Auditing the Auditors

Saturday, 01 June 2019


    The quality of auditing in Australia is under scrutiny by ASIC and the industry faces growing pressures. So how do directors ensure their board gets the audit right? David Walker explores.

    When you’re next considering your company’s accounts, ask yourself this: how much do you trust the work of your external auditor?

    You may not have thought much about it. Most investors certainly don’t. At annual meetings, the choice of auditor is almost always waved through. Yet among regulators and academics, and within parts of the accounting profession itself, the question mark over audit quality has been growing.

    In Australia, former Australian Securities and Investments Commission (ASIC) chair Greg Medcraft has led Australia’s current audit quality debate. Medcraft, himself a former auditor, had been worrying publicly about the quality of external audits from as early as 2012.

    The 2011–12 ASIC audit inspection report found that in 18 per cent of sampled key audit areas, the “big four” firms (Deloitte, EY, KPMG, PwC) had failed to obtain what they were supposed to — “reasonable assurance” that the financial report as a whole was accurate and free of material misstatements. That number was up from the previous figure of 15 per cent, which Medcraft already regarded as too high.

    In December 2012, Medcraft told the Parliamentary Joint Committee on Corporations and Financial Services that the results were “very disappointing and frustrating”, that auditors lacked sufficient scepticism, and he wanted to see a failure rate number “substantially below 10 per cent”.

    That was not to be. By the time ASIC released its Audit inspection program report for 2016–17, the number had blown out to 25 per cent.

    Medcraft stepped up his criticism, describing Australia’s external audit quality as “appalling”.

    Yet the latest ASIC report, released in January 2019, paints a picture little different from Medcraft’s 2017 statement. Instead of 25 per cent failure, the new failure rate is 24 per cent. ASIC makes the point that the reports can’t be directly compared. The samples are “risk-based”, not randomly selected. In theory, 2017–18’s 24 per cent could actually be better than the 17 per cent of 2009–10. And the latest report recognises improvements in the collective scores of the six largest external audit firms. However, ASIC also says the overall findings “still suggest that further work and, in some cases, new or revised strategies, are needed to improve quality”.

    Medcraft left Australia in late 2018 to be director of the Directorate for Financial and Enterprise Affairs of the Organisation for Economic Cooperation and Development (OECD). However, his criticisms of Australian audit quality have continued to gain traction. In its February 2019 ASIC oversight report, the parliamentary joint committee devotes an entire chapter to audit quality. It concludes that “ASIC’s audit inspection program appears to show an ongoing deterioration in audit quality”.

    Concern is even greater in the UK, where criticism of that country’s Financial Reporting Council led to the March announcement that it would be replaced by a new Audit, Reporting and Governance Authority.

    In mid-2018, University of Melbourne accounting professor Ian Gow and co-author Stuart Kells published The Big Four. Their conclusion: audits have been getting worse for some time. Audit quality inspections such as those done by ASIC and its US counterpart, the Public Company Accounting Oversight Board, have not stopped the rot. Audits have become more generic, they say, and quality has fallen. They cite a long list of audits that failed to detect fraud in recent years saying, “The imperilment of auditing is one of the accountancy megatrends of the past 100 years”.

    The defenders

    A substantial gap has now opened up between audit’s critics and those who believe the audit industry is fundamentally healthy.

    Take Peter Nash MAICD, a former head of audit and chair at KPMG Australia (2011–17), who is now a non-executive director at Westpac and Mirvac. Nash believes ASIC has identified important issues, such as professional scepticism. He says all the major firms have made “a very significant investment in audit quality over a number of years” and have strengthened audit quality, even though it is “a task that is never finished”. He maintains audit quality has “no systemic issues”.

    This view is echoed by the government body overseeing reporting and auditing standards, the Financial Reporting Council (FRC), and by the professional body that covers most big four auditors, Chartered Accountants Australia New Zealand.

    UNSW Professor Roger Simnett, chair and CEO of the Auditing and Assurance Standards Board (AUASB), which sets the standards that ASIC enforces, says audit quality clearly needs more work, but he doesn’t share Medcraft’s concerns about the ASIC figures. He also points to a recent (FRC) survey of audit committee chairs that found 92 per cent thought their auditor was ”above average” or “excellent”. The joint committee, on the other hand, argues Australia lacks the tools to even say for sure whether audit quality is improving or deteriorating. It wants ASIC to develop the tools to find out.

    So if you’re a director, you might be forgiven for not knowing what to believe about the people who check your company’s numbers.

    Why do we need auditors?

    Under the Corporations Act 2001 (Cth), the auditor must form an opinion about whether the financial report complies with the accounting standards and gives a true and fair view, as well as about certain other matters (section 307), and report to members (section 309).

    In economic terms, auditors are supposed to be part of the solution to a specific problem known as the principal/agent dilemma. The board members represent investors, the ones who are spending the money. But it’s the investors’ agents — management — who run the company operations. To keep managers in check and provide an independent examination of the organisation’s accounts, directors bring in external auditors to provide assurance on the accounts.

    Does auditing matter to corporate outcomes today? You might ask the board, investors and business partners of Theranos, the now-famous fraudulent blood-analysis hardware company. Though valued at US$10b at its peak, Theranos spent its whole life without audited accounts. As things turned out, its all-important blood devices didn’t work and never had. When it folded in 2018, figures such as Rupert Murdoch, Carlos Slim, Larry Ellison and members of the Walton (Walmart) and Oppenheimer (De Beers) families all lost their money. Gow says an auditor would have spotted the problem “so damn quickly”.

    An advisory squeeze?

    Traditional corporate governance theory says that auditors, like other independent advisors, should be free of conflicts of interest. The big four’s expansion into services such as strategy, research, IT and human resources consulting has now gone far enough that audit makes up less than 20 per cent of the big four’s Australian work, according to the FRC. Gow and Kells argue that the lure of these advisory dollars may be undermining the big four’s commitment to good audits.

    That concern has spread well beyond academia. Jason Masters FAICD is an experienced director (Masters Le Mesurier, Celtaxsys, N8 Medical) who advises companies on how to choose auditors. He also worries that financial incentives to keep non-audit business will push some audit firms to override ethical decision-making. It’s human nature, he says.

    The joint committee agrees, saying the big four now have almost a monopoly on large-company audit, even as their non-audit fees mount. It agrees with an earlier UK parliamentary committee: “Conflicts of interest cannot be managed, but must in fact be removed.”

    As Gow points out, none of the big four has really differentiated itself from any other. Nash suggests that’s because they are all enforcing the same standards. He argues there’s no need for “naming and shaming” auditors. Gow, however, would like auditors to compete more visibly. ASIC doesn’t put names to its inspections’ results, but Gow thinks an audit scoreboard revealing good and bad results for individual firms would let them compete on quality. PwC also favours that idea.

    Other schemes have been suggested to introduce competition and raise standards: splitting audit off from the big four. But ASIC’s reports suggest the big four are collectively better than their smaller rivals.

    Raising quality

    Directors hoping to assess the quality of their own companies’ audits are in a tricky situation. Available measures of audit quality are “terrible”, says Gow. “We have no idea how to measure audit quality from outside the organisation.” Shareholders almost always ratify the choice of auditor at an annual meeting, he says, because they have no way to tell firms apart.

    Directors should have effective processes in their audit committee meetings to address audit quality.

    Buying audit quality

    Technically, shareholders appoint the auditor at the annual meeting. In practice, directors and their audit committees make the choice and oversee the work. ASIC says even in the absence of clear quality signals, directors can and should take steps to get a higher quality external audit.

    Choose auditors methodically

    Jason Masters FAICD emphasises that audit selection should be done by the board, not management. ASIC says the same thing in its information sheet 196.

    A successful audit team should show an understanding of the businesses, operations and risk areas that will be reviewed, as well as sufficient experience and expertise.

    Masters seeks people who know the industry “without being captured by it”.

    ASIC’s information sheet advises boards to assess documentation on audit quality before considering fees. If the auditor has performed any non-audit services, ASIC recommends these be reviewed and approved before the auditor is engaged, to ensure their independence is not compromised.

    Ensure auditors are prepared to deliver a quality audit

    The experts agree clients should check that their auditor has an audit plan for the audit, and resources to execute it. Ask whether they will engage internal or external experts to assess specialist activities such as complex asset valuation, geological issues or IT work.

    Are the auditor’s engagement partner, review partner, specialists and audit team members appropriately accountable for audit quality?

    “Engage with the auditors on the quality of their audit team,” says Peter Nash. MAICD.

    Masters also suggests ensuring the audit firm has a plan for managing inevitable staff changes.

    Pay auditors appropriately

    ASIC notes directors “should ensure audit fees are not set at a level that could lead to audit quality being compromised”. It also notes several possible reasons for higher fees: difficult economic conditions, changes in the company’s business, new reporting requirements and risks affecting financial reports.


    ASIC recommends creating an open dialogue on matters affecting the financial report, the audit and audit quality. Ensure the auditors know about issues of board concern or heightened risk, and that partners and senior staff can connect with the board.

    Ask to be informed of difficulties encountered during the audit and especially of deficiencies in internal control and illegal acts.

    The audit committee or directors should meet with the auditor without management.

    PwC recommends discussions with the external auditor take place more than just once a year and that discussions with the auditor at each meeting can be helpful.

    Review the audit

    ASIC suggests asking whether the auditor clearly understands the business, operations and risk areas relevant to the financial report, and that they have responded appropriately to the assessed risks.

    Masters wants to see evidence of professional scepticism about accounting choices. Have they addressed the concerns of the directors and audit committee? Did they communicate concerns properly? Can the auditor take actions to improve audit quality?

    Latest news

    This is of of your complimentary pieces of content

    This is exclusive content.

    You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.