Print Page   |   Sign In   |   Register
Search
From the CEO's desk...
Blog Home All Blogs
Search all posts for:   

 

View all (21) posts »
 

Reflections on the auditing profession

Posted By Claudelle von Eck, Friday, 21 June 2019
Updated: Saturday, 22 June 2019

I have been asked by many people to express my thoughts in my blog on what is happening in the auditing profession, especially given my time spent on the SAICA Inquiry Panel looking into the conduct of chartered accountants in KPMG. It is of course difficult to talk about a report, which, to my knowledge, has not been made public by SAICA. But, much has transpired since and I guess I am at a point where I could express my general observations, taking a broad approach without pointing a finger at any particular individual or organisation. I therefore take a break from the leadership series to reflect on where I think the profession is and on some of the lessons learnt over the last couple of years.

Let me first say that I had been warning for a while that a tsunami is coming and that the profession will not come out of it unscathed. There were too many worrying signs. I don’t think that we have seen the full extent yet and can safely say that at the Institute we are holding our breath and are sitting at the edge of our seat as we are still navigating through unchartered troubled waters.

As an Institute, we sit in the unenviable position where we have to find the balance between a) dealing with members who claim that they are being victimised for doing the right thing and b) members against whom complaints are lodged. We recently published a survey report on the plight of internal auditors, which paints a rather grim picture. There is an increasing number of members crying out for help as they find themselves intimidated and victimised. This was amplified by the recent assassination attempt on the CAE of the SABC. I can only begin to imagine what that man is going through, especially as I am hearing whispers through the grapevine that the same people who are supposed to protect him may be the same people who he is investigating. This is not the first such incident in the profession in SA.

It really has me worried. What does this spell out for the future of the profession should this picture worsen?  And, sometimes I worry that too few of us are worried. A number of scenarios can play out, which all have potential negative consequences for governance and as a result the health and wealth of the country. With more and more internal auditors feeling unsafe in their jobs, a likely outcome would be an increase in the number of those exiting the profession and a decrease in those entering the profession. A profession that already sits with a significant skills shortage can hardly afford to see its ranks shrinking. Furthermore, we run the risk of those who remain opting to avoid raising the critical findings for fear of losing their jobs or lives. Once you have seen the barrel of the gun against your fellow professional’s head, what is the likelihood of your resolve to display ethical courage remaining intact?

On the other hand, we have seen an increase in complaints against internal auditors, which is also placing a significant amount of additional pressure on the resources of the Institute. With the focus on commissions and the president’s clean-up promise, we are not sure what will hit us next. Are we going to see internal auditors called to testify? Will we see some implicated in the wrongdoing? Will we see more internal auditors victimised as they are often involved in investigations and their reports the records of many a secret. Keeping my fingers crossed that our members have lived up to the high standards of our Code of Ethics and will not be found wanting.

With that as a backdrop, let me share some of the things that I have observed, where I think the profession should be more vigilant going forward as well as where we need to do more work. Without expressing opinion on particular individuals or organisations, I am providing my observations based on what has been unfolding in recent times.

The first area I would like to quickly touch on is the fact that much work still has to be done on getting the market to clearly understand the mandate of the auditing profession. There is still a lack of understanding of the difference between internal audit and external audit. When the KPMG saga became a big issue in South Africa, I had to field many misguided questions around what the IIA SA is doing about the issue. Clearly the question was asked by people who did not understand that it was really an external audit issue.

However, the question around “where were the internal auditors” has become louder and verbalised much more frequently than in the past. It appears that many erroneously believe that the internal auditors, and the broader auditing profession for that matter, could singlehandedly have stopped the scourge of fraud and corruption that have become more visible in what is now being referred to as state capture as well as the spectacular corporate failures we have seen in recent times. I am led to believe that internal auditors who have worked for implicated organisations are finding that the road to a new job is littered with insurmountable stumbling blocks, as they are often not even given the opportunity to tell their side of the story in an interview.  

Internal auditors do not have the luxury of an IRBA. External auditors are obligated to bring reportable irregularities to IRBA’s attention, which gives them leverage when engaging with management and the oversight bodies. Internal audit’s reports stop at the Audit Committee. It is then up to the Audit Committee to ensure that there is accountability when findings and recommendations are not addressed. However, I am hearing increasing reports from members that internal audit reports with critical findings, that are pointing a finger to the fraud and corruption, disappear into a black hole. This is borne out in the Plight of Internal Audit survey report, which shows that a significant percentage of internal auditors feel that there is lack of support for this function.

It seems to me that the number one issue, besides deliberate fraud and corruption, at the centre of all the evil is the lack of application of mind. To me it appears that the root causes of this lack of application of mind include professional laziness, lack of professional scepticism, information overload, auditors too close to the auditees, grossly underestimating complexities, lack of competence and/or experience and glossing over things as quantity trumps over quality in the quest for revenue (this goes both for individuals who sit on either too many oversight bodies to give the packs due attention, or simply don’t read their packs with application of mind, and auditors more interested in their fees than the quality of their work).  Above all, there is sometimes a lack of understanding of the depth of the responsibility in relation to the interest of the public that auditors carry. A deep understanding of this responsibility should compel one to take the task at hand seriously.

Having said that, I do think that the apportionment of blame has been completely out of kilter, with most of the blame being left at the doorstep of the auditors. While the auditors should take responsibility for their role, including internal auditors who think that in high stakes situations having given the Audit Committee their report is enough, it is important that we do not lose sight of the other role players responsible for governance.

Did the oversight bodies ask enough of the right questions? For example, where there were multiple companies in the group, should the boards, audit committees and auditors not be asking questions such as:

·        Why is internal audit compartmentalised, i.e. internal audit is decentralised in the group with no strong central oversight. Is the executive deliberately preventing them from seeing the whole picture and connecting all the dots?

·        Who is taking responsibility for ensuring that the auditors talk to each other and that the combined assurance model is not only utilised within companies, but also across the group? You have to see all the companies in the group, related party transactions and shareholding to be able to connect dots and see where the wrongdoing is.

·        When funds move across companies that are not necessarily in the same group, but have the same major shareholders, do the auditors follow the trail or stop where they believe their scope ends? Sometimes real insight comes from going a little beyond what is within sight.

 

Where Boards place too much trust in the executive, the likelihood of deep probing questions being asked is diminished. This is aggravated by situations where those who serve on the oversight bodies are themselves either not competent or strong enough to take management on. This would be particularly true where the CEO/Accounting Officer is the kingmaker in that s/he has a significant say in who joins the Board or Audit Committee. Members of oversight bodies, who owe a gratitude for their seat to management, are more likely to let their fiduciary duties slip and not hold management accountable. Where oversight bodies are too weak, dominant CEOs are likely not to be held accountable. I suppose we simply have not seen enough directors sued for that profession to be kept on its toes from that perspective.

A central question is of course around the competence of those sitting in oversight bodies in relation to an oversight role that is becoming more daunting in the midst of a complex and fast changing world. Nothing is simple anymore. Are audit committee members skilled enough to ask the right questions? The IoD has started to work on professionalising directorship through their certified director and chartered director designations. But, one is not seeing a flood of directors ensuring that they carry the credential which should speak to their credibility.

However, in many of the scandals there were seasoned directors at the helm. Why is it that not enough alarm bells go off in the minds of Boards when management present them with questionable assumptions or where there were potential early indicators of the improper recognition of revenue? Besides being too cosy and creating a halo effect around CEOs, are those in oversight bodies going into group think, or do they think that there is safety in numbers (If I haven’t applied my mind, surely someone else in the committee is applying their mind and will ask the right questions.)? Are Board members holding each other accountable around the degree to which they are applying their minds to the issues at hand? Are Boards having deep enough debates about the ethical implications of their decisions?

Indications are that critical thinking is a diminishing skill. A number of professional bodies are raising the red flag as they are observing worrying trends in the professions over which they preside. The most obvious area is the downward sliding of pass rates in board exams. This points a finger at the education system. Our young people are not being prepared well enough at school level, and this cannot be fixed in three or four years at university. Couple this with a lack of appropriate exposure where skill can be built, and we are set to see the skills pool diminishing even further.

Deep application of mind is needed to make sense of lessons learnt from hindsight as well as provide insight and foresight. Internal auditors should know the organisation like the palm of their hand and oversight bodies should have a good understanding of the animal they are steering. In a world where risks are constantly shifting, internal auditors must be flexible and ensure that they apply agile auditing principles, in addition to using technology that enable them to apply their minds to the more strategic issues in the organisation. Too many internal auditors are auditing in the past and are not wrapping their minds around key strategic issues that plaque the minds of the leadership.

However, not enough time and money is spent on training internal auditors and keeping them abreast of developments. Too often I find that organisations are not willing to invest in developing strong internal auditors. They would rather recruit for skill than contribute to the building of skill in the country. Building competence is key if we are going to demand professional due care. The reality is that we are living in a country where our past designed a present in which we have a significant skills shortage. It will take a concerted effort to reverse that reality.

Much could also be said about those situations where there appears to be a deliberate recruitment of people too junior, and out of their depth, into senior internal audit positions, presumably to ensure that internal audit will not have the muscle to challenge management. This is particularly true when the Audit Committee abdicates its responsibility of appointing the CAE. And, where the Audit Committee does appoint the CAE, often they recruit chartered accountants who have no real internal audit experience and no internal audit credentials. This could affect the effectiveness of internal audit.

Lastly, let me circle back to the issue of ethical courage. In order for us to restore good governance in our organisations, it is imperative that those in leadership positions, as well as those who provide assurance, display ethical courage, even if it means standing alone. Failures are not the result of one single individual’s actions. They happen when good people keep quiet or let their guard down.

 

 

 

 

 Attached Thumbnails:

Tags:  Audit Committee  Board  corporate failures  Internal Audit  leadership  state capture 

Share |
Permalink | Comments (0)