Clarity or confusion?

Clare Canning and Lisa Tolaini discuss why FSA proposals extending the responsibilities of auditors may not have the desired consequences

In its most recent consultation paper (Miscellaneous Amendments to the Handbook No. 14) the UK FSA states 'in the light of the recent state of high profile corporate failures both in Europe and across the Atlantic, in particular in relation to misstatements of companies' annual accounts, the area of corporate governance requirements generally is under considerable scrutiny'.

In the same paper, it sets out proposals which would, if implemented, require auditors to review the internal controls of all listed companies. So, too, it is anticipated that the financial reporting forthcoming review of the terms of guidance on internal control and risk management will propose requirements for auditors to make a judgement on a company's internal controls. Finally, in a similar vein, as part of the DTI's review of company law, the UK Government, in its White Paper Modernising Company Law, has said that public and large private companies will be required to publish an 'auditor-reviewed' operating and financial review (OFR) as part of their annual report. This would provide a view of the business, its performance, plans and prospects, and any other information which the directors judge necessary for a proper understanding of the business.

All of these proposals, if implemented, will have a significant impact on the scope of the work the auditor will be required to undertake. It has been said that the FSA's proposals will set out clearly the areas of responsibility for auditors, but, on closer analysis, is there a danger that these new audit requirements will yet again widen the perception gap between the business community's reliance on the audit function and the reality of what an audit can sensibly achieve?

Key areas

The new rules will cover 10 key auditing and accounting areas, most importantly including a review of the effectiveness of a company's internal controls covering all material risks, including financial, operational, compliance and risk management. For the first time it appears that the auditor's duty will be expanded beyond reporting on the financial statements of the company.

The proposals raise important questions for the auditor. In order adequately to assess the robustness of a company's internal controls will the auditor be required to have more detailed knowledge of his client's business, processes and systems? Will he or she need to obtain a greater understanding of how his client's business operates and is managed than is currently needed to fulfil the audit function? For example, in order to test a client's compliance function effectively will the auditor need to cast himself in the role of compliance officer? And, if so, where will the role of the compliance officer end and that of the auditor begin? What will be the cost of this additional audit work? Is the audit client really going to be happy to pick up the cost without increasing pressure on fees?

Although obtaining an in-depth knowledge of a client's business may not present many difficulties with a small company, in a large enterprise with a wide portfolio of business is the auditor best placed to assess the company's internal controls? Where a detailed consideration of the company, its business systems, know-how and specialised areas is called for, surely the most appropriate candidate to take responsibility for evaluating these functions would be an internal function, such as the audit committee who are better placed to make such an assessment. Is placing the responsibility in the hands of the auditor simply a fig leaf to cover up the problems raised by ineffective corporate governance? Should the regulators not be looking at ensuring that appropriately qualified individuals are appointed as non-executive directors and that the audit committee fulfils its role of management watchdog that actually has teeth? Or is it just simply easier to expect the auditor to investigate and report on these matters and, as a consequence, provide an easy scapegoat should things go wrong?

The purpose of an audit is to ensure that the financial statements presented by a company represent a true and fair view of its financial position. Contrary to widely held public perceptions, the auditor does not concern himself with the general health of, or commercial sense behind, the company. Although, as part of his understanding of his client's business, the auditor will familiarise himself with the company's products, business systems and controls, his focus is on satisfying himself as to the adequacy and reliability of the company's financial records. The FSA and DTI proposals bring into focus once more the issue of what the auditor is expected to report on and, as a consequence, take responsibility for.

Expectations

The implementation of the proposals will not only increase the level of audit fees (experience in the US, following the implementation of Sarbanes-Oxley, suggest that fee levels may rise by 25%-35%), but, more importantly, the expectations of those reading the auditor's report. Even at present, the public perception is that the auditor has much greater involvement in and responsibility for a company's financial statements. If these new proposals take effect, will the business community and the public at large perceive a clean audit opinion as a 'clean bill of health' for the company concerned?

It seems to us that the question for the FSA and the DTI is whether extending the scope of the auditor's duties as proposed will prevent the occurrence, in reality, of financial collapses such an Enron and Parmalat, or will it simply extend the causes of action a client and its shareholders will have against their auditor? In an environment of unlimited liability, will the risk of such exposure deter auditors from undertaking the audit of complex or high risk businesses? No one can criticise the introduction of a regime of increased vigilance and accountability. However, such a regime needs to be well thought out, clear and effective. The auditor is the obvious easy target to be the watchdog for corporate governance, but the real question is whether he is the right target.

Clare Canning is a partner and Lisa Tolaini an associate at Barlow Lyde & Gilbert's Professional Liability & Commercial Litigation Group.