Scope of an audit is different from that of an investigation
Investigators, regulators and stakeholders of fraud-hit Satyam Computer Services attribute auditor’s failure in detecting the fraud to negligence, incompetence or blatant connivance with the promoters who cooked books for years. Ideally, auditors, who accept hefty fee, should ensure that they independently verify all documents they rely on before certifying the financial statements of a company as a ‘true and fair’ account of its financial health.
The auditing norms require auditors to write to a bank where deposits are held and get a reply at their address, said Ved Jain, president, Institute of Chartered Accountants of India (ICAI), the body that regulates the profession of chartered accountants in India. However, how deep an auditor should go in his work of verifying the accounts of a company with several subsidiaries and giving his opinion about its financial health within a fortnight remain a debatable issue and is likely to get a greater regulatory attention in the coming days.
“People cheat their wives without them ever suspecting. Systematic fraud by senior management and suicide bombings are two things impossible to prevent,” said a top professional with one of the Big Four accounting firms in the world, preferring anonymity. This argument gets a strong support from a Bombay High Court verdict that exonerated an audit firm two-decade ago. The 1986 verdict, that came in a case between audit firm A F Ferguson & Company and Tri-Sure India, said auditors must not be made liable for not tracking out ingenious and carefully laid schemes of fraud when there is nothing to arouse their suspicion and when these frauds are perpetrated by the tried servants of the company and are undetected for years by the directors.
Referring to the Satyam case, professionals say it is unfair to judge the work of an auditor in the light of the confessions made subsequently since he did not have the benefit of that information or a reason to be suspicious while auditing. Two partners in two different accounting firms, both in the Big Four league, argue that the scope of an audit is different from that of an investigation. “There is a clear distinction between the work of an auditor and the investigation of a detective. The auditor’s mind is unbiased unlike that of an investigator who approaches work with the presumption that a fraud has taken place.
The auditor does a sample checking of invoices and documents after assessing how effective are the internal risk controls in the firm. Based on that, he makes an inference about the authenticity of other similar documents. This sampling is just a drop in the ocean of invoices and documents that the company produces. Verifying the authenticity of all that material is outside the scope of statutory audit,” said one of them. “When the auditor stumbles upon something suspicious, he carries out more checks and additional verification, which still fall short of an investigation,” added the other.
Besides, an auditor does not guarantee the accuracy of a financial statement, he only expresses his view that the accounts of the company give a ‘true and fair picture’ of its state of affairs as per the explanations given to him. Auditors say there is a sea of difference between a ‘true and fair’ picture and an ‘accurate’ picture, an expression auditors do not use while signing the financial statements. Further, auditors often qualify their view if they are not satisfied with the explanations given to them. Normally, an audit firm would deploy about 40-50 people for the audit of a company like Satyam that has several offices and subsidiaries in India and abroad. Two or three professionals would go through the records of individual branches and report to a core team of five or six. Each branch or subsidiaries will have thousands of invoices and documents to go through. It is impossible to independently verify all of them.
Auditors make an audit strategy based on factors like the risk profile of the company and the sector, internal controls in place, and the track record of the promoters. Only a relevant sample of documents is independently verified. Otherwise, audit work would translate to a full-fledged investigation, which would never end, argue experts. However, regulators say that firms should accept fewer audit assignments if they cannot do a proper job.
A SEBI official, who asked not to be named, said that if auditors rely on the reputation of promoters and board members, then investors and regulators do not require statutory auditing of companies. They can directly rely on the company’s reputation and be satisfied, he said. Auditors, who charge hefty fee, should not resort to short cuts, he added. The gap between public’s expectation from auditors and what they can deliver is set to get addressed soon.
Investigators, regulators and stakeholders of fraud-hit Satyam Computer Services attribute auditor’s failure in detecting the fraud to negligence, incompetence or blatant connivance with the promoters who cooked books for years. Ideally, auditors, who accept hefty fee, should ensure that they independently verify all documents they rely on before certifying the financial statements of a company as a ‘true and fair’ account of its financial health.
The auditing norms require auditors to write to a bank where deposits are held and get a reply at their address, said Ved Jain, president, Institute of Chartered Accountants of India (ICAI), the body that regulates the profession of chartered accountants in India. However, how deep an auditor should go in his work of verifying the accounts of a company with several subsidiaries and giving his opinion about its financial health within a fortnight remain a debatable issue and is likely to get a greater regulatory attention in the coming days.
“People cheat their wives without them ever suspecting. Systematic fraud by senior management and suicide bombings are two things impossible to prevent,” said a top professional with one of the Big Four accounting firms in the world, preferring anonymity. This argument gets a strong support from a Bombay High Court verdict that exonerated an audit firm two-decade ago. The 1986 verdict, that came in a case between audit firm A F Ferguson & Company and Tri-Sure India, said auditors must not be made liable for not tracking out ingenious and carefully laid schemes of fraud when there is nothing to arouse their suspicion and when these frauds are perpetrated by the tried servants of the company and are undetected for years by the directors.
Referring to the Satyam case, professionals say it is unfair to judge the work of an auditor in the light of the confessions made subsequently since he did not have the benefit of that information or a reason to be suspicious while auditing. Two partners in two different accounting firms, both in the Big Four league, argue that the scope of an audit is different from that of an investigation. “There is a clear distinction between the work of an auditor and the investigation of a detective. The auditor’s mind is unbiased unlike that of an investigator who approaches work with the presumption that a fraud has taken place.
The auditor does a sample checking of invoices and documents after assessing how effective are the internal risk controls in the firm. Based on that, he makes an inference about the authenticity of other similar documents. This sampling is just a drop in the ocean of invoices and documents that the company produces. Verifying the authenticity of all that material is outside the scope of statutory audit,” said one of them. “When the auditor stumbles upon something suspicious, he carries out more checks and additional verification, which still fall short of an investigation,” added the other.
Besides, an auditor does not guarantee the accuracy of a financial statement, he only expresses his view that the accounts of the company give a ‘true and fair picture’ of its state of affairs as per the explanations given to him. Auditors say there is a sea of difference between a ‘true and fair’ picture and an ‘accurate’ picture, an expression auditors do not use while signing the financial statements. Further, auditors often qualify their view if they are not satisfied with the explanations given to them. Normally, an audit firm would deploy about 40-50 people for the audit of a company like Satyam that has several offices and subsidiaries in India and abroad. Two or three professionals would go through the records of individual branches and report to a core team of five or six. Each branch or subsidiaries will have thousands of invoices and documents to go through. It is impossible to independently verify all of them.
Auditors make an audit strategy based on factors like the risk profile of the company and the sector, internal controls in place, and the track record of the promoters. Only a relevant sample of documents is independently verified. Otherwise, audit work would translate to a full-fledged investigation, which would never end, argue experts. However, regulators say that firms should accept fewer audit assignments if they cannot do a proper job.
A SEBI official, who asked not to be named, said that if auditors rely on the reputation of promoters and board members, then investors and regulators do not require statutory auditing of companies. They can directly rely on the company’s reputation and be satisfied, he said. Auditors, who charge hefty fee, should not resort to short cuts, he added. The gap between public’s expectation from auditors and what they can deliver is set to get addressed soon.