Jane Howard looks at how auditors can best protect their position in light of enhanced expectations and new reporting requirements
AS WE HAVE SEEN in in the context of some of the more high profile corporate collapses, a great deal of expectation and responsibility is placed on the shoulders of auditors – especially when working on the audit of a bank or other substantial listed entity. When a fraud is uncovered, auditors are often accused of failing to do the “very thing” for which they were engaged, as if general financial policemen acting as all things to all people.
In truth, the retainer, even one as complex as auditing a $700bn (£455bn) investment bank like Lehmans, is fulfilled on a much narrower basis than most people imagine – which, in times of crisis, leads to disappointment, questions about the relevance of audit, and in some cases, a search for compensation.
This takes us to the much bigger question that often becomes confused with the need to blame someone, namely, what can the users of financial statements expect an audit to achieve? The answer, certainly in the light of some of the recent consultations that have gone on in this area, is a lot more than used to be the case.
While the law has for a number of decades now been relatively protective of auditors (particularly as far as claims by third parties are concerned), one poses the question whether this will remain the position going forward or whether the weight of expectation (brought about in part by the current economic climate) will shift the goal posts in favour of duties being owed to a much broader class of persons than those contemplated by the Caparo test?
Just as Starbucks, Google and others have been openly criticised and branded by the press as morally blameworthy for seeking out favourable (and lawful) tax regimes, so the auditor increasingly finds themself operating in an environment where simply saying: ‘I did what the rules required of me’ may not leave them unscathed, particularly in the context of corporate collapses impacting large numbers of pensioners, employees and general creditors. I say this not to be alarmist, but merely to highlight the fact that judges do not operate in a bubble. Like auditors, and tax advisors, they function in an environment where they have a fair amount of discretion to shape outcomes.
Stepping up scepticism
These days ‘auditor scepticism’ is mentioned at every turn. ISA 200 includes an explicit requirement for an auditor to plan and perform an audit with ‘professional scepticism’, recognising that circumstances may exist that could cause the financial statements to be materially misstated.
The difficulty arises because professional scepticism is not something that can be easily covered by a tick in a box on a checklist; it is a question of judgement. Demonstrating that professional scepticism has resulted in a critical assessment of the audit evidence and challenges to management assumptions can be hard to achieve in certain areas.
Over-reliance on management representations is a common theme when auditors are sued. The revised ISA 240 highlights the risk of fraud arising in the context of revenue recognition. It is a significant risk area and it is one that continues to cause problems for auditors. Often one sees file reviews including comments such as “fraud is low-risk as there is no previous history of fraud” and “fraud is low risk as the client is long standing”. Both statements appear to rely on past experience and to contain little in the way of professional scepticism. This has not been lost on the standard setters.
Auditors of substantial entities are also about to face increased scrutiny of what they actually say on the face of the audit report itself – scrutiny not only by their audit client (to whom their duty in the post Caparo era has generally speaking been confined) but also a risk of attracting the attention of a much wider class, namely the ‘users’ of financial statements.
It is interesting to note that in the FRC’s consultation paper on the revised ISA 700, the focus is very much on the ‘users’ of financial statements. That is a class of persons very loosely defined that reaches well beyond the members of the company.
The revisions to ISA 700 apply to audits for periods commencing on or after 1 October 2012. The revised ISA provides for an expanded auditor’s report which will, for the first time, describe (in bespoke narrative form) some of the inputs to the audit including the assessed risks of material misstatement and how materiality has been determined and applied.
Purely from a liability risk management perspective, the proposed changes are not attractive. After all, why do most ‘experts’ issue non-speaking determinations in, for example, the completion accounts context?
Revealing the methodology
The new approach will reveal, in a very public way, audit methodology that is currently generally confined to the auditor’s own working papers and/or made available to audit committees. Once the expanded report is adopted, the bases for potential claims against the auditor will be easier to identify (by a would-be claimant’s forensic accountant for example) and easier to articulate. This in turn could make it harder to resist requests for pre-action disclosure of the underlying audit working papers – as it will be easier for the would-be claimant to prepare a sufficiently detailed Letter of Claim to satisfy the threshold test for obtaining pre-action disclosure.
That said, the additional matters to be addressed in the auditor’s report are unlikely to change the nature of the underlying work that the auditor will perform and should not, therefore, affect the ultimate outcome of claims (as these key audit judgements are likely to be closely examined in any event if a claim is brought). Indeed making overt that which was once shared with only a very few, should serve to further enhance audit quality.
Arguably, however, the new approach does have the potential to encourage more claims to be made in the first place (and make them harder to fend off at an early stage) as even without access to the auditors files, challenges can be made to those key audit judgements.
A contrary view is that claims in this space (i.e. audits of entities that are either required to, or choose voluntarily to, adopt the UK corporate governance code) are likely to be significant in terms of quantum. As such, it is likely that they will be pursued in any event, irrespective of the level of information provided in the auditor’s report.
Third party actions
It is also worth pointing out that (in this jurisdiction at least), the majority of audit negligence claims are still brought by (or in the name of) the company being audited. Since the company (via the audit committee) already has access to material in excess of that contemplated by the revision of ISA 700, the new disclosures should, in theory, not have any real impact upon either the incidence or merits of such claims. To the extent that the number of claims against auditors does rise in light of these changes, it is more likely to be in the area of claims brought by third parties.
It is this risk, i.e. of being seen to voluntarily assume a duty to a wider class of users (other than the company being audited and its members), to which the Bannerman disclaimer is primarily directed. The use of Bannerman-style disclaimers (which clarify the scope of the auditor’s role and expressly exclude liability to anyone other than the audit client and the members of the company as a class) is actively encouraged by the ICAEW. ACCA, in contrast, suggests that such disclaimers should only be used in exceptional circumstances so as not to undermine public confidence in audit work. It will be interesting to see whether that guidance is updated in light of the newly expanded reporting requirements.
More broadly, the International Auditing and Assurance Standards Board (IAASB) promises more informative audit reports and there is growing demand for more integrated and real time reporting. The bar is undoubtedly being raised when it comes to audit.
Fortunately, the auditor still has a fair amount of ammunition in his defence armoury. Causation is a case in point. In a climate where ‘users’ of financial statements challenge the relevance and historic nature of an audit, it is barely credible to then assert that the audit was relied upon as the basis for key business decisions. When the figures are large enough, however, claimants will no doubt try.
Jane Howard heads up the professional liability group at City-based law firm Wragge & Co