In your July Guest Editorial, “Would Continuous Auditing Have Prevented the Enron Mess?” the authors [Miklos A. Vasarhelyi, Alexander Kogan, and Michael G. Alles] suggest that “While many believe that a well-performed traditional audit could have detected many of Enron’s operational problems, a well-performed continuous audit would have brought them to light much sooner.” This misses the point and raises a question: What good is either of those procedures if there is no intent or concern about performing a “well-performed” audit engagement?
From my perspective, no audit was performed that was intended to verify and confirm the figures given to the auditors and their veracity; the auditors simply did not do the job they were required to do in order to establish the fair representation of the client’s financial condition. They were in effect part of management. Why talk about a “well-performed” anything when there was no intent to reflect material matters coming to light as a result of such procedures in the figures or the auditors’ statement?
My experience in accounting and auditing, both public and private, extends back to when accountants figuratively flew in open cockpits on the seat of their pants while white scarves tied around their necks blew in the airstream. Techniques and audit procedures have changed since then, new rules and regulations have been promulgated, and the computer has become an accounting tool. But some things have not changed. Some basic rules and principles were ignored or viciously violated in this matter, and there is no other way to say it. The crowning outrage was to destroy workpapers and other relevant material, even when ordered by the government to safeguard them.
I cannot bring myself to believe that a “well-performed” traditional audit, forget about a continuous audit, would not have picked up the truth and extent of the practices now under such ridicule, especially when, if I am correct, the accounting firm in question had been reviewing the client’s books for some years. I think it’s that simple: total lack of oversight and independence.
Leonard I. Kornblum, CPA (Retired)
The Authors Respond
We agree with Mr. Kornblum’s main point that the audit procedures and methods applied by Andersen in the Enron case were deficient. Furthermore, it seems clear that many of Enron’s accounting treatments were improper, and that Andersen failed to take Enron’s management to task for that. For example, Joseph Berardino, then–chairman of Andersen, claimed that Enron’s SPE treatments were in accordance with GAAP, which was not actually the case. Dr. Katherine Schipper, a FASB member, recently pointed out that the infamous EITF 90-15 interpretation was originally designed for the very specific instance of a synthetic lease with a nonsubstantive lessor and that interpretation was not to be analogized. But Enron, with Andersen’s acquiescence, stretched the treatment by applying very far-fetched analogies to very different contexts.
As for whether continuous assurance would have deterred these actions by Enron management and its auditors, note that auditing in general works under the presumption that auditors and senior managers will use the information that it provides in a proper fashion. If that assumption holds, then by bringing more anomalies to light faster to these responsible parties, a continuous audit system would increase the deterrence value of the audit. Furthermore, the recent legislation mandating the separation of auditing from consulting will require that the control and monitoring layer from which continuous auditing measurements are drawn be provisioned by an independent entity, which further enhances the continuous audit’s deterrence.
But as Kornblum correctly points out, the most challenging environment for auditing is one in which a collusive auditor abets management fraud. Where there is fraudulent collusion, it is conceivable that the client/auditor team could substantially tamper with a continuous audit system and obfuscate its alarms and warnings. Indeed, continuous audit systems may be more vulnerable to such interference than standard audits, given continuous audits’ greater reliance on automated tests. As a response to such collusive behavior, we presented a proposal at a recent American Accounting Association conference to supplement continuous audit with a “black-box log file.” Such a log captures the essence of auditor actions and records it in a permanent electronic read-only log to be kept by a trusted third party. The existence of this log would be a powerful deterrent and serve as a valuable tool for forensic evaluation of management and auditor actions. A paper outlining our proposal is available online at www.cpaj.com.
Miklos A. Vasarhelyi, firstname.lastname@example.org
Alexander Kogan, email@example.com
Michael G. Alles, firstname.lastname@example.org
©2006 The CPA Journal. Legal Notices
Visit the new cpajournal.com.