Assurance Services and the Audit Heritage

What's new and what's rooted in the past.

In Brief

New Growth on an Old Oak Tree

The AICPA Special Committee on Assurance Services confirmed that financial statement auditing is no longer a growth industry but set out to build on the audit. It made suggestions to maintain and strengthen the audit and on the need to adapt audit tools to the changes in the environment being created by information technology. The Committee examined changing conditions and studied users' decision-making needs to identify new services and developed a definition of assurance services that builds on the audit tradition.

A survey by the Committee supported the idea that there is abundant opportunity for additional work in the audit tradition and suggests there could be a greater variety of assurance engagements being performed than might be assumed. Much of these services are outside the protected professional monopoly and thereby subject to different kinds of competition.

The range of new assurance services will be guided by decision makers' information needs, and the Committee has identified six. These services demand that the assurer apply measurement criteria, a process performed on every audit. However, some of these services would involve assurance on relevance, a departure from the audit tradition, which has been limited to assurance on reliability.

The practice of accounting is evolving and assurance services are taking the attest function to a broader compass with direct reporting and the opening to relevance-enhancement services. Ultimately, the definition of accounting will be broadened to reflect the profession's past and anticipate its future.

Some people will tell you that everything is rooted in the past, and they're right. But some things are more deeply rooted in the past than others. Irrigation for agriculture goes back at least to the ancients of the Middle East, but computers originated in the twentieth century. Pottery goes back to pre-historic times, but the electric food processor is a late-twentieth century device. The horse-drawn carriage can be traced back to the domesticated horse and the chariot or cart, but the automobile, arguably the carriage's successor, is really a creature of the relatively recent internal combustion engine. Of course, the automobile is equally inconceivable without the wheel, which was well-known to the ancients. Sometimes tracing origins gets complicated.

What does all this have to do with the audit and assurance services? We need perspective on what is a new departure and what is not. We cannot know where we are going without a fix on where we are. So I want to focus on the degree to which assurance services are a new departure and on the degree to which they are rooted in the past.

The AICPA Special Committee on Assurance Services

I'll start with the work of the AICPA Special Committee on Assurance Services (Committee). Our task was to assess the economics of auditing and its likely future and to see what new services it made sense to add. That led us to defining new assurance services, but how we got there says something about the continuity between the two service types.

Three influences on audits of financial statements have been fairly well known for a while, so it's not surprising the Committee gave them attention.

* First, trends tell us we can't expect rapid growth in demand for audits in the future, though there will be steady demand. The combined accounting and auditing revenue of large firms, adjusted for inflation, has been flat for nearly a decade.

* Second, audit technology has been making auditing less labor intensive.

* Third, competition among auditing firms and cost-cutting pressure from corporate clients will help keep downward pressure on fees.

The three conditions mean that financial-statement auditing is no longer a growth industry. The Committee didn't discover these conditions. But it did confirm them, and its charge was to develop plans to respond to them.

The Committee set out to build on the audit and never wavered in pursuing that goal. The rationale was really quite simple. The audit tradition is an enormous professional asset apart from audit fees. Like idle money, it will decline in usefulness if it is ignored. But if properly invested in new services, it can yield great rewards.

The Committee was convinced that market permission for new assurance services begins with the financial statement audit. It said the following:

Firms' reputations for excellence in the audit of GAAP financial statements are essential to successfully introducing new services. Solid audit performance underscores independence and objectivity, a powerful competitive advantage. Market permissions would be severely curtailed by public distrust of financial statement audits.

With this in mind and after study, the Committee made suggestions to maintain and strengthen the audit. It focused on the need to maintain public confidence in the treatment of fraud, illegal acts, and financial distress. These are not new problems. They have received attention before, some recently and very constructively; but it is nevertheless true that public concern on these issues can damage the auditor's image and any hopes of the extended market permissions that go with it.

The Committee also made suggestions on the need to adapt audit tools to the changes in the environment being created by information technology. The factors leading to more heavily computerized reporting to investors will eventually lead to user access to corporate databases with real-time assurance by "auditors." Such access will take the place of periodic paper reports. Transforming financial reporting in this way will necessitate a transformation in auditing.

There is good reason to believe user access to corporate databases is in our future. Companies are keenly aware of the importance of providing information to capital suppliers; they know their access to capital depends on it; and they know that the cost of capital is importantly determined by it. There's recent research evidence confirming the cost-of-capital benefits of supplying information. Last year Christine Botosan showed (in the July 1997 Accounting Review) that greater disclosure is associated with a lower cost of equity capital--nearly a ten percent capital cost advantage to firms making the most disclosure.

So there are incentives for companies to satisfy the information needs of their investors and creditors, and there's a basis in the new research to believe awareness of those incentives will increase.

Add to this the declining cost of processing and reporting power, growing systems integration, and networking that merely a decade ago seemed visionary. These factors mean that real-time access to corporate databases is becoming more feasible every day. If it becomes a reality, as seems likely, assurance will be needed on the systems. If independent accountants don't supply it, others will. To be ready and to help the evolution toward database access, auditors had better lose no time refining their systems-evaluation tools.

All this means the audit as we now know it is going to be transformed. It will still be an audit in its purpose and traditions. Users of corporate data will still be receiving assurance on the reliability of the information they need for investment and credit decisions, and the fundamentals of the audit's economics will be the same. But the audit will change. It hasn't been static in the past, and it won't be in the future.

The Scope of New Assurance Services

Let's assume that auditors do all that's necessary to maintain the audit as a source of profitable work and as a professional asset that can help create market permissions for new services. What is the scope of the additional services that might be offered? The Committee examined changing conditions affecting the marketplace and studied users' decision-making needs to identify new services, and it developed a definition of assurance services that builds on the audit tradition.

It's easy to see the economic bridge between new assurance services based on future conditions and the financial-statement audit. The value of the financial-statement audit derives from the marketplace need for high quality information for investment decisions. The audit provides assurance that an information set presented to investors and creditors is reliable. But the marketplace need for high quality decision-making information is far greater than just the need for reliable historical-cost-based financial statements. There are all sorts of decisions, all sorts of decision makers, and an infinite number of possible information sets in addition to historical cost-based financial statements. What's more, the decisions and the information sets that can serve them are changing and multiplying and promise to continue to do so.

With this awareness, the Committee defined assurance services as "independent professional services that improve the quality of information, or its context, for decision makers."

The definition captures essential elements of the audit function--independence and improving information for decision making. Independence is the most important link between the audit tradition and new assurance services. Of all the values accountants bring to the audit, independence is probably most prized. It will be equally present for assurance services. There can be no conflict between independence in the performance of an audit and the performance of new assurance services, because independence is required for both.

In a number of ways the definition expands on the audit function. These are the ways it looks to the future. It sets no limits on the types of information, the types of decision makers, the types of improvement in the information, or the types of procedures that lead to the improvements. For example, the decision makers are not limited to investors and creditors or others interested in financial stewardship. The procedures are not limited to verification. Measurement criteria are not limited to GAAP and its surrogates. The type of improvement in decision-making information is not limited to reliability, but specifically embraces improved relevance or context as well. Finally, the information is not limited to the financial or even to the quantitative. It can be about events or processes or systems. It can be direct (such as information about a product) or indirect (such as someone else's assertion about a product).

Assurance Services in Current Practice

The definition of assurance services clearly departs from traditional audit and attest services, but it is not obvious to what degree it departs from current practice or even how assurance services will develop. If most new assurance services turn out to be reports on reliability applied to new types of information, there will not be a great departure. The concepts applied by auditors and the types of engagements, will conform to the attestation standards issued by the AICPA in 1986--three-party engagements with an accountant issuing a written conclusion on another party's assertion.

We have some evidence of variety in the types of assurance services provided today. The Committee surveyed twenty-one large and medium-sized accounting firms about the assurance services they provided. These firms reported over 200 nonaudit assurance services. The greatest number were reliability-reporting engagements. Some involved direct reporting--that is, the accountant reported directly on the subject of the engagement, rather than on management's assertion about the subject. Many of the reported services involved performance measurement. One was clearly a relevance-enhancement engagement. The accountant evaluated the appropriateness of information provided to management. Reporting on the relevance of information is quite different from reporting on its reliability. The relevance-enhancement engagement was clearly evidence of a new departure in assurance services.

The survey findings demonstrate market demand for assurance services as no theory or estimate ever could. In other words, they support the idea that there is abundant opportunity for additional work in the audit tradition. The survey also suggests there could be a greater variety of assurance engagements already being performed than might be assumed, because of the direct-reporting and relevance-enhancement engagements that were tallied. And if the marketplace already shows accountants performing these kinds of engagements, they are as much a natural response to market demand as the three-party, reliability-reporting assurance engagements. They too reflect a natural evolution in the audit tradition.

Competition

Assurance services depart from the audit tradition in that a high proportion of them are outside the protected professional monopoly. Assurers are likely to be competing with software firms, systems houses, and consultancies, for example. This is not a case of outsiders poaching our traditional work. It arises because the greatest opportunities for new assurance services are in unregulated areas.

However, in some ways the competition has long been underway. Nonaccounting firms have been providing types of assurance services for years, but it has never been considered competition because no one thought the work was accountants' work, or even potential accountants' work.

The Good Housekeeping Institute is a consumer product evaluation laboratory. Good Housekeeping Seals have been issued on consumer products since 1909. It's hard to see any functional difference between that seal and an accountant's report on the reliability of a software supplier's performance claims. There may be technical differences, but no difference in the types of needs the service is supposed to satisfy. In both cases there is an evaluation and a communication to users of the product.

An even closer comparison, at least in terms of communications, is between the Good Housekeeping Seal of approval and the assurance-seal concept that is central to the newly developed assurance services for electronic-commerce over the Internet, jointly developed by the American and Canadian Institutes. A "CPA WebTrust" symbol on the computer screen when the consumer is considering a purchase will show that an assurer has made an evaluation and that the seller's relevant procedures and controls were in compliance with criteria covering business practices, transaction integrity, and customer privacy. By clicking the symbol, the consumer can access the assurer's report and the measurement criteria.

ISO 9000 certification is another example showing that the competition in assurance services is already underway. ISO 9000 standards pertain to suppliers' quality controls. Compliance with the standards assures a consumer, usually a business, that the goods it is receiving are likely to have a desired level of quality. My firm does ISO 9000 work; we consider it assurance work; and we know we're competing with nonaccounting firms.

We accountants may not like the idea, because we think we're unique--and in some ways we surely are--but all sorts of bodies communicate their conclusions on the quality of products and services to potential buyers. Consumer products are evaluated in magazines, and advertisements tell you about test results and comparisons performed by nonaccountants. Closer to home is the example of colleges and universities. They grant degrees that are supposed to mean something to prospective employers about the skill levels of the graduates.

The lesson from these examples is not just that competition is here and won't go away. The lesson is that sitting still is risky. Fortunately, however, the profession can apply its reputation for integrity and competence and its skills in measurement, information systems, controls, and verification to help decision makers in new but related ways. In fact, the most significant new departure from the audit tradition represented by assurance services is the opportunities for accountants.

Opportunities

The range of new assurance services will be guided by decision makers' information needs. You can get some idea of the range, at least at this early stage of service expansion, from the services the AICPA Committee identified. Six were developed to the stage of business plans, and several others were explored in abbreviated form. I already mentioned electronic-commerce assurance services. The Committee also developed business plans for these five other services with the following objectives:

* Health-care assurance. Assess health-care providers' performance for the benefit of care recipients and their representatives (e.g., employers and unions).

* Risk assessment. Improve the quality of risk information by assessing the likelihood and magnitude of adverse events.

* Systems reliability. Assure that systems are designed and operated to provide reliable information.

* ElderCare Plus. Provide assurance to elders and their loved ones that care delivery goals for elderly persons are being met.

* Entity performance measurement. Assure the relevance and reliability of entity performance measures, broadly conceived (e.g., in conformity with the Jenkins Committee's business reporting model).

These services may seem like departures from the audit tradition. But in fact there are continuities.

Every one of the services demands that the assurer apply measurement criteria, a process performed on every audit. The criteria, like those for electronic commerce assurance services, are different from GAAP. Accountants performing these and related services will have to be able to apply such measurement criteria and to measure in nonfinancial units, which will call for some adaptation. But neither task is novel in the accounting profession. In fact they define an opportunity. If accountants are measurement and verification specialists, they should be able to apply that expertise generally.

No one can audit a modern corporation effectively without knowledge of information technology and without knowledge of controls and how to evaluate them. Systems assurance and electronic commerce assurance show how such skills and knowledge give auditors a good base to move on to nonaudit assurance services. There is a close relationship between the information-technology skills and knowledge that should be part of the auditor's toolkit and the skills and knowledge that will be applicable to a significant, probably a high, proportion of nonaudit assurance services.

Risk assessment assurance services require the assurer to understand the risks affecting an organization. The link to auditing lies in the fact that some form of risk analysis is always applied, and the going-concern evaluation is a form of risk analysis. In addition, a prerequisite for risk analysis is an understanding of client operations and strategies, the industry, and the economy and their interrelationships. Auditors should be at home with this demand, because it's a prerequisite to effective auditing.

Performance measurement services would take the accountant directly into the uncharted waters of relevance-enhancement assurance services. The assurer would evaluate the relevance of performance measures, would identify relevant performance measures, and would design systems that produce relevant performance measurement data. This is a noticeable departure from the audit tradition, which has been limited to assurance on reliability. On the other hand, the work is not beyond the attest tradition or what accountants have accepted before as work within their range of competence. The qualities of good accounting standards have been discussed within the profession for years. Today professional standards provide guidance to accountants who devise measurement criteria for specific engagements, and devising them cannot be done without full attention to the relevance of the measures.

Nevertheless, to fulfill the promise of relevance-enhancement assurance services, accountants would need greater proficiency than is typical today. The full range of relevance-enhancement services takes in all decision-making processes. That's because every process in the sequence that leads to a decision is a place where the information for the decision can be made more relevant. The first process in the sequence is problem definition. Others include determining information requirements, locating and obtaining the information, analyzing it, and evaluating alternatives and tradeoffs. The last process--after action is taken--is getting feedback on outcomes, which is particularly important for recurring decisions. If you want to find out more about these processes and what they mean for assurance services, you can consult the more extensive and formal analysis in the Committee's website report (www.aicpa.org/assurance/index.htm). For our purposes, it's sufficient that relevance-enhancement services open enormous possibilities for accountants in the future.

You can get some idea of the dimensions of assurance opportunities from the Committee's ballpark estimates of the revenue potential of the six services it identified. They could double or even quadruple current level of accounting and auditing revenues over the next several years. And this should be seen in the context of a wider set of opportunities based on generic changes in the environment and new efforts to take advantage of them. We're moving--

* from manual signatures on assurance reports to assurance by seal on the web,

* from examining and adjusting financial statements to designing and monitoring information flows,

* from periodic information to continuous, real-time information, and

* from financial to comprehensive information.

Knowledge work is already the greatest engine for modern society's economic growth, and reliable, relevant information is its fuel. In the future, knowledge work and services for decision makers will grow together. The question is whether accountants share in that growth as their experience and training seem to fit them.

Customer Focus

Let's consider now the services that have not yet been identified, but represent the largest share of the potential opportunities. There will be two sources of new assurance services. The first is the work of the AICPA. The second will be individual firms. We know from the survey of services I cited earlier that firms have already been developing new services. Nevertheless, focusing on customers' needs and developing new services on a regular basis is another major departure assurance services bring to the profession.

Accountants must learn the information needs of their customers. With that knowledge they can tailor services they already provide, identify and develop new assurance services, and make sound decisions about whether to gear up to offer assurance services developed by the AICPA. That's a challenge, something that not many firms are now very good at. But it's something they can do and in the future must do.

Accounting departments in the universities must ask whether the curriculum should teach future accountants how to identify customers' needs, how to translate needs into services, and how to assess the market for new services. At the least, the need to identify and develop new services should appear in the curriculum as one of the professional demands students will one day face. If future accountants think they're entering a static marketplace, they won't be prepared to succeed. And if they think they can consistently deliver value without regard to customers' needs, they're simply mistaken. It may be time for accounting departments to rethink the way they present the world of practice to students.

The Practice of Accountancy

When thinking about the future practice of accountancy, it's not just a matter of whether assurance services are included. The larger question is how the vocation of accountancy is defined. An evolution has been under way for some time, and it will change the nature of accounting as an academic discipline.

Accountancy has always been focused on providing information integrity to our economy. Auditing is one component of this mission, but it has never been the sole component. From the beginning, accountants were experts in the systems that produced the audited information and advised clients on how to improve them. Both roles expanded over time.

Auditors became expert in electronic information systems and provided advice on how to improve them. This was followed by integrated systems, with the same contribution being made. Sometimes firms helped organizations as an offshoot of the audit, in the tradition of the management letter, and sometimes the engagements were separate, part of what is known as consulting. Meanwhile, accountants provided data processing, compilations, reviews, and audits, and more recently, they've been reporting on the reliability of nonfinancial as well as financial information. Now assurance services takes the audit-attest component of information-integrity services to a broader compass, with direct reporting and the opening to relevance-enhancement services.

In these ways the definition of accountancy as a vocation is changing. The changes should have a direct influence on how professors present the practice of public accounting to students. There's a more generic way of conceiving of what auditors do than applying principles of financial accounting when verifying financial statement assertions. Auditors with all their diverse specialties still serve the broader mission of providing information integrity.

The redefinition of accountancy will include a reconsideration of basic concepts. By way of example, I'll give you my personal perspective. As I see it, we should define accounting in a way that reflects a future in which enterprise accounting systems will typically be linked over the web, not isolated. Accounting could be defined as the information infrastructure necessary for an entity to achieve its objectives and, linked across all entities, the information infrastructure of the economy. An accountant's role should be defined by the benefit the services bring to the entity receiving them, not by some set of activities. For example, an accountant is one who enables an entity to achieve its objectives through the strategic use of information and information systems. And an assurer is one who improves the quality of information, or its context, for decision makers.

Those are my definitions, but I expect more will be forthcoming as the academic community digests the changes underway. Any set of proposed definitions should be consistent with the profession's past and should reflect its future.

The redefinition of accountancy will broaden the body of knowledge that defines the academic discipline of accounting. The broader the discipline, the more it's likely to interact at the boundaries with other disciplines. There's nothing new in this kind of interaction. The turf is always being adjusted. During the adjustment, the academic branch of the profession may find helpful that their practitioner kin are performing services that correspond to the broader notion of accountancy.

The Future

If all goes well, assurance services will help accountants adapt to the evolving practice environment and sustain their contribution to society on into the future. It will be an exciting period for those entering the profession, one full of change and challenge, but with opportunities for fulfillment even greater than auditors had in the past. We'll be giving the audit tradition new meaning, developing it, and standing on the shoulders of those whose heritage we'll be continuing. *

Robert K. Elliott, CPA, is a partner in the executive office of KPMG Peat Marwick, and was Chairman of the AICPA Special Committee on Assurance Services. This article was adapted from a speech given by Mr. Elliott at an assurance symposium in Canada in March 1998.