During the 2008 financial crisis several banks and other lending and deposit-taking institutions collapsed without a hint of warning from their auditors. Since that time pressure to improve the quality of annual audits has been building up, and by the time you read this, new EU Audit Regulations & Directive (ARD) will apply in UK law.

The Financial Reporting Council (FRC) has attempted to bring existing international auditing standards (ISAs) into line with the new ARD. After revising ISA 700 on the auditor’s report, the FRC notes that there is still “ambiguity” in the ARD requirement for auditors to “explain to what extent the audit was considered capable of detecting irregularities including fraud”.

Ambiguity? Since there is no means of measuring “extent”, what should reports say? Although the FRC does not favour generic (‘boiler-plate”) reporting, the entity-specific alternative is absurd. How could an auditor report, in a particular case, “our audit was not designed to detect fraud” without inviting the riposte “Well, why not?”

The fraud effect

In all cases, if the effect of a fraud is sufficiently material to compromise the truth and fairness of the accounts, its detection and evaluation must fall within normal audit scope, and no potted rubric can provide an escape route.

no potted rubric can provide an escape route

Another proposed FRC drafting change concerns ISA 701 on communicating “key audit matters”, and seeks to encourage auditors “to continue to develop relevant and insightful audit reports”. The anodyne platitudes that now pass as audit “opinions” resemble mechanically drafted protective statements. They are rarely “relevant “ and never “insightful”.

The ARD should, by contrast, require case-specific drafting to (i) highlight audit risks capable of distorting the view presented by the accounts; (ii) explain the audit approach and work undertaken to resolve those risks; and (iii) trace its culmination to the final opinion, unequivocally stated.

Long overdue reforms

The ARD imposes two long overdue reforms. It requires mandatory rotation of auditors of “public interest entities” (PIEs) after 10 years in office, and prohibits the provision by independent auditors of an extensive range of potentially compromising non-audit services, notably taxation.

The rule on auditor rotation is intended to address the potential laxity of an auditor who treats his appointment as a sinecure. Having become part of the furniture he has little incentive to apply much vigilance. Since fear of losing the client is the main impediment to the exercise of independent judgment, the relative security of a 10-year tenure, subject to regular reviews by the audit committee, will certainly enhance independence.

Competition also features prominently on the ARD agenda. The choice of independent auditor has always been limited. Given the large firms’ comparable technical capability and geographical reach, effective competition between them has been largely notional. Factors more likely to influence an audit committee’s choice will be thoroughness of preparation for the selection, presentation skills, knowledge of the business and an understanding of its sector. As for fees, their basis should be agreed in advance, and the prohibition of non-audit services will eliminate much of the volatility that exists today.

 Audit committees will perform a key role

Audit committees will perform a key role in identifying prospective candidates, conducting the selection process, monitoring performance and reporting lapses to the regulator. However, since many audit committee chairmen are themselves former big firm partners they are bound to face challenges to their own objectivity.

Improving audit “quality” – the key objective

Will ARD encourage the auditor of a company facing financial ruin to issue an unequivocal going concern warning? Consider this: Is an auditor more likely to be sued after his client company collapses in a heap of unsustainable debt if he (i) issued a standard wimpish report that failed to flag up its precarious state; or (ii) blazoned a going concern warning in lights?

Recent instances of bungled audits concern failure to report management reliance on unsustainable operating models; bad debt provisioning based on ridiculously biased assumptions; blatantly contrived revenue recognition criteria; use of journal entries to hide override of key controls; cash flow achieved by borrowings rather than operations; existential vulnerability to adverse external developments; and so on.

Audit failures are usually failures of integrity. That can never be redressed without sanctions that really bite. Otherwise, plus ca change, plus c’est la meme chose.