Web audit warning

Companies that choose to publish accounts and other financial information on the Internet could be breaking the law and are increasing the risks for their auditors, according to a leading accountancy academic.

In a Deloitte & Touche-sponsored study, published earlier this month, Bristol Business School professor Roger Hussey analysed the online data of FTSE-100 companies. Of the 85 that posted such information in March 1998, many failed to specify whether the information had been audited, and some of it failed to take the form required by company legislation, Hussey concluded.

A comparison of the 1998 results to a 1997 survey showed a 55% increase in the number of companies putting financial information on the Web and an increase in the amount of information they disclosed.

‘We’re dealing with a very different document to a printed report. The time companies have got to issue their accounts under legislation is all to do with printing processes that go back to Caxton. You can get a very quick turnaround with technology. That moves everything forward and has lots of implications for the audit profession. The nature of the audit process may have to change,’ Hussey told Accountancy Age.

Auditing Practices Board technical director Jon Grant explained that auditors do not currently have any responsibility for financial information on the Web, a point it raised in its submission to the Department of Trade and Industry’s company law review.

One solution, suggested by Hussey, would be to establish a Companies House-controlled website for results. Martyn Jones, national audit technical partner at Deloittes – which is using the research to develop new electronic assurance services – said, however: ‘This is a today issue. The company law review is so wide-ranging it could take several years.’

Although the APB has responsibility under the law to provide guidance for auditors, Grant suggested auditors should ensure they are alerted when their opinions were being broadcast on the Web to ensure they are not compromised by unaudited figures.

‘Real-time’ auditors might not be able to ensure the accuracy of rapidly changing Web data, but in future they could offer an opinion on whether a company has controls in place to ensure reliable online information, Grant said.

‘But we’ve already seen the difficulties surrounding auditors reporting on internal controls because there aren’t clear, objective means for them to do it,’ he added. ‘Auditors are obviously concerned because if things go wrong, they’ll be the first in the firing line.’

HELPFUL HINTS FOR SAFE ONLINE REPORTING

Companies like BP-Amoco (above), which already post detailed accounts online, are advised by Hussey to:

– Alert readers to any potential errors or omissions

– Remember that hard copy statutory requirements also relate to electronic disclosure

– Audit the site perpetually to guard against mixing audited and unaudited information

– Guard against unauthorised tampering by hackers.