Auditor Communications:Still More to Do
By Brian Patrick Green and Alan Reinstein
But Still a Long Way to Go
Recent ASB releases have emphasized the need for better communication between the auditor, management, and the audit committee. Standards in other countries, such as the United Kingdom, offer examples of critical communication requirements not present in American standards, especially communications that go directly to users of financial reports, such as investors and creditors. While these additional communication standards might not have prevented failures such as Enron, they could have limited investor and creditor losses by alerting financial statement users to the risks of off–balance sheet debt and certain compensation arrangements. The authors highlight recent changes in the audit standards for auditor communications, and recommend that the audit committee communicate directly with financial report users.
Since 1998, many Auditing Standards Board (ASB) releases have focused on communications. Four of the 11 most recent Statements on Auditing Standards (SAS) describe, amend, or clarify communications among the auditor, management, and the audit committee. While these changes improve audit quality, limitations may still exist in the disclosures and communications that filter information down to those who supply corporations with capital.
Recent financial demises in entities like Enron and Kmart exemplify situations that could benefit from refinements in current communication standards. While improved communications would not have prevented these bankruptcies, additional information might have allowed capital suppliers to make more timely and informed decisions, thereby limiting their losses. Suppliers of capital through debt and equity agreements are the true clients of the audit engagement. Debt and equity investors rely not only on the disclosures within the financial statements, but also on the actions of the audit committee and board of directors, which represent their interests.
Recent changes in auditing standards that affect communications among auditors and various other parties include SAS 83, Establishing an Understanding with the Client; SAS 85, Management Representation; SAS 87, Restricting the Use of an Auditor’s Report; SAS 89, Audit Adjustments (amending SAS 83); and SAS 90, Audit Committee Communications.
This latest round of standards continues the ASB trend toward improving overall audit quality through changes in required communications between the auditor, management, and the audit committee. While direct communications with the client primarily consist of generic information through the auditor’s opinion (i.e., it communicates the level of reasonable assurance), a recent (2000) Public Oversight Board analysis of the future direction of auditing standards found much room for improvement in this area.
Many recently issued SASs have specified more clearly each party’s responsibilities and actions as well as disclosed more completely the audit’s limitations. These parties include clients (providers of capital), management, the audit committee (representing the client’s best interest), the auditor, and other users specifically mentioned in the engagement. Current auditor communications focus on each party’s responsibilities, generic audit procedures performed, levels of assurance offered by the engagement, and a limited list of disclosures. Instead of rules for what the audit cannot give reasonable assurance to, standards should extend required communications to discuss and clarify risks identified under the current audit process. Although auditing standards will never protect naïve users that neglect to use these communications, clarifying capital structures and potential risks may enable financial statement users to make more informed investment decisions.
Enron’s owners are a good example of investors that may have been uninformed under the current communication standards. The Enron “scandal” involved in part financial statement readers receiving inadequate financial information in the areas of off–balance sheet financing, especially those with Enron executives and other related parties, and exceptional or unusual transactions, especially those that its auditors passed as immaterial. Moreover, other problems arose in the areas of auditors’ remuneration and directors’ and officers’ compensation.
Enron investors might have been able to limit their losses if they had been privy to information available to management and the audit committee. Even though current communication standards cover some of the above items, no formal mechanism exists to allow investors practical access to these documented discussions.
The following discussions of amendments to the most recent communication standards summarize the nature of these changes. Exhibit 1 provides further citations, describing the details of each change, including references to prior articles in The CPA Journal and the adopted audit standard.
Between auditor and client. Financial statement audits traditionally provide reasonable assurance to external users that such statements fairly present a company’s position and results. SAS 83 describes the auditor’s provided level of assurance through an engagement letter, which serves as the auditor’s client service contract and clarifies the auditor’s, client’s, and management’s responsibilities. SAS 89 further amends SAS 83 by adding to the “understanding” management’s ack-nowledgement of its responsibility regarding auditor-determined misstatements. This documentation also reduces the risk of clients misunderstanding the services they contract or overrelying on the level of assurance that audits provide, and reminds them of the inherent limitations of financial statement audits. Auditors unable to reach such written understandings with their clients should decline the engagement.
Established understandings with clients should include any specifications for “restricted-use reports.” CPAs normally issue their reports to two (non–mutually exclusive) sets of users. First, general users can receive auditor reports without restriction that the financial statements adhere to GAAP or to other comprehensive bases of accounting. However, restricted users receive auditor reports intended only for certain specified parties, which generally can understand the nuances of such reports. Such “agreed-upon procedures” engagements require auditors to restrict the use of such reports when the measurement base or disclosure criteria is based on contractual agreements or regulatory requirements that do not conform with GAAP; when the report is based on procedures specifically designed to satisfy the restricted user’s needs; or when the report is a by-product of the financial statement audit. SAS 87 discusses restricted-use reports, requiring additional communications through the engagement letter identifying the restricted-use report, specifying the parties to receive the report, and obliging the client to not distribute the report beyond the specified users.
Between management and auditor. Management representation letters primarily communicate, document, and confirm management’s oral representations made to the auditor. While the direction of the communication is from management to the auditor, it also establishes management’s responsibility for the financial statements. SAS 85 adds consistency to this representation letter, and encourages tailoring such communication to the client’s business. Representation letters document communications between management and the auditor during the audit. SAS 85 recognizes that auditors should investigate representations that contradict evidence that they amass during the audit.
While SAS 85 requires that the letter include management’s belief that the statements are fairly stated in conformity with GAAP as well as a standard list of management representations, it also adds the current standards’ recognition of risk and other concerns. SAS 89 also requires that this communication include management’s acknowledgement that it has considered all of the financial statement misstatements that the auditor found. Management must state that unadjusted corrections are considered immaterial, both individually and in the aggregate.
Between the auditor and the audit committee. The 1999 NYSE/ NASD Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees recommended that external auditors be more accountable to the audit committees that represent the client’s shareholder interests. SAS 90 amends SAS 61, Communication with Audit Committees, and places additional burdens on auditors to communicate an assessment of the quality of management’s financial statements to the audit committee. Auditors of SEC clients should now discuss with the audit committee the auditor’s judgments about the quality and acceptability of the company’s financial accounting principles; make this discussion “open and frank” by including topics such as the consistency of the accounting policies and their application and the clarity and completeness of the financial statements; discuss items with a significant impact on the representational faithfulness, verifiability, and neutrality of financial accounting information; and assess the quality of client disclosures, that is, the disclosures’ degree of aggressiveness or conservatism.
Understanding the Limitations of Auditor Communications
Each of the recent standards focuses on several key points. First, auditors should communicate what they can and cannot do at each stage of the audit. Second, the auditor must consistently communicate auditor, client, and management responsibilities. Finally, the standards help ensure that management communicates adequate (material and immaterial) information to the audit committee so that it may judge the results. This communication includes open discussions of auditor and management disagreements, engagement problems, interpretations of audit results, and the quality of information provided in management’s financial statements. A summary of major communication standard re-quirements appears in Exhibit 2.
The SASs face two practical limitations. First, the communication standards are incomplete, failing to disclose certain critical information. Second, while each amendment seeks to improve audit quality, the communications may fail to reach the most important party, the investor or creditor—neither of which is management or the company board.
Lessons from Non-U.S. Communication Requirements
Examples of other critical communications can be found in non-U.S. disclosure requirements. For example, some critical U.K. communication requirements include a separate director’s report (which appears before the auditors’ opinion and financial statements) that the auditors analyze for consistency and that discloses such items as:
Had the U.K. standard been in effect for Enron, the disclosures in its directors’ report might have limited investor losses. These communication requirements include group accounts that help restrict opportunities for off–balance sheet schemes. Specifically, companies should consolidate all group accounts unless doing so would not give a “true and correct” view of the parents’ activities. U.K. standards consider a subsidiary or associate’s interest or “undertaking” where the parent can exercise a “dominant interest” in such activities or where the parent and the other entity are managed on a unified basis. Since the subsidiary can be a partnership, Enron’s elaborate interests with its unconsolidated partnerships would presumably have been disclosed. Moreover, the U.K. standard requires extensive disclosures of transactions with related parties, including those with company directors. Additional disclosures are required for directors’ remuneration, which would presumably have been disclosed if such payments significantly exceeded their competitors’. This disclosure would have been most important for audit committee members, who select the independent auditor and should be independent. Finally, disclosure of exceptional transactions by size and incident would have presumably exposed Enron’s unusual transactions and other evidence of its uncertain position.
Communicating Directly to Users
Financial report users are investors and creditors that supply capital to the company. While audit standards address communications through the engagement and management representation letter and open discussions with the audit committee, no formal mechanism exists to ensure that any of this information reaches investors or creditors. Simply put, Enron’s investors probably had little chance of coming into contact with the management representation letter or the engagement letter, or gaining meaningful knowledge of the auditor’s discussions with the audit committee. While small in-vestors might have heard from management and might have read the company’s audited financial statements, such financial statements and their accompanying disclosures lack the frank and open discussions that the auditor and audit committee must undertake.
One solution is to add a summary of certain available auditor and audit committee communications and other critical auditor and management communications that are not currently disclosed to investors in the financial statements. This communication could be accomplished through a letter from the audit committee to the company’s investors, which would accompany the audited financial statements. This audit committee letter might include key items such as contradictions between audit evidence and management representations; a summary of the aggregate effect of unadjusted corrections considered immaterial by management and the auditor; the quality and aggressiveness of the company’s accounting policies and estimates; the auditor’s judgments about the quality and acceptability of the company’s financial accounting principles; the consistency of the accounting policies and their application; the clarity and completeness of the financial statements; the “quality” of client disclosures (aggressive or conservative); as well as other information needed to communicate recognized risks and concerns.
Again, the U.K. experience offers solid support for requiring additional information in an audit committee letter, such as the names of all directors for the year and their interests in the company and its subsidiaries; directors’ remuneration; group accounts that would restrict opportunities for off–balance sheet financing; unusual transactions and other evidence of a company facing significant changes and uncertainties; and emerging issues of interest to financial statement readers.
©2006 The CPA Journal. Legal Notices
Visit the new cpajournal.com.