IN 2009, KPMG designed a tailored audit package for Rentokil that caused uproar in the accounting world. Critics said the deal – which shaved 30% off Rentokil’s bill by taking on some internal audit functions – went against basic principles of independence and ethics.
The Audit Inspection Unit’s annual report is due next month and its view on KPMG’s brainchild will be closely scrutinised. One source close to the matter said the AIU sees the package in a positive light, potentially encouraging competitors to follow suit. It begs the question: is KPMG’s offering an aberration that will quickly be discredited, or has the Big Four player struck gold?
Chief architect, KPMG’s UK head of audit Oliver Tant, said it enhances the audit service by avoiding duplication of external auditors’ work by internal auditors, leaving the latter free to direct their attention elsewhere. He gave the example of testing a larger sample of controls or balances of lower value than the materiality level set for the statutory audit. Normally, internal auditors would carry out this work, also looking at other aspects of the internal controls environment such as management strategy, corporate social responsibility and reputational risk.
Critics’ primary complaints centre on the self-review threat – whereby an external auditor relies upon its own internal audit work – and the management risk, which warns against internal auditors assuming the role of management.
The Chartered Institute of Internal Auditors, unsurprisingly, viewed the deal with a cold eye. Chief executive Dr Ian Peters said that, although the service might not actually breach ethics, it could be perceived to do so, and this is potentially just as damaging. He argued the perception that there may be a conflict of interest undermines the whole industry at a time when building respect and credibility is paramount.
Such crossover is not permitted in the US and many other jurisdictions. KPMG has been reprimanded in the past for blurring the lines between internal and external audit: it was providing staff to undertake internal audit-like functions in the workplace under the direction of an Australian client. A stop to this was ordered by the US Securities and Exchange Commission earlier this year.
Other critics have claimed auditor independence will be eroded by increasingly lucrative contracts and ever-closer ties between auditor and client. Peters argued that precisely because greater sums of money are involved – with savings for the client and larger contracts for the firm – KPMG is sailing close to the wind in terms of acceptable auditor behaviour.
However, Steve Maslin, Grant Thornton’s head of external professional affairs, said positive messages on cost control for Rentokil created confusion over KPMG’s new product. “It is unclear exactly what KPMG was doing but it seems to me that they were increasing the scope of work on financial controls in order to save time and money on internal audit.”
On this basis, the concerns over conflict of interest would not necessarily apply; rather, as Tant claimed: “This work does not replace, conflict with or undermine the independence of the external audit – it simply extends our understanding of the business and its controls and hence the breadth and depth of insight we can offer.”
Enhanced audit is certainly something the major firms are interested in. Many audit committees are seeking greater guidance on risk management and they often ask external auditors to focus on potential trouble spots. This does not constitute an undermining of internal audit when it is consistent with external audit services that would anyway be carried out, though the Rentokil package takes things one step further.
While internal auditors are charged with examining and testing companies’ controls environment, external auditors are responsible for checking everything adds up by examining these controls. Tant agreed that his package meant the amount of fact and figure checking was reduced but argued this is a positive outcome of dovetailing intent, with internal auditors’ workload being shifted rather than reduced.
Big Four and second-tier competitors have made it clear that they would adhere to the principle of not providing internal audit functions for a listed audit client. However, they are all actively mining the seam of enhanced external audit services. This raises the question: where is the line between the two?
While the Rentokil package is considered by most to be firmly on the side of internal audit, objections may be muted because there is little evidence to show it violates the two primary risks of self-review and assuming the role of management. On this basis, it would seem it is possible to carry out traditional internal audit functions without falling foul of well-known threats to auditor independence.
This could mean the time has come to re-examine what constitutes internal and external audit. David Herbinet, head of corporate public interest markets at Mazars, said the last decade has seen unprecedented growth of internal audit, and this may have led to it swallowing some traditional external audit functions. With reviews of external audit currently underway in the UK and Europe, now could be the time to take a closer look at its sister function, internal audit.
On the other hand, the mood coming out of the studies is stern and they may result in stricter controls over the audit market. This could mean strengthening the laws governing non-audit services and might stymie the potential gravy train of KPMG’s new product.
For this reason, James Roberts, senior audit partner at BDO, said it would be “more natural” to focus on new business rather than expanding their offering to existing clients, and other firms are exercising equal caution in this arena. With the majority of jurisdictions strictly outlawing the crossover of internal and external audit as championed by KPMG, the firm’s only hope for their new service might be redrawing the lines between the two as looser regulation seems a remote possibility.
Two new audit partners have been appointed at the firm BDO in its audit practice following continued growth and investment
Investment in people, tech and businesses impacts on EY's profit per partner figure
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
Dr Richard Willis provides a several thousand-year history lesson of the profession, from origin to modern-day