Accounting / Audit lessons from Satyam
Joint audits and inspections by the ICAI/DCA are critical if the system has to work.
The Satyam affair has shaken the country’s audit profession and regulatory authorities to its roots. Investors have suffered in a big way and Indian business has lost some of its sheen. Has there been a systemic failure or is Satyam just a big exception? Has the macro-structure of the audit procedure not evolved in a manner commensurate with the growth of Indian business and its physical globalisation?
The Ministry of Company Affairs (MCA), first enlarged the scope of work (and hence responsibility and liability) of statutory auditors by issuing a 22 point questionnaire called the MAOCARO Order, 1975. This, of course, remains a pioneering and unique step in even international terms. This made internal audit compulsory and the statutory auditor was bound to comment on the efficacy and extent of internal controls and review the internal audit. Such internal audit is not mandatory internationally. By its very nature, internal audit is extensive in relation to accounting system, internal controls’ review and transaction checking.
The Securities and Exchange Board of India (Sebi) and the Department of Corporate Affairs (DCA) thereafter made it mandatory to have audit committees where independent directors were in a majority and whose chairman had to be an independent director; they would be (a) obliged to review and implement internal controls; (b) observe accounting standards; (c) review and approve accounts; (d) review financial management and; (e) appoint internal auditors and recommend statutory auditors. Their recommendations are binding on the Board unless the Board discloses to the shareholders its reasons for non-agreement. My own experience in three cases is that a strong knowledgeable audit committee and its chairman are the best bulwark whenever promoters’ opinion differs from that of the auditors. We should substantially strengthen this system.
The Institute of Chartered Accountants of India (ICAI) [and Institute of Company Secretaries of India (ICSI)] have been strongly supportive of moves for quality improvement and quality controls. ICAI issued 32 Accounting Standards, 34 Auditing Standards, 6 Internal Audit Standards and several External Quality Control Standards. It has moved for harmonisation of standards with the International Federation of Accountants (IFAC). ICAI also brought in monetary limitations on the non-audit work that auditors can provide to the auditee company directly or through related parties. Where the partners of the audit firm or their relatives have a 20 per cent beneficial interest, the fee from all such assignments cannot exceed the audit fee.
Yet, Satyam happened. While Satyam’s external auditors are in the limelight, the responsibility also rests with the Chief Executive Officer (CEO), the Chief Financial Officer (CFO), internal auditors and the audit committee. Their roles should be examined by a joint special study group of the MCA and ICAI so that remedial steps can be taken. The Vivian Bose Commission in India and the Sarbanes Oxley Act in the US have strengthened the system of audit and corporate regulation in the public interest.
Legal Consequences: Legal jurisprudence with reference to auditors has evolved substantially in Europe, the US, Australia and India and increasingly recognises the social responsibility of the auditor. However, almost every precedent recognises that (a) an auditor is expected to exercise a high degree of reasonable care and skill; (b) he is not expected to be a bloodhound unless there are circumstances to arouse his suspicion; and (c) the law has now evolved to ensure that he is liable for damages for not faithfully discharging his duties not only to the contracting party but to everyone who, in the normal course, would use the audited accounts.
Lord Denning in the UK first expressed the view of an auditor having social responsibility in a far-reaching dissenting judgement which has now become the norm. Subsequent cases expanded the responsibility of auditors to third parties but within certain parameters.
For the audit profession, Satyam is indeed a blot; but to my mind it is more a black exception. The profession and the corporate sector need to strengthen and intensify internal audit systems; and statutory auditors need to review the entire gamut of audit processes.
Future Scenario: The Satyam incident will (a) require the audit committee to be more active and vigilant; (b) increase substantially the coverage and intensity of internal audit and, sometimes, even an investigative audit may be required; (c) force the statutory auditors to rely much more on external evidence directly obtained by them; (d) the DCA will have to strengthen the Board with information and enforce its earlier system of tri-annual inspection of listed companies which has been implemented lackadaisically in the last few years; (e) encourage the ICAI to strengthen all quality control measures including peer review and develop a system of inspection of auditors as in Canada; and (f) require companies to introduce an effective whistle-blower policy. Internally, the professional firms have to introduce partners’ audit review and partner-rotation programmes; some have done so already. It is not without logic that the entire developed world has, after a great debate, not opted for mandatory rotation of auditors but has opted for rotation of partners instead.
The proposal to rotate auditors every three years has to be carefully reviewed. The auditor has to understand the business, its risks, its internal controls etc. Mid-size firms like ours will gain but it will damage the profession if auditors have to shop around for replacement audits every three years. Can they qualify balance sheets? This will destroy their independence. A system of joint audit and of quality inspection of audit firms by the ICAI is the best answer.
The approach of forensic audit is to unearth evidence of wrongdoing; hence it needs a combined team of people from the police or the Central Bureau of Investigation (CBI), lawyers and audit professionals with an adversarial approach. Business managers will then become like public sector managers facing a Comptroller and Auditor General (CAG) audit and will lose their initiative. Instead of forensic audits, investigative audit techniques would have to be applied whenever major weakness in internal controls or their implementation are found. [“An investigator does not accept a stated fact as correct until it is substantiated. Unlike an auditor, he cannot presume that in the absence of suspicious circumstances, a figure or a stated fact is necessarily correct.” Contemporary Auditing : Dr K Gupta]. These steps will bring to light frauds, if any, much more quickly, but will not stop them. Criminals have never been deterred by strong laws. And collusive fraud is even more difficult to uncover especially if there is comprehensive paperwork to support it; but, over a period of time, it can be detected by a common sense approach instead of a mechanical approach.
The ICAI’s disciplinary board needs to be expanded; and work expedited and publicised to gain public confidence. For large value cases like Satyam, special benches need to be constituted for expeditious decisions. Regaining investors’ and regulators’ confidence should be the highest priority. The DCA has to upgrade payscales and recruit professionals for its work to achieve a quality jump in oversight work.
Given the strategic importance of internal auditors, Companies Bill 2008 should mandate that internal auditors and valuers must be members of the ICAI, subject to their professional ethics and regulatory discipline. Today the big four use surrogate private limited companies, some of which rumoured to be owned through tax havens in flagrant violation of the ICAI Act (and its ethics and monetary limits) to carry out internal audit and express opinions on compliance of accounting standards apart from consulting work.