Who Oversees Offshored Audit Work?

The emerging practice of sending audit work to low-cost overseas firms is giving corporate audit committees yet another question to ask their external audit firms: Who’s actually doing their audits.

The Big 4 firms are increasingly—but quietly—sending low-risk, mechanical tasks associated with the audits of public companies to overseas affiliates, where labor is cheaper. The practice isn’t prohibited per se, but auditing experts say it raises numerous questions about exactly who is doing what work, the control and oversight over such work, the cost savings it generates, and the transparency of such work to regulators and the client companies themselves.

The Big 4 firms have discussed their offshoring experiments openly at various academic forums, and it was the subject of a recent academic paper. All four firms, however—Deloitte & Touche, Ernst & Young, KPMG, and PricewaterhouseCoopers—have declined to discuss it with Compliance Week.

Daugherty

Brian Daugherty, professor at the University of Wisconsin and co-author of the recent study, says he hasn’t yet been able to determine whether auditing firms are informing clients when parts of their audits are sent overseas; nor do any auditing standards specifically require such disclosure.

As such, he says, audit committees may have no choice but to ask.

Existing standards require an audit firm to disclose when it plans to share confidential client information with a third party to assist with the audit, Daugherty says. But if the firm is simply shipping work to overseas affiliates—which seems to be what’s happening—those standards might not apply.

“The audit committee should be told from the point of view that the audit firm is trying to reduce costs. That should be passed on to the benefit of the company.”

— Fred Lipman,

Partner,

Blank Rome

“The firms are probably not required to inform their clients when using their own affiliated offshore entity,” he says. “But this may become subject to future regulation or guidance.”

Fred Lipman, a partner with the law firm Blank Rome and president of the Association of Audit Committee Members, says offshoring certain portions of the audit shouldn’t necessarily be a major concern for audit committees. But they should be aware of the offshoring itself for multiple reasons.

Lipman

Above all, Lipman says, companies should confirm that their confidential financial data is secure. They should also question whether the quality of the audit work is adequate, and assure that they are sharing in any cost savings.

“The audit committee should be told from the point of view that the audit firm is trying to reduce costs,” he says. “That should be passed on to the benefit of the company. Audit firms should be bragging about the fact that they’re reducing cost in 2009.”

Rick Ueltschy, an executive with second-tier audit firm Crowe Horwath, says his firm remains unconvinced that offshoring U.S. audit work really benefits anyone, partly because auditors making sensitive judgment calls need a close understanding of the administrative tasks behind those decisions. But if offshoring is done, “It’s simply good policy for the auditor to be transparent about how the audit will be delivered,” he says. “Audit committee members would consider it relevant to their oversight. And if they think it’s relevant to their oversight, in general I think we ought to provide it.”

ACT WITH INTEGRITY

AICPA Integrity and Objectivity Rule:

.01 In the performance of any professional service, a member shall maintain objectivity and integrity, shall be free of conflicts of interest, and shall not knowingly misrepresent facts or subordinate his or her judgment to others.

Integrity and Objectivity

.02 102-1—Knowing misrepresentations in the preparation of financial statements or records.

A member shall be considered to have knowingly misrepresented facts in violation of rule 102 [ET section 102.01] when he or she knowingly—

a. Makes, or permits or directs another to make, materially false and misleading entries in an entity’s financial statements or records; or

b. Fails to correct an entity’s financial statements or records that are materially false and misleading when he or she has the authority to record an entry; or

c. Signs, or permits or directs another to sign, a document containing materially false and misleading information.

.03 102-2—Conflicts of interest.

A conflict of interest may occur if a member performs a professional service for a client or employer and the member or his or her firm has a relationship with another person, entity, product, or service that could, in the member’s professional judgment, be viewed by the client, employer, or other appropriate parties as impairing the member’s objectivity. If the member believes that the professional service can be performed with objectivity, and the relationship is disclosed to and consent is obtained from such client, employer, or other appropriate parties, the rule shall not operate to prohibit the performance of the professional service. When making the disclosure, the member should consider Rule 301, Confidential Client Information [ET section 301.01].

Certain professional engagements, such as audits, reviews, and other attest services, require independence. Independence impairments under rule 101 [ET section 101.01], its interpretations, and rulings cannot be eliminated by such disclosure and consent.

The following are examples, not all-inclusive, of situations that should cause a member to consider whether or not the client, employer, or other appropriate parties could view the relationship as impairing the member's objectivity:

A member has been asked to perform litigation services for the plaintiff in connection with a lawsuit filed against a client of the member’s firm.

A member has provided tax or personal financial planning (PFP) services for a married couple who are undergoing a divorce, and the member has been asked to provide the services for both parties during the divorce proceedings.

In connection with a PFP engagement, a member plans to suggest that the client invest in a business in which he or she has a financial interest.

A member provides tax or PFP services for several members of a family who may have opposing interests.

A member has a significant financial interest, is a member of management, or is in a position of influence in a company that is a major competitor of a client for which the member performs management consulting services.

A member serves on a city’s board of tax appeals, which considers matters involving several of the member’s tax clients.

A member has been approached to provide services in connection with the purchase of real estate from a client of the member’s firm.

A member refers a PFP or tax client to an insurance broker or other service provider, which refers clients to the member under an exclusive arrangement to do so.

A member recommends or refers a client to a service bureau in which the member or partner(s) in the member's firm hold material financial interest(s).

The above examples are not intended to be all-inclusive.

Source

AICPA Integrity and Objectivity Rule (Jan. 12, 1988).

When audit committees are selecting an external auditor, they typically ask lots of questions about how the audit will be done and how the committee can reach audit staff with questions along the way, Ueltschy says. Often, they equate geography with accessibility to the audit team. “They want to understand where the staff is going to come from and how they’re all going to work together,” he says.

Ueltschy

Like Daugherty, Ueltschy also believes no specific auditing standard requires an auditing firm to disclose plans to offshore portions of the audit. “You probably can get to that answer if you take a standards-based approach,” he says. “But I’d say that’s an unrealistic position … because audit committees will believe they have a right to understand how you execute the audit, so they can determine if they’re supervising the activity appropriately.”

Wayne Kerr, a senior consultant at audit consulting firm AuditWatch, says an auditing firm’s decision on how to staff an audit—whether with U.S. or overseas staff—is an internal matter for the firm itself. “You wouldn’t typically discuss with the audit committee how much the people taking care of your copy machines were charging you,” he says. “An administrative process [associated with conducting the audit] may be similar to that.”

Kerr

On the other hand, if auditing firms are sending sensitive data abroad, that could be construed as more significant than an administrative matter. “It’s a fine line,” Kerr says. “How material is the service? What is the actual service being sent overseas?”

Jeff Hodinko, a senior manager also at AuditWatch, says audit committees definitely should know if their financial data is being sent abroad. He equated that practice to outsourcing, or sending data to a third party beyond the audit firm’s own staff.

Hodinko

“When you look at the guidance and the rules that are out there related to communicating about outsourcing, the focus is on making sure the company is aware of where its data is going, so it has control over its data,” he says. “The audit committee has to know who has access to its data and how it is controlled when it’s shipped offshore.”

Kerr says offshoring will probably become the topic of new rulemaking sometime soon, especially because of the confidentiality concern. Ueltschy says confidentiality is perhaps the most significant worry associated with offshoring audit work.

“The further the reach of people involved, the more risk you have,” Ueltschy says. “That’s not to say you can’t control it effectively, but it’s pretty high on the list of concerns.”