The ongoing financial crisis: Where were the auditors?
Bob Tricker was the founder-editor of Corporate Governance: An International Review and is a retired Fellow of the Institutes of Chartered Accountants and Chartered Management Accountants. He is also the author of Corporate Governance: Principles, Policies and Practice. Bob Tricker blogs with fellow OUP author Chris Mallin at Corporate Governance. The below post is an adapted version of a post from that blog, and offers a controversial solution to the regulation of corporate entities and the role of auditors.
A crucial question
In the ongoing crisis facing financial institutions around the world, plenty of questions have been asked: did boards fail in their fiduciary duty to their shareholders; was creative accounting or fraud involved; did directors understand the business models their management was using or appreciate the risks involved; why did the independent outside directors (who are supposed to protect the interests of investors) not see the dangers; did the regulators fail or, worse, had they been taken over by the industry they were supposed to regulate; were the credit agencies at fault ; and, most frequently, did short-term performance bonuses paid to top management encourage greed and excessive risk taking?
But a crucial question remains that has not had much exposure: where were the auditors? Unqualified audit reports up to the collapse had concluded that the directors’ reports and accounts reasonably reflected reality. Yet, as we now know, the strategic model underlying the securitisation of mortgage debt and the expectation that financial markets would always be liquid was highly suspect, and could expose businesses to massive risk, even the possibility of trading when insolvent and ultimately failing.
The role of audit
The original 19th century model of the joint-stock limited-liability company was a brilliant invention. Incorporate a corporate entity with many of the legal attributes of individuals – contract, buy, sell, employ, sue – but without exposing the investors to financial risk beyond their original equity stake if the business failed. The idea enabled the creation of untold employment, personal wealth, and economic growth in the following century and a half.
But when states permitted the incorporation of limited-liability entities they demanded safeguards to protect society. The aims of the enterprise, its financial scope, a registered office, the names and addresses of its directors, and regular reporting were all required. Although the concept of the corporation called for directors to show a fiduciary duty to their shareholders, legislators were not naive. They knew that not all directors could be trusted. Auditors were required.
Initially, these auditors were appointed from amongst the shareholder members of the company. They reported to the other investors that the directors of their company had faithfully recorded the company’s financial situation. In 1872, for example, the audit committee of the Great Western Railway Company (GWR) in England reported to their colleague shareholders that “the various matters that concerned the finances … were highly satisfactory.” However, unlike today’s audit committees, which are made up of independent outside directors, the GWR’s committee was staffed by shareholders.
Interestingly, that GWR committee also reported that it had been supported in its work by Mr. Deloitte, a family name still familiar in today’s auditing business. Gradually, an auditing profession emerged. At first audit professional partnerships were small. But, as companies grew in scale and complexity, they grew larger. The relaxation of rules on the maximum number of partners and mergers enabled further growth. By the end of the twentieth century the world’s major listed companies were all audited by just five vast international accounting firms.
However, the auditors’ duty in essence had not changed from the founding years. It was still to report that the information given by the directors to the shareholders reasonably reflected the truth.
But the relationship of the auditors to the companies they audit had changed. As scale and complexity increased, the role of the auditors properly became more professional. Inevitably, their relationships with the directors of their client companies grew closer. Although in many jurisdictions the shareholders still voted on a resolution to appoint the auditors, it was the board of directors who really made the decisions. And although nominally the auditors’ reports were addressed to the shareholders, their detailed comments went to the directors.
Inevitably, a close relationship developed between the auditors and the staff of their client, particularly in the finance department. Issues that arose during the audit – questions about asset valuations, capital or revenue decisions, risk assessment or management control, for example – could be resolved without the board even being aware of them. So audit committees were introduced, first in the US and then, following the Cadbury Report, in the UK and around the world. Sub-committees of the main board, these audit committees relied on independent outside directors to provide a bridge between company and auditor, avoiding too close a relationship between executive directors and audit staff, and ensuring that all directors were fully aware of audit issues.
Following the Enron debacle, in which an energy company had effectively turned itself into a financial institution (also through securitisation), the requirements of the Securities and Exchange Commission in the US and subsequently the listing rules of stock exchanges around the world were changed. The rotation of managing audit partners, the prohibition of consultancy work by auditors for their clients, audit committees composed entirely of independent directors, and a cooling-off period before audit staff could join the finance department of a client were all demanded.
Audit: profession or business?
But I believe the issues go deeper. The real question is whether audit and accountancy is still a profession or has become a business. Do the auditors offer a service to management or are they still part of society’s regulatory function?
My early experience as an accountant was with a professional audit practice which provided service for a fee. The number of partners was small. The phrase corporate governance had yet to be coined. Of course, our partners were keen to be successful. In their community they were respected and well to do; but they were not rich. Neither would they compromise their principles. They would not sign an audit report, stating that the client’s account’s showed a true and fair view, unless the partner was personally convinced that they did. Better to lose a client than your integrity. This was a profession, after all. The audit process demanded absolute objectivity of thought and independence from the client
How different today. By the beginning of the 21st century, the five major accounting firms had become vast, international and concentrated. They were major businesses, offering products and solutions, with market share and profit performance as watchwords. Partners were judged by fee generation and growth. Partners’ expectations were inevitably influenced by the remuneration levels of their ‘fat cat’ clients. Then in 2002, one of the five, Arthur Andersen, collapsed, brought down by the Enron catastrophe. Then there were four.
But auditing is not astrophysics, even though recent government funding to bail out failing institutions may seem astronomical. True, the work demands detailed, intense and up-to-date work, but it is not actually difficult. Admittedly, too, these days the risks of litigation and forced resignation are higher. But the real challenge lies in determining standards and living up to them, as it always did.
So I have come to the conclusion that auditing has ceased to be a profession: it has become a business. Of course the business world has changed. Nostalgia has no place in strategic thinking. There is no going back to the profession of half a century ago. But I suspect that, unless auditing rediscovers what it means to be a profession and returns to its roots, state regulation of the audit process will have to be imposed to protect creditors, investors and the wider community.
Serious questions have to be asked about the auditors’ position. Where does the auditors’ loyalty lie: directors or shareholders? Who are their real clients: the board or the investors? The de jure response that the client is the company and that somehow this means the body of shareholders will no longer wash. The de facto reality is that the client is the board, working through the board’s audit committee. Is this satisfactory under current circumstances?
Predictably, there have been calls for more regulation, introducing further rules to regulate auditors’ activities. Following Enron and the global collapse of Andersens, this was the approach adopted in many countries: the 2002 Sarbanes Oxley Act (SOX) in the US, the 2006 new Companies’ Act in the UK, and tighter regulation and stock exchanges’ listing rules everywhere.
But SOX has proved far more expensive, demanding, and bureaucratic than expected. Some argue that it has also proved less effective, as seen in its failure to identify the exposure underlying the financial institutions that have collapsed. Demands for rethinking the role of the SEC and the world’s other regulators, particularly over financial institutions, have been loud.
Another response has been a call to open the audit market, with second tier firms playing an increasing role in the audit of major listed companies. There has been some movement in this direction. But institutional investors like the assurance they believe they get from an audit opinion signed by one of the big four firms. Predictably, the partners of the firms in this global oligopoly do not favour this solution.
But there is a third alternative that has not been considered, Face reality, require auditors to be appointed by and report to the state, or society if you prefer. After all, it is the state that permits companies to incorporate and operate, and the state that is responsible for protecting the interests of investors, creditors and other stakeholders. That is why we have regulators.
Actually, this suggestion need not be quite as stark as it initially appears. In essence the regulatory structures already exist to manage such a relationship, although they would certainly need enhancing. The regulators, working with the shareholders, would appoint, re-appoint and if necessary replace the auditors, agree their fees and receive their reports. The company would, as now, bear the costs.
Reporting to the regulator, rather than the directors, would need auditors to develop a new mind set. Shareholders, particularly the institutional shareholders, would have a direct line to their auditors and the board’s audit committee. Comfortable relationships between directors and auditors would be at an end. Of course the partners of the big four would object, but society has to decide what is best in the long term.
A start could be made by focusing on the regulation of those companies that have just been massively funded by government. Surely, the auditors of companies that have been bailed out, and are now partly, and in a few cases wholly, owned by the state should no longer report solely to the directors. He who pays the piper…
Eventually, such an arrangement could be applied to all listed companies. Investors would know that their auditors worked for them, boards would rediscover that their primary fiduciary duty is to their shareholders not themselves, and trust would be restored, just as in the original 19th century model.