Forensic audit finds more, costs more
To the auditing industry, the fact that investors tend to blame auditors when frauds go undetected reflects unrealistic expectations, not bad work by the auditors. The rules say auditors are supposed to have a "healthy degree of skepticism," but not to detect all frauds.
"There is a significant expectations gap between what various stakeholders believe auditors do or should do in detecting fraud, and what audit networks are actually capable of doing, at the prices that companies or investors are willing to pay for audits," stated a position paper issued in 2006 by the chief executives of the six largest audit networks.
Note that last part. They suggested that if investors were really worried about fraud, they should consider paying more for a "forensic audit" that would have a better -- but not guaranteed -- chance of spotting fraud. Don't like our work? Pay us more.
Ernst's audit opinion does not say, which is no surprise. Virtually every audit opinion in the world says almost the same thing, with no details about the company being audited. Auditors are paid millions of dollars to produce a report that no one thinks is worth reading.
On June 21, the Public Company Accounting Oversight Board, which regulates auditors in the United States, plans to ask for public comments on whether to require auditors to do more and say more.
One idea the board is expected to consider is requiring auditors to disclose more about what they did, and did not, do. Ideally, auditors would point to things that they could not audit. There are a lot of them now, and sometimes they are crucial.
Auditors could be called upon to specify where they thought fraud was most likely in a given company or industry, and what they did to confront the risk. Investors could have a chance then of comparing the work of differing audit firms, as one firm disclosed it had checked something other auditors did not mention.
If an audit was expected to call attention to possibly critical information that was not available to the auditors, perhaps there might be pressure from investors on companies to make that information available. In any case, investors could better understand what the auditors knew -- and did not know -- in reaching their conclusions.
The problems with audits now go well beyond questions of fraud. A critical element for many banks is the valuation of securities that trade infrequently, if at all. There may be a wide range of possible estimates, and the auditor now must simply conclude the estimates are within that range. If so, it signs off.
To make things worse, the estimates may have come not from the company being audited, whose work the auditor can examine, but from a pricing service that views its models as proprietary, making them virtually impossible to audit. That fact is something investors should know, but now do not.
Nor do auditors disclose information about how reasonable an estimate is. In some cases, a wide range might be defensible, and investors have no way to know whether a company was particularly conservative or aggressive in its estimates. The oversight board may consider asking that companies disclose what they deem to be the range of reasonable estimates, and why they chose the one they did. Then the auditors could comment on that.
If auditors enforced some consistency on ranges, then financial statements of different companies might be more comparable, even though they chose different estimates.
The accounting oversight board is also expected to ask if it is time to end the "one grade fits all" audit model, in which every company is deemed to "fairly" present its results. Perhaps a second grade could be added, like "presents adequately," for companies that push the envelope but do not violate the rules.
In addition, auditors could be called upon to discuss the risks the company was taking. They could also be asked to call attention to some of the most critical disclosures in the footnotes, something that French auditors already do.
If much of that happened, audit opinions could become a lot more interesting to read. Investors might actually learn something, and they might be able to form opinions about differences in audit firms.
Another long-overdue change would be to have the lead partner on an audit sign the opinion in the annual report. Now, the firm signs, and investors have no way of knowing who was responsible. If an audit signed by a certain partner later blew up, that could be devastating to his or her career if investors shied away from any companies whose audits he later signed. Would that make auditors more careful? Perhaps.
BUSINESS DAY
Troubled Audit Opinions
By FLOYD NORRIS
Published: June 9, 2011
Requiring more detail from auditors could help investors evaluate Sino-Forest Corporation, a company cleared by Ernst & Young but called a fraud by Muddy Waters Research.