A massive shakeup of the UK’s audit industry is on the cards. The Big Four, which audit all of the FTSE 100 and 21 of the FTSE 250, have been told by the accounting regulator to separate their auditing practices by 2024. It follows the collapse of Wirecard, a payments firm which recently admitted that €1.9 billion of the cash on its books probably never existed.
But change has been a long time coming. The frequency with which companies fail – seemingly without any warning signs – has grown in recent years and Wirecard is merely the latest example. Carillion, BHS, Thomas Cook, Patisserie Valerie, and many other companies were given clean bills of financial health by their auditors before collapsing.
We believe that these many failings highlight how the auditing industry is not fit for purpose. The perception of the public is that it is the job of auditors to go over a company’s books and make sure everything is in order. Surely they should be able to spot a looming disaster or better raise concerns about the direction a company is travelling in? Yet so often they fail.
Separating the Big Four’s auditing arms from the rest of their business is a welcome development. Research has repeatedly shown how problematic it is that these firms audit the same companies that they give financial advice to through their wider consulting and tax divisions.
But this is not enough in the fight against financial deception. First, giving the Big Four four years to separate their audit practices is concerning. Fraudulent financial reporting is a huge problem – and likely to grow as the coronavirus-induced recession begins to bite – and this time frame is enough for a worrying number of businesses to fail. But, more fundamentally, there needs to be a change to the approach that auditors take.
‘Serious and serial failures’
EY – whose latest audit of Wirecard’s accounts revealed the missing funds – said it was “an elaborate and sophisticated global fraud” and that EY had been provided false documentation. This defence is revealing of issues in the profession as a whole.
Critics say EY should have done more to detect the fraud. But the prevailing wisdom in the auditing profession is that auditors are not expected to go looking for fraud and they are ultimately not responsible for detecting it. The International Standards on Auditing, which sets out global standards for the profession, places the responsibility for the prevention and detection of fraud solely on a company’s managers and directors – not its auditors.
Clearly the current system is not working. The number of fines for negligence in failed audits speaks for itself, with Big Four firms hit with £16.5 million in fines in 2019 alone.
PwC was fined £4.6 million in June 2019 for “serious lack of competence” when inspecting the financial statements of IT services firm Redcentric. This followed a £6.5 million fine in June 2018 for misconduct in its audit of department store BHS. KPMG was fined £6 million in 2019 for misconduct in relation to the audit of automobile insurer Equity Syndicate Management Limited. Deloitte has just been handed a record £15 million fine for “serious and serial failures” in its audits of former FTSE 100 technology group Autonomy.
Despite the evident problems with the auditing profession, the UK government has been slow to make any serious changes to the way it is regulated or what is expected of auditors. A major review, known as the Brydon report, was commissioned in 2018 but little has been done to act on the proposals it made.
A good starting point is to put the onus on auditors to detect fraud. Auditors, the report said, should be suspicious and “endeavour to detect material fraud in all reasonable ways”. This is very different to the current soft approach.
We believe that auditors should accept full responsibility for detecting fraud in financial statements. Abdicating this responsibility to management negates the very purpose of audit in the financial reporting process.
Once the mandate of auditors has changed, this will shape how auditors are trained. Currently the emphasis is on simply identifying any departures from accounting standards. But they need to go beyond this and adopt forensic accounting procedures.
This involves a thorough examination of financial information, taking an investigative approach and analysing information as if it would be held up in a court of law. Embedding forensic accounting into their approach will likely save auditors from some of the fines they have been receiving, as they can clearly show what they did, if need be.
Along with separating audit from the Big Four and a better regulator, this is required to restore public trust in the financial reporting process and prevent the seemingly sudden collapse of more businesses – something that is hugely important for the success of any business, as well as the wider economy.
The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.