Regulation - A Difficult Balancing Act
Achieving the balance in relation to regulation in Ireland is a formidable challenge!
I believe the balance we are looking at is between the Public Interest and transparency on one hand, and efficiency and cost effectiveness on the other. I don't think anyone would dispute the importance of Ireland being widely recognised as a well regulated economy, where business is conducted is accordance with international best practice.
However, as has been frequently emphasised, competitiveness is also key to a small open economy, and over regulation could stifle this and be very damaging.
We hear this message most often in relation to the vital financial services sector, and the Financial Regulator is certainly well aware of this concern. However it also applies to a plethora of other sectors, where special reporting requirements and other onerous regulations are introduced by a wide range of agencies, regulators and interested parties.
These really are too numerous to mention, but just to underline the point, the list includes the IDA and Enterprise Ireland, IFSRA, the ODCE, the Health Insurance Authority, Comreg, and the Aviation Regulator. Special reports from accountants are required under the Companies Acts, the Criminal Justice Act, in relation to Travel Agents, Solicitors, usage of Plastic Bags, waste paper, and Hauliers' licensing requirements. Everything, in fact, from money laundering to plastic bags!
The good news is that all these parties place considerable value on obtaining assurance from reporting accountants. This speaks volumes for the key role played by the profession in underpinning confidence in many aspects of our economy. We are known to bring independence, objectivity and expertise to such reporting assignments, and to comply with an extensive body of rigorous ethical and other professional standards.
The bad news, however, is that these reporting requirements can give rise to practical problems, particularly when they are introduced without adequate consultation with the accounting profession. I believe this arises mainly from a really old chestnut - the Audit Expectation Gap.
Audit Expectation Gap
An interesting analysis of the expectation gap was carried out by an academic researcher on behalf of the Institute of Chartered Accountants of Scotland (ICAS) and published in 2004. In the research findings, the gap is analysed into three components -
- Deficient performance - existing responsibilities perceived as being poorly performed;
- Deficient requirements - reasonably expected but not currently required of auditors;
- Unreasonable expectations - not cost effective to perform
I think the relative proportions of the three elements are rather interesting, implying as they do, that the biggest contributor to the problem is unreasonable expectations on the part of users - not a point all regulators will agree with, I suspect!
Here are some examples of the types of issue arising in each category.
These are matters when accountants are sometimes seen not to be delivering on their responsibilities
- Detecting illegal acts
- Detecting theft
- Reporting illegal acts and theft to appropriate authorities
These are matters which might be feasible, but are not currently in scope.
- Reporting on the effectiveness of internal control
- Reporting on the adequacy of the company's risk management procedures
- Reporting on financial forecasts included in the annual report
And finally we have examples of matters which accountants regard as out of bounds - a view not always shared by users.
- Guarantee the accuracy of financial statements
- Guarantee that the auditee is 'financially sound'
- Audit all information in the annual report
The problem tends to be that the agencies involved in setting reporting requirements see things as being very straightforward in terms of certification of accuracy and completeness, whereas accountants approach such reporting requirements in terms of a relatively complex assurance framework.
A topical example of this is the Directors’ Compliance statement which is to become a requirement under Irish law. This started out with what to a lay person probably sounds like a very simple concept - directors should make a straightforward statement that their company has obeyed the law, and the auditors should confirm that this statement is correct. However, it wasn't quite as easy as that, and after a long process of consultation and debate, it has now been concluded that we are going to have a much more tightly defined statement from directors, with no requirement for the auditors to comment.
A point I would like to make is that reliance on auditors should not be seen as a substitute for insisting that directors deliver on their own responsibilities. I sometimes get the impression that some regulators are very suspicious of directors in general, and want to be able to rely on auditors to police them.
I think this is unrealistic, and confidence in the ability of directors to deliver on their fiduciary duties is just as critical to the stability of the financial reporting environment as is trust in auditors in their reporting role.
We must accept of course, that accountants have a responsibility to explain the position better, and to engage in constructive dialogue with users of reports, so that a consensus on reasonable expectations can be established.
Audit or assurance work is essentially a matter of bringing professional judgement and expertise to bear with a view to expressing an opinion in the context of an agreed reporting framework. Such engagements typically involve concepts such as sampling, estimation and materiality. The highest level of assurance envisaged is the positive form of opinion provided on financial statements prepared in accordance with an established reporting framework. Such frameworks - e.g. IFRS or US GAAP - are extensive and detailed. The familiar ‘true and fair’ or ‘fairly stated under GAAP’ opinions can only be provided in the context of such a framework.
It is therefore quite rare for it to be feasible to deliver special purpose reports in this form. More appropriate generally will be the ‘agreed upon procedures’ approach, where the detailed scope of testing or other work to be carried out by the reporting accountant is agreed in advance with the addressee of the report. The report then confirms that this agreed work has been completed, and sets out the findings. The accountant does not in fact provide any specific assurance as such, simply reporting the findings from the work done. It is for the user to interpret these findings, and draw their own conclusions. Undoubtedly, though, a user derives a considerable degree of comfort from having the agreed work completed by a professional accountant.
An intermediate form of assurance, which is often appropriate in regulatory reporting situations, is termed moderate, or perhaps somewhat unfortunately, ‘negative assurance’. I believe that there is real value in such reports, which are similar to agreed upon procedures in that the detailed work carried out by the reporting accountant is set out in the report, but the accountants then go on to indicate that nothing came to their attention as a result of their work other than any matters specified.
International Standards on Auditing
The implementation of International Auditing Standards this year should go some way to enhancing the perception of financial statements audits. Key additional requirements include specific consideration of the risk of fraud, and a requirement to review the design and implementation of key controls.
Audit Quality Forum
The Audit Quality Forum is a UK initiative intended to address some of the issues around the expectation gap, primarily in the context of listed companies. It has to be borne in mind that under current law, auditors are quite constrained, both by client confidentiality and by liability considerations, in their ability to communicate to shareholders and third parties.
The UK is ahead of Ireland in developing a more rational liability environment, now permitting LLPs (limited liability partnerships) as opposed to the unlimited liability still required in Ireland.
Issues being addressed to balance further hoped for improvements on the liability front include:
- Questions to the auditor - opening up the possibility of access for shareholders to auditors at plc AGMs;
- Identifying the audit partner - bringing a greater sense of personal responsibility to the audit opinions, which are currently signed off in the firm's name;
- Disclosure to third parties of the terms of engagement of the auditor - a pretty obvious method of improving understanding of the scope of the exercise;
- Resignation statements - efforts to make auditors more explicit as to their reasons for leaving office
- Competition - there is an issue, notably for public companies, where the perceived choice of auditor is limited to four. While the firms see the position as generally very competitive, conflicts of interest can often reduce the real choice open to particular companies to an unacceptable extent.
In Ireland, the ICAI, through its various technical committees, does work hard at engaging with regulators and agencies, and issues guidance to its members, which where appropriate is agreed with regulators before issue.
We are also active in promoting the type of improvements in the liability position I referred to already in the UK context. In particular we are keen to push for proportional liability here, which would eliminate some of the most unfair aspects of the current liability regime.
We need to stay focussed on all this and keep up the dialogue.
Ronan Nolan is an audit partner in Deloitte, based in Dublin, and is a member of the Auditing Practices Board (APB - the independent standard setter for auditors in Ireland and the UK), a Council Member of the ICAI, and a member of the ICAI Representation and Technical Policy Committee.