There can be no guarantees in auditing. On that much, the financial community seems in agreement. But how much assurance can auditors provide when offering their opinion on the soundness of financial statements? How can or should that assurance be measured?
That's a question emerging as corporate failures and incidents of fraud continue to unfold, which has caused investors and regulators to ask auditors, “How could this happen?”
The accounting field has long offered a measure of assurance called “reasonable assurance,” defined in various places throughout accounting literature for audits of both public and private enterprises, but especially in AU Section 230, Due Professional Care in the Performance of Work. By some experts’ description, the rules spend more time describing what’s not reasonable, than what is.
“The standard spends a lot of time saying what auditors shouldn’t do,” said Barbara Roper, director of investor protection for the Consumer Federation of America. “It’s a classic case of a standard written to limit auditors’ liability rather than describe the quality of an audit.”
The Public Company Accounting Oversight Board is studying whether everyone in the financial markets is on the same page in understanding what’s “reasonable” when auditors provide their assurance that a company’s books are clean.
“Investors think that one of the purposes of an audit is to assure that the financial statements are not only free of error, but also free of fraud,” Roper said. “They are suggesting that there’s an unreasonable level of fraud occurring. If this is the quality of financial statements that we get with the current level of reasonable assurance, then we need to define upward what we mean by reasonable assurance.”
Webb
Bruce Webb, national director of auditing for McGladrey & Pullen, agreed that the standard could use some elaboration. “We would support a fresh look at what reasonable assurance is supposed to achieve,” he said. “Everyone understands that an audit is not a guarantee because it’s not a 100 percent examination of all transactions, but I’m not sure there has been an understanding of reasonable assurance.”
At What Point?
Experts say it’s a hard concept to define, however, because it’s a subjective measure based on a variety of factors.
REASONABLE ASSURANCE
The excerpt below is from PCAOB Interim Auditing Standards, AU Section 230: Due Professional Care in the Performance of Work:
.10
The exercise of due professional care allows the auditor to obtain reasonable assurance that the financial statements are free of material misstatement, whether caused by error or fraud. Absolute assurance is not attainable because of the nature of audit evidence and the characteristics of fraud. Therefore, an audit conducted in accordance with generally accepted auditing standards may not detect a material misstatement. [Paragraph added, effective for audits of financial statements for periods ending on or after December 15, 1997, by Statement on Auditing Standards No. 82.]
.11
The independent auditor's objective is to obtain sufficient competent evidential matter to provide him or her with a reasonable basis for forming an opinion. The nature of most evidence derives, in part, from the concept of selective testing of the data being audited, which involves judgment regarding both the areas to be tested and the nature, timing, and extent of the tests to be performed. In addition, judgment is required in interpreting the results of audit testing and evaluating audit evidence. Even with good faith and integrity, mistakes and errors in judgment can be made. Furthermore, accounting presentations contain accounting estimates, the measurement of which is inherently uncertain and depends on the outcome of future events. The auditor exercises professional judgment in evaluating the reasonableness of accounting estimates based on information that could reasonably be expected to be available prior to the completion of field work. As a result of these factors, in the great majority of cases, the auditor has to rely on evidence that is persuasive rather than convincing. [Paragraph added, effective for audits of financial statements for periods ending on or after December 15, 1997, by Statement on Auditing Standards No. 82.]
.12
Because of the characteristics of fraud, a properly planned and performed audit may not detect a material misstatement. Characteristics of fraud include (a) concealment through collusion among management, employees, or third parties; (b) withheld, misrepresented, or falsified documentation; and (c) the ability of management to override or instruct others to override what otherwise appears to be effective controls. For example, auditing procedures may be ineffective for detecting an intentional misstatement that is concealed through collusion among personnel within the entity and third parties or among management or employees of the entity. Collusion may cause the auditor who has properly performed the audit to conclude that evidence provided is persuasive when it is, in fact, false. In addition, an audit conducted in accordance with generally accepted auditing standards rarely involves authentication of documentation, nor are auditors trained as or expected to be experts in such authentication. Furthermore, an auditor may not discover the existence of a modification of documentation through a side agreement that management or a third party has not disclosed. Finally, management has the ability to directly or indirectly manipulate accounting records and present fraudulent financial information by overriding controls in unpredictable ways. [Paragraph added, effective for audits of financial statements for periods ending on or after December 15, 1997, by Statement on Auditing Standards No. 82. As amended, effective for audits of financial statements for periods beginning on or after December 15, 2002, by Statement on Auditing Standards No. 99.]
.13
Since the auditor's opinion on the financial statements is based on the concept of obtaining reasonable assurance, the auditor is not an insurer and his or her report does not constitute a guarantee. Therefore, the subsequent discovery that a material misstatement, whether from error or fraud, exists in the financial statements does not, in and of itself, evidence (a) failure to obtain reasonable assurance, (b) inadequate planning, performance, or judgment, (c) the absence of due professional care, or (d) a failure to comply with generally accepted auditing standards. [Paragraph added, effective for audits of financial statements for periods ending on or after December 15, 1997, by Statement on Auditing Standards No. 82.]
Source
PCAOB Interim Auditing Standards, AU Section 230: Due Professional Care in the Performance of Work
Landes
“Those of us who have been in the profession a number of years as auditors don’t view reasonable assurance as a simple, single-dimensional concept,” said Chuck Landes, vice president of the Professional Standards and Services Group of the American Institute of Certified Public Accountants. “There are other factors. The audit needs to be performed within economic limits. There needs to be some context of cost benefit applied to the auditor’s work.”
Landes said he sees the potential for a higher defined level of assurance going the direction of Sarbanes-Oxley Section 404 compliance, where companies and auditors have arm-wrestled over how much testing is necessary to offer assurance that internal controls over financial reporting are adequate. “The more transactions an auditor looks at in an audit, the more assurance the auditor can convey because they’ve looked at more evidence,” he said. “But at what point is enough enough since the audit cannot provide a guarantee? When do I stop auditing?”
It’s a risk-based, judgment call, Landes said, not unlike the debate swirling over how much internal control testing is enough. “What’s the environment?” he said. “Is more work necessary in this situation because of the risks that are present?”
Though Webb and Landes have differing perspectives on the need for more definition in the standard, they agreed that any language about reasonable assurance has to allow for judgment.
“I don’t’ think you could ever take the professional judgment out of the audit,” Webb said. “Within the rules, firms have established their own methodologies and made different decisions about how many samples to test.”
Current rules on reasonable assurance say auditors are required to “obtain sufficient competent evidential matter to provide him or her with a reasonable basis for forming an opinion.” Yet as 2004 inspection reports on audit firm continue to roll onto the PCAOB Web site, most reports contain some admonition from inspectors that auditors rendered opinions without gathering sufficient evidence.
Kellas
John Kellas, chairman of the International Auditing and Assurance Standards Board, said the European Federation of Accountants considered a similar project to further define expected assurance levels, but abandoned it. He shared concerns about how a subjective concept such as reasonable assurance can be measured.
As an example, “I would expect an auditor to be more sure about cash flow than about the actuarial liabilities of an insurance company,” he said. “The amount of assurance that one can reasonably expect will almost certainly differ depending on the item.”
Kellas agreed the term is worthy of description but shouldn’t be given higher priority than other standard-setting activities that seek to set higher audit performance standards.
“It’s a good thing for people to understand the terms we’re talking about, but this would be an extensive exercise to be done properly, and at present it would divert resources” away from other audit standard setting activities, Kellas said.
No comments yet