This report is, in two respects, a model of its kind. It
draws extensively on relevant academic research and it engages directly with
those who responded to the Call for Views. Both of these features are unusual
in this type of review: academic research is often cherry-picked simply to
provide evidence for assertions of the authors and there is rarely any
indication of how consultation responses have fed into the thinking behind the
report.
I would have liked to have seen more general reflection on
the role of audit in the structure of accountability. The report emphasises the
role of audit in the supply of confidence (and I'm now wondering how confidence
is related to what I termed comfort in
my work on audit committees) but does not explore where audit sits in the
investment intermediary chain, where confidence is crucial but accountability
is blurred.
Another area which deserves exploration is the challenge of
getting shareholders to engage: the owners/traders issue is relevant to the
role of audit.
It would also have been useful to see some discussion of
audit evidence: the work of
Peter Wolnizer on auditing as independent authentication has been unjustly
neglected.
The idea of an audit profession which recognises audit
beyond the financial is interesting: this could usefully clarify the boundaries
of financial audit. I remember engaging in heated discussions about the meaning
of the word audit with the senior management at my university when the term
"quality audit" crept into their discourse, before the publication of
Michael Power's "The Audit Society". Multidisciplinary training for
this new breed of auditors would indeed be essential.
The comments on the audit committee were also interesting.
It is a long time since I interviewed AC members but it is clear that the
demanding role placed on members has increased greatly. I remain baffled as to
how anyone can chair, or even be a member of, more than one large and complex
plc AC. The proposal that membership should be broadened away from those with a
purely financial background is important but more needs to be understood about
AC dynamics before further requirements about membership are introduced. The
suggestion that NEDs don't fully understand the role of external audit is
worrying.
I found this interesting:
"10.2.2 A simple mechanism to enable the workforce to
raise issues around risks and assurance should be developed in each company, so
that the designated director (or other mechanism) be the recipient of those
inputs. The company should then have an obligation to respond to the workforce
as to the way in which it has reacted to their requests."
I remember interviewing internal auditors in the 1990s about
the processes underpinning risk reporting: at least one FTSE 100 company at
that time had such a system and based its determination of its risk universe on
feedback from employees.
Two parts of the report made me cheer.
"18.0.3 In essence, it can be argued that there are no
correct values as these all depend on informed estimates about the future of
one kind or another." If only this was more widely recognised!
Numbers carry a misleading aura of certainty: Ted Porter
analysed this effect in "Trust
in Numbers" but it is rarely explicitly discussed in the context
of financial reporting.
And this:
"26.1.5 It is too seductive for people to retreat behind
a best practice defence of their actions. What matters is that the right
practice has been followed and that may well be different in different
companies and at different times. What matters is what is right for a
particular company, with its particular problems and its particular management
at this particular moment given its particular circumstances. Best practice
concepts drive out innovation as it is always safer to go with the herd and
claim that an action is best practice rather than take a bolder and individual
step. Best practice defences are based on backward looking analysis. Of course,
good practice must be faithful to an enduring set of principles. "
I have long believed that the words "best
practice" are very misleading. Who decides what best practice actually
is?
We need to acknowledge the contextual nature of financial
reporting and thus of audit. Standardisation implies homogeneity but companies
are all different. Why shouldn't audit approaches differ too, depending on the
context?
And where does the role of judgement fit in? I have only
looked at a few of the consultation responses so far but I was very struck by
the one from Andrew Likierman in which he provides a very useful framework for
the analysis of professional judgement.
It will be very interesting to see how this important report
is taken forward. The demands placed on the future ARGA are very significant:
ideally the design and constitution of ARGA will take these recommendations
into account.
