Audit Reform

17 Jul 2023

The problem with the auditing profession is not with the auditing profession. It lies with the regulators and Ivory tower theorists that may have slept through the expectations gap and have then decided to solve it not be explaining the purpose and limitations of auditing but by changing them to some unrealistic incarnation as financial fortune-tellers. The Financial Times notes that tree-hugging environmental lawyers at charity ClientEarth claim that senior leaders at PwCDeloitteKPMGEYBDO and GrantThornton are failing to fully consider climate-related matters when assessing corporate accounts. El Nino and the bottom line?

Audit reform has been on the agenda for longer than most of us can remember. I first heard about it when I lost money on Court Line, and year after year, decade after decade the call for “reform” has persisted.

For a while, the “expectations gap” moved out of academia and into the mainstream, and audit opinions sought to explain what auditor were charged with doing, rather than what they might have done “if only”. 

I seem to have mislaid my copy of the 1948 Act, however the role of the auditor was then and still should be, to make appropriate enquiries and express an opinion as to the truth and fairness of the financial statements (“accounts” in 1948 speak).

Somehow, progressively, auditors have had their paradigm shifted from verifying historical statements to fortune-telling and financial projections. Plus assessment of risk analysis. This is not really a realistic aspiration, but report after pigeon-holed report asserts these “obligations” which are nothing of the sort and should not be. Risk analysis and assessing management's predictive abilities are not at all the same as attesting to the credibility of Financial Statements and we should stop confusing all the things we'd like done or wish had been done, with what realistically can be done.

If auditors can confirm the reliability of accounts, then investors and other (largely non-statutory) stakeholders can use this as a component of evaluation for investment, employment, grants, or whatever. This isn't the auditor's job.

It has to be admitted that in the past auditors have failed to audit properly and the duty of care they owe from the Touche case onwards has been a bit blurred, however piling additional duties on the basis that failures are somebody's fault and the auditors are it is not only inappropriate, but leads increasingly to a “compliance checklist “ culture where we used to have professionals scepticism and persistence.

Even Fraud responsibility is unclear; The Financial Reporting Council's UK Auditing Standard on Fraud (ISA (UK) 240) has recently been significantly updated for the first time in 16 years. ICAEW Insights explains that the changes are a response to recent public discussions on the role of audit in identifying fraud, including high profile cases in which auditors were found to fall short of their responsibilities when it comes to fraud. The changes to the standard seek to clarify the auditor's role and objectives in identifying fraud, but hopefully not in predicting it.

The next report, like the last report, and a myriad of reports before will be honestly prepared and seek to address the terms of reference set, but it is those terms that are at fault. Auditors can check what has been done and documented, what has been documented and not done, and what has been done and not documented but they cannot and should not be expected to predict the future. Management has some duties in this regard, as may analysts and investment advisors, but let's not confuse commercial risk in the future with audit failure in evaluating the past.