Price Waterhouse, the independent auditor of Satyam withdrew its audit reports on financial statements issued by Satyam. Dismayed investors and general public are still debating on how an auditor can withdraw a report that was relied on by investors.
The audit community is feeling let down that a firm of PWs stature could not detect the overstatement of revenues and the holes in cash and bank balances. The media has already pronounced the auditor guilty of negligence. These sentiments are understandable. But at the same time we should dispassionately consider what is expected from an independent audit.
Detection of fraud and error is not the principal aim of audit. This principle was laid down as early as in 1986 in the leading case, Re-Kingston Cotton Mills Co. If there remains a deep-laid fraud in the accounts, which in the normal course of examination of accounts may not come to light, it will not be construed as audit failure, provided the auditor was not negligent in carrying out his normal work. An auditor is not a detective.
He is only expected to apply that skill, care and caution in her work which a reasonably competent, careful and cautious auditor is expected to use. Therefore, auditors all over the globe state in their audit report that they have applied auditing standards in forming their opinion on the financial statements prepared by the management.
An auditor plans and performs audit so as to obtain all the information and explanations which are considered necessary in order to provide him with sufficient evidence to give reasonable assurance that the financial statements are free from material mis-statement, whether caused by fraud or other irregularity or error.
The whole audit process is dependent on the adequacy and effectiveness of the internal control system. Therefore, the independent auditor plans an audit only after evaluating the adequacy and effectiveness of the internal control system. However, even an otherwise adequate and effective internal control system may be ineffective against fraud committed by the CEO, who is in a position to override the internal control system. This makes it difficult for the auditor to detect management fraud.
There has been no change in this fundamental position. Auditing and Assurance Standard (AAS) 4, issued by the Institute of Chartered Accountants of India, stipulates that the fact that an audit is carried out may act as a deterrent, but the auditor is not and cannot be held responsible for the prevention of fraud or error. However, the auditor should approach him work with professional scepticism. International Auditing Standard 240 issued by the International Federation of Accountants (IFAC) stipulates. When obtaining reasonable assurance, the auditor is responsible for maintaining an attitude of professional scepticism throughout the audit, considering the potential for management override of controls and recognising the fact that audit procedures that are effective for detecting error may not be effective in detecting fraud.
In Satyams case, it is too early to pronounce PWC guilty of negligence. Only after the completion of the investigations it will be clear whether the auditor failed to apply audit procedures and techniques and to bring to its work due care, skill and judgement. However, the Satyam episode has raised certain important questions about independent audit of financial statements being issued by companies.
Is audit a personalised service? Audit is generally considered to be a personalised service. It is the individual responsible for conducting the audit who brings him personal judgement, skills, and attitude to the work. Therefore, it is logical to take disciplinary action against the individual if he is found guilty of negligence or on any other count. But neither can it be denied that audit firms build their corporate brands, and investors and other users of audited financial statements value that brand.
The Big Four audit firms could grab most of the large audit assignments because of their brand image. They bring global experience, invest in staff training and technology, and ensure a high quality of audit through internal mechanisms. Investors confidence flows from the audit firms reputation.
They do not care about the name or details of the individual partner who was entrusted with the audit of the company. The media glare, rightfully therefore, is on PW as a firm and not on the individual partners who conducted the audit of Satyam.
Neither can the demand of investors to take action against PW, if the auditor is found guilty, be ignored. The government, regulators and individual companies should take a call after the investigation is over. If extant regulations are inadequate new regulation should be put in place. In the US, the Public Company Accounting Oversight Board (PCAOB) has the power to impose sanctions against any audit firm whose partner is found guilty of negligence or otherwise.
Is there is a need for compulsory rotation of auditors? Although debated for long, this is an unsettled issue. A new auditor brings a new perspective to the audit and this may help in the detection of management fraud of the kind perpetrated at Satyam. Some argue that this system has a huge cost and may not bring the desired result.
However, the cost of such rotation has not been clearly established. There is a system of rotation of auditors in public sector enterprises (PSEs). A study on PSE audits may give an insight into the cost of rotation. Until such time that the cost of rotation of auditors is established, the rotation of the lead partner should be introduced and the mechanism of joint audit should be made mandatory for listed companies as an in-built control system.
Should we have an institution like the USAs PCAOB? In the US, PCAOB was established through the Sarbanes-Oxley Act after the failure of Enron. The powers of PCAOB include the power to register public accounting firms; set auditing, quality control, ethics, independence and other standards relating to the preparation of audit reports; conduct inspections of registered public accounting firms; conduct investigations and disciplinary proceedings concerning, and impose appropriate sanctions, where justified upon, registered public accounting firms and associated persons of such firms.
Each of those powers is subject to approval and oversight by the Securities and Exchange Commission (SEC). In India, these powers are vested with ICAI at present. It is not necessary that all those powers should be taken away from ICAI. However, it is necessary to strengthen the oversight over the quality of work of independent auditors.
Therefore, an oversight board should be created under SEBI with the power to conduct inspections of audit firms engaged in the audit of listed companies and to impose appropriate sanctions, where justified.
How to avoid audit failures? Audit failures can be minimised only by strengthening internal control systems and by keeping a close watch that the CEO does not override these systems; by protecting the independence of both the internal and external auditors; and by closely monitoring related party transactions.
The responsibility of oversight lies with the board. While exercising oversight (through audit committees), the board must consider the potential override of internal controls or other inappropriate influence over the financial reporting process and the potential for the impairment of audit independence. The board must pay special attention to related party transactions. The board of Satyam failed on all these counts.
To avoid future audit failures the government should bring necessary reforms in the auditing regulations without further delay. We have debated issues for long. It is the time to act.