CHAPTER 12

Final Considerations About Auditing

In this chapter, we discuss why corporate governance and differences in the international regulation of auditing practice are of importance. This chapter discusses so-called “meta-issues”, issues above and beyond the specific auditing standards used. Specifically, we discuss:

• corporate governance and its implications for auditors;
• auditor regulation in different venues;
• financial reporting standards (International Financial Reporting Standards [IFRS], Generally Accepted Accounting Principles [GAAP]) and their implications for understanding audited financial statements; and
• implications for researchers, practitioners, and students.

Investopedia defines corporate governance as:

The system of rules, practices, and processes by which a company is directed and controlled. Corporate governance essentially involves balancing the interests of the many stakeholders in a company—these include its shareholders, management, customers, suppliers, financiers, government, and the community. Because corporate governance also provides the framework for achieving a company’s objectives, it encompasses practically every sphere of management, from action plans and internal controls to performance measurement and corporate disclosure.

Source: http://www.investopedia.com/terms/cZcorporategovernance.asp

There are many definitions of corporate governance which incorporate the issues discussed above. A much cited, although fairly narrow definition of corporate governance is given by Shleifer and Vishny (1997). Their definition emphasizes the separation of ownership and control in corporations. They define corporate governance as dealing with “the ways in which the suppliers of finance to corporations assure themselves of getting a return on their investment.”

1. What should the user of this book know about corporate governance structures with particular reference to differences in international corporate governance structures?

   Corporate governance has been the subject of a great deal of discussion for years. Such scandals as Enron and WorldCom in the United States and others overseas have raised questions as to how could this have happened? The remedy, which impacted both auditors and corporate management in the United States, was conceived to be the Sarbanes-Oxley Act (SOX) of 2002, which has been discussed in prior chapters but will be repeated here. In essence though, SOX seeks to strengthen corporate governance systems in response to corporate failures. However, there have been arguments that the costs of implementation far exceed the benefits. And it is important to note that no matter how well a governance system is designed, fraud could still be perpetrated if parties collude.

   The general topic of corporate governance is much too broad for discussion in this book. For example, different nations have different company laws. Further, there is no national company law in the United States. Instead, each of the 50 states has its own company law. With respect to the European Union, these laws are described by Qfinance.com as “the body of legislation that relates to the formation, status, conduct, and corporate governance” http://europa.eu/legislation_summaries/internal_market/businesses/company_law/l26016_en.htm. The Qfinance.com link also provides a good summary of different administrative arrangements found in the European Union member state company laws. Specifically, it summarizes the responsibilities of EU-wide company boards that have two tier systems (management boards and supervisory boards) and one tier systems (just supervisory boards). Summaries of company law for other entities, state-based (as in the case of the United States) or national (as in the case of each of the countries in the European Union), can be found elsewhere.

   In addition to the company law itself, it is also important to understand the different penalty arrangements that exist for discovered violations of these laws. Further, the ability of the regulator to discover violations of required corporate governance practices, their willingness to attempt to sanction discovered violations, and the ability of the potentially sanctioned firms to fight back successfully, given different legal codes (some are more investor-friendly than others) and differing cultural acceptance of law violations (some cultures are more severe than others, in part depending on the nature of the law violation) make this a difficult topic to pursue here. To underscore this difficulty, we note that the ISA have been adopted in whole or in part in well over 100 nations. Accordingly, we note that it is in the interest of the reader to understand the corporate governance practices of the client entities that they are most interested in.

   Whereas corporate governance practices may follow general trends within particular countries, practices that outwardly conform to the laws of those nations, the reality of how a corporate entity is actually governed may be different than that of general practice. For example, firms in different nations may differ based on how closely the firms voting rights of a firm’s stock equals the cash flow rights of a firm’s stock. In some nations, for example, Taiwan, some shares of stock only have rights to receive dividend distributions but cannot vote for members of the board of directors. These investors are said to have cash flow rights. Rights to vote for members of the board of directors are reserved to a kind of stock that specifically has that right, that is, voting rights. This has implications for control of the corporation and the ability of all the shareholders to correct situations that are perceived to be undesirable. In some nations, there are supervisory boards of directors and regular boards of directors (the so-called two tier director system mentioned above). In others, for example, Germany, representatives of the workers are guaranteed a position on the boards of directors. Finding out just how closely the corporate entity’s actual practices are to the legal requirements of the nation or the supranational entity (e.g., the European Union as mentioned earlier as well) it is domiciled in is likely to be extremely difficult. Because these are legal, not auditing standard-based, questions, we only suggest ways to approach them. Standards that affect auditors’ behavior are only relevant when the standards require the auditor to report things or not report things that contravene the law.

   Auditors, though, are in a much better position to find out how an entity is actually run. Auditors may find that the reality of having worker representation differs from the ideal of having worker representation on the board, in that a review of the board of director minutes shows that the worker representative is no more supportive of worker interests than others on the board. Further, unlike students, managers of other entities, and researchers, the auditor may interact on a daily basis with the entity’s management. In addition, the auditors must develop an understanding of the entity. Accordingly, the auditor will certainly have the ability to develop an understanding of the corporate governance of the firm because of these activities. These were discussed in earlier chapters. In addition, the auditor must know what the legal requirements are for corporate governance practices in the country that entity is domiciled in (its legal home). The auditor must also understand the legal obligations of the auditor with respect to reporting any violation of legal governance arrangements to external (outside the entity) governmental agencies. These requirements may differ widely between jurisdictions (nations). Auditors, of course, should always know whether they have the obligation—or whether it just is prudent—to consult with legal counsel before reporting any reportable governance infraction to higher authorities in a particular jurisdiction. Legal standards always trump auditing standards set forth by the ISA or the PCAOB or the AICPA ASB. As a standard setter, the ISA differs notably from the PCAOB or even the AICPA ASB in that the ISA seeks to establish uniform auditing standards across over 100 national entities. Accordingly, while PCAOB and AICPA ASB standards can clearly be tailored to meet national legal obligations imposed on the auditing profession, ISA standards cannot. This does not prevent, however, individual nations (e.g., the Union of South Africa) from adopting most ISA but rejecting or substituting its own variant of some ISA. The same is true for the United Kingdom and Germany as well. The German standards, for example, are set by the Institut der Wirtschaftsprufer (IDW). It tailors ISA to address differences that arise due to regulatory and legal requirements specific to Germany. The United Kingdom standards are set by the Auditing Practices Board part of the Financial Reporting Council. It also tailors ISA to meet local legal and regulatory requirements. The key takeaway from this discussion therefore is that managers, students, and researchers should use this book as a general guide for comparing ISA, PCAOB, and AICPA ASB standards. Specific differences from the ISA may exist within different countries. Accordingly, depending on the circumstances, the reader may wish to seek expert guidance on national adaptations of auditing standards adopted within specific countries.

   Individuals who are seeking to understand or judge the auditor’s performance should develop resources relevant to answering the questions they may have about auditing and auditor performance as well as about issues pertinent to the governance of corporations in different countries. Developing these answers, though, is costly— in terms of time if not necessarily in dollars or euros. Accordingly, readers should ask themselves whether they have enough reason to seek the answer to the questions they have. Accordingly, we pose the following questions:

   • What are the legally acceptable corporate governance practices in a nation of interest?
   • What are the auditor’s legal reporting obligations; should the auditor have uncovered a difference between the way a corporate entity actually governs itself and the way it is legally required to govern itself?
   • What are the differences between ISA and national adaptations of ISA to meet specific national legal and regulatory requirements such as exist in the Union of South Africa, Germany, and the United Kingdom?
2. What should the user of this book know about regulation of auditing within countries of interest?

   In this book, we have presented an overview of auditing with a discussion of three different sources of auditing standards: The ISA, the AICPA ASB standards, and the PCAOB standards. We have discussed the similarities and differences primarily between the ISA and PCAOB standards in order to enhance the reader’s understanding of what it means when Auditor A in Country A conducts an audit according to the ISA whereas Auditor A in Country B conducts an audit according to PCAOB standards. The AICPA ASB standards were referred to when we thought referring to them would be of particular interest. Even so, the setting of auditing standards is one aspect of auditing regulation. The standards provide guidelines (some more restrictive than others) for auditor behavior. Standards, by themselves, though, will not always govern auditor behavior. It is not to be expected that just because a standard, a guideline for behavior, exists that the auditor will automatically follow the standards. Auditors may stray because of human error or willful noncompliance with the standards. We noted early on in this book that the PCAOB was created in the SOX of 2002 because of the furor that greeted the revelation of the Enron and other scandals. In the aftermath of the financial crisis that began in 2008, the European Union was also moved to rethink regulation of auditing. Accordingly, how auditors are regulated is an additional issue that the user of this book should think about. Specifically, what mechanisms are in place to help ensure that auditors follow the standards in place, whether ISA, PCAOB standards AICPA ASB standards, or all three? Describing the various regulatory initiatives in place or contemplated is beyond the scope of this book. In this section, however, we do suggest various questions the reader may pose to themselves in deciding whether to research this important topic further. The questions are:

   • How is the auditing profession regulated in reader’s nation?

     (Note, different nations—including nations within the European Union—have different auditing regulatory bodies. The United Kingdom, for example, has the Auditing Inspection Unit part of the Financial Regulatory Council, and Germany has the WPK (Wirtschaftsprüferkammer, also known as the Chamber of Public Accountants), whereas Japan has the Japanese Institute of Certified Public Accountants (JICPA). The last named oversees the process in which audit firms undergo review by their peer firms.

     • Regulation of auditors includes ways to gather information about the quality of audits conducted by the auditor. The reader might, therefore, be interested in learning:

       —Is an auditor’s work inspected or doublechecked by either the national regulatory agency (e.g., the PCAOB or in the United Kingdom, the Audit Inspection Unit of the Financial Reporting Council) or, in other nations, private regulatory agencies (e.g., in the United States, the AICPA has the wherewithal to conduct audit quality peer reviews for auditors of nonpublic companies, whereas in Japan, the Japanese Institute of Certified Public Accountants orchestrates audit firm peer reviews) —How thorough are the audit inspection routines if they are conducted?

       —What is the range of penalties that may be imposed on an auditor? For example, in the United States, forbidding an auditing firm from conducting audits would seriously impair the potential financial health of that firm. On the other hand, the audit firm could just be penalized with a fine or receive just a reprimand.

       —Does the regulatory body publish inspection reports on the audit firms specifically or more generally. The PCAOB does, as do other nations like Canada and the United Kingdom.

     • When considering the differences between two audit firms, would it make sense to read the PCAOB or other regulatory body inspection reports?
     • Is there evidence that the audit firm or firms of interest to the reader have improved their audit practice quality over time?

   The information mentioned in the preceding paragraphs may be of use to students, managers and researchers if they wanted to come to an understanding on just how credible the audit reports that accompany the financial statements are. On the surface, at least, jurisdictions that impose stricter penalties for failure to acceptably follow the auditing standards may have better quality audits performed.

3. What should the reader of this book know about the financial accounting standards used in creating the financial statements? How do differences between sources (e.g., IFRS versus U.S. GAAP) affect the financial statements and affect the reader’s understanding of audit opinions delivered on IFRS-based financial statements versus U.S. GAAP-based financial statements?

   Financial accounting standards, too, are beyond the remit of this book. The correctness of application of the standards to accounting transactions, though, are an essential part of what the auditors strive to understand as they begin their work with the client accounting records and accounting system. In the United States, all publicly listed companies must use the U.S.-based GAAP in preparing financial statements. GAAP consists of sets of rules for recognizing revenue, recording depreciation on assets both owned and used by the entity to generate revenue, recording leases as either operating leases (basically, treating a leased property as if it was being rented) or recording leases as capital leases (basically, treating a leased property as if it was owned). While GAAP is unique to the United States, and all financial statements prepared in the United States must be prepared in a manner consistent with the rules of GAAP, financial statements prepared in a large part of the rest of the world must be prepared in accordance with IFRS.¹ The two sets of financial accounting rules are not identical. That said, there is some overlap between the sets of rules. In addition, there has been a lot of talk in the last few years about harmonizing U.S. GAAP with IFRS, essentially by having the U.S. financial statement preparers adopt IFRS. So far, that has not happened. There remains a great deal of debate over the wisdom of converting U.S. companies to IFRS users.

   There are several important reasons why the use of IFRS is resisted in the United States. The one of most interest here is that, although the AICPA has designated IFRS rules as “high quality” financial accounting standards, IFRS permits managers to exercise much more discretion in making accounting judgments than does U.S. GAAP Given this, auditors looking at accounting records compiled using IFRS will have less ability to challenge management’s choices than they would in the United States, where the more precise (i.e., rule-bound) U.S. standards are more likely to prescribe accounting choices for the managers. Given that this is the case, two companies, one using IFRS and one using U.S. GAAP, with exactly the same transactions, may report very different financial results. Given that one company was headquartered in a country where IFRS use was required and the other in the United States where GAAP use was required, both companies would have received unmodified or clean opinions on their very different financial statements. If both companies were required to conform to U.S. GAAP, the situation would be different. This may have resulted in the auditor qualifying the audit opinion of one of the companies. For the readers of this book, then, it is important to keep in mind that, even in the areas where ISA and PCAOB and ASB auditing standards are in effect identical, the financial statements attested to may be very different but still able to receive the good or unqualified or unmodified opinion from the respective auditors.

   This information may be of use to managers, researchers, and students because it helps them better understand that accounting and auditing are complicated matters. To better understand the intersection between auditing and accounting issues will require further exploration of the differences between the kinds of accounting standards discussed in this section. There are many resources for developing this kind of understanding, for example, examining the books referenced on this Internet page: http://www.businessexpertpress.com/taxonomy/term/18.

Conclusion

The purpose of this conclusion is not just to summarize the contents of this chapter but to link this final chapter with key issues discussed in the earlier chapters of this book. In this chapter, we provided different definitions of auditing; namely from investopedia.com and a popularly cited definition by Shleifer and Vishny. In addition, ISA 260 entitled Communications of audit matters with those charged with governance states that governance is the term used to describe the role of persons entrusted with the supervision, control, and direction of an entity. Depending on the jurisdiction, the responsibility for corporate governance could vary between different parties such as the board of directors, audit committee, and other supervisory committees. ISA requires the auditor to determine those persons to be charged with governance. The auditing profession has a very important role to play especially in providing guidance on steps taken to improve corporate governance and reducing opportunities to commit accounting fraud. As noted in ISA 260, the auditor does not have direct corporate governance responsibility. The auditor’s primary role is to check whether the financial information given to investors is reliable in a sound corporate governance setting.

However, the fact remains that corporate governance failures could occur. One reaction to corporate governance failures has been to focus on public companies’ internal controls. There is a difference between PCAOB standards and the ISA. First, under SOX, the PCAOB requires the auditor to understand the role of internal controls as part of the audit and test the effectiveness of internal controls over financial reporting. It also requires that the auditor do a separate report on the effectiveness of internal controls. ISAs also require auditors to focus on understanding internal controls as part of the audit.

For corporate governance to be effective it is important that the auditor is, and is perceived to be, independent of the client. However, there is a difference between SOX/PCAOB and the ISA. (We state SOX/PCAOB because it is in both SOX and in PCAOB.) SOX/PCAOB adopted a rules-driven approach, which sets out prohibited services and requires pre-approval by the audit committee of nonaudit services. The EU 8th Directive (and the ISA) apply a threats and safeguards approach (this means that if the auditor thinks there is a threat, the auditor should assess whether the threat is significant. Then take action to remove or mitigate it.) The AICPA has a similar approach, called the Conceptual Framework, for use when specific ethics guidance is not provided. There are minor variations in implementing corporate governance.

Finally, we note that the cost of accounting and audit failures are immense. Audit failures result in increased skepticism by corporate and organizational stakeholders, higher rates of litigation, and investor losses, and also pose a threat to the very survival of auditors and the companies they audit. The differences between the PCAOB and ISA standards range from small to large. Collectively, these differences pose challenges to students of auditing in that they may impact the individual’s ability to appreciate the importance of financial statements audited under one set of standards as opposed to the other set of standards explored here. Understanding the differences between PCAOB and ISA requirements are therefore important to all interested parties.

¹There are different versions of IFRS that are used. Some countries require adaptations of IFRS, and therefore, not all countries that seem to use IFRS are using exactly the same set of accounting principles/rules as others that seem to be using IFRS.