Shedding more light on the black box: the new auditor’s report

Update

Shedding more light on the black box: the new auditor’s report

Prof. Dr. rer. pol. Thomas Berndt
Professor, University of St. Gallen

Transparent consolidated financial reporting is supposed to provide a better basis for investment decisions, discourage creative accounting practices and generally improve the functioning of the financial markets. In recent years this has prompted tighter requirements regarding the scope and detail of the information stock-exchange-listed companies disclose in their financial reporting. The expanded auditor’s report required by the new auditing standards, with key audit matters and explicitly delineated responsibilities, is much more company-specific and transparent. Overall, this improved transparency will help build trust in the audit, boost the quality of the auditors’ work, and ultimately safeguard the recipients of reporting more effectively.

Sunlight is said to be the best of disinfectants. [1] The belief that light – in other words transparency – is the best protection for participants in the capital markets has been one of the guiding principles of regulators for over a hundred years. Transparency is supposed to provide a better basis for investment decisions, discourage creative accounting practices and generally improve the functioning of the financial markets. In past years, this has prompted much more stringent requirements regarding the scope and detail of the information stock-exchange-listed companies have to disclose in their financial reporting. As late as the 1990s, in many cases consolidated financial statements were fairly modest in size; these days it’s not unusual for a company’s annual report to span 200-odd pages, and even more in highly regulated industries such as banking and insurance. With compensation, risk and segment reporting, information on business combinations, impairment, financial instruments, pension liabilities and related parties, there are few areas of a company’s economic situation where a report is not required. Soon this will be joined by a non-financial declaration on the environmental, social and employee situation and compliance with human rights and anti-corruption measures in the management report, as ordained by the European Union. [2]

[1] See Louis Brandeis: Other People’s Money, and How the Bankers Use it. New York, 1914, p. 92.

[2] See Directive 2014/95/EU of the European Parliament and of the Council of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and groups, OJ L 330/1.

This all begs the question as to how auditors are supposed to audit this sheer quantity of information within a reasonable space of time and formulate a well-founded opinion on the individual and consolidated financial statements. For the vast majority of the people reading corporate reports, the process by which the auditors come to their opinion is to all intents and purposes a black box, and of interest only if qualified or, in rare exceptions, refused. Otherwise people simply assume that the economic situation presented, if you like confirmed, by the auditor matches the actual circumstances. This lack of understanding of the actual process and the scope and object of the audit has helped create a gap – often debated in theory and practice – between an interested public’s expectations of the audit and the role the auditor is actually required to perform. [3] Many a naive investor will be scratching their head in wonder at an unqualified auditor’s opinion despite shell companies, falsified emissions tests, major errors in investment or heavy losses.

[3] See Biener: ‘Die Erwartungslücke – eine endlose Geschichte’ and Niehus: ‘Zum Bestätigungsvermerk von internationalen Jahresabschlüssen – Neue Risiken für die “Erwartungslücke”‘, both in: Internationale Wirtschaftsprüfung, Festschrift für Hans Havermann, ed. Josef Lanfermann, Düsseldorf 1995, p. 37-63; Böcking: ‘Kann das “Gesetz zur Kontrolle und Transparenz im Unternehmensbereich (KonTraG)” einen Beitrag zur Verringerung der Erwartungslücke leisten? – Eine Würdigung auf Basis von Rechnungslegung und Kapitalmarkt’, Die Wirtschaftsprüfung p. 351-364; Clemm: ‘Abschlussprüfer als Krisenwarner – Überlegungen zu Möglichkeiten und Grenzen einer Ausfüllung der sogenannten “Erwartungslücke”, insbes. durch eine intensivere Prüfung der wirtschaftlichen Lage und des Lageberichts’, WPK-Mitteilungen, 34. Jg. (1995), p. 65-78; Forster: ‘Zur “Erwartungslücke” bei der Abschlussprüfung’, Wirtschaftsprüfung p. 789-795."

New and reworked standards

New professional standards are designed to shed light on the black box of the audit, make the auditor’s report more informative and close the expectation gap. To this end the International Auditing and Accounting Standards Board (IAASB) has issued a package of five new or revised financial reporting standards:

ISA 700 (revised): Forming an Opinion and Reporting on Financial Statements
ISA 701: Communicating Key Audit Matters in the Independent Auditor’s Report’s
ISA 705 (revised): Modifications to the Opinion in the Independent Auditor’s Report
ISA 706 (revised): Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report
ISA 720 (revised): The Auditor’s Responsibilities Relating to Other Information

Of most interest to readers of auditors’ opinions are ISA 700 (revised) and the new ISA 701. These, in conjunction with other changes, are binding for the audit of listed companies (or to use the European Union’s terminology, public interest entities) for reporting periods starting on or after 16 June 2016. [4] For listed Swiss entities, ISA is binding as of 21 December 2016, and following adoption in the Swiss financial reporting standards the new requirements are likely to be applicable to basically any regular audit from 2018. Essentially there are three core aspects.

Firstly, the new rules will lead to the abandonment of the traditional standardised formulaic option. Instead, they require the auditor’s report to provide comprehensive entity-specific details. Information will not only have to be provided on the auditor’s opinion itself, but also on the fundamentals within the individual entity that have led to the auditor’s opinion.

Secondly, and closely connected, the auditor must report on so-called key audit matters (KAMs). Since the audit is geared to providing an audit opinion on the financial statements as a whole with sufficient comfort, the auditor must conduct a risk-based audit to ensure all material matters are captured. While the new rules don’t alter the basic methodology adopted by the auditor to any great extent, they do, for the first time, require publication of information that was previously internal to the audit. So in the future, readers of auditor’s reports can expect to find comprehensive information on two to five issues deemed by the auditor to be key audit matters. The auditors first have to go into how the key matters have been identified (for example qualitative and quantitative parameters of materiality) and how they are connected with the audit (for example because of their complexity or paramount importance in terms of assessing the economic situation or the management’s margin of discretion on accounting policy matters). Then the auditors must explain the specific auditing approach adopted and mention any further relevant information in the company’s financial statements. In practice there will be disputes on these matters between preparers and auditors of financial statements, as the materiality criteria for a risk-based audit are not necessarily the same as the aspects of materiality considered in the preparation of the financial statements. There are already numerous IFRS rules referring to the disclosure of judgements and other major sources of estimation uncertainty (including IAS 1.122 and 1.125, IAS 36.134(f), IFRS 13.92(d) and (h)).

Thirdly, the new rules require an explicit description of the responsibilities of the auditor and the legal representatives of the entity in relation to financial reporting. This is designed to address the widespread public misconception that the auditors could or should be involved in the preparation of the financial statements and themselves remedy the weak points identified. [5]

[4] See also Art. 10(2c(i)) of Regulation (EU) No 537/2014 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC, OJ L 158/77 of 27 May 2015, whereby the audit report must provide, in support of the audit opinion, ‘a description of the most significant assessed risks of material misstatement, including assessed risks of material misstatement due to fraud’.

[5] For an overview of the new rules see, for example, Dolensky: ‘Der neue Bestätigungsvermerk nach ISA 700 (revised) und ISA 701’, IRZ (2016) p. 137-142; Burgener: ‘New auditor’s report: more transparency, more trust’, Disclose, Issue 1 (2016).

Examples from practice

While we’ve seen many entities in the UK and the Netherlands apply the new rules to their auditor’s reports as early as 2013 [6], only for the current reporting season have the first companies in the German speaking world – Leonteq Ltd. in Switzerland and TUI AG in Germany – voluntarily adopted the extended auditor’s report in their annual report. Instead of a formulaic auditor’s opinion of less than one page, Leonteq has produced a comprehensive auditor’s report of around six pages, and TUI’s extends to over nine pages. A particularly positive feature of Leonteq’s report is that the auditors give a specific materiality threshold of 5% of profit before tax, and then go on to identify three key audit matters: the measurement of complex financial instruments measured at fair value, revenue recognition, and the portfolio and risk management system. At TUI there are as many as six key audit matters: acquisition of non-controlling interests, impairment of goodwill, impairment of an interest, provisions and other areas of judgement, deferred taxes on loss carryforwards, and adjustment of EBITDA.

[6] See Institut der Wirtschaftsprüfer (IDW; Institute of Public Auditors in Germany): ‘Analysis of Auditor Reporting on Key Audit Matters (KAM) in the UK and the Netherlands, June 2015’.

These two examples show that the new auditor’s report is considerably more entity-specific and transparent. Basically it appears to be an appropriate means of giving investors a better understanding of the meaning and purpose of the audit and the matters key to evaluating the audit. For the first time readers are also getting information that was previously kept between the auditors and the entity’s board.

Once the key audit matters have been identified, the auditors explain the resulting implications in terms of a risk-based approach in the relevant audit areas. This generally means the auditing technique enabling a reasonable audit opinion. For example the auditors might mention sensitivity analyses, spot checks, back-testing, testing the efficacy of controls, plausibility tests on budgets and/or market expectations, reviews of measurement models, etc. Even if this information isn’t immediately understandable for interested laypeople, it will help them to recognise the wide range of matters that are relevant in assessing an entity’s economic situation, and the assumptions, estimates and judgements involved. The auditor can then be expected to make this assumption understandable and – within certain bounds – plausible. An important positive aspect of the new auditor’s report is that it’s formulated in entity-specific as well as general terms.

Points of criticism

Key audit matters might be a particularly good way of shedding light on the black box of the audit, but it’s worth remembering that where there’s light there’s also shadow. Five points of criticism in particular are raised with respect of the new auditor’s report: [7]

the abandonment of the simple formulaic auditor’s opinion
the increased amount of information
the vagueness of the notion of key audit matters
the possibility of a greater liability risk for auditors
lack of clarity on the anticipated response of the financial markets

[7] For a general discussion see: Arbeitskreis Externe und Interne Überwachung der Unternehmung der Schmalenbach-Gesellschaft für Betriebswirtschaft e. V. (AKEIÜ): ‘Zur künftigen Entwicklung der Abschlussprüfung’, DB p. 1149-1155.

The first argument ultimately has to do with the interest of many investors in the outcome of the assessment – similar to a credit rating – rather than the technical details of how this assessment was made. This will certainly apply to some lay investors, but probably not to professionals. While many lay investors prefer to limit their attention to a few figures such as earnings per share, operating profit or equity quota, professional investors will certainly want to take additional explanations and information into account to understand and question how these figures were arrived at. Not only this, but the new auditor’s report still includes a short audit opinion comparable with the current formulaic opinion. Anyone wanting to know more about the audit’s areas of focus and the risks with regard to the presentation of an entity’s financial reporting for the first time has an appropriate tool at their disposal that takes them slightly closer to the board’s state of knowledge.

The second argument regarding the increased amount of information cannot be denied. On the other hand, the new auditor’s report really does contain new information that was not previously available. It remains to be seen whether this isn’t merely information the regulators and auditors deem to be useful in terms of making decisions, or whether investors will also find it helpful. However, no one who bemoans an actual or alleged lack of trust in the work of the auditor can deny that transparency and communication are valuable when it comes to building or rebuilding this trust.

As for the third argument, a core requirement of the new rules is that the auditor identify and discuss key audit matters. This, unsurprisingly, is precisely the question the debate hinges on. Since business models, internal controls and the way financial reporting is organised vary from entity to entity, these things are also key audit matters – we’ve already seen that in the examples of Leonteq and TUI. There is a concern – not unfounded – that the old, formulaic opinion was understandable and comparable but the new auditor’s report won’t be. Some claim it could even lead to a new set of misconceptions and extend rather than narrow the expectation gap. In defence of the new approach, it has to be pointed out that the auditors don’t get to choose the key audit matters arbitrarily. The standard lays down a systematic approach for identifying them. First the auditors must define matters that have to be discussed with the company’s management in any case on the basis of the previous year’s findings, concrete circumstances or legal requirements. Some of these matters will require greater attention from the auditors, for example because of their complexity or the judgement or risk of error involved. Only then does the auditor identify especially important matters and justify their selection. Limiting the auditor’s report to key matters should also be in the interests of readers and prevent them from being overwhelmed by too much information. It’s about presenting the overall picture, not about reproducing virtually the entire audit report (which in any case would be legally problematic).

The fourth argument addresses the auditor’s view and the concern sometimes raised that the notion of key audit matters could increase the liability risks. Experience so far in the UK and the Netherlands doesn’t suggest that this will be a problem. After all, the only things that are disclosed were already to a large extent part of the risk-based audit approach. On the contrary, the transparency of the approach could very well create opportunities by making the auditor aware of the contribution of their work and underscoring the quality of the audit. If indicators such as quantitative materiality thresholds are disclosed in a comparable form, this could also increase the quality of the audit overall.

Finally, the fifth argument focuses on uncertainty as to how the financial markets will respond. For some, the new rules don’t go far enough. They claim that merely identifying and communicating key audit matters and the resulting risks isn’t sufficient, and that it’s ultimately unclear whether and how investors should be incorporating these risks in their evaluation models. At this point it’s not possible to say whether providing information on key audit matters will lead to higher or lower valuations. What is clear is that in terms of the function of the audit, nothing fundamental has changed: the goal is to come to an opinion, with a sufficient degree of certainty, on whether or not individual or consolidated financial statements as a whole contain, knowingly or unknowingly, any material misstatements. The goal, now and going forward, should not be for the auditors to give an investment recommendation.

Summary

Will the new auditor’s report achieve the aims it sets out to? Or will it end, as so many transparency initiatives have in the past, with misconceptions, a lack of interest, and the conclusion that sunlight can also be blinding? The new financial reporting standards undoubtedly shed more light on the black box of the audit. They make the auditor’s report more transparent, provide details of the scope of the audit and the relevant responsibilities, and give information on entity-specific key audit matters to justify the opinion. This should serve as a foundation for building greater trust in the role of the auditor, improving the quality of the audit, and ultimately protecting the addressees of financial reporting more effectively. Organisations, the auditing profession and investors should make the most of this opportunity.

Article overview