31 Jul 2019
Corporate governance is a shared responsibility. It’s not just on auditors.
When a company falters, who takes the blame? Did the financial statements fail to communicate the underlying performance of the company? Were the disclosures inadequate in highlighting the key assumptions and judgements made when estimating the fair value of certain assets? Are investors aware that not all profits are the same, and that the accounting standards do not require companies to clearly differentiate between unrealised and realised profits in the income statement? Unrealised profits could potentially be reversed until they are, well, realised.
Auditors are not the sole guardians of public interest. Multiple stakeholders have a shared responsibility in this regard.
ROLES AND RESPONSIBILITIES
The corporate governance ecosystem is an intricate balance of multiple participants playing specific roles in directing and controlling an organisation’s activities so that long-term value is generated. At the entity level, the Board of Directors (Board) work hand in hand with its management, audit committee (AC), internal auditors and independent external auditors to maintain effective financial reporting and governance systems. Externally, standard setters, regulators and enforcement agencies complete the ecosystem through implementing regulations and standards, monitoring compliance and investigating and prosecuting governance and other failures. Of course, education and training provide the basic raw materials and ingredients for the foundation of building public trust.
Under the Companies Act, the Board is responsible for:
- Complying with accounting standards issued by Accounting Standards Council (ASC), and preparing financial statements that give a true and fair view of the financial position and performance of the company, and
- Maintaining a system of internal accounting controls and keeping proper accounting and other records to enable the preparation of true and fair financial statements.
In this respect, the competency and quality of the Chief Financial Officer (CFO) and finance team is crucial, especially given the increasing complexity of accounting standards. A weak finance team will place over-reliance on the external auditors, causing an imbalance in the ecosystem. Currently, there are no regulations governing the minimum criteria and responsibilities of CFOs and preparers of financial statements in Singapore, unlike in some jurisdictions where they are regulated by law, and where they have personal liability.
The AC assists the Board to fulfil its oversight responsibilities. Under the Companies Act, the AC is required to review the auditor’s scope of work and financial statements, among others.
Throughout the audit, three-way communication among the Board, AC and management takes place to ensure that key matters that affect the financial statements are brought to the timely attention of the relevant parties to be resolved.
WHAT IS THE AUDITOR’S ROLE?
In the whole scheme of things, the auditor’s role is to express an independent opinion on the financial statements. In conducting the audit, the overall objectives of the auditor are:
- To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared in all material respects, in accordance with an applicable financial reporting framework, and
- To report on the financial statements, and communicate as required by the Singapore Standards on Auditing (SSAs), in accordance with the auditor’s findings.
The audit process is intensive, long drawn, and multifaceted. It goes beyond sighting documents and vouching invoices. It requires strategic thinking, professional judgement and professional scepticism throughout the entire process. Every public accountant and accounting entity in Singapore must also comply with relevant ethical requirements – the Code of Professional Conduct and Ethics (ISCA’s EP 100/ACRA Code) and ISCA’s EP 200 on Anti-Money Laundering and Countering the Financing of Terrorism. This includes complying with the independence requirements and fundamental principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour.
The requirements of the SSAs are comprehensive. For example, the auditor is required to understand the entity’s business model, risks, and internal controls, to identify unusual transactions or transactions lacking economic substance. A good understanding of the entity and its environment will provide the appropriate mindset and competence for the auditor to apply professional scepticism when gathering audit evidence.
At this juncture, it is worthwhile to note that the audit opinion does not assure the future viability of the entity nor the efficiency or effectiveness with which management has conducted the affairs of the entity. An unqualified (or clean) audit opinion provides a reasonable assurance that the financial statements are prepared in all material respects in accordance with Singapore Financial Reporting Standards (International) (SFRS(I)s). That said, an auditor earns his keep by exercising judgement and communicating that judgement. A complex process is distilled into a few pages of the auditor’s report.
On the going concern agenda
Such understanding is central to the auditor’s judgement on the entity as a going concern. Simply put, a going concern is a business that functions without the threat or necessity of liquidation for the foreseeable future, typically measured as at least the next 12 months. Such an assessment may entail complex management forecasts and assumptions, requiring the auditor to have a good grasp of the business and its industry in order to make a judgement call. The initial assessment of the entity operating under the going concern assumption is made by management. This is management’s responsibility and requires significant judgement to be exercised in a robust manner. Management needs to select the appropriate factors that impact the entity’s ability to operate in the future and management needs to have appropriate plans to ensure that the entity has the available funds they need to operate in the future. The external auditor then assesses the appropriateness of management’s assessment. It is not the external auditor who is primarily responsible for the going concern assessment – this remains a task for management of the company. And management does not provide any guarantees on the going concern of their organisations.
If there are material uncertainties on the entity as a going concern, the auditor needs to highlight this in a separate section under their auditor’s report and ensure other necessary disclosures. However, users of financial statements have to be mindful that businesses fail due to a large variety of reasons, sometimes arising from poor business decisions, at other times arising from changes in the business environment. Businesses can fail because of market forces beyond their control; for example, an oil and gas company can go out of business shortly after a clean audit opinion has been issued due to a crash in crude oil prices. An unmodified or clean audit report does not guarantee the viability and sustainability of a business.
On the fraud agenda
While the primary responsibility for the prevention and detection of fraud rests with those charged with governance of the entity and management, the auditor is required to maintain professional scepticism throughout the audit and consider the potential for management override of controls. However, owing to inherent limitations of an audit, which are particularly significant in the case of misstatement resulting from fraud involving management collusion, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed. This is why an audit provides reasonable assurance and not absolute assurance.
However, there is broad consensus that auditors clearly have a part to play in detecting material fraud relating to financial reporting. In this respect, the auditor is required by the SSAs to identify areas where such risks occur, and design and carry out appropriate procedures to address such risks. When designing audit procedures, the auditor should be selective of the nature and extent of documentation to be examined in support of material transactions, corroborate management explanations or representations concerning material matters and incorporate an element of unpredictability in selecting the nature, timing and extent of audit procedures to be performed. Armed with a thorough understanding of the entity, the auditor should also be able to flag material transactions that are outside the ordinary course of business which do not have a business rationale.
VALUE OF THE AUDITOR
Financial statements users comprise a complex spectrum of stakeholders with diverse needs. While there is no one-size-fits-all audit product, stakeholders do rely on an independent audit opinion to obtain the assurance that a set of financial statements can be relied upon, and hence is useful for decision making. Any unaudited financial information from management would normally be viewed sceptically because management is not independent and has vested interest to paint a positive outlook. Hence, notwithstanding that a clean audit opinion does not assure business success, audit reports are an important component in the entire financial reporting ecosystem. If users cannot trust that the assets reflected on the balance sheet exist, or that revenue numbers relate to actual income made during the period, what good are financial ratios and metrics derived from these numbers that are used in analysing a company’s performance? In a recent UK Competition & Market Authority (CMA) study, it was highlighted that there is overwhelming public interest in the quality of audits, because audited numbers are so important for confidence in capital markets and to investment decisions that affect all of us1. However, users cannot just rely on the financial statements alone to make decisions. Shareholders, for example, could engage with management at annual general meetings and other appropriate fora.
Quality audits also provide value beyond the audit opinion, which may not be apparent from the few pages of audit report which the auditor signs off. Auditors share key insights arising from their independent observations on internal controls and business processes with the Board and AC through management letters. Robust internal controls are essential in preventing and detecting fraud, as fraud typically occurs when there are poorly designed internal controls, or when internal controls are not operating effectively.
Some directors comment that auditors are not sufficiently communicating the value that they bring to the table, causing shareholders to view the audit as a mere compliance exercise, and a commodity. This results in fee pressure, which potentially has a negative impact on time and resources spent on audits, resulting in a decline in audit quality. In this respect, enhancing the current financial statements audit can be in the form of improved communications with stakeholders.
Considering the importance of internal controls in the prevention of fraud, some financial statement users suggest expanding the scope of the auditor’s responsibilities to report on internal controls. They think that such a requirement could be a catalyst for companies to strengthen their internal controls.
While we have observed momentum to reform the profession in other jurisdictions, we should be mindful to adopt aspects that are useful in the local context after a careful cost-benefit analysis to prevent unnecessary costs and over-regulation.
IT IS A COMPLEX WORLD OF ACCOUNTING
Amid recent corporate failures, surveys have been conducted to assess the level of understanding by the public of the role and function of auditors. It is noteworthy that many are unsure of what an auditor does. But more disturbing is that many believe that auditors are responsible for preventing company failures and for fraud prevention. Educating the public and investors on what to expect of the auditors, management and directors is important. Investors need to understand that a clean audit report is not an endorsement of the quality of a company.
A more pressing question is whether users of financial statements understand the financial information presented in financial statements. Do financial statements adequately communicate the underlying performance of the company? SFRS(I)s are increasing in complexity and not many are well versed with its requirements nor able to sieve out from the financial statements, important indicators of the company’s underlying performance and financial risks.
Why are SFRS(I)s complex? Why have we gone beyond basic debits, credits and historical costs? SFRS(I)s aim to provide useful information to different users through financial statements that convey relevant information and faithfully represent transactions that have occurred. Towards this objective, there are increasing requirements for fair value measurement, among others. However, fair value is an estimate and the reliability of such measurement depends on the various inputs and assumptions used. Although preparers of financial statements are responsible for valuation measurements, there is judgement involved on many occasions, and the flip side is more subjective and potentially more volatile financial statements. Notwithstanding the above objective, users of financial statements need to understand the intricacies embedded in the financial statements arising from fair value measurements and make sense of the key assumptions and judgements made when estimating the fair values of certain assets. How can this knowledge gap be bridged, for users to better understand financial statements? The crux is for information provided in the financial statements to be more effectively communicated. To this end, the International Accounting Standards Board, through its Disclosure Initiative project, will develop guidance for use when drafting disclosure requirements. Better disclosure requirements would set the impetus for preparers to improve the disclosure and communication value of their financial statements.
In conclusion, corporate governance is a collective responsibility and the ecosystem cannot function without any one component. There must be proportionality, and commensurate responses. In the event that the auditors, or other parties, are proven to have fallen short of their responsibilities, penalties will be meted out by the regulators. If the individuals involved are members of the ISCA, the Institute may convene a case before the Disciplinary Committee to mete out sanctions, such as suspension of membership.
1 With reference to “Statutory Audit Services Market Study” Final Report, Competition & Markets Authority, 18 April 2019
Lim Ju May is Deputy Director, Technical, ISCA. An abridged version of this article was first published in The Business Times on 26 July 2019.
Share this Page