The English ICA last week brushed aside claims that auditors should take direct responsibility for detecting year 2000 computer problems.
In a guidance document sent to audit faculty members, the institute argues that a duty of care rests instead with company directors. Only directors can identify and solve potential problems with their computer systems, the guidance states.
But directors were warned that if they failed to supply ‘robust’ answers to auditors’ questions they run the risk of their accounts being qualified.
Coopers & Lybrand partner Mike Barkham, who chaired the working party that drafted the report, denied auditors were dodging their responsibilities to reduce potential liabilities. ‘Auditors aren’t passing the buck. We’re ensuring that directors don’t duck the issue.’
Tony Bingham, head of the institute’s technical and practical auditing committee, said the guidance had been written in time to be included in the current crop of December year-end audits.
‘Reporting issues are more likely the closer we get to the millennium,’ said the Coopers & Lybrand partner, ‘but companies and their auditors need to think about 2000 before impacts become critical.’
The document is a disappointment to some shareholder groups, some of which have called on the institute to draw up a list of minimum requirements to guard against system failures.
The UK Shareholders Association called for auditors to conduct their own investigation of their client’s ability to cope with the millennium date change, rather than to rely on statements from directors. Taskforce 2000, the government-funded body created to raise awareness of the issue, also said it was disappointed the report refused to go further.
Bingham emphasised that the report provides a framework: ‘It is not prescriptive – it signposts the questions that auditors need to ask.’ He also argued it would be ‘unhelpful’ to mention the millennium issue in the report and accounts, saying it would only fuel fears that a company was somehow affected. To head off further criticism of the institute’s stance, Bingham said that auditors were being encouraged to ask directors a series of tough questions.
The guidance recommends that auditors should include a risk assessment of the millennium bug and the impact of any failure on their client’s financial statements. If this analysis reveals the potential for problems, then information about the readiness of computer and other systems will be sought from directors.
Bingham insisted third-party information would be needed if the original analysis found the client exposed and subsequent questioning revealed little had been done about it.
‘The emphasis must be on directors providing robust information,’ he said. ‘If there is any doubt in the auditor’s mind about the quality of that information there may be a question mark over the company as a going concern.’
The report states it is ‘not the auditor’s responsibility to attempt to rectify any lack of analysis or planning by management’. But it continues: ‘auditors may feel unable to rely on management’s assertion that there is no significant impact. The auditors should consider carefully whether they have received all the explanations required for their audit and whether this represents a limitation on the scope of their work, which might affect their opinion on the financial statements.’
Bingham said his firm hadn’t yet encountered clients with serious problems.
But he hinted it was likely some clients would be materially affected over the next year. In his view, smaller companies would be worst hit: unlike Coopers’ larger clients, they have few resources to resolve technology-related problems.