Perhaps it’s time to review what we expect of auditors
With all the media reports on allegations of shenanigans by auditors, I wonder whether the real problem is a growing expectation gap between the profession and the public that no one is paying attention to.
In the stories around African Bank, Steinhoff and VBS, it is not only management that has been vilified for what went wrong but also the audit firms that signed off on their numbers.
We perhaps need to start by understanding both the position of the auditors and the regulations that keep them honest — though clearly not honest enough in the eyes of the public.
Auditing is a heavily regulated industry, with reams of international financial reporting standards (IFRS) that are very prescriptive about the treatment of financial transactions. Auditors are required to perform their duties within the confines of such standards, and, for as long as they do so, they are considered to be compliant with them. In addition, the Independent Regulatory Board for Auditors (IRBA) publishes several South African Auditing Practice Statements to provide practical assistance to auditors in the implementation of these accounting standards.
It should therefore be rather simple to determine if an auditor has done their job properly or not. All you have to do is check their work against the standards, right? Well, not quite.
Over and above the IFRS statements, there is the expectation of auditors to exercise professional scepticism, apply appropriate judgment and always be independent. These principles are not always easy to determine.
Take, for instance, the matter involving the former CEO of KPMG, Moses Kgosana, and his attendance of the Gupta wedding. Kgosana was invited to and attended a client’s family wedding. He was not invited alone but with other colleagues from the firm. He cleared the matter with the firm, paid for his own transport and accommodation, and off he went.
The regulations say that an auditor cannot accept a gift that is material to him or the firm. It appears that the only gift
Kgosana received was a free meal.
The rules also say one must be seen to be independent. Clients invite their auditors to social events all the time. Attending your client’s daughter’s wedding is hardly a breach of independence or an act bringing your independence into question.
Kgosana’s attendance of this wedding led to him having to step down from a number of boards and essentially tarnished an otherwise impressive career.
To date, I have not seen any finding by IRBA or the South African Institute of Chartered Accountants that suggests that Kgosana’s independence was impaired by his attending that wedding. However, the public essentially found him guilty of being too cosy with the Gupta family, and just like dominoes, all the chips began to fall.
For him to argue that the Sun City curry is not material, in terms of the rules, is now moot.
Take another example. A little-known fact about the whole Steinhoff saga is that while Deloitte signs off on the group consolidated financials, Steinhoff Europe’s numbers are actually audited and signed off by a little-known small firm.
BizNews reported that “although Deloitte SA signed off the overall accounts, it was kept in the dark on the nuts and bolts of the European operations where most of the skulduggery happened. Steinhoff CEO Markus Jooste insisted these audits were done by a clutch of small German and Austrian firms, with the European numbers consolidated by Commerzial Treuhand [CT], a consultancy which operates out of just four locations in northern Germany.”
The rules of auditing require the firm that is signing off on the consolidation to satisfy themselves that the subsidiary auditors are qualified enough to be relied on. They do not audit the other auditor’s work all over again.
Nobody has blamed CT for signing off on all the shady intercompany and off-balance sheet lending structures that saw the value of Steinhoff Europe’s properties being halved a week ago and the share price further tumbling. But “since Deloitte is the one that signs off on the group audit, it is to blame. It should’ve picked this up” — at least, that’s how we as the public see it.
There is no doubt that the auditing profession has great lessons to learn from all this. But there is also a lot of work for the regulators to do. They must improve their rules to cater for what is clearly a much bigger responsibility than currently provided for. The public demands it.
As we speak, an auditor’s role is to give reasonable assurance that the financial statements are fairly presented. There is no expectation to uncover fraud. Yet when the auditors miss it, we as the public cry foul, perhaps rightfully so.
Maybe it is time we all agree that the scope of auditors must include the detection of fraud. Whatever happens, we certainly cannot keep doing the same thing, and expecting a different result. It’s insane.