It is indubitably that the quality of external audit has markedly improved over these years. The contributing factors seemingly are: First, external auditing firms have reverted back to be independent with stern rectitude and prepare to draw line with suspicious interest in conflict engagements; this gives the objectivity to the reporting accounts. Second, most listed companies in NYSE or NASDAQ are audited by the big four, they have the resources and competency to deliver high quality audit; they attract the cream of the crop from the employment market, have established in-house practices, strong technical research capacity to maintain high competency; and most of all, they look their laurels. Third, PCAOB auditing makes external auditors more vigilant not to make headlines for silly misnomers. Forth, SOX has given PCAOB almost unencumbered power to regulate the industry. Rashes of nefarious top guns involved in financial legerdemain were charged under criminal offence that also have deterring effects.
As things are, the apocalypse of improved audit quality is the upshot of the PCAOB auditors at their wit end. PCAOB auditors find they are now reviewing a near consummate job. The job of PCAOB auditor essentially is just another layer of review by different entity. As things go, they can resort to nit-picking, but what is the meaning of finicky about trifling matters? Another Achilles’ heel vitiates PCAOB auditor effectiveness is: unlike the external auditor, they do not have the ground knowledge of the audit client, especially in the circumstances auditor has to make judgment; they simply have to take the external auditor’s judgment prima facie. Even though they have the advantage of hindsight, wrong judgment may take longer time to surface and not in the nick of the time exposed during PCAOB’s audit.
Entwined with the conundrum of lack of ground knowledge is the problem of group think. Many PCAOB auditors are previously external auditors, some even the retiring partners of the big four. It is easy for external auditors to cudgel their brains to mind-read the next move of PCAOB’s auditors because they are receiving same kind of training, some coming from the same firms, adopting same approaches. It exposes chinks in auditing the external auditors if mind-reading pattern of the PCAOB auditors becomes tractable? It is ineffable, the external audit firms are also recruiting sagacious auditors, they learn the tricks fast to outfox you than you can imagine. In essence, how these kinds of mind games impregnated with audit quality? In a sense, does improved in audit quality means PCAOB can do fewer checks in the future to save resources? The logic of contention goes like this: When the audit client beefs up corporate governance (Increase in compliance costs) and earnings quality, the risks are reprieved, external auditor (The first line of assurance) therefore can cut back their checking, and regulatory body can even scale back their audit, so the total spending as a whole becomes efficient. Spending at the source (audit client) and first line of assurance are far more efficient because it gives stakeholders the confidence rather than expending social costs when damages cannot be undone. My article is to examine this flimsy contention and how to further improve audit quality and handling judgment issues?
The flaw of the logic
The major flaw in the logic above is an assumption presumes the three parties can orchestrate seamlessly in reacting to each other responsibilities to achieve greater efficiency as a whole. In reality, it is a forlorn hope that the maze of relationship among the three is jarring and dynamic than what we think. The statutory demand for corporate governance is a fait accompli driving up fixed compliance costs. The board and audit committee however can only spend fixed hours in a year dabble in major issues. That leaves the intense monitoring function to the full time internal auditor. Perversely, in some cases, the close monitoring function is impinged if internal audit function is outsourced or internal auditor lacks independent (too close to the management resulting pussy footing because they are also employees). Some subtle changes are latent in the capricious business environment may not be immediately unveiled on time to catch the attention or being communicated to the upper echelons of the governance body, let alone the annual visit of the external auditor.
There are limitations in the purview of external auditor can do too especially under time pressure to produce audited accounts, and when resources are overstretched during peak period. Auditing from client’s schedule rather than comb through stack of files makes auditors’ life easier (Here I am not implied whether it is apposite auditor should rely on client’s schedules or pontificate audit client has an intention giving schedules to delude auditor to reach wrong conclusion, but auditor should be mellow enough to weight different kinds of audit evidence, and ensure that audit evidence concerns matters of materiality should be derived from own validation.
Some of the unresolved queries from external auditor are in relation to matters management refuse to explicitly express their position, or the matters are latent and developing but not materially affecting current reporting results judging from current available information; the auditor has to rely on management’s representation and release the report at the eleventh hours in order not to sour the relationship with their client (It is unconscionable to prematurely pontificate a scheme is afoot, or assume queries unresolved implied client has fraudulent intent), External auditors always have to work through those controversies and take certain amount of risks. It is not client always dishonest to con auditor but auditors have to be vigilant and exercise sobriety. That leaves the last line of bulwark to the PCAOB audit. But PCAOB auditor too has their own limitations as I mentioned earlier, because PCAOB is auditing the current file of the external auditor. It is in a fix for them to tell without knowing firsthand the ground knowledge of the audit client, the context behind a judgment or whether certain audit approaches are fluff, they can only absolutely certain whether disclosure rules being followed.
The quality process
Not in the least I imply the precariousness is imminent. In a sense, the precarious factors evince some brittle crevice. Thus far, I read about companies whole-heartedly rather than perfunctorily emphasize the importance of ethics (A requirement under SOX) and cultivate open culture, not fudging issues (e.g. facilitate whistle-blowing). Those modus operandi are truly help because it attenuates audit risks and auditor is rest assured that no hanky-panky is going on, it exterminates problems at the source rather than interested parties rely on instituting layers of bulwarks that have their own limitations. I am not writing down the value of layers of protections or giving those layers alibis. They are valuable in the sense that nothing is unassailable. Despite inherent limitations, you just need one protection that is not covered from the same angle to be functional when needed.
Scaling back audit work does not abate PCAOB’s responsibility. The public demands for assurance annually that never assuages. Never before it was required to audit the auditor, No precedence can be followed except by arduous reviewing process. However, there are innovative ways that give better assurance may pique PCAOB’s interest.
It makes no sense to cry over spilt milk when the faulty goods left the shop-floor. A nifty way is getting the assurance from in-house quality check is far more seminal and emblematic of higher quality assurance than checking current files (output of the product), because you are examining the mechanism match quality standards before the production begins. It should not be obfuscated as control freak. The PCAOB auditor gains even more confidence if audit firms pass the test when the resources are stretched (during peak period when many companies have the same year end). SOX authorizes the PCAOB to conduct regular inspections of public accounting firms to assess their degree of compliance with laws, rules, and professional standards regarding audits. Annual personal visit to auditing firm is ineluctable, because new assurance is required due to changes in audit firms, such as turnover of audit staff, bigger clientele because of new joining audit clients, and maze of exogenous factors. PCAOB’s auditor must satisfy the minimum of the followings during the visit:
1. Independence:
· During the past one year, did the audit firm accept engagements/or assignments from audit clients that jeopardized firm’s independence?
· Are client acceptance procedures set as in-house policy being adhered to and vetted by management team to ensure sufficient independence and that the firm has adequate resources and expertise to service the client?
· Does the firm accept appointment that fee received too lucrative compared with their other clients that they are reluctant to drop them when pressure from client’s management mounted threatening auditor’s independence?
2 Deployment of staff:
· Does the firm identify risk category among audit clients?
· Does the firm have sufficient qualified senior audit staff to handle high risk jobs of different size and complexity and with special expertise?
· Do high risk areas always assigned to senior audit staff with sufficient expertise in the industry of audit clients? (Make no mistake; some senior staff like to “delegate” their work to junior staff. The opportunities are gone because junior staff can’t spot glaring anomalies and reviewing junior’s working paper does not tell much more than esoteric validation.)
· How frequent is audit manager reviewing high risk assignment going for field audit? (Some audit manager only interested to review files in the office whereas assurance from evidence received is gathered in the field.)
3 Audit client:
· What is the basis of categorizing audit client into different risk category?
· Does firm assess their capability before accepting new client?
· On high risk clients, how rigorous they plan their audit that left no stone unturned?
· What steps does auditor take to advise client on mitigating their risks? If client is little perverse, candid advice grates on the ears, are auditors prepared to resign from office when persuasion fails?
4 Training:
· Ensure that there is adequate staff training to boost technical competence and firm keeps them up-to-date on major issues.
· Enquire about how training programs (like web-based training) provided are relevant to the job and how firm assesses training performance.
· Enquire audit staff how training improves their audit quality?
· How audit staff can access to in-house technical library? Technical enquiries are available physically and also virtually.
· Emphasize ethical training, the management of audit firm must always communicate message of in-house ethical standards to staff. Strict enforcement of the ethical standards policy is adhered to.
5. Management of audit firm:
· The communication process: How the firm reaches their staff, especially when audit staffs spend most of their time in the field? How important messages are transmitted along the channel?
· Culture: Does the firm promote culture to achieve professional excellence? Is the environment conducive to open communication, learning, professional development and performance management
· Work-life balance: Many auditing firms are overstretched during peak period. Audit staffs toil in the sweat shops are worn to the frazzle. To compensate for assignment budget overblown and to show they are bound up in the work is the unallocated time the auditor slog through, they bring back home uncompleted work or back to office in the week-end. Stretching staff to reach new milestone is good, but over-stretched staffs make more mistakes, create family problems, and endanger personal health. Work smart but doing it right is better than work hard but doing it wrong.
At the pinch, there are many more that can be developed as lodestar and be incorporated into a checklist to facilitate PCAOB auditor carrying out auditing external auditor in-house. And certainly the effects of getting assurance are far better than peer review which is perfunctory in nature between rival firms or enchanted in auditing current files. Of course, auditing current files are not supplanted, because outputs say everything.
The judgment rule
As I mentioned in the preceding paragraph, “unlike the external auditor, they do not have the ground knowledge of the audit client, especially in the circumstances auditor has to make judgment; they simply have to take the external auditor’s judgment prima facie” I am proposing countervailing approaches to improve the quality of auditing judgment.
The first and simple way is to turn the table around, if the PCAOB auditor follows the external auditor to the field. Both muster ground knowledge of the same client; will the PCAOB’s auditor make similar judgment as what the external auditor has done? On the understanding that the PCAOB auditor should only observe, listen, and refrain from interfering into the audit process of the external audit; and only pose questions to external auditor during appropriate time the rationale of their judgments; avoiding interloping, overweening or on the spur vitriolic arguments or skirmish on both side and PCAOB’s auditor should hold rigorous inquests in their own office to make clear their thoughts, and bide their time and segue into having their opinion heard in writing to the external auditor. In case of vast chasms, the exchange will go on, until both sides are palatable. If no consensus is made, then a team of respectable mavens with sound technical expertise should review the judgment and makes their judgment final. It is propitious for PCAOB’s auditor to select high risk clients or clients that external auditor is in dispute on certain controversial judgmental issues to get their selection focus. Physical presence changes perceptions and gives confidence.
The PCAOB will then publish their findings (firm’s name under anonymity) on their web page. This is important because auditor is also watching the ground rules what is permissible under certain circumstances. There is no absolute answer for every judgment, every judgment is circumstantial, therefore making it publicly will help auditor to apply the spirit of the findings in different contexts and chinks in auditor’s armor. It is a valuable learning experience.
No one is omniscient and able to make complex judgment right all the time, so does the external auditor. The quality of judgment is correlated to judgment maker own experience and professional expertise. There are three circumstances that external auditor makes wrong judgment.
An honest mistake: Under present auditing climate, majority of judgmental misnomers are under this category. Unbeknownst to the auditor, it can be faulty assumptions of wrong audit planning; barking up the wrong tree, for example, placing much of their attention in the area mistaken as high risk, based on general assumptions of particular industry rather than tailor to ground situation. Another example is ignoring a lurking threat to defraud the company in which control is least guarded, because auditor gleans insufficient information for ground analysis during planning period. Another true to type example is external auditor accepted management wrong judgment, because they lack the industry knowledge and expertise that management possesses; a very common example is lemming-like believing management overly sanguine sales forecast.
Induced to believe a fabricated factoid by management or company’s staff: The nuance between this case and the over-optimistic sales forecast example above is: in the example above, it is veritable wrong judgment made by the management, and for this case it is a hocus-pocus, management or staff of the company is deliberately inducing the external auditor to believe a fabricated factoid. They know the external auditor is in a cursory to compete with time to close their accounts, comb through a slew of files, struggle to digest surfeit of information, may not have time to dig into sufficient depth if they can fabricate a convincing but arrant apocryphal story or clever repertoire, and they can get away by inducing auditor to make judgment mistake to cover them up to defraud the company. SOX makes it unlawful for any officer or director of a public company any action to fraudulently influence, coerce, manipulate, or mislead an auditor performance of an audit of the company’s financial statements. In other words, it sends a strong message to the management not to fool around with external auditor. However, it does not stop fraudster to take statistical fluke to cover up their misdeeds.
The external auditor is colluded with the management: In common parlance, colluded means conspiracy of two parties to deceive. It is under fraud provision of US code (Chapter 63) to make “attempt” and “conspiracy to commit” offences. Conniving is rather rare now. It is prohibited under professional ethics that auditor has close relationship with the management (not necessary auditors cross over to work for their former clients under conflict of interest provisions of SOX). Thus far, the climate is largely pro-independent. A plethora of financial shenanigans thick and fast easily happen during Enron’s time, and it was how the case resulting the demise of Arthur Andersen. But, the Acts are always there, and there are people display a cavalier to try their luck get away with punishments.
Of the above three situations, it is sometimes subtle to distinguish intention of genuine infraction. Therefore it is a demanding job of the PCAOB to go beyond traditional auditing approach sometimes move to forensics seek proofs to confirm their hypotheses.
The PCAOB auditor can afford to be more luxurious in using their time than external auditor; that give the advantage for them to play around with their cases in different perspectives. To my thinking, group discussion and parallel auditing facilitate the process. Group discussion can draw opinion from diverse background to yield different perspectives especially benefits judging judgment. One will not lock one’s view that can create many other possible scenarios.
Parallel auditing is drawing insights from auditing group of current files from similar industry with similar size. It is interesting to see why different approaches are applied to these companies. There are two ways of applying parallel auditing, one is to download auditor’s current file and makes it portable to be used by PCAOB auditors. So to say, the current file is saved on a DVD, every listed company auditor’s current files are kept, say, for five years in PCAOB’s library (The DVD will be returned for destruction after five years). Five pieces of DVDs do not take up a lot of space, but it reckons on proffering the PCAOB auditor the liberty to compare and contrast the entire external audit process of listed companies in the same industry and of similar size. This knack is almost impossible for external auditor to do the same. PCAOB’s auditor can generate many useful insights that are valuable and in a sense impossible to achieve under current approach. Of course, the major scruple is external auditor may be loathing; in no circumstances do they divulge client’s confidential information that they have no control. PCAOB may have to give written confidentiality guarantee and beefing up internal control for access to DVDs’ use, storage and duplication. At any rate, it is easy to carry out parallel auditing and it makes subsequent changes to the current file impossible. The worst case scenario is external auditor persist in their recourse to confidentiality as their cogent reason.
The PCAOB’s BATNA is: They can still play their last card to conduct parallel auditing by on-line access to external auditor’s file at PCAOB own premises. This is in the purview of SOX that empowers PCAOB, external auditor is still in control of confidential information Parallel auditing breaks away from traditional auditing methods, making new path for watching the watchdog.
Epilogue
I read with interest the news about changes in auditing standard 2. I wanted to concentrate my efforts on job search for my prolong period of unemployment, rather writing articles proposing changes in my profession yielding no feedback. However, I cannot weasel out but stand pat of my original propositions I made several years ago. I have been a staunch advocate for auditing the auditor, risk based auditing, using professional judgments in the audit (Refer to my articles “fixed the systems” written in May 2002 and “Taming the compliance costs.” written last year (both articles can be read from my blog). I foresee the harbinger of some problems ahead. After much contemplation, I write from PCAOB’s perspective this article. I do not provide solutions to the problems, and hope to elicit or brainstorm for better answers.
Note: A copy has been sent to PCAOB
