Audit committees must be accountable
This week — almost 30 years since the first Basel Accords were published in July 1988 — South African Post Office CEO Mark Barnes wrote a valuable article on the prevailing crisis in the auditing profession.
Barnes suggests that since auditors get accused of not picking up corporate scandals perpetuated by management, it is management that should take the fall rather than the auditors. He may be correct, but the triple accountability framework also needs to be tackled.
SA’s corporate governance framework is made up of a board of directors, an audit committee and management.
As the owners, companies’ shareholders are theoretically responsible for the appointment of auditors. But given how diverse and detached investors tend to be, the appointment is merely a ratification exercise that almost universally accepts the recommendation of the audit committee.
The audit committee is an important pillar of the framework. To execute its duties effectively, it needs to be suitably competent to assess audit performance and quality. Given its ability to access company information continuously, a fully competent audit committee should be able to identify anomalies between information presented by management on a regular basis and the company’s audit outcomes.
The Companies Act requires audit committees to assess the effectiveness and independence of auditors on a continuous basis. However, it is not clear how such assessments are conducted as audit committees are not in the habit of informing even shareholders about them.
This creates the real risk that perhaps there are no such processes happening substantively, but audit committees simply issue statements to such effect without doing the work.
Classic examples are companies that have recently ditched KPMG. While most audit committees have been able to cite “association risk” as the basis for ditching KPMG, none have been able to articulate how they conducted other aspects of the auditor assessment.
To allow audit committees to simply cite one reason and not refer to other parts of the process they are statutorily required to perform amounts to an exercise in futility that might be popular now but leaves us all worse off in the long run.
Such gaps in the oversight regime feed into the current credibility crisis. And perhaps regulators have a role to play in adding credibility to the process of appointing auditors. Requiring an audit committee to document the process undertaken to evaluate auditors that underpins their decision to recommend an appointment to shareholders is something that might assist.
Such a model would provide shareholders with greater insight into how an audit committee executes its oversight role.
A company’s management and audit committee have far greater and regular interactions with the numbers than the external auditors. Consequently, in any corporate failure shareholders should be able to hold the audit committee and management to account alongside the auditors.
To simply dismiss the auditors and retain the management and audit committee intact is a cosmetic exercise that lacks correlation with the type of duties for which audit committee members sign up. The auditing industry might take a leaf out of history to deal with its current crisis.
The Basel Accords were issued to deal with the supervision of a global banking system. Its various failures and limitations notwithstanding, the Basel Committee has been far more responsive to the evolving nature of its profession than most auditors. This is no longer sustainable.