This article discusses audit services as they are related to an organization's financial reporting, finance operations, and enterprise risk. In large organizations, there are often three types of auditors and audit functions: internal, external (independent), and third party or consulting auditors. Auditing committees play an important role as liaisons between organizations and independent and external auditors. The current role of audit committees as overseeing compliance and governance issues is investigated—as is the changing role of the committee—as it moves toward the oversight of enterprise risk management. Enterprise risk assessment includes oversight of financial reporting compliance, but also encompasses a holistic approach to integrated risk within organizations. Risk assessment from the standpoint of finance is discussed in terms of an organization's entities, processes, and systems.
Keywords: Audit Committee; Certified Public Accountant (CPA); Enterprise Risk; External Auditor; Financial Restatement; Inherent Risk; Internal Audit; Managing risk; Materials Weakness; Objective Audit; Reassurance; Registrant; Residual Risk; Restatements; Risk Intelligent Enterprise; Sarbanes-Oxley; 404 Compliance
Auditing is often thought of in terms of complex oversight of a company's financial statements. However, auditing services vary widely depending upon the size and nature of the business contracting the service. For small businesses and firms, auditing services are most likely a relationship between the business and a CPA (certified public accountant). The CPA likely conducts a yearly audit (assistance with tax filing) and serves as an independent set of eyes and ears to check the work of the internal accounting department.
At large organizations, auditing of company financials and the associated risk can be extremely complex and costly and can involve relationships with multiple auditing-services firms. Financial disclosures and reports may be required on a quarterly basis and may be made available to employees, investors, and financial institutions to apprise customers of the financial health of an organization.
History of Auditing Services
Auditing services have a long history of interaction in American business. The expansion of global markets and the growth of multinational companies have increased the complexity of financial management, reporting, and auditing in larger enterprises. As the accounting function grew in importance, organizations began to rely on outside auditors to help interpret fast-changing accounting rules, regulatory missives, and the overall pace at which finance functions were growing.
The notorious accounting scandals of the early 2000s (such as those involving Enron, Tyco, and Worldcom) were the impetus for passage of Sarbane-Oxley in 2002. However, as early as 1993, auditing failures were being documented. The estimated cost to investors was $88 billion from 1993 to 2000 (McNamee, Dwyer, Schmitt, & Lavelle, 2000).
In 2000, Arthur Levitt, chairman of the Securities and Exchange Commission (SEC), launched a personal crusade to expose what he considered “a massive conflict of interest between accountants' duties as auditors and the profits they earn as consultants to the same corporate clients" (McNamee, Dwyer, Schmitt, & Lavelle, 2000). By the year 2000, estimates put consulting revenues at 51% of the total revenues of many accounting firms. The big five accounting firms were well established as providers of accounting services for many of the largest corporations in the United States. The big five were Arthur Andersen, Deloitte & Touche, Ernst & Young, KPMG, and PricewaterhouseCoopers; all five were opposed to SEC intervention. The big five saw Levitt's action as potentially cutting the accounting firms "off" from new growth markets (consulting). That the big five accounting firms provided both accounting services and consulting services was not in itself problematic. However, it had become clear that these firms were signing up the same clients for accounting and consulting services, which created a conflict of interest.
“The trend [offering accounting and consulting] has convinced Levitt that auditors are relaxing their vigilance and growing cozier with management. And the SEC is developing evidence in at least two cases (Waste Management Inc.’s [WMI] $3.54 billion writedown of 1992-97 profits and the $55.8 million earnings restatement at high-flying software developer MicroStrategy Inc. [MSTR]) that accountants’ consulting work and financial ties to clients compromised their audits. Levitt’s solution was to split auditing and consulting. On June 27 , the SEC voted unanimously to issue a proposed rule that would bar accountants from providing a range of consulting services to companies that they audit. Levitt also wants to beef up public oversight of accountants, all with an eye to send the profession back to its roots as vigorous guardians of investor interests. `When the public loses confidence in our markets, or when the reliability of the numbers is diminished, the whole system is jeopardized,’ said Levitt. `The sanctity of the numbers and of their reliability must be there’” (McNamee, Dwyer, Schmitt, & Lavelle, 2000).
Just two years after Levitt's call to action, the major accounting scandal involving Enron and its accounting firm Arthur Anderson became a watershed event in the way that auditing services were provided. Congressional intervention had stalled developments on Levitt's request for action in 2000. The big five accounting firms and their trade association (American Institute of CPAs) contributed millions of dollars in funds to election campaigns; they had hoped to retain the ability to provide both accounting and consulting services to the same clients. However, by 2002, Congress would become involved in crafting the landmark Sarbanes-Oxley law that was meant to restore investor confidence in corporate America.
An article from 2002 described the shift in political thinking in the following statement:
"Now, with both Congress and the FBI investigating Enron's close relationship with Arthur Andersen, the SEC is tackling the [Levitt] issue again. Enron's critics say because Arthur Andersen also provided $27 million worth of consulting services to Enron, the auditor failed to properly review the company's financial statements, allowing Enron to overstate its earnings by nearly $600 million. The SEC, now headed by Harvey Pitt, has proposed creating a watchdog panel that would oversee the accounting industry" (Center for Responsive Politics, 2002).
The issues of financial disclosure, compliance, and reporting in corporations have been profoundly affected by the passage of Sarbanes-Oxley. Auditing services also made course corrections in response to compliance and regulatory mandates. The distribution of auditing services and duties between internal, external, and consulting auditors are discussed in detail in this article. The role of audit committees related to the oversight of compliance and enterprise risk is also detailed within the context of Sarbanes-Oxley and beyond.
Trends in Auditing Services
Years after the passage of SarbOx legislation, companies are still struggling to meet the requirements of the most costly (in terms of people and dollars) mandate: Section 404. Section 404 requires the auditing and testing of internal controls related to financial reporting and the generation of an internal audit report. Compliance with SarbOx 404 is proving to be costly when deficiencies in internal controls are found. These annual tests, "stipulated by Section 404 of the Sarbanes-Oxley Act, require external auditors to thoroughly test the adequacy of clients' key controls over financial reporting" (Banham, 2006). When deficiencies are found to exist in processes or controls, the cost can be enormous in terms of company share price or reputation. One such example is the case of Genlyte Group Inc., a Louisville, Kentucky lighting manufacturer.
"The auditors uncovered several deficiencies in the financial controls at Genlyte, including material weaknesses in three of the company's financial-statement accounts. The failing grade meant [that because of] the $1.2 billion (in revenues) Genlyte had to disclose the problems to the Securities and Exchange Commission. In the aftermath, the company's share price fell 9 percent. Recalls [CFO] Bill Ferko: `The Sarbox standards of evidence were more rigorous than we'd expected’” (Banham, 2006).
In the case of Genlyte, the company finance team had worked diligently with their external auditors at PricewaterhouseCoopers (PwC) for more than one year to ensure that the company was going to pass its audit. Still, when PwC sent its representative to review Genlyte's controls, the deficiencies described above were found. CFO Ferko decided not to take any chances, and instead contracted with yet another third party to conduct a pre-audit. Ferko actually hired Genlyte's former independent auditor, Ernst & Young, to conduct the pre-audit. The reliance on third-party consultants has become familiar in many companies that do not want to take chances with SarbOx 404 compliance.
Third Party Consultants
“ Typically, the third-party consultants come from the Big Four accountancies, second-tier firms like BDO Seidman and Grant Thornton, or business-process specialists such as Protiviti Inc. or Paisley Consulting. And there appears to be no shortage of work, either. In a survey of public-company executives conducted by CFO magazine earlier this year nearly 60% of managers said they had hired third-party consultants to help with Section 404 certification” (Banham, 2006).
There are a number of reasons cited by CFOs and managers as to why third-party consultants are worth the extra dollars they cost in meeting compliance mandates.
- Many companies need help documenting and testing internal controls because the task is daunting and there are not enough internal resources to complete the task.
- Finance chiefs say that they are not getting the answers they need from external auditors—external auditors are "spooked" by the auditor-independence provision of SarbOx.
- Consultants help document workflow and provide advice on processes and documentation.
- Legally, independent auditors are not allowed to provide internal-controls consulting to audit clients.
- External auditors do not want companies testing their own internal controls; they want third-party auditors to do it.
Before the passage of SarbOx legislation, many auditors saw themselves as...
(The entire section is 4765 words.)