Mind the audit expectation gap

As the Parliamentary Joint Committee (PJC) on Corporations and Financial Services considers the submissions on the inquiry into Regulation of Auditing in Australia, and as audit reforms progress in the UK, it is timely to consider what role the auditor plays in the corporate reporting ecosystem.

It will be important for the PJC to identify cost-effective reforms to strengthen the quality and relevance of audit outcomes, and consider how others in the reporting supply chain can deliver more high-quality, relevant reporting.

With a weakening economic outlook, Australia needs robust financial markets and effective oversight to guard against corporate failures. However, even in the most well-regulated markets, failures can still occur due to changes in market conditions, an unsuccessful business model or perpetration of a significant fraud.

The public’s expectation that auditors will prevent corporate collapse or significant fraud reflects the long-touted “audit expectation gap” – the difference between what an auditor does and what stakeholders believe they should do. Improving audit quality will reduce the “delivery” or “performance gap”. Certainly there is more work to be done in that area, as shortcomings in inspection findings from the Australian Securities and Investments Commission periodically remind us, but that is just one part of the gap.

Closing the gap

The greatest opportunity for meeting stakeholder expectations lies in closing the “relevance gap”. That is where the audited information does not address stakeholder needs in terms of the audited subject matter. There is also the “service limitations gap”, which arises largely due to audit sampling (which means that not all transactions or balances will be tested and misstatements will not always be detected).

The service limitations gap can be closed to some extent by technological solutions, but, more importantly, by strengthening the role of others in the corporate reporting supply chain.

Corporate reporting should provide information to enable investors and other stakeholders to make informed decisions. Audit (over financial information) or assurance (over non-financial information) should provide greater confidence in that information. It is critical, then, that the information that is reported and audited meets stakeholder needs.

The greatest opportunity for meeting stakeholder expectations lies in closing the "relevance gap." That is where the audited information does not address stakeholder needs in terms of the audited subject matter.

Stakeholders have varied needs, but some core themes are clear. Minimisation of unexpected corporate collapse and prevention or early detection of fraud are high on most stakeholders’ wish lists. The need for information about corporate performance in social or environmental responsibility is also growing.

Consequently, the more directly corporate reporting can address the risks of corporate collapse or fraud, and over time other emerging information needs – with those reports given credibility by being subject to the scrutiny of audit and assurance – the more likely stakeholder needs will be met.

Corporate collapse cannot always be prevented nor predicted; however, a realistic understanding by the board of the risks inherent in the business strategies that could adversely affect the achievement of the future financial performance or financial outcomes will be critical in managing those risks.

Transparent communication of risks to stakeholders will help them understand the factors that may impact future performance and a company’s risk appetite. Solutions could include assurance over the underlying data, assumptions and methodology used to make the statements in the operating and financial review for listed entities in Australia. These include overall business strategies, future prospects and material business risks that could hinder the achievement of those outcomes.

Forward looking

While this is forward-looking data that auditors cannot be sure will materialise, they can still provide much greater confidence about whether those future prospects are based on sound judgement, assumptions and data, rather than over-optimistic forecasts.

Robust internal control systems, internal audit monitoring and good governance at the board and audit committee levels can ensure early identification of the risk of corporate collapse, along with prevention or early detection of fraud.

Internal controls are much more effective at identifying fraud than external audits, as controls are applied to every transaction, not just a sample. Nevertheless, external auditors can provide greater confidence in the financial reporting system by auditing those controls.

Following the global financial crisis, the US introduced the Sarbanes-Oxley Act of 2002 (SOX), which included requirements for management evaluation of the effectiveness of internal controls, and an independent assurance report by the auditor over that evaluation.

The introduction of SOX was a significant burden on companies, but is seen as being successful in providing improved financial reporting. An Australian equivalent to SOX, perhaps a less prescriptive “SOX-lite”, may be one measure to provide greater confidence that fraud may be prevented or detected.

Ultimately, the responsibility for the business strategy, management of material business risks, oversight of financial reporting and internal controls lie with the board and, in part, the audit committee. Those responsibilities for robust corporate governance, critical in preventing corporate collapse as well as preventing or detecting fraud, cannot be passed on to the auditor.