Tag: audit failure

To Whom does the Auditor Answer?

~ C.O.R.E. Beliefs ~ Leave a comment

One of my google alerts brought an interesting article about the auditor and the relationship the audit firm has with management and the board.  It seems that many boards are concerned that the auditor appears aligned with management and not the shareholders.  This is, sadly, not a new problem, but it is one that C.O.R.E. is trying to address is our own little world of auditing.

At C.O.R.E., we understand our loyalty lies to the reader of the financial statements – that is, the shareholders.  We are engaged by the board on behalf of the owners to audit management.  Ensuring that current and prospective owners get the best information about their association is key to our success, but sometimes getting owners the best information means upsetting management.

Upsetting management, however, potentially hurts the pocketbook of the auditing CPA firm.  In many situations, management offers very profitable consulting opportunities to the auditor.  Systems design, software evaluation, and other arrangements are absolutely essential to the financial health of an organization and a CPA is highly qualified to offer those services.  The problem is the potential for the auditor to be compromised – that is, does the auditor get the consulting gig because they went soft on management?

If you don’t think it is a very real possibility think again.  Can you imagine anyone hiring a consultant who just got through bashing them?  If a CPA firm had the chance to earn $100,000 consulting with management or $30,000 auditing the client (or both hopefully), is it possible that the auditor might turn a blind eye to a problem found on audit for the chance to earn more money?

And in the small and medium sized entity market, it is potentially even more painful.  The small CPA firm gets most of its new business by referral.  But referrals are hard to come by when your work upsets management.  This has impacted us directly – we have had to issue specific communication about management violating internal control systems to an entity’s board.  The Chair of the board was also the president who hired his son, the person who broke the rules.  That organization and six other companies found a new CPA firm because they wanted someone less “negative”.   Seven entities is a lot of billing.  Financially, would we have been better off remaining silent?

This is not an attempt to justify the auditor’s failure to live up to their responsibility to protect owners and stakeholders.  An auditor who accepts a consulting job with a client needs to consider it a bribe, or worse, an attempt to make them complicit in management’s failure.  That is the auditor’s failure.

But the greater failure is on behalf of the boards of directors who have the primary responsibility to protect the shareholders.  When you ask management to interview auditors, when you accept management’s recommendation to terminate the CPA, when you accept management’s excuses for their misdemeanors, you are abrogating your responsibility.

But you can start to address the problem.  It will require boards to start holding management accountable.  And, when it comes to engaging the auditor to attest to your organization’s financial statements:

You, not management, should

  • request proposals from auditors
  • interview the auditor
  • determine if the auditor takes any fees from management for consulting
  • ask how auditors get clients – board or management referral
  • never allow management to dictate non-GAAP policies without auditor approval
  • interview new auditors every 3-5 years
  • demand that the auditor refuse to accept any consulting arrangement with management

As long as the board, or its audit committee, continues to allow management any involvement in the process of selecting, engaging and compensating auditors, this problem will not go away.  The board must make it clear to management that the auditor is the board’s tool to review management and its adherence to appropriate accounting policy and not someone who is there to help management look good.  And the board must make it clear to the auditor they look to them to protect the owners and their investment.  This is your chance to hold both auditor and management accountable, will you step up to the challenge?

Fraud and Auditor Negligence

~ C.O.R.E. Beliefs ~ Leave a comment

I received an interesting Google alert yesterday.  The Supreme Court of Canada ruled that Deloitte should be held responsible for damages related to its audit work performed almost 20 years earlier.

The case centered on whether an auditor is responsible for catching fraud – and what happens when it is missed.  In this case Deloitte was engaged to audit the financial statements of a theater production company.  The audit was required by both its lending arrangement and because it had sufficient investors who demanded it.  The financial statements understated certain expenses (see yesterday’s blog) and recording certain pre-sales as revenue – debt recorded as income.

There are two questions in these situations – the significance of the fraud and reliance upon the statements.  In some trials it was proven that there was significant fraud but no one relied upon the financial statements.  Without reliance, the auditor is not really responsible – after all, the purpose of the audit is to provide relevant information to stakeholders and if they choose to ignore it, that is their choice.

In this particular case there was substantial fraud.  Deloitte’s procedures did not identify the activity, or if it did, the fraud was not brought to the attention of the appropriate level of management.  Now, this case is interesting because the chairman and vice chairmen were the perpetrators of the fraud so really, who would have been the appropriate level of management?  Technically the auditor should withdraw at that stage – which surprisingly was one of Deloitte’s defenses – that they were being punished for not withdrawing as the auditor.

But I digress as the court did not find that Deloitte discovered the fraudulent activity. Which, by the way, went on for 5 years.

Needless to say, the lenders and investors were decidedly unhappy to know their money disappeared with no likelihood of recovery.  The Company, Livent, filed for bankruptcy and it was the bankruptcy trustee that sued.  Their position is that the auditors’ failure to identify and report the fraud led to the 5 years of borrowing and additional investor funding which essentially went straight to the two chairmen charged with fraud.

The Supreme Court agreed that the auditor was responsible for not identifying the fraudulent activity and taking steps to correct it earlier.

As an auditor, this is one of those rulings that give us pause.  If we perform the audit and gather, what we believe to be sufficient, audit evidence to support the conclusion, then there really shouldn’t be an audit failure.  But actually, even if we gather lots of evidence, the reality is we ask questions of management.  Sometimes, management lies.  Or in this case, were probably instructed by their senior leadership to provide certain answers which proved to be incorrect in the end.

Or, in other words, the audit partner meets with the president and CEO.  She has a list of questions that have filtered up from the audit team through various levels of audit management.  One of those questions was probably, “We discovered certain transactions that were authorized by you, are you comfortable with how those transactions are recorded?”  The answer was no doubt yes.

The auditors may have felt uncomfortable but what can they do?  This type of activity probably doesn’t lead to issuing a qualified, adverse, or disclaimed opinion.  The auditor’s only option is to withdraw because the reporting of fraud is not something you will find in the auditors’ report.  Why? you may ask.  Because fraud is a legal claim that would have to be adjudicated and proven and what the auditor discovers might be evidence of such activity but it hasn’t been proven in a court of law.

It is a terrible position for the auditor.  It is also the risk of performing audits.  I would like to tell you that, in that situation, we would resign.  But because we have withdrawn from engagement before doesn’t mean that the evidence in every case is sufficient to draw that conclusion.  Honestly, there were engagements that we completed that made us uncomfortable but that discomfort never rose to the level of us wanting to withdraw.  This is ultimately what audit leadership is required to made the decision upon.  It isn’t easy and sometimes auditors are wrong.  But if we withdrew from every engagement that caused us to be nervous there would never be another audit performed.

An interesting story that I will still be thinking about for a few days.

Have an awesome day.