“Parturient montes, nascetur ridiculus mus”
(The mountains labored, and a ridiculous mouse was born)
-- Horace, 1st century AD Roman poet
On March 18, the UK government produced its paper, “Restoring Trust in Audit and Corporate Governance” (the Consultation”), eleven chapters and ninety-eight questions, spread over 232 pages plus an additional 300-odd of Impact Assessment and Key Facts and Trends.
Most of its hefty bulk addresses matters of worth, even in respects beneficial, but at two or three removes from actual large-company auditor performance -- the core of public discussion since the failure of Carillion more than three years ago:[1]
- The re-purposing of the UK’s audit regulator.
- The performance and accountability of corporate directors.
- The potential to re-engineer the purpose and scope of corporate information assurance itself.
On these, the right honorable secretary for Business, Energy and Industrial Strategy has borrowed a “conservative” strategy from the medical field. Retreating from or pushing off for later days a lengthy list of more aggressive actions -- none unachievable or likely to have positive effect -- BEIS Secretary Kwasi Kwarteng’s Hippocratic approach is at least likely to “do no harm.”
Although the Consultation introduces itself with chest-thumping self-confidence, aspiring to proceed “quickly” (¶ 1) with “decisive changes” and “significant, targeted measures” (¶ 1.1.2), its substance is almost resolutely modest. In the tones of Wilde’s Lady Bracknell, no manifesto this watery could possibly be accidental – perhaps reflecting both the inevitable push-back from the affected parties, and the limits of the Johnson government’s own available energy.
Space constraints do not permit an exhaustive catalog of the Consultation’s “less is more” approach, but only examples:
Rather than broadly advocating advanced exploration of the “purpose of audit,” as detailed in the December 2019 report of Sir Donald Brydon on his Independent Review Into the Quality and Effectiveness of Audit, and taking on such thorny issues as the interpretation and applicability of established case law (¶ 6.1.16), the Consultation would content itself (¶ 6.1.19) with asking issuers for a “non-binding purpose statement that could evolve over time.”
Rather than endorse and design a properly composed and well-staffed expert forum for detailed lessons-learning from incidents of audit performance deficiencies – “failure study” as well known in other fields such as aviation and medicine – it would timidly establish a “register” (¶ 6.4.10), picking up the high-level suggestion of the Brydon report (¶ 14.3-.4).
A first step this may be, optimistically, although unless designed and authorized to overcome the resistance expected from all quarters, the likely prospect is another mere repository for notifications of non-compliance – a place where opportunities for real learning will go to die.
Rather than examine the reasons why liability limitation agreements have not been used in auditor-client engagements, the Consultation’s abbreviated four-paragraph attention to auditor liability (¶ 6.8) foregoes the opportunity, making only the (concededly useful) suggestion (¶ 6.8.4) that auditor liability in the up-coming expansion into new forms of assurance ought not to be extended beyond that presently in place for statutory audit.
Rather than obliging the large international accounting networks to demonstrate their “resilience” for the benefit of information users, the Consultation would take a tentative and partial step – namely, to charge the anticipated Audit, Regulatory and Governance Authority to seek information from the large UK firms on their financial resources, including their capital and insurance (¶ 8.3.15).
This is in context of the absence of publicly disclosed global financial statements for the large networks, leaving them like the cobbler’s barefoot children, although full-fledged audited statements would be both achievable and informative, as was the several-year experience of the Arthur Andersen global network in the 1970s.
Rather than take up the aggressive critics’ urgings for forced re-structuring of the Big Four dominance of the FTSE 350 audit market – here, credit where clearly due – the Consultation effectively takes the “market cap” notion off the table.
A future review is contemplated (¶ 8.1.14 and ¶¶ 8.1.27-.30), but only after five to nine years of experience (¶ 8.1.26) that would not even commence until regulations had been in effect during the early years of tender and rotation. Thus any such review would not occur until the early part of the 2030s – by which time all current participants will have left the stage, and market and economic conditions will have evolved entirely beyond today’s ability to predict.
Rather than get deeply to grips with the long-running and intractable problem of usable guidance on the prevention and detection of corporate fraud, the Consultation quotes and endorses (¶ 6.4.4) the position in the Brydon report (¶ 14.1.5) that “it is the obligation of an auditor to endeavor to detect material fraud in all reasonable ways.”
Compare. International Standard on Audit 240 states (¶ 5) that the auditor “is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error.”
In the US, the PCAOB’s Audit Standard 1001.02 provides that “the auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.”
None of these three articulations is self-operating as a matter of auditor liability. The significant scrutiny of an auditor’s actual response to indicia of fraud or malfeasance comes in a litigation context, with hindsight allegations of some form of shortcoming. Judges must parse these pronouncements like the medieval theologians debating the number of angels dancing on needle-points. Was an “endeavor (done) in all reasonable ways”? If under the US standard, was “plan and perform” done to a level acceptable in the legal system? Under what standard was the performance “reasonable”?
Information users and practitioners have been dissatisfied for decades. And the language of the Consultation offers no improvement.
Rather than -- to conclude, for now at least, with the subject of internal corporate controls – imposing on UK companies the American requirements under the Sarbanes/Oxley law of 2002, by which controls are signed off by senior executives whose assessments are then attested by the auditors (¶ 2.1.4), the Consultation’s preferred position would leave as optional the question of auditor views on the company’s own assertions (¶ 2.1.41).
Here again, credit where due for restraint. In the 19-year history since the passage of Sarbanes/Oxley, enforcement proceedings and litigation under its provisions on controls have been rare to the point of non-existence. That’s because the Sarbanes/Oxley layering of additional company representations is essentially redundant of the antifraud provisions at the core of the American securities laws, which since the 1930s have made illegal the making of materially misleading statements in the purchase or sale of securities – including in the financial statements required to be signed off by senior corporate executives – making it a doubtful model for the UK’s emulation.
In sum, over the longer run, the timetable and future prospects for change under the temporizing strategy of Secretary Kwarteng extend down a lengthy road to a dim and misty future.
In the short run, any immediate effect will be akin to that of the little boy in the church pew, suffering loss of bladder control in his dark blue suit: the result is scarcely visible, and does no permanent harm, but it allows the lad to feel relieved and warm all over.
[1] On the two topics that would have direct effect – “operational separation” of the Big Four audit and advisory practices, and the threat to impose “managed shared audits” on the FTSE 350 -- please see my post of April 21.
Thanks for joining this dialog. Please share with friends and colleagues. Comments are invited and welcome, and subscription sign-up is easy and free, both at the Main page.
Comments