It was my pleasure this week to write this guest post for my friend in London, Anthony Fitzsimmons, the Chairman of Reputability -- the UK consultancy firm that educates and instructs corporate boards and senior leaders on behavioral, organizational and reputational risks. It is posted on their blog here, and in full below.
Three immediate predictions were available, when British food retailer Tesco announced in September that its first-half profits were over-stated by some £ 250 million, because of irregular accounting for supplier discounts and rebates:
- The number would grow.
- The affected time period would extend.
- The four company executives promptly suspended would soon be joined by others.
It is still early days, but in addition to an investigation by the Serious Fraud Office and the predictable start of shareholder class actions in the United States, news from the company is that:
- The number is now at least £ 263 million.
- The accounting issues extend back at least to last year.
- The casualty count of suspended executives is up to eight, plus the announced resignation of chairman Sir Richard Broadbent.
And as shouted yet again, by the Financial Times, no less – “Where were the auditors?”
It’s the same hue and cry that has been raised with every outbreak of serious financial scandal since independent audit was invented in the Victorian era.
The business, legal and regulatory structure under which the Big Four accounting tetrapoly – Deloitte, EY, KPMG and PwC -- provides statutory assurance on the financial statements of the world’s large companies – the model of Big Audit – remains firmly in place. But with much current exploration of corporate governance and board effectiveness, the notion of “auditor effectiveness” faces this fundamental question:
Is the traditional form of audit assurance – a “true and fair view,” or its American cognate, “fairly presented in all material respects” – fit for purpose, if it only works generally well, most of the time – up to the point, as in Tesco, when it seems not to work at all?
Lessons from my graduate-level business and law school course in Risk Management and Decision-Making are useful, going to the very nature of the core expectations and limitations of Big Audit, at levels deeper than have been plumbed to date.
Recent progress on the subject of corporate risk has been considerable -- chiefly on the company side of the complex relationships among issuers of financial information, the communities of information users both inside and outside those companies, and the auditors themselves – to identify such systemic threats as risk blindness, ambiguous leadership attitudes about ethos and culture, defects in communications, and skewed performance and compensation incentives.
Behavioural scholarship suggests that these concerns are no less present in the audit function – with its execution dependent on the behavioural limitations of fallible human beings. Which in turn suggests that, if deeper insights into the causes of financial failures were credibly brought forward into the standards and practices of Big Audit, progress might be made in areas that have long defied improvement.
That is – forty years of research have identified sources of bias that are hard-wired into our human DNA, because of which they are pervasive, inevitable and unavoidable. These are shared along with the rest of humanity by auditors who are no better genetically designed or equipped than anyone else to address them. As an effect or consequence, they work to suppress the exercise of professional skepticism, to inhibit the delivery of negative or critical messages and, conversely, to default in favor of confident agreement with management’s upbeat assertions.
Inquiry quickly goes beneath the customary charge that auditors are incentivized to accommodate long-standing clients – a facile assertion yet to be supported by anything like credible research or evidence. Examples among the catalog of broadly-observable instinctive and dangerous shortcuts -- “heuristics,” to use the term explored since the 1970s by, e.g., Nobel economics prize-winner Daniel Kahneman and his late lamented research partner Amos Tversky -- are:
- Confirmation bias: The readiness to accept that premises are valid as presented, rather than do the harder work of seeking out and evaluating disaffirming or contrary evidence – in the audit context, the too-ready willingness to agree with submissions and judgments of management.
- Over-Confidence: Good news is simply preferred over bad; as John F. Kennedy quoted the Duke of Wellington, “Victory has a thousand fathers; defeat is an orphan.” So too, a bullish quarterly earnings estimate or a Goldilocks reserve calculation will be preferred over the pessimistic alternatives.
- Representativeness: Giving credence to that which is familiar and ready to hand – e.g., “this year’s results look much like last year’s – so the trends and estimates can be taken as acceptable.”
- Herding and Groupthink: The convergence of individual conclusions with those of the group, especially as led from the top – influenced, for example, by pressures from peers or superiors of time, budget, and engagement evaluations – perniciously seen in the message unsubtly conveyed to junior staff, that “If you raise a problem, then you become the problem!”
From the persistent ubiquity of these influences it would follow – and the regular recurrence of financial irregularities over the decades would confirm – that Big Audit as now designed and performed is of seriously diminished value and effectiveness.
But, with the auditors apparently fated to operate under seemingly universal human behavioural constraints, it is not either necessary or helpful to demonize them by ascribing either malign intent or corrupt motives.
If they are instead doing as well as their human limitations allow, even if not to the level of expected systemic satisfaction, then whole conferences and symposia should be convened, to design and explore the application of new tools and approaches, and to bring these limitations out from the academic shadows into the realms of daily inter-actions among the auditors, their clients, users and the regulators.
In other words, auditors may very well be able to bring their competence and expertise to bear on issues of real importance. But not while they – and all the other players involved in Big Audit – are shackled to a model that demonstrably fails to allow for the ever-present and increasingly well-recognized frailty of human beings – a group that (sometimes reluctantly acknowledged) does include the auditors.
Thanks for joining this dialog. Please share with friends and colleagues. Comments are solicited and welcome, and subscription sign-up is easy and free, both at the Main page.