Robert J. Kueppers
is deputy CEO of Deloitte LLP and has 35 years of professional experience. As deputy CEO, he works closely with the CEO of Deloitte LLP and is responsible for regulatory and public policy matters. Mr Kueppers also provides direction for quality, risk and legal affairs. He is also a vice-chairman of Deloitte LLP and serves major clients of the ﬁrm in an advisory capacity.
Kristen B. Sullivan
is a Deloitte LLP partner and works closely with the deputy CEO of Deloitte LLP, focusing on regulatory and public policy matters for the ﬁrm. In this capacity, she also engages with representatives from the other large public company auditing ﬁrms in advancing progress in areas of common interest and importance for the public company auditing profession.
ABSTRACT With each new fraud and ‘audit failure’ divulged in the ﬁnancial press, more pointed questions are being asked about the value of the independent audit. Although many recognize that the audit profession plays an essential role in the functioning of the global capital markets and adds value to the roles played by other stakeholders in the ﬁnancial reporting process, others contend that the value of the independent audit, and the measure of its relevance to investors, is measured only by the absence of fraud or failure of the business once the audit is complete. Discussions of audit quality tend to occur in the context of alleged audit failures, without recognition that the vast majority of audits stand the test of time. In answering the question ‘how and why an independent audit matters’, we have considered the explicit value of the ﬁnal audit report and the importance of the consultative audit process.
In addition, we have highlighted the fact that each of the principal players has a responsibility in the ﬁnancial reporting and governance regime; that complementary interplay and responsibility to the investing public is essential to help promote investor conﬁdence through reliable ﬁnancial statement information. Financial reporting must continue to evolve to meet the needs of ﬁnancial markets in the new world, whether that includes movement toward more real-time reporting with ever-changing technology or toward more principles-based standards. Independent auditors have and will continue to focus on improving performance, which is essential to effectively execute quality audits that contribute to the reliability of more timely and more useful ﬁnancial information.
In addition, it is essential that auditors continue to be positioned to provide assurance on ﬁnancial reporting, in any format. As we move toward a set of global standards (accounting, auditing and independence), the value of the independent audit will continue to increase in inﬂuence as an element of efﬁciently functioning global capital markets affecting investors around the world. The views expressed in this article are those of the authors and do not necessarily reﬂect those of Deloitte LLP or any other organization with which they have been associated.
The US economy continues to evidence strength after a long upheaval; investment in US markets also continues to be strong. This reﬂects, in part, the longstanding, underlying conﬁdence in US markets, which is enhanced through effective regulation, oversight and assurance. Independent audits of the ﬁnancial statements of public companies are a core contributor to this conﬁdence. Although clearly not a guarantee of investment performance (which is affected by many factors), the independent audit’s overriding goal is to contribute to investor conﬁdence by providing reasonable assurance of the fair presentation of a company’s ﬁnancial statements. Reasonable assurance is the level of assurance provided by an auditor and represents high but not absolute level of assurance.1 The independent audit enhances conﬁdence by supplementing the roles played by the principal players who have varying responsibility for the ﬁnancial statements. Quite simply, management is responsible for the company’s ﬁnancial statements, for maintaining effective internal control over ﬁnancial reporting, and for its assessment of the effectiveness of internal control over ﬁnancial reporting.
The additional players with different but complementary responsibilities for the ﬁnancial statements include internal audit,2 the audit committee and external audit. Think of these four principal players as a string quartet; each has a part to play that is unique and distinctive. Yet, when in tune, and in sync with one another, music is truly made. When each player performs at their own tempo, and not paying attention to one another, the result is noise. The four principal players each play their designated role and also act in concert to deliver reliable ﬁnancial statement information to investors. The past several years have been a period of enormous change in the United States and global capital markets and for the public company audit profession. Almost 10 years before the most recent ﬁnancial crisis, Congress reafﬁrmed the important role of the outside public company audit and expanded its scope under the aegis of a new regulatory regime.
Since 2003, the independent oversight of the external audit profession has been conducted by the Public Company Accounting Oversight Board (PCAOB), the audit regulator that was created by the passage of the Sarbanes–Oxley Act of 2002. This Act expanded oversight of auditors by audit committees, called for stricter rules regarding auditor independence, more frequent partner rotation, and required registration, inspections and enforcement by the PCAOB. At the same time, Sarbanes–Oxley expanded the scope of the auditor’s role beyond providing its report regarding reasonable assurance of the fair presentation of a company’s ﬁnancial statements, to include also a report regarding the design and operating effectiveness of internal control over ﬁnancial reporting of larger public companies.
Taken together, these changes provided a critical underpinning to restore investor conﬁdence that had been shaken by the scandals at the beginning of this century. Such changes are consistent with reactions to previous scandal or upheaval, and similar to current reaction to the 2008 ﬁnancial crisis: calls for more regulation, more transparency in ﬁnancial reporting and increased focus on sound corporate governance. The public company audit profession has an important role to play in discussions aimed at fostering the integrity and reliability of ﬁnancial information. We also have a responsibility to the public to add our expertise to the dialogue, and to encourage standard setters to reinforce that ﬁnancial reporting practices keep pace with changing market realities.
THE INDEPENDENT AUDIT’S VALUE: REINFORCING SHARED RESPONSIBILITY FOR ACCURATE FINANCIAL REPORTING Many have recognized that a sustainable audit profession is critical to the integrity of our nation’s capital markets and the strength of the US economy. By the very nature of the independent audit process, investors and markets beneﬁt from the ﬁnal product – the audit report – and from the audit process, which underlies that report. For example, management knows that the auditor cometh; this knowledge can bring greater internal discipline and some measure of pre-emptive deterrence of bad behavior. The very fact that an external audit is part of the ﬁnancial reporting process often engenders more care on the part of management. The independent audit also reinforces the interplay among three of the four players – second violin, viola and cello, in fact, the audit committee, internal audit and the external audit – that complement management’s role as lead violin with primary responsibility to ensure fair and accurate ﬁnancial reporting.
Although each player has his or her own notes to play, the notion of shared responsibility to make music in concert resonates as does a complementary duty to the investing public in the ﬁnancial reporting process. The investing public, as shareholders, elect a company’s board of directors. The board then appoints the audit committee, which often oversees internal audit, and selects and hires the independent auditors. Frequently, shareholders then ratify the auditor selection. The board also oversees management through the governance process. Ideally, this complementary duty to the investor-owners of the company fosters collaboration and heightens awareness of the respective responsibilities of the principal players.
This means that each should understand and execute its respective role. Think of the extreme example: an independent audit ﬁrm diligently performs its professional responsibilities while the other three principals do not. How effective would an independent audit be if management was worried only about maximizing its compensation? If the internal auditor saw no duty other than to search for operating efﬁciencies? If the audit committee focused its attention solely on reducing audit fees? The answer is: not effective at all – the failed attempt caused by working at cross purposes yields cacophony or no music at all. Although hypothetical, this is the kind of client that a prudent audit ﬁrm would most likely walk away from. The risks would simply be too great and the likelihood of joint execution of the complementary duty to investors too low. To fully understand the respective responsibilities among the principal players requires fully understanding how their roles complement management’s overall responsibility for the ﬁnancial statements.
Role of management
Management is responsible for the operations of the company and for managing all of its business risks, as well as setting the organization’s tone at the top, which drives culture, integrity and ethics. As a part of this responsibility, management has the obligation to design, implement and ensure effective operation of a system of internal control over ﬁnancial reporting. Ultimately management has primary responsibility for the company’s ﬁnancial statements to inform investors and the public about the company’s ﬁnancial position and the results of its operations during each period. For public companies, management also explains its ﬁnancial results through management’s discussion and analysis as part of its annual and quarterly ﬁlings.
Role of internal audit
Throughout the year, internal auditors execute a systematic, disciplined approach to evaluate certain areas, which may include the effectiveness of risk management, effectiveness of controls, efﬁciency of operations and governance processes. The most effective internal audit groups provide objective assurance and information to the board, audit committee and management that, among other things, the company is in compliance with its own policies and procedures. Although the internal audit function is part of the company, those who observe the standards of the Institute of Internal Auditors have a duty to act independently and objectively when performing their work, and must have an impartial, unbiased attitude and avoid any conﬂict of interest.
Role of the audit committee
The audit committee is responsible for ensuring that governance practices set an appropriate tone, and it oversees management’s implementation of policies that foster ethical behavior. The audit committee also has governance oversight responsibility in the ﬁnancial reporting process, and has the sole authority to hire, compensate and ﬁre the independent auditor.
Role of the independent auditor
The independent auditor has the responsibility to plan and perform the audit to obtain reasonable assurance about whether the ﬁnancial statements are free from material misstatement. Understanding ‘how and why an independent audit matters’, requires some understanding of the extensive processes that underlie an audit report, because much of the value of what an auditor does is not generally seen or broadly understood. The external auditor’s responsibility is to express an opinion on the company’s ﬁnancial statements and an opinion on the company’s internal control over ﬁnancial reporting. These reports are the auditor’s only ‘product’. Understanding the audit process itself helps elucidate the value of the end product.
The independent audit process begins even before the auditor accepts an engagement with a prospective client. Before accepting an engagement, the audit ﬁrm will make a preliminary assessment of the potential risks, the nature and complexity of the prospective client’s business and whether the audit ﬁrm has the resources and expertise to perform the audit. The reputation and integrity of management and the audit committee are a threshold issue in client acceptance and, while not widely known, most major audit ﬁrms typically perform detailed background checks on senior management and the audit committee as part of client acceptance procedures. Although not required by professional standards, background checks serve to mitigate the risk of accepting a client whose principals are people with whom the ﬁrm would not want to associate.
If, after this assessment the auditor decides to accept the client and the client audit committee decides to hire the independent audit ﬁrm, the audit team spends signiﬁcant time with the audit committee and company management. The team then constructs an audit plan based on an understanding of the company’s business risks and its controls to mitigate such risks, with a focus on the likelihood of any material misstatements in the company’s ﬁnancial statements (that is, ‘what could go wrong’ in the ﬁnancial reporting process). The auditor undertakes many steps to understand the company’s business and its industry in order to identify the risks of material misstatement and to plan and scope the audit. These steps include reviewing information such as the public record, past company reports, industry and competitor analysis and benchmarking, and information from outside analysts. Steps also include consideration of new types of transactions, identiﬁcation of unusual or signiﬁcant transactions as well as consideration of past history of ﬁnancial misstatements.
This review typically takes place each year in response to constantly changing business conditions and company-speciﬁc factors. On the basis of the planning and risk assessment process described above, even in advance of the ‘what could go wrong’ risk analysis, auditors also determine the company’s signiﬁcant accounts and the type of transactions it is involved in to determine what audit procedures to perform, what evidence is needed and how to assign audit resources. The preparation of an audit plan helps auditors identify areas of potential vulnerability for fraud that require added audit attention. As speciﬁed by the PCAOB’s interim auditing standards, ‘An auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the ﬁnancial statements are free of material misstatement, whether caused by error or fraud’.
In addition to auditing the ﬁnancial statements, the external auditors also assess the effectiveness of a company’s internal control over ﬁnancial reporting – the process designed and implemented by the company’s management to address the risk of material errors and misstatements in ﬁnancial statements. In reviewing management’s process, the auditor considers whether the company has established effective procedures to reduce the risk of errors or fraud. In designing the audit, the auditor will have considered whether certain areas might require special scrutiny. Auditors then examine, on a test basis, evidence supporting transactions, controls and related data and, based on judgments, draw conclusions from the audit evidence obtained.
As, in most cases, auditors do not examine every transaction, control and event, there is no guarantee that all material misstatements, whether caused by error or fraud, will be detected. Instead, the audit is designed to provide reasonable assurance, which, as described in professional standards, is a high level of assurance but not absolute. Absolute assurance from the audit is, practically speaking, impossible: Auditors cannot test 100 per cent, or, in most cases, even a majority of transactions; there simply is not enough time and it would be prohibitively expensive. This is why the string quartet is very important – the independent audit is an important part of the score, but each principal player must do its part for the music to please the audience.
THE VALUE OF THE INDEPENDENT AUDIT: PROFESSIONAL SKEPTICS AND KNOWLEDGEABLE ADVISORS Users of the audit report, the sole product representing our responsibility to express an opinion on the company’s ﬁnancial statements and internal control over ﬁnancial reporting, often do not see or fully appreciate the extensive, independent audit process: that an audit typically involves a detailed series of discussions with clients on complex and signiﬁcant matters. These discussions, or more accurately, consultations, are an integral part of the give and take between auditor and client management. In a given year an audit ﬁrm may say ‘no’ to its portfolio of client companies hundreds of times. This reality is not understood or seen by investors, but it is part and parcel of how auditors deliver value to improve ﬁnancial reporting. Given the speed, volume and complexity of ﬁnancial reporting issues today, ﬁnancial management and audit committees seek an auditor’s professional expertise to, for example, conﬁrm that a proposed accounting treatment or an accounting policy issue is fully vetted before preparation of the related ﬁnancial statements.
The practice of exploring, in advance, the appropriate accounting for a complex transaction with the auditor is usually done in a constructive, collaborative manner; nonetheless, it is not unusual for the independent auditor’s input to lead to signiﬁcant changes in a client company’s proposed approach. When that occurs, the independent auditor is in a position to draw the line when it needs to be drawn. And we do. Also of value is that the audit committee, the entire board and management have a knowledgeable advisor, an expert on ﬁnancial reporting, to help them better understand increasingly complex ﬁnancial reporting regimes – to explain how standards have changed, how requirements have evolved and what may further increase the value to investors in reporting.
Similar to management and other company ofﬁcials, external auditors are professionally bound to stay abreast of developments in regulations and standards; and in many cases they are in a position to anticipate issues and identify leading practices because of their unique view across industries and sectors. Yet, it is more than just the auditor’s technical accounting and auditing skills that earn management and the audit committee conﬁdence. By acting as the professional skeptic, investigating, researching and, when necessary, throwing up yellow caution lights and stop signs along the road, a good auditor builds a strong foundation of trust with management and the audit committee. Professional skepticism is fundamental to an auditor’s objectivity and includes a questioning mind and an objective assessment of audit evidence. The auditor uses the knowledge, skill and ability called for by the profession of public accounting to diligently perform, in good faith and with integrity, the gathering and objective evaluation of audit evidence.
The auditor is required by professional standards ‘to exercise due professional care in the planning and performance of the audit and in the preparation of the auditor’s report. Due professional care requires the auditor to exercise professional skepticism, which can be best deﬁned as an attitude that includes a questioning mind and working practices that encompass a critical assessment of audit evidence. As evidence is gathered and evaluated throughout the audit, professional skepticism should be exercised throughout the entire audit process’.4 The importance of the auditor’s exercise of professional skepticism manifests itself in several ways. The list of unadjusted errors for discussion with the audit committee is shorter; there are fewer instances of fraud; and when it does occur, it is apt to be detected sooner. An example of this dual role as professional skeptic and knowledgeable advisor can serve as an illustration.
A client company is in the throes of determining exactly how to implement a new accounting standard that could have a dramatic impact on its ﬁnancial statements. As is typical with a new standard, implementation guidance is scarce, and the company has developed an approach that would minimize the ﬁnancial statement impact. The company reviews its plan with the auditor, but the audit ﬁrm believes that the company’s plan is outside the bounds of reasonable approaches. The auditor, as professional skeptic, applies the brakes. Then, through a collaborative process, the company and the auditor review several other approaches, discuss the auditor’s experience with what other clients are doing, and what standard setters and regulators are saying in discussions about implementation.
The auditor, as a knowledgeable advisor, assists the company in evaluating the alternatives, all the while observing the independence rules that prohibit the auditor from performing a management function. The company adjusts its implementation plan to an approach, which the auditor will support. Through the course of these consultations, the auditor has acted as a professional skeptic, and acted as a knowledgeable advisor to management, resulting in a conclusion that better informs investors. There is a great deal behind the audit process that results in the ﬁnal product representing the auditor’s responsibility to express an opinion on the company’s ﬁnancial statements and internal control over ﬁnancial reporting; a thorough process and a series of frank consultations beneﬁt the company and yield better information for investors.
INCREASING COMPLEXITY AND AUDIT RELEVANCE
The increased challenges, issues and risks faced by management are all emblematic of the overall greater complexity faced by boards, investors and independent auditors. Recent years have seen enormous change in the United States and global capital markets, and changes, as summarized above, in the public company audit profession. The globalization of businesses has had a profound impact on, and dramatically increased the complexity of, public company auditing. Within just the United States, the pace of new requirements and standards has increased. At the end of 1984, 25 plus years ago, the landscape for accounting, auditing and the public company auditing profession looked entirely different than it does today. This timeframe provides a good benchmark because, in 1984, the United States was facing a different ﬁnancial crisis; then, it was the beginning of widespread failure of savings and loan institutions. At the time, the Financial Accounting Standards Board (FASB) had issued 82 FASB statements.
More recently, before the FASB Accounting Standards Codiﬁcation, the FASB had issued 168 statements and a ‘vast volume of formal and informal accounting standards, regulations, and interpretations’.5 Although the codiﬁcation organizes all of the literature related to a particular accounting topic in one place, it has not slowed the pace at which new guidance is issued. Since the release of the codiﬁcation, the FASB has issued 35 Accounting Standards Updates. Currently, the FASB, jointly with the International Accounting Standards Board (IASB), is deliberating a number of projects that will signiﬁcantly change ﬁnancial reporting and the overall presentation of ﬁnancial statements – all by 2011. The International Accounting Standards Committee, the predecessor to the IASB, was only 11 years old in 1984 and really just getting started.
Today, the international regime known as International Financial Reporting Standards (IFRS), as promulgated by the IASB, is used in well over 100 countries, with more countries slated to adopt over the next few years. In addition, the debate over the convergence of US standards (known as GAAP) and IFRS continues. The combination of new standards and everevolving requirements, including accelerating ﬁling deadlines for the largest companies, along with increasingly global markets, has required the audit profession to also evolve and change in order to serve investors and the capital markets. All of this increased complexity even further emphasizes the need for a quality independent audit based on extensive technical accounting and audit expertise.
Adding to the complexity for investors are a whole host of new inﬂuences and pressures on ﬁnancial reporting. Today, more than ever, there is greater media coverage and commentary on business practices and ﬁnancial reporting issues. Although the increased transparency that can result from this can be very beneﬁcial, it can also be confusing to investors. This has caused some to consider the relevance and value of the ﬁnancial reporting model, raising questions about how the model may need to change in the future to provide increased clarity. And the external audit itself is not exempt from challenge. Does it need to change? If so, in what ways?
One way to think about the independent audit is to imagine what the world would be like without it. Some would say, ‘Great, we can save the cost and use the resources somewhere else!’ Others would say that managements are responsible enough to ensure that companies would do a careful, credible job of preparing accurate and transparent ﬁnancial statements, because the risks associated with not doing so are enough to deter any inappropriate behavior. In addition, it might just work – for a while. Over time, however, it is plausible to assume that the quality of ﬁnancial reporting would decline. Without the discipline of an independent audit, without the professional skeptic on the scene, without ready access to an objective and a knowledgeable advisor, how could we expect results to remain the same? Investor representatives have reinforced that they value what an independent audit contributes to the efﬁciency of ﬁnancial reporting.
In answering the question ‘how and why an independent audit matters’, we have considered the explicit value of the ﬁnal audit report and the importance of the consultative audit process. In addition, we have highlighted the fact that the principal players each have a responsibility in the ﬁnancial reporting and governance regime; that complementary interplay and responsibility to the investing public is essential to help promote investor conﬁdence through reliable ﬁnancial statement information. Much like a string quartet, each player has a unique and distinctive part to play, and when in sync with one another music is truly made. Financial reporting must continue to evolve to meet the needs of ﬁnancial markets in the new world, whether that includes movement toward more real-time reporting with ever changing technology or toward more principles-based standards. Independent auditors have and will continue to focus on improving performance essential to effectively execute quality audits that contribute to the reliability of timelier, more useful ﬁnancial information.
In addition, it is essential that auditors continue to be positioned to provide assurance on ﬁnancial reporting, in any format. As we move toward a set of global standards (accounting, auditing and independence), the value of the independent audit will continue to increase in inﬂuence as an element of efﬁciently functioning global capital markets affecting investors around the world. Everyday, this fact of globally interconnected markets is inextricably reinforced. This has turned attention more immediately to the move to one set of high quality global standards (IFRS) to facilitate global trust, and is expected to further enhance the auditor’s importance in the ﬁnancial reporting process. The time may be near where extensive consideration is given to reviewing the scope and predictive value of the independent audit report. The audit profession continues to face multiple, complex challenges. Investors and markets rely on the ability of the profession to overcome them. As it has in the past, the profession will do so – meeting not only the known challenges, but also the unknown as they unfold.
1 Public Company Accounting Oversight Board Interim Auditing Standards, AU Section 230.10, Due Professional Care in the Performance of Work. 2 A majority of, but not all, public companies employ an internal audit function. The internal audit function provides management and the audit committee with assurance that the company’s objectives are being met. 3 Public Company Accounting Oversight Board Interim Auditing Standards, AU 110.02, Responsibilities and Functions of the Independent Auditor and AU 316.01, Consideration of Fraud in a Financial Statement Audit. 4 AICPA, ‘Practice Alert 98-2 Professional Skepticism and Related Topics,’ AICPA Technical Practice Aid issued September 1998; updated August 1999. 5 Advisory Committee to the United States Securities and Exchange Commission, ‘Final Report of the Advisory Committee on Improvement to Financial Reporting to the United States Securities and Exchange Commission,’ August 1, 2008.