It's hard to blog about accounting. Heck, you could probably use this blog as damning evidence of that hypothesis. So it's worth repeating something I've said before: Oliver Tant's blog over at the KPMG blog site is absolutely compelling reading.
His latest piece doesn't disappoint. He's writing about the future of assurance. What sorts of assurance services might professional accountants offer if we free ourselves from our current regulatory shackles and historical paradigms?
Tant proposes three big ideas: the forward looking audit; a change in focus from assuring numbers to assuring systems, controls and behaviour; and integration of financial data, narrative reporting and the audit report. In order for auditors to be able to innovate, he cautions that there will need to be mutual trust and collaboration. In other words, a meaningful way for auditors to limit their liability.
This is interesting and thought-provoking stuff. So, without responding to the piece point by point, I have the following reflections:
The forward looking audit sounds great. But Tant is a bit vague about to whom these reports will be addressed. I don't suppose there is any way they could be public reports. But could they realistically go to shareholders? Or is it just management?
I don't really like the use of the term "audit" to refer to anything other than the provision of an assurance report over historical financial information. I know this makes me a bit of a fuddy duddy; lots of services are typically called audits, especially in the public sector. But I think it's dangerous to muddy the meaning beyond its statutory term.
This risk feels particularly acute when you're changing the direction of an audit by 180°. People already unreasonably expect auditors to have perfect foresight. How much worse will it be if auditors start commending on management's predictions? These future "audits" (if we accept Tant's lexicon) will need lots of cojones. Evidence about historical financial information is one thing: you can always look at invoices, bank records or talk to management. But the future is, to paraphrase, another country. They ain't done anything there... yet.
A 2003 report from ICAEW provided some guidance for directors on how to prepare prospective financial information: basically you must prepare it on the same basis you would your historic financial information. So, when the future eventually becomes the past, you can compare like with like (at least to the extent that GAAP doesn't change). But I sense that Tant wants to go far beyond a short term view. His ambition is as terrifying as it is delicious. But I'm glad he's thinking this expansively.
The concept of an audit that's less concerned with numbers doesn't feel new to me. It's the direction audit has been taking for a while now. But it's not risk-free. Fraud ultimately boils down to hiding liabilities or deferring expenses. Without a good understanding of the numbers themselves, it's possible to get mesmerised by systems and people. Since companies first began reporting, this has been happening. People who want to believe will use their judgment about directors and good-looking systems to overlook iffy numbers or the possibility of fraud. Enron, it's said, had exemplary corporate policies, even in respect of ethics. It's good to rely on systems, but you can go too far.
The idea of a more integrated form of reporting, under which management and auditor reporting are weaved together into a single, compelling narrative is also thrilling. But it too comes with risks attached. Does it provide a deeper understanding for shareholders or does it merely blur the responsibilities for preparing the financial statements and supporting information? The general public already seem to think that auditors prepare the financial accounts and are responsible to everyone in the world for their opinion. And predictions that turn out wrong are often used as evidence that the auditor's judgment was wrong. A report that makes it less clear what is the auditor's responsibility (ie the audit report) and what's management's responsibility (everything else) can only exacerbate the public's confusion.
So ultimately, Tant is right that, if we really want auditors to do more, we have to protect them, both with limitations on their liability but also with a much better behaviour from regulators. Regulators have been too swift to blame auditors for every crisis, and have failed to recognise the extent to which regulation itself contributed to it. Fear of financial annihilation prevents auditors from innovating outside the narrow confines of the statutory audit. So we have to do more to protect them. Tant shows us that auditors have good ideas. Can our regulators show us that they can be similarly enlightened? Let's hope so.
Posted from WordPress for Android. Post may be amended or reformatted later.