimates and non-cash transactions – something accounting standards setters have battled with for years.

Auditors not paid enough?

Jodi Joseph, divisional executive at audit and financial software group CaseWare Solutions, says auditors simply aren’t paid enough to provide the kind of audit expected of them. “I think the auditors of the future are going to have to be well versed in data analytics, for the simple reason that technology is going to be a vital part of the audit going forward. The sample sizes are going to have to get bigger. Blockchain will form part of the solution since it can help verify what is a trusted transaction.”

One of the key changes recommended in the Brydon report is to redefine the audit as a means to “establish and maintain deserved confidence in a company, in its directors and in the information for which they have [the] responsibility to report, including the financial statements”.

Read: Audit firms up in arms over Irba’s possible search and seizure powers

Agulhas says Irba supports this redefinition and “in particular has been stressing the importance of aligning the audit function to investor needs”.

He explains: “Projects are underway to look at strengthening the fraud risk identification standard, as well as auditor competencies. It may be that more training and competency is required in the area of identifying fraud, which up until now has not been an auditor’s responsibility.”

Principles instead of rules

Another key recommendation from Brydon is the creation of a corporate auditing profession governed by principles rather than rules – for the simple reason that rules are too rigid and easily side-stepped, while principles (such as ‘Do not lie’) are more difficult to fudge.

Irba recently adopted an updated and strengthened code of ethics that was already principles-based. It is also looking at ways to expand the audit beyond financial reporting to provide assurance in areas such as environmental compliance.

Key recommendations from the Brydon Report and Irba’s response

Recommendation	Irba comment
A redefinition of audit and its purpose	Irba supports this and in particular has been stressing the importance of aligning the audit function to investor needs. Projects are underway to look at strengthening the fraud risk identification standard, as well as auditor competencies. It may be that more training and competency is required in the area of identifying fraud, which up until now has not been an auditor’s responsibility. The current standards do not include a responsibility for the auditor to discover fraud – merely to develop procedures to address the risk of potential fraud.
The creation of a corporate auditing profession governed by principles	Irba has recently adopted a new code of ethics which has been updated and strengthened. The Code of Professional Conduct and auditing standards adopted in South Africa are already principles-based.
The introduction of suspicion into the qualities of auditing	This is not really new; essentially it is professional scepticism which the auditor is required to exercise as an element of independence. However, an auditor who has had a client for 100 years is not perceived to be independent and is not perceived to exercise professional scepticism sufficiently well if the auditor/client relationship becomes too cosy.
The extension of the concept of auditing to areas beyond financial statements	Irba has already been looking at ways in which it might be possible to audit non-financial information and what level of assurance the auditor could provide on this information. It is a new area of external audit and internationally there already are projects to develop assurance on non-financial information (other forms of external assurance).
Mechanisms to encourage greater engagement of shareholders with audit and auditors	Irba has already taken significant steps to engage investors, shareholders and audit committees. As the regulator, we see it as part of our mandate to educate the market on what they should expect from auditors and the audit product. Irba has a good relationship with the Audit Committee Forum [a joint initiative between KPMG and the Institute of Directors in Southern Africa] and is working closely with them to better understand the audit and audit quality. One of the initiatives from Irba has been to develop a set of audit quality indicators to assist audit committee members in assessing audit quality and evaluating auditors.
A change to the language of the opinion given by auditors	Irba has already adopted the International Auditing Standard on the new audit report and Key Audit Matters have been reported since 2016.
The introduction of a corporate audit and assurance policy, a resilience statement and a public interest statement	We support more assurance provided by management and will do research on how auditors can provide assurance on these additional statements, once there is a framework for these statements.
Greater clarity around the role of the audit committee	Irba has already begun engagement with the Audit Committee Forum and aims to educate those charged with governance on the importance of their role in the lines of defence.
Suggestions to inform the work of the UK’s Business, Energy and Industrial Strategy Committee on internal controls and improve clarity on capital maintenance	n/a
A package of measures around fraud detection and prevention	See above
Improved auditor communication and transparency	Irba has launched two initiatives: Audit Quality Indicators, which are standardised measures for audit firms to score their audit quality. This is the first set of indicators that audit committees can use in the evaluation of auditors. This will also assist in structuring communication between the audit firm and the client on issues around audit quality. Further, Irba has issued a call for audit firms to produce transparency reports, which will also be an important means of communication with audit committees. This is currently voluntary and suggested guidelines for reporting have been provided. This will be refined in conjunction with feedback from audit committees as to what they find most useful. In future it may become mandatory.
Obligations to acknowledge external signals of concern	–
Extension of audit to new areas including alternative performance measures	Irba has already contributed to a project that seeks to determine how assurance can be provided on non-financial information, and what level of assurance could be offered.
The increased use of technology	This is an important area of audit quality advancement for Irba, and the advances in technology and the 4th industrial revolution are viewed as being a step forward in addressing the concerns that arise out of current methodologies. The ability to handle large volumes of data and transactions will become easier, and will improve audit quality.