This independent review, led by Sir Donald Brydon at the invitation of government, considered how the audit process and product could be developed to better serve the needs of users and the wider public interest.
The final report makes 64 recommendations, including the establishment of a new corporate auditing profession with a unifying purpose and set of principles.
The final report and all approved responses (118 of 120) have been published. www.gov.uk/government/publications/the-quality-and-effectiveness-of-audit-independent-review. Mine was 1 of 120 responses to the Call for Views.
My response is below (reformatted for this website):
RESPONSES TO THE CALL FOR VIEWS: INDEPENDENT REVIEW INTO THE QUALITY AND EFFECTIVENESS OF AUDIT
From: Keith Kauffman CPA, CFE
RESPONSE: 31 MAY 2019
I want to thank you for allowing me to respond to the Call for Views (“CFV”). I hope my responses can assist in furthering this endeavor.
My responses to this CFV will focus on the following methodology related to financial statement audits; distinctly separate the following:
- Simplified Compliance Audit (“SCA”), highly efficient, easy to plan and perform and creates the value sought after in the audit.
- Relevant or value-added financial and non-financial information to be “audited” or assessed (“Value-Added Services”).
Thus, simplify the audit to get more value and all the Value-Added Services that Users (defined below) want can be done as separate engagements using graduated levels of assurance, which will increase their value.
SCA. The SCA came from the theory of Simplify, Simplify, Simplify. Simplifying the financial reporting, will necessitate simplifying the accounting standards which will simplify the audit. I realize the financial reporting and accounting standards are not being addressed in this CFV but I may occasionally reference them in my responses.
I happened to note the word or a variation of the word simplify is used throughout the House of Commons Business, Energy and Industrial Strategy Committee, The Future of Audit, Nineteenth Report of Session 2017–19 (“BEIS Future of Audit”). Thus, is the United Kingdom (“UK”) struggling with the complexity and requirements of financial statement audits and seeks to “simplify” the audit?
As I read the BEIS Future of Audit, my concern is the overall theme for auditing is to expand the audit and the auditor’s responsibilities. If this is the course of action or prevailing idea, I believe it will lead to numerous difficulties in completing an audit. For example, even if we ignore the quality of the audit, how can an audit be completed logistically (the physical planning and performance of the audit) if the audit is to be expanded. And given the fact the Big 4 now audit the overwhelming number of large public companies, how could smaller firms perform an expanded audit?
There are three more concepts I will address in more detail under Chapter 10, Logistics Personnel and Timing.
I have a recommendation which goes in the other direction. “Simplify” the audit by providing a standardized financial reporting method. In the attached white paper, I have created a cash-based model but with some minor adjustments can result in a cash based Earnings Before Interest, Taxes, Depreciation and Amortization (“EBITDA”) or Realized Profits. Note: the white paper is written from the perspective of United States Generally Accepted Accounting Principles (“US GAAP”) but I anticipated the method could be used for any country under any currency. The white paper primarily addresses accounting standards and financial reporting but I am providing it as a type of financial reporting method I foresee being implemented to simplify audits.
The following is to help clarify the vision of the SCA:
Financial Statements. Entity provides a simplified standardized set of financial statements under a cash-based, historical cost, financial reporting model which can be tailored by industry.
Audit. The audit will be conducted under the current auditing standards which may require some modification but not significantly. Because the financial statements and related standards have been simplified, the audit can expand its assessment of internal controls, compliance with accounting standards, regulatory compliance and accuracy of the amounts which can result in greater assurance and confidence in an entity’s financial reporting. The audit report can include expanded explanations (which is being considered) of audit procedures along with greater assurance on the accuracy of the financial statement amounts.
There are numerous advantages to separating the SCA from the Value-Added Services. I will outline as many as I can in my responses but here are a few:
- More audit firms able to perform SCA’s especially of the FTSE 350. An SCA audit will allow a non-big 4 firm to perform an audit on its own. This will allow greater competition and market prices for audits.
- Audit firms only. There would be less concern breaking up accounting firms. I foresee an industry of audit only accounting firms performing SCAs which specialize by industry. The audit profession as an industry could stand on its own and be viable, relevant and valuable.
- Conflicts of Interest. By separating the SCA from Value-Added Services, this would become a non-issue.
- Profitability. Specialty SCA accounting firms will be sought after and the fees charged will be commiserate with the value received. Maybe audit fees will never reach the profit margins seen in consulting, but many accounting firms could still see this as very profitable especially as technology improves.
- Technology. An SCA can be more technologically focused allowing for more testing and greater confidence. Note: many of the current standards including International Financial Reporting Standards (“IFRS”) and US GAAP require significant amounts of judgement, variables and estimates which limit the ability to use technology.
- Investor and Regulatory Agencies. Allows larger or other specific firms to focus on investor and regulatory related items that can be specifically identified as Value-Added Services. The BEIS Future of Audit outlines multiple items that these Value-Added Services could cover. For example, some of the issues below such as assessing fraud detection and preventive controls or analysis of capital maintenance accounts can be “audited” or evaluated separately from the SCA using graduated levels of assurance. These would be performed by firms who have the expertise and knowledge (not the audit firm) and can handle the greater risk and exposure to conduct these types of services.
- Footnotes can by reduced dramatically.
- Timeliness. An SCA audit can be performed faster allowing investors to receive basic, relevant financial information almost in real time if an SCA audit is done continually.
- New Industry. Value-Added Services will become a new form of a revenue for accounting and other firms.
- And There are many others.
This CFV is already considering the separation of the audit firm into its own company. I strongly recommend and support this as the future of auditing. I merely want to help provide a method to achieve this goal.
I have used the BEIS Future of Audit format and outline in my responses to the questions below. For clarification, I have labeled each response with an “R” and a number which corresponds to the question number. I left the questions for reference.
I have added commentary to several sections either before a series of questions to help provide context of my responses.
CHAPTER 1 – DEFINITIONS OF AUDIT AND ITS USERS
Q1: For whose benefit should audit be conducted? How is it of value to Users?
R1. The audit is to be conducted for the benefit of three parties: The entity (management, directors, officers, etc.), investors/shareholders and regulatory agencies (all three, “Users”). As a public company and auditor for a public company, the wider definition for whom the audit is conducted is just about any informed person or group.
Forgive my directness, but the current audit does not have much value which is why it is called a commodity (at least that is how it is referred to in the United States (“US”)).
As for why the audit has little to no value, one has to assess why it is considered a commodity. A commodity is something that is bought and sold and is generally useful or valuable. The more valuable the commodity, the higher the price paid. How is the audit of financial statements (the, “Audit”) a commodity? If the audited financial statements are useful and valuable, a premium should be paid, but this is not the case. Since audited financial statements are bid so the lowest or most favorable price is achieved, it stands to reason that the audited financial statements are not useful or valuable. Thus, the accounting profession produces an audit report that is a commodity and not a professional service that provides value. What has happened? How is this not being addressed? What are the causes? Laws have been passed, accounting and audit standards have been improved, the audit report is to become more detailed and there is continual oversight, yet the commodity still exists, which means the changes are not effective. Until the accounting profession looks at the true causes, the Audit will continue to be a commodity.
I believe the goal of this CFV is to address this problem.
Q2: Should the audit be designed to enhance the degree of confidence of intended Users in the entity or just in the financial statements?
R2. The audit should be enhanced to increase the degree of confidence in the financial numbers only, not in the overall entity. With that said, a by-product of a proper audit can help provide additional confidence in the entity.
Q3: Should UK law be amended to provide greater clarity regarding the purpose of an audit, and for whom it is conducted? If so, in what way?
R3. I strongly believe that more laws including clarifying laws, improved accounting standards or increased oversight are unnecessary and have been tried.
CHAPTER 2 – THE ‘EXPECTATION GAP’
Q4: Do respondents consider there is an expectation gap?
Q5: If so, how would respondents characterise that gap?
R4 and R5. There is a substantial expectation gap and the accounting profession has done an extremely poor job in addressing this issue. The clearest example of the expectation gap relates to audits and detecting fraud. The Users of financial statements as well as the general public believe audits are to prevent and detect fraud. The next significant expectation gap is the understanding that the amounts on the financial statements are true and accurate when auditors and management know they contain significant estimates, variables, valuations, and sometimes are missing material amounts.
Q6. Is there also a significant ‘delivery’ or ‘quality’ gap between auditors’ existing responsibilities in law and auditing standards, and how those responsibilities are currently met?
R6. I am unable to specifically comment about the “delivery” or “quality” gap in the UK because I am not familiar enough with the laws and all the accounting standards, but I imagine there is a significant problem based on the mere fact this CFV is being conducted along with the Kingman Report. For the US, one merely needs to visit the website of the Securities Exchange Commission (“SEC”) and the public Company Accounting Oversight Board (“PCAOB”) to see the continual violations and fines of auditors not following the laws and/or the accounting standards. Thus, there appears to be a significant quality or delivery gap.
CHAPTER 3 – AUDIT AND WIDER ASSURANCE
Q7: What should be the role of audit within wider assurance?
R7. I am unable to comment as I am not clear on the term “wider assurance”.
Commentary. My concern is widening the scope of an audit. How does an audit firm get comfort providing more assurance with a wider audit scope? My suggestion is to narrow or simplify the scope of the audit to get the wider assurance being sought. Then Value-Added Service engagements which include the examples mentioned in the BEIS Future of Audit (i.e. compliance with the Corporate, Governance Code, reporting on executive pay, pay gaps and pay ratios, environmental
sustainability, and payment practices such as the treatment of suppliers and late payment terms) and numerous others would be performed separately by firms with expertise in the given specialty. In addition, the reports or findings on these Value-Added Services would include varying degrees of assurance by entity and industry.
Q8: Can the level of assurance that an audit provides legitimately vary in different circumstances, for example depending on the business sector in question, and the nature of the entity’s business risks?
R8. Yes, the level assurance could vary because some industries have more risk than others and the application of the current accounting standards could create more volatile estimates that are subject to greater variation.
Q9. Are the existing boundaries between internal and external audit clear?
R9. Yes. I believe the boundaries between internal and external audit are very clear as is their roles.
Q10. To what extent should external auditors be able to use evidence obtained from work performed by internal auditors in drawing conclusions?
R10. Almost none. Internal auditors benefit the entity. They take direction from its officers and directors and have almost no obligation to Users outside of the company. They are a good resource but there should be minimal if absolutely no reliance placed on their work or documentation. As the famous saying goes, Trust, but Verify.
Q11. Do current eligibility requirements for external auditors focus too much on independence at the potential expense of market innovation and the quality of the audit product?
R11. Yes, there is a significant amount of focus placed on independence. I agree there should be independence but the intense focus is definitely affecting the quality of the audit. An auditor should be able to assist an entity in improving its internal controls and accounting without jeopardizing its independence. My concern is the more attempts to constrain the auditor, the more they may attempt to work around it. I am not sure what market innovations, except recently, have been kept from being introduced due to independence.
CHAPTER 4 – THE SCOPE AND PURPOSE OF AUDIT
Q12: Should directors make a more explicit statement in respect of risk management and internal controls? If so, should such a statement be subject to audit?
R12. Directors should make a more explicit statement as it relates to risk management and internal controls and that statement should be audited. I think management should be as transparent as possible including addressing risk management and internal controls. An SCA would allow a deeper dive into internal controls and risk management giving greater assurance. If needed or required, a separate Value-Added Service engagement related to risk management could be performed by specialists who could provide various level of assurance on an entities risk management.
Q13: Should auditors’ responsibilities regarding assessing the effectiveness of an entity’s system of internal control be extended or clarified?
R13. The auditor’s responsibilities assessing internal controls should be expanded and clarified but it cannot be done under the current audit methodology. The current audit methodology already is being strained as there are too many other items for an auditor to address. Adding more responsibility to the current audit would result in reduced quality somewhere else. If you simplify the audit (i.e. SCA), financial reporting and corresponding standards, you can significantly enhance the assessment of internal controls.
Q14: Auditors are currently required to report to audit committees their views on the effectiveness of relevant internal controls for listed and other relevant entities. Should auditors be required to report publicly these views?
R14. Yes, auditors should provide their comments on the effectiveness of an entity’s relevant internal controls. This information should be included in the audit report or as supplementary information.
Q15: Is the current regulatory framework relating to going concern fit for purpose (including company law and accounting standards)?
Q16: Should there be greater transparency regarding identified “events or conditions that may cast significant doubt on the entity’s ability to continue as a going concern”?
R15. R16. I am unable to comment on the UK regulatory framework on going concern. Based on the recent number of audit failures as a result of financial struggles of various companies, there should be more transparency regarding identified “events or conditions that may cast significant doubt on the entity’s ability to continue as a going concern. This is another excellent example of a separate Value-Added Service to be performed with its own level of assurance. An outside professional or specialist can assess the legal, regulatory and accounting requirements which appear to already exist but require a more intense assessment, as it relates to an entity’s ability to continue as a going concern.
Q17: Should directors make a statement about the sustainability of the entity’s business model beyond that already provided in the viability statement?
R17. I am not familiar with a viability statement so I am not able to comment.
Q18: Should such a statement be subject to assurance?
R18. If it is determined that the statement can be or should be subject to assurance, a separate Value-Added Service should be performed by an appropriate firm or person.
Q19: Who might be capable of giving such assurance?
R19. I am unsure who or if anyone would provide this type of assurance. This may be the problem with attempting to look into the future. I personally struggle with forward looking assessments of an entity and attempting to provide any level of assurance on them whether it be financial or non-financial information. I can see significant risks as a result of the numerous assumptions, estimates and methodologies various companies use to project financial and non-financial information. I am unsure of the reliance to be placed on these predictions. Thus, limiting their benefit. With that said, it would be interesting to understand management’s analysis on creating projections or forecasts which could shed light on management decisions and actions being taken.
Q20. Is there a case for a more forward-looking audit? What would be the main benefits and risks?
R20. I am not sure I fully agree that an audit is as forward looking as outlined in the BEIS Future of Audit. I believe the audit is both historical and a point in time. Its ability to be forward looking is limited. I agree that an auditor is to assess an entities ability to continue as a going concern but there are many factors influencing that assessment. I would not make the current audit more forward looking. As I have emphasized, the audit should be simplified so assessment of transactions to date and internal controls can provide a higher level of confidence in the organizations ability to record transactions properly.
Q21: Would audit or assurance over financial and non-financial information outside the annual financial statements (for example KPIs or non-financial metrics, payment practices or half-yearly reports) enhance its reliability and therefore be of benefit to Users?
R21. Yes, but I recommend this information be assessed separately from the audit of the annual financial statements and not in conjunction with it. The goal is not to enhance the audit. The audit should stand alone and provide the highest level of assurance. Additional financial and non-financial information should be assessed on its own to enhance the overall confidence in the entity and to benefit the Users.
Q22. If so, what information might usefully be subject to audit or another form of assurance and why?
R22. Many public companies provide additional financial information along with the audited financial information. The most common in the US is EBITDA. EBITDA could be subject to audit. In the UK, Realized Profits could be subject to audit. Both of these have significant benefit to Users of financial statements and the audit of them would provide greater confidence in their result. My recommendation is to take this one step further and have the statement of sources and uses (i.e. cash based income statement) (see attached white paper) result in EBITDA or Realized Profits which would be audited under the SCA.
CHAPTER 5 – AUDIT PRODUCT AND QUALITY
Q23: Do respondents agree that the value and quality of the audit product should be considered separately from the effectiveness of the audit process?
R23. I do not agree. The value and quality of the audit product should be the result of the effectiveness of the audit process.
Q24. Do respondents consider that emphasis placed by auditors on ‘completing the audit file’ for subsequent FRC inspection can eclipse the desired focus on matters requiring the exercise of considered judgment?
R24. Yes, I believe it does. There is more concern about documenting the audit workpapers than there is evaluating the financial and non-financial information. The problem is auditors have been forced into this mentality. There are so many pressures (regulatory, legal, compliance with accounting and auditing standards, risk assessment, etc.) that the audit has turned into a “check-the-box” service.
Q25. What additional benefit might a switch from a binary audit opinion to a more graduated disclosure of auditor conclusions provide?
R25. This is one of the best ideas I have heard. In the US, I have struggled with why they call the audit pass/fail when there are several other opinions under US GAAP which are allowed. For example, a qualified opinion means the financial statements taken as a whole have been audited and an opinion expressed except for a specific GAAP departure. The GAAP departure may not be relevant or beneficial to the Users of a particular financial statement. The main point being that a graduated level or departure is not a “fail”. I would strongly recommend a move to more graduated levels of assurance or allowance to not follow every accounting standard because it may or may not be beneficial to the Users of the financial statements. Also, I believe it will give Users better information especially by industry.
Q26. Could further narrative be disclosed alongside the opinion to provide more informative insights?
R26. Yes, you could add more narrative but what would this look like, how do you avoid the boilerplate language and what happens if additional information that may not be relevant causes impactful changes in stock price movement? The US is implementing Critical Audit Matters (“CAM” s) and they are grappling with the issues of adding more information and its impacts. This assumes the audit report continues in its present form or expands as discussed. Under and SCA, additional narrative could be used to expand insight into internal controls, specific accounts, and/or regulatory and compliance matters.
Q27. What would prevent such disclosures becoming boiler plated?
R27. This is exactly the problem. My suggestion is to provide no template just outline the requirements and let the auditors decide how to present. The problem is if their disclosures cause market reactions. In my opinion, this will have to be an accepted consequence (not just here but in this whole process) in order to gain transparency.
Q28: To what extent, if any, has producer-led audit (including standards-setting) inhibited innovation and development for the benefit of Users?
R28. I believe producer-led audit and standard setting bodies have completely inhibited innovation and development and not only at the detriment of the Users. I think it has inhibited major development and innovation within the entities themselves. Technology is a perfect example. In order to satisfy certain audit and accounting standards, entities have had to rely on antiquated methods because technology did not “talk” to the accounting system. Recently, this has been changing and entities are moving forward with technological changes which require the audit and accounting standards now to “catch-up” when accounting profession should have been anticipating these changes. The accounting standards are still significantly behind and, even though auditing has improved use of technology, both need to make major changes to keep pace.
As for Users, they have been receiving the same standard financial statements and audit reports with very little, if any, innovation and development. It is why entities provide so much non-audited information with there annual reports. The Users need improved financial and non-financial information. Unless the audit profession and the standard setting bodies make significant changes, the continual issues related to audits and financial reporting will become worse.
CHAPTER 6 – LEGAL RESPONSIBILITIES
Q29. What role should auditors play in determining whether the directors are complying with relevant laws and regulations, including with respect to matters of capital maintenance? Is it appropriate to distinguish between matters which may materially affect the financial statements and other matters?
R29. The auditors should play a key role in ensuring directors are complying with relevant laws and regulations especially as it relates to any financial information including capital maintenance. The auditors should determine what matters are material to the financial statements and those that are not. My concern is the current audit does not allow for a comprehensive assessment of this issue. Under an SCA, compliance with laws and regulations would continue to be relevant to the audit and could be enhanced dramatically. Another possible solution is to have this as a Value-Add Service which is assessed or “audited” separately with a graduated level of assurance.
Q30. Does a perceived inconsistency between company law and accounting standards as regards distributable reserves inhibit auditors from meeting public expectations? How might greater clarity be achieved?
R30. I would need to understand this particular issue more clearly before I could comment.
Q31. Should distributable and non-distributable reserves be required to be disclosed in the audited financial statements?
R31. Any relevant financial information should be disclosed in the financial statements. Distributable and Non-distributable reserves are relevant and need to be disclosed.
Q32. How do auditors discharge their obligations relating to whether the entity has kept adequate accounting records? Are the existing statutory requirements effective in setting the bar for auditors at a high enough level?
R32. This question brings great concern to me. The answer for me is simple. If the entity cannot maintain adequate accounting records, the auditor should refrain from conducting the audit or releasing their report upon discovery that the entity has not kept adequate accounting records. The very definition of the word adequate indicates a minimum set of standards. The basic premise of any entity is to have at a minimum adequate accounting records. It is every accountant’s responsibility to ensure that accounting records in there most basic form (i.e. cash receipts, disbursements, journal entries, ledgers, payroll, etc.) are at a minimum adequate. I am not familiar with the statutory requirements but I do not need to be to answer this question. The existing statutory requirements are more than enough and, in my opinion, should not even be necessary. If the auditors are conducting audits of entities that have less than adequate accounting records, my question is how would an audit even be conducted. What confidence would you have in the information being provided by management with inadequate accounting records?
CHAPTER 7 – THE COMMUNICATION OF AUDIT FINDINGS
Q33. Should there be more open dialogue between the auditor and the Users of their reports? For example, might an annual assurance meeting open to all stakeholders prove valuable?
R33. Yes, I could see significant benefit for both sides (Auditors and Users) to have dialogue. The suggestion of an annual assurance meeting open to all stakeholders is a good idea and should be pursued. This will also enhance transparency. Although I do see a significant challenge to this issue, the entity being audited may not want its auditors speaking about the entity without significant management say in what is being communicated. This is understandable as public company stocks could be impacted by incorrect communication. I am not sure this should prevent an annual meeting but the type of communication will need to be discussed.
Q34. Should more of the communication and resulting judgments that occur between the auditor and the audit committee be made transparent to Users of the financial statements?
R34. Yes, as stated above the US is embarking on the introduction of Critical Audit Matters (CAMs) which most of them seem to be coming from communications between the audit committee and the auditor. The challenge is what form this communication takes and how much.
Q35. Should there be enhancements to the extended audit report, such as an obligation to update on key audit matters featured in the previous audit report?
R35. Yes, the audit report should be enhanced and definitely include updates and/or changes to matters in the previous audit report.
CHAPTER 8 – FRAUD
Commentary. The Association of Certified Fraud Examiners (“ACFE”) most recent Report to the Nations 2018 Global Study on Occupational Fraud and Abuse (“2018 Report to the Nations”) identifies 3 primary categories (Asset Misappropriation, Financial Statement Fraud and Corruption) and 50 specific sub-categories of fraud not to mention the numerous variations of each identifiable type. Thus, the general discussion of fraud as it relates to the audit leads to numerous questions; Which Frauds should auditors detect? How much is material when it comes to fraud? If fraud is detected by an auditor, how much investigation should the auditor perform? This assumes the auditors are qualified to detect and conduct a fraud investigation.
Why doesn’t the external audit catch fraud? Quite simply. It is not designed to detect fraud and it never will be. Every ACFE biennial Report to the Nations for the last 20 years has demonstrated the infrequency an external audit detects fraud. In the most recent 2018 Report to the Nations, 80% of companies had an external audit as a fraud detection method yet the external audit only detected fraud 4% of the time, whereas 7% of the time fraud was detected by accident. Thus, a company had almost a twice as likely chance to “stumble” upon fraud than by having educated, trained CPAs who were tasked with planning and performing the audit to ensure there is no material misstatement due to fraud. The problem with the second part of my previous sentence is two-fold. Certified Fraud Examiners (“CFE”s) spend years honing their skills learning how to assess, detect and investigate fraud. How can we expect a staff, supervisor or even a manager, who most likely have never dealt with a fraud, detect let alone investigate one using a checklist and their professional skepticism? The second part of the sentence is materiality. As we all know, audits use sampling and materiality. Even if the checklist and their professional skepticism lead them to a possible area of fraud, the audit procedures to vet the fraud are not like a forensic investigation. And, if the fraud is large enough for discovery, what does that say about the financial statements as a whole.
Q36. Do you believe that Users’ expectations of auditors’ role in fraud detection are consistent with the requirements in UK law and auditing standards? If not, should auditors be given greater responsibility to detect material fraud?
R36. I am not familiar with UK law and auditing standards so I cannot comment on the specifics of whether Users’ expectations of auditors’ role in fraud detection are consistent with the requirements in UK law and auditing standards. Being a CFE and a CPA, I do believe Users and the general public as well as those in political office feel auditors and the audit should detect fraud. With that said, I do not believe auditors should be given greater responsibility to detect fraud primarily because they are not the best equipped to assess and investigate fraud.
Q37. Do existing auditing standards help to engender an appropriate fraud detection mindset on the part of auditors?
R37. No, as I stated above, the audit is not designed nor will it ever be designed to detect fraud. There is a better way.
Q38. Would it be possible to devise a ‘reasonable person’ test in assessing the auditor’s work in relation to fraud detection?
R38. No, I do not believe it is possible to reasonably define a “reasonable person” test to assess an auditor’s work in detecting fraud. Who defines the “reasonable person”? Would this be based on the law or an accounting standard definition? How would you define the criteria for the reasonable person test?
Q39. Should auditors be required to evaluate and report on an audited entity’s systems to prevent and detect fraud?
R39. Not the auditors, but an independent specialized firm (not the audit firm) should assess an entity’s ability to prevent and detect fraud. This is another perfect example of a Value-Added Service that has significant benefit. This specialized firm, as a separate engagement, would assess and report on an entity’s ability to prevent and detect fraud. The firm could provide various levels of assurance on their assessment. Imagine a separate report on an entity’s ability to prevent and detect fraud and the value to Users.
CHAPTER 9 – AUDITOR LIABILITY
Q40. Is the audit profession’s willingness to embrace change constrained by their exposure to litigation?
R40. Yes, it is factor but not the primary reason the audit profession does not embrace change. In my opinion, exposure to litigation is more of an issue for audit firms who perform audits of private companies. I think the accounting profession in general does not like change which is why the accounting profession is experiencing difficulty. For example, what prevented the full convergence of US GAAP with IFRS? A goal that was touted for many years as a needed step for the global markets. It was not the exposure to litigation. It was fear and mostly on the US side.
Q41. If there were a quantifiable limit on auditor liability, how might this lead to improvements in audit quality and/or effectiveness?
R41. I disagree that any limit in auditor liability would lead to any improvement in audit quality and/or effectiveness. The audit profession, which includes the audit and accounting standard making bodies, has had ample time to improve the audit. Even with all the issues surrounding audits and auditors, the audit profession and standard making bodies have not implemented changes to alleviate, let alone solve, the problem. I would not focus on reducing auditor liability as it will distract from the true attempt to correct this issue.
Q42. Should company law make auditors potentially liable, or otherwise accountable, to all stakeholders who reasonably rely on their audit work and their published auditor’s report?
R42. I would say yes but I will leave this to lawmakers, attorney’s, professors and legal experts who would be far more knowledgeable than I.
Q43. How might quality of the audit product be improved if the approach to liability was altered, and what reform might enable the most favourable quality improvements?
R43. Same answer as R41.
Q44. To what extent (if any) are firms unable to obtain the desired level of professional indemnity insurance to minimise the risk of being unable to meet a significant claim relating to their statutory audit work? How significant is this risk for both the largest firms and other firms undertaking audits of Public Interest Entities?
R44. I am unable to provide comment on.
CHAPTER 10 – OTHER ISSUES
Commentary. What would happen to the financial statements and the corresponding audit, if Users could receive financial information they specify in real time from an immutable software? As of today, I have not heard of any block chain, AI or other software that can prepare a full set of financial statements with footnote disclosures without significant human manipulation. Thus, the technology is limited to transaction-oriented improvements. Technology is not able to apply interpretive guidance and application of an accounting standard, not yet at least. The way I see it is Users want three things as it relates to financial and non-financial information: timely, accurate and relevant. Current audit and accounting standards provide none of those three. Eventually, technology will provide all three.
Q45. How far is new technology actually used in audits today? Does the use of technology enable a higher level of assurance to be given?
R45. I believe you have to define technology first. Some would say that using MS Excel is technology which means the audits definitely use technology. If you are referring to Blockchain and AI type technology, I believe technology is used minimally in auditing especially in the audits of non-public companies. The challenge from my perspective is how to use technology beyond transaction-oriented items. How can we apply software to interpret and apply an auditing or accounting standard? In today’s environment, I am not sure it has the ability to do so. Thus, the use of technology will remain limited until we rethink the application of the auditing and accounting standards.
I definitely believe technology can allow for a higher level of assurance but the assurance is at the transactional level. I see a day when information is provided from an immutable system direct to a User. Imagine a contract between two parties being tracked in a blockchain environment (orders, payments, receipts, pricing, etc.). At any point along the blockchain information can provided in real time to a User. Under current accounting standards, those amounts or information are removed from the blockchain environment and interpretive guidance is applied which results in a different number for financial statement reporting. My question. Why would a User want an adjusted number when the real information is available from the immutable software?
Technology will be able to look at even more transactions allowing higher level of assurance on internal controls. I am sure this is currently being assessed and implemented.
Please note: A cash-based method will easily allow for the implementation of this type of technology.
Q46. In what way does new technology enable assurance to be given on a broader range of issues than is covered by the traditional audit?
R46. I am not sure new technology can enable assurance on a broader range of issues and I am not sure you want it to. Using new technology to expand the audit so assurance can be given on a broader range of issues does not seem like an optimal use of new technology. I suggest another focus which is using new technology to give a greater assurance by diving deeper into specific audit areas such as internal controls, revenue recognition, inventory, etc.
Q47. Are there aspects of current audit procedures or output that are no longer necessary or desirable?
R47. Yes, the auditing of footnotes accompanying the financial statements. Many footnotes are boilerplate and extremely verbose yielding little beneficial information and creating unnecessarily longer financials. Thus, auditing them creates no additional value or benefit for the financial statements. Hopefully, during this process of assessing financial reporting and auditing, many of them can be removed or substantially reduced. As for the audit procedures, my opinion is the entire audit needs to be simplified and focused as I have stated. This will eventually identify the unnecessary or undesirable audit procedures.
Q48. Given that a zero failure regime is not attainable (and arguably not desirable) how should the Review calibrate the value of audit in relation to the limitation of potential failure?
R48. I do not know.
Q49. Does today’s audit provide value for money?
R49. Today, yes, it does. Since the audit is a commodity, a willing buyer (the entity) and willing seller (the audit firm) agreed upon its price, a service (an audit) and product (a clean audit report). Thus, the buyer (the entity) received value. The value being the clean audit report.
The other question is does the current audit provide value? The answer is no. The audit under current accounting and auditing standards has no value which is why it is reduced to being a commodity instead of a valuable service.
Q50. How should the cumulative costs of any extension of audit (whether stemming from this Review or other drivers of change) be balanced against the likely benefits to Users?
R50. I am not sure how you balance the cumulative costs of extending the audit against the potential benefits to Users. My opinion is the extension of the current audit and related cumulative costs will likely yield little to no benefit to Users. By increasing the responsibilities of the auditors, you are spreading the audit to thin. A primary issue is timeliness. By keeping the same deadlines for reporting, the audit will touch on many areas but in a much more limited scope. Thus, the benefits to Users may even be reduced from the current level of expectation.
Commentary. I think shareholders seek financial or non-financial information that is timely, relevant and accurate. The present audit is struggling with these 3 criteria and definitely needs substantial changes to meet them going forward.
Q51. What use do shareholders currently make of audit reports? Are they read by shareholders generally? What role does AI play in reading and analyzing such reports?
R51. I will answer this question from the perspective of a shareholder (as I am a shareholder). Given my background and thoughts on the current state of the audit, I make no use of the audit report nor do I read it. I cannot speak for other shareholders but given the value of the audit today, I can’t imagine the audit report has any use. As for AI, I do not use any but others may have more sophisticated software to assist with analysis.
Q52. Would interaction between shareholders and auditors outside the AGM be practical and/or desirable?
R52. Unable to answer
Q53. How could shareholders express to auditors their ex ante anxieties to help shape the audit plan? Should shareholders approve planning matters for each audit, including scope and materiality?
R53. I am unable to provide comment on the first question. As for the second question, unless shareholders have significant understanding of the audit process and procedures, I do not believe they could provide valuable insight into planning matters. A second concern is each shareholder may have a different agenda for why it holds the stock of the company so their input or approval could be influenced by their ultimate investment goal as it relates to the stock.
Q54. What assurance do shareholders currently obtain other than from audit reports?
R54. I am not aware of any.
Q55. In what way would it be possible for auditors to report on the culture of the entity whose financial statements are being audited?
R55. I do not think this is a responsibility for the auditor. The requirement seems very subjective. In addition, what training does an auditor have to conduct this assessment. If this becomes a requirement of Users, a separate engagement by highly trained people (not the audit firm) can conduct and provide an assessment of the culture.
Q56. How can auditors demonstrate that appropriate skepticism has been exercised in reaching the judgments underlying the audit report?
R56. This is an excellent question and difficult to answer. I hope there are those who are better qualified than myself to assess and provide a response. Based on my observations and what I have read, I do feel auditors should increase their level of skepticism but how that is demonstrated I do not know.
Q57. Should the basis of individual auditors’ remuneration be made available to shareholders?
R57. I do not agree with this. The auditor works for the firm and the firm issues the opinion. Individual remuneration is highly subjective and an individual’s assessment may vary. I have read a disturbing trend related to audit firms that staff who do speak up or bring to light issues are sometimes labelled “difficult”. These staff are assigned to less desirable work and clients until their behavior is changed. Thus, you may not get the remuneration you are seeking because the staff are trained to “tow” the corporate line.
Q58. Do respondents view audit costs as generally too high, about right or insufficient?
R58. For today’s audit, audit costs are insufficient.
Q59. Would Users of financial statements wish more detail on the make-up of audit fees?
R59. No, this would serve no purpose as a User would not have any context on the detail of the fees. For example, what if the fee had a description called audit sampling with total hours and a dollar amount. Unless it provided specific detail on what and how the sampling was performed and on what amounts in the financial statements, how would a User get value from this. Also, even if you gave the User this information, what value does it provide to them? I do not see any.
Q60. Is the profitability of the audit function sufficient to sustain a high-quality audit industry?
R60. Currently under the present auditing and accounting standards, absolutely not. As more accounting firms look to non-attest services, which the profession constantly inform them they should, for more revenue, the audit function becomes less of a focus. I believe todays audit function is similar to loss leader and is used as a relationship to sell other non-attest services. But, if you isolate the audit profession and provide a basic core service that leverages technology which can be specialized by industry as I mentioned earlier, you can make the audit very profitable and valuable.
As I stated in the Executive Summary, there are three additional areas to be considered, logistics, timeliness and personnel. These three topics are interrelated.
Logistics. Under the current audit methodology, there is a significant number of requirements that require substantial amounts of time. As stated earlier, I think audits focus on checking-the-box to ensure all items have been covered at the expense of quality. If you expand the audit and auditor’s responsibilities, the audit will become even more strained and will continue to create an environment where there is simply not enough time to plan and perform an audit adequately, let alone at a higher level. In simple terms, just being able to finish an audit in some given period of time may not be feasible.
Timeliness. Users require that entities financial and non-financial information be provided in a timely manner for them to make decisions about their investments. Given an audit has to be completed in a specified amount of time, how does an expanded audit get completed in the same time period? In fact, with the advancement of technology, Users will most likely require more information even faster. I am not sure how the current audit let alone an expanded audit will meet this need.
Personnel. I can only assume the theory is given enough people and resources and ignoring cost, any audit including an expanded audit can be completed in a given period of time. This assumes the personnel are available. I have seen a constant struggle in the accounting profession to hire and retain qualified personnel. This will continue to be an issue and is becoming worse. If we assume the Big 4 are able to acquire and utilize most of the talent, how does this help encourage smaller firms to be able to handle some of the FTSE 350 audits without qualified personnel?
If the goal is to expand the audit and increase the assurance given while budgeting costs, timeliness and needed personnel, it seems counterproductive as to the result being sought.
In summary, simplify and focus the audit to achieve greater assurance and confidence. Allow the Value-Added Services to be separate engagements to be conducted by other firms with the appropriate experience and knowledge while using graduated levels of assurance to provide more confidence in the entity.
Thank you for your time and consideration.