Lately, there has been talk of more requirements for auditors: more disclosures, more discussion, more information on who is doing the audits. Would a narrative by the auditors add more meaning to audit reports?
One problem with audits is that they don’t provide a whole lot of information to users of the audit reports. The financial statements and the notes to those statements are somewhat useful, but the auditor’s report really amounts to nothing more than a pass or fail grade.
I spend a lot of time educating people on the real purpose of an audit. It is to determine whether the numbers add up and whether the company has followed Generally Accepted Accounting Principles (GAAP).
Audits are not designed to detect fraud, and they have never been designed to detect fraud. On occasion, the auditors find fraud in companies. However, this is relatively rare, as evidenced by the number of frauds that were discovered through means other than financial statement audits.
The Public Company Accounting Oversight Board (PCAOB) is considering rules changes that could require auditors to tell more about their work, specifically as it relates to detecting fraud. That sounds interesting, but I suspect that any such disclosure would be reduced to some standard language that most auditors would insert into their audit reports. The reports are already nothing more than standardized language, so an additional disclosure done with stuff copied verbatim really wouldn’t provide any meaningful information to users of the financial statements.
Adding an auditors’ discussion and analysis section to the audit reports or financial statements would only be meaningful if auditors resisted standard language and used the section to do an actual discussion specific to the client. Sarah Johnson at CFO Magazine suggests:
Auditors would use the space to express their thoughts on management’s judgments and estimates, accounting policies and practices, and — most controversial — management’s “close calls,” or debatable estimates.
It has also been suggested that auditors should be required to disclose exactly who worked on the audit. This is an interesting concept, although I don’t know what it would really accomplish. It wouldn’t seem to make audits more useful. It only seems to be an attempt to hold individuals responsible for their work. I’m not opposed to this idea, but I’m not sure that it adds much value to the audit process.
One concern I have about audits is the lack of information the client is given about the audit procedures and results. The auditors own their work papers, and they rarely give copies of them to the clients.
What does this mean for the companies and the users of the financial statements? If problems arise, there is no way of knowing whether the auditors did their job. If the auditors don’t have to show their work to anyone, are they being held accountable?
Auditors have long benefited from secrecy in the process of the audit. Sure, there are standard procedures and work programs that guide those procedures, but that tells us nothing of what the auditors actually did. Did they follow those procedures? What did they find? Was there anything suspicious that should have caused the auditors to do more work? Did the auditors actually do the extra work?
The PCAOB just released new details of its 2008 inspection of Deloitte & Touche, one of the Big 4 firms. (This is unusual because PCAOB previously did not release this specific inspection information for larger firms.) The deficiencies found in Deloitte audits included not obtaining sufficient competent evidence to support certain projections made by management. PCAOB also stated that Deloitte auditors didn’t do enough testing and didn’t have enough quality controls in place.
This situation highlights the problem with not having access to the auditor work papers. No one knows what the auditors did and whether they found anything unusual. At least not until it’s far too late. Clients really only get their hands on the work papers if they sue the auditors. And such suits are often filed with no real knowledge on the front end about whether the auditors made mistakes in their audits.
Auditors have always been reluctant to provide information to their clients (or the investors) about their work or their opinions. I think that requiring auditors to disclose more about their work could be a good thing. More information might lead to more lawsuits, I suppose. But why do the auditors get to decide what they disclose? Why don’t the clients collectively decide that more disclosure would be better, and demand it from their auditors?
Companies engaged in shenanigans would likely never want more disclosures. But those doing business honestly should have no fear of increased auditor disclosures.
