 "A raw deal for auditors")
The auditing “expectation gap” of what the public and other financial statement users perceive auditors’ responsibilities to be and what auditors believe their responsibilities entail is getting wider and wider. This gap is further accentuated by the hard stance and attitude of the regulatory bodies. An audit cannot verify 100 per cent of all documents and balances. If the auditor were to verify 100 per cent of sales and purchase invoices, delivery challans, gate passes, production records, journal vouchers, assets, liabilities and all records of the entity and consider all management representations as unworthy, it would require an army of auditors sitting at clients endlessly, and it would not be possible to complete the audit within the timeline prescribed by law for presentation of accounts to the shareholders. Further, the cost of doing so would be prohibitive and disproportionate to the benefit that may be derived by the shareholder.
An audit cannot discover all types of fraud. The internal controls can be corrupted and circumvented through the collusive efforts of management, like in the Tri-Sure case (1985). Collusion by top management to commit fraud that usually involves sophisticated schemes, forgery, misrepresentations will be nearly impossible to detect in an audit, unless there be information from a whistle-blower or something suspicious or alarming to rouse the suspicion of the auditor.
It would be wise to focus on some of the important principles for consideration in the Tri-Sure case pointed out by Judge M L Pendse:
“The auditor is required to employ reasonable skill and care, but he is not required to begin with suspicion and to proceed in the manner of trying to detect a fraud or a lie, unless some information has reached which excites suspicion or ought to excite suspicion in a professional man of reasonable competence. An auditor's duty is to see what the state of the company's affairs actually is…but he is not required to perform the functions of a detective.”
“In judging whether an auditor exercises reasonable care and skill, it would not be appropriate to proceed on matters which have subsequently transpired, but one must place oneself in the position of the auditor as when the accounts were audited and find out how the matters appeared or ought to have appeared to a man of reasonable care and skill.”
The current aggressive regulatory mindset seems to strongly suggest that an audit must be conducted like a forensic investigation and smacks of the benefit of hindsight, contrary to audit practice and ratio of the Tri-Sure decision. This mindset needs to change.
The profession also needs to do its bit. Today the statutory auditors are debarred by law from providing certain identified non-audit services to their audit clients. However, the firms should go further and voluntarily restrict the provision of legally permitted non-audit services to their audit clients falling into the high-risk category. Another way to help bridge the perception gap is that audit partners should not be set any targets for internal revenues, profits and chargeable hours.
Multiple agencies probing auditors is conflicting
In the Tri-Sure case, the auditors were probed in the Bombay High Court and by ICAI. Today, multiple agencies are in some way or the other involved in probes against auditors. In the now unfolding IL&FS fraud, we already have probes against auditors by ICAI, SFIO, NFRA, SEBI and ED and there is an overlapping of jurisdiction. The multiplicity of agencies probing auditors is confusing, conflicting and to say the least scary for auditors and is indicative of regulatory overreach.
Only one regulator should be held responsible to regulate the auditors; not multiple regulators. If the newly formed NFRA (for listed companies and large unlisted companies) and ICAI (for smaller unlisted companies) are to undertake this task then the bench should comprise of those who have a clear understanding of standards. A majority of the members of NFRA should comprise of chartered accountants who are familiar with nearly 31 accounting standards, 38 standards on auditing, numerous guidelines, the leading authoritative books on auditing, negligence, liabilities of auditors and with numerous case laws dealing with fraud and the auditor.
Regulatory agencies are blurring the distinction between audit, negligence and criminal collusion
In 2018, SEBI passed an order against PwC alleging that the audit firm was hand in glove and colluded with the management of the scam-tainted Satyam and that there there had been a total abdication by the auditors of their duty to follow the minimum standards of diligence and care expected from statutory auditors that infers malafide and involment on their part. The order, continued to state that a continuous omission to check the figures of the company with the external sources can definitely lead to complicity as an inference thereof, and that accumulated and aggregated acts of gross negligence scale up to an act of commission of fraud.
An audit cannot discover all types of fraud. The internal controls can be corrupted and circumvented through the collusive efforts of management, like in the Tri-Sure case (1985). Collusion by top management to commit fraud that usually involves sophisticated schemes, forgery, misrepresentations will be nearly impossible to detect in an audit, unless there be information from a whistle-blower or something suspicious or alarming to rouse the suspicion of the auditor.
It would be wise to focus on some of the important principles for consideration in the Tri-Sure case pointed out by Judge M L Pendse:
“The auditor is required to employ reasonable skill and care, but he is not required to begin with suspicion and to proceed in the manner of trying to detect a fraud or a lie, unless some information has reached which excites suspicion or ought to excite suspicion in a professional man of reasonable competence. An auditor's duty is to see what the state of the company's affairs actually is…but he is not required to perform the functions of a detective.”
“In judging whether an auditor exercises reasonable care and skill, it would not be appropriate to proceed on matters which have subsequently transpired, but one must place oneself in the position of the auditor as when the accounts were audited and find out how the matters appeared or ought to have appeared to a man of reasonable care and skill.”
The current aggressive regulatory mindset seems to strongly suggest that an audit must be conducted like a forensic investigation and smacks of the benefit of hindsight, contrary to audit practice and ratio of the Tri-Sure decision. This mindset needs to change.
The profession also needs to do its bit. Today the statutory auditors are debarred by law from providing certain identified non-audit services to their audit clients. However, the firms should go further and voluntarily restrict the provision of legally permitted non-audit services to their audit clients falling into the high-risk category. Another way to help bridge the perception gap is that audit partners should not be set any targets for internal revenues, profits and chargeable hours.
Multiple agencies probing auditors is conflicting
In the Tri-Sure case, the auditors were probed in the Bombay High Court and by ICAI. Today, multiple agencies are in some way or the other involved in probes against auditors. In the now unfolding IL&FS fraud, we already have probes against auditors by ICAI, SFIO, NFRA, SEBI and ED and there is an overlapping of jurisdiction. The multiplicity of agencies probing auditors is confusing, conflicting and to say the least scary for auditors and is indicative of regulatory overreach.
Only one regulator should be held responsible to regulate the auditors; not multiple regulators. If the newly formed NFRA (for listed companies and large unlisted companies) and ICAI (for smaller unlisted companies) are to undertake this task then the bench should comprise of those who have a clear understanding of standards. A majority of the members of NFRA should comprise of chartered accountants who are familiar with nearly 31 accounting standards, 38 standards on auditing, numerous guidelines, the leading authoritative books on auditing, negligence, liabilities of auditors and with numerous case laws dealing with fraud and the auditor.
Regulatory agencies are blurring the distinction between audit, negligence and criminal collusion
In 2018, SEBI passed an order against PwC alleging that the audit firm was hand in glove and colluded with the management of the scam-tainted Satyam and that there there had been a total abdication by the auditors of their duty to follow the minimum standards of diligence and care expected from statutory auditors that infers malafide and involment on their part. The order, continued to state that a continuous omission to check the figures of the company with the external sources can definitely lead to complicity as an inference thereof, and that accumulated and aggregated acts of gross negligence scale up to an act of commission of fraud.
Disclaimer: These are personal views of the writer. They do not necessarily reflect the opinion of www.business-standard.com or the Business Standard newspaper
