A Prognosis for Restructuring the Market for Audit Services

Medical history is replete with instances where a correct diagnosis was followed by an inappropriate—even harmful—therapy. A classic example is the 19th-century accepted practice of “bleeding” patients that were suffering from fever—the opposite of what is necessary and beneficial because it weakens the patient precisely when he needs strength to combat the cause of the fever.

By way of analogy, following the accounting scandals of Enron and its ilk, the diagnosis of what was ailing the auditing profession—lack of independence—has brought about the largely ineffective remedies prescribed by the Sarbanes-Oxley Act of 2002. It would be instructive to examine how the lack of auditor independence gained wide currency as the problem ailing the profession.

The auditor’s perceived conflict of interest (lack of independence) started with a host of high-profile corporate failures and near failures, including Enron and WorldCom. The auditor, being the easiest target, is singled out as the culprit even though market participants and circumstances contributed as well. The culpability was based on the belief that, had the outside auditor done his job, the failures would have been prevented and the concomitant losses incurred by shareholders and creditors would not have occurred. Such a belief betrays false expectations on the part of financial statement users, exacerbated by the failure of the promulgators of GAAS and GAAP to appreciate that the auditor’s world had drastically changed. Equally flawed is the assertion that the problem could have been avoided had not the auditing firm also provided consulting services to the audit client. Without the lure of large fees, the auditor would presumably have done the right thing. Unfortunately, one result of the prohibition against an auditor providing consulting services is that the auditor knows less about a company’s systems and operations just when changes in recordkeeping technology and increasingly sophisticated operations make more knowledge critical. Interestingly, even though the process through which the public and the media diagnosed the lack of independence was wrong-headed, the result was essentially on target: The lack of independence is the source of the malaise.

The audit process comprises two components: data validation (GAAS) and valuation validation (GAAP). Data validation involves the appropriateness, completeness, accuracy, and timeliness of the accounting data, i.e., debits and credits and related data. Valuation validation involves the reasonableness of the values presented in the financial statements, such as inventory at cost or market (whichever is lower) or the net realizable values of accounts receivables after write-offs and allowances for bad debts.

As a general comment, the recent spate of “audit failures” is not unusual when viewed over the last 50 years. In this period, audit failures happened all the time and became more noticeable when the economy or stock prices declined. An interesting question presents itself: Do audit failures cause market declines, do market declines cause audit failures, or are the two mutually reinforcing?

A review of the record of audit failures during the last 50 years suggests that the visibility of the frequency and magnitude of “audit failures” has increased substantially. This could be a result of a more aggressive plaintiff’s bar, or it could be because the demands on the auditor have increased as enterprises have become more sophisticated and complex. Reassessing what is reasonable to expect from an audit, as well as rethinking the audit process, may be in order. The overwhelming number of visible audit failures have been associated with the largest and best audit firms; this should cause us to pause and reflect.

It is beyond dispute that the movement from an industrial economy to an information economy has wrought massive changes on the nature of business and accounting and auditing. In the industrial economy, the auditor’s primary focus was the validation of the data. This was the case, for all intents and purposes, when client books and records were maintained manually and there were major gaps in data. Auditors expended major efforts to verify records through such activities as extensive counting of inventory and confirming accounts receivables and payables with external parties. Other than long-term assets and debt, by the time the auditor’s fieldwork was completed the rest of the balance sheet had usually completed its cycle, with most of the inventory turned over, most of the receivables collected, and most of the payables settled. This allowed the auditor to look back and further validate his assessment of the data and valuations as of the statement date. Long-term projects were accounted for on a percentage-of-completion basis, but auditors had methods and techniques such that they were confident in the carrying values of these projects.

At least two major changes have had a monumental impact on the auditor: the computer, and the change in the nature of assets and liabilities. Although the computer has expanded the amount and quality of data available to the auditor, data overload is rampant because data are produced and maintained in electronic form, putting the auditor at the mercy of the data-processing systems: the “black box syndrome.” The movement from tangible to intangible assets with very long lives, and from liabilities whose principle and term are known and specified to liabilities whose principle and term are legally related to and dependent on other factors, substantially reduces the auditor’s ability to validate the values in the financial statements—valuation uncertainty.

This environment, especially when the market for audit services is so competitive, puts the auditor at the mercy of the client. This isn’t to say that the auditor or client is corrupt, only that in an uncertain environment, the auditor, who is paid by the client, is naturally tempted to adopt the client’s position. Nor is this to say that every “audit failure” is the result of the aforementioned conditions; some were undeniably precipitated by incompetence and corruption. Still, these conditions contributed to audit failures brought about by auditor malfeasance.

A persistent flaw is that the auditor is retained by the client, which implicitly makes the auditor beholden to the client and its management. Conventional wisdom sees nothing wrong in this situation; the problem, however, is that the auditor ends up seeing things through the eyes of management and may not even realize it.

The authors’ proposed solution has two parts: Financial Statement Insur-ance (FSI), and a modified GAAS. This new GAAS would recognize the revolutionary changes in how business is conducted and would require auditors to opine on only those elements of the financial statements that can reasonably be verified.

FSI would significantly change the principal–agent relationship between auditor and client. Instead of the company appointing and paying the auditor, the company would purchase FSI, which would provide investors and creditors, to the extent of the coverage, financial compensation for misrepresentations in financial statements. The FSI insurance carrier would retain and pay the auditor. FSI providers would have a list of approved auditors from which a company could select an auditor. It is expected that auditors would owe their duty and loyalty to the FSI carrier for at least two reasons. First, because the FSI carrier is paying the auditor, the auditor’s efforts are focused toward protecting the FSI carrier. Second, one can reasonably assume that any given auditor would be providing audit services to more than one of the FSI carrier’s insureds, and a costly “audit failure” would jeopardize other audit assignments.

The FSI cycle would begin when a company approaches a FSI carrier to secure a proposal for insurance. The proposal would contain two amounts: the maximum amount of insurance the FSI carrier is prepared to provide, and a premium that would cover both the insurance premium and the cost of the audit. As part of the proposal process, the FSI carrier would send its agent to the potential insured to assess the risk of misrepresentations in financial statements and the amount of loss it would suffer in the event of such misrepresentations. As a matter of effectiveness and efficiency, the assessing agent would likely be the same auditor that performs the audit. The FSI cycle would be complete when the auditor issued a clean opinion, as a result of which the FSI carrier would be contractually obligated to issue the FSI policy.

In the FSI world, the auditing firm is not necessarily prohibited from performing consulting services for any insured; the matter is determined by the FSI carrier. Arguably, permitting consulting could be seen as a way to reduce the FSI carrier’s risk because the more the auditor knows about the insured’s systems and operations, the better the auditor can carry out the audit.

FSI would come in two flavors: insurance and exsurance. Insurance, applicable mostly to private companies, would insure the recovery of a material difference between the financial statements on which the auditor has rendered an opinion and the “true” financial statements for that date. Exsurance would address the losses that holders of the insured's publicly held securities would suffer from misrepresentations.

In the case of a public company, its proxy statement would provide shareholders with three options:

Two benefits emerge from the FSI scenario. First, shareholders would have an incentive to become more active in corporate governance, because the loss recovery of current and future shareholders would probably be limited to the amount of FSI coverage. The amount of coverage would also become a signal of the company’s risk profile and, indirectly, its management. Second, the amount of maximum available coverage and the related premium, as well as the amount actually purchased would be a matter of public information. This would be a credible, timely signal of the riskiness of the financial statements. For a private company, the benefit would be that FSI gives the company’s creditors confidence regarding the financial statements.

If FSI became popular among both public and private companies, the FSI carriers’ vetting of auditors and the remuneration of the auditor by the FSI carriers, whose objective would be to minimize the amount of claims made against them for “audit failures,” might create a larger pool of qualified and respected auditors. Auditors’ ability to garner more audit assignments would be more directly affected by a competition for excellence in the CPA profession.

The recent corporatization of CPA firms is the result of economic and legal considerations. With FSI, the auditor’s incentives are radically altered in ways that counter the pernicious economic and legal forces that caused auditors to behave as service providers rather than professionals in the sense that U.S. Supreme Court Chief Justice Warren Burger exhorted:

By certifying the public reports that collectively depict a corporation's financial status, the independent auditor assumes a public responsibility transcending any employment relationship with the client. The independent public accountant performing this special function owes ultimate allegiance to the corporation’s creditors and stockholders, as well as to the investing public. This “public watchdog” function demands that the accountant maintain total independence from the client at all times and requires complete fidelity to the public trust [465 U.S. 805, 818].

The word “profession” here conveys a number of meanings and contrasts, including professional vs. amateur, and professional vs. tradesman. Another way to characterize a professional is as one who takes into account factors greater than oneself, such as a doctor who places his patient’s well-being above almost everything else. FSI facilitates the professionalization of the auditor along the lines of Burger’s definition by arranging the auditor’s incentives so as to remove the conflicts that currently exist in the auditor's relationship with the target of the audit, the “client.”

The public company generally accepts that corporate boards of directors in general and audit committees in particular should adopt the position that they are representing shareholders’ interests. Achieving such a noble goal in the current framework is easier said than done, given the conflicts that auditors must navigate. The FSI process, however, because it is facilitated through the proxy process, increases shareholder involvement in the corporate governance process. Moreover, because the auditor’s interests are aligned with those of the shareholders through their retention by the FSI carrier, the oversight requirements placed on boards and audit committees could be realized.

A common criticism of FSI is that “insurance carriers are not inclined to pay damages.” In response, the authors would first ask the reader to review the damage recovery mechanism outlined in their article in National Underwriter (Vol. 106, No.29, July 22, 2002, pp.12–14). Second, in the case of FSI, the carriers have the incentive of “blowing the whistle” sooner rather than later because an earlier revelation would reduce damages claims, whereas a later revelation would increase damage awards.

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.