Auditing is not only legal requirement for many organisations but in modern economy it is valuable activity.
*What are New Zealand’s auditing requirements and why would family-owned company need an audit?
*What are the traditional duties of auditors, and how are some expanding that role into broader risk management function?
Auditing existed before there were laws to require it. Then, as now, auditors were usually selected by directors and managers. The decision to have an audit was typically driven by the need to increase the credibility of financial communications to important stakeholders, and to protect the reputations of insiders. Good auditors were necessary to achieve those objectives. This situation is fundamentally unchanged – top management can still benefit from hiring good auditors.
New Zealand law requires company to be audited if it is an ‘issuer’ of investments or has 25 percent or more overseas shareholding. Issuers include listed companies, banks, and any other company that has been required to prepare prospectus. Companies that must be audited are also required to make their financial reports available to the public through the Companies Office (www.companies.govt.nz). Apart from these requirements, there is no formal need for company to be audited, even if it is large or important organisation. While it is not possible to know how many New Zealand companies voluntarily obtain an audit, recent study has found that 80 percent of unincorporated societies do so.
Benefits typically attributed to an audit include:
*Lower interest rates: In the US, an audit has been shown to reduce rates to borrowers by one percent on average and up to three percent.
*Increased attractiveness to investors: Research indicates that the share price obtained in an investment offering depends on the reputation of the auditor. While larger audit firms may have superior reputations, evidence shows that in many regional and niche markets smaller firms may also be well regarded.
*Better management control: US research reports that owners and top management consider that audits lead to more effective control of family businesses.
THE TRADITIONAL ROLE: FOCUSING ON FINANCIAL REPORTS
The specific duties of an auditor concentrate on preventing directors and top management from misleading stakeholders about the company’s performance. By law, the auditor must report on whether company’s accounts are true and fair, and whether they comply with generally accepted accounting practices and the requirements of the Companies Act. Also, under auditing standards, auditors are obliged to evaluate whether company is “going concern” – whether it is likely to continue in business for at least another 12 months. If there is significant uncertainty about the company’s survival, this must be mentioned in the auditor’s report.
A more controversial issue for auditors is the matter of fraud. Current professional standards emphasise that auditors are responsible for conducting an audit in way that gives reasonable assurance that the financial statements do not include significant fraudulent misrepresentations.
Recent overseas scandals – eg Enron (US), HIH Insurance (Australia), Ahold (the Netherlands) – involving the intentional manipulation of financial reports have made this responsibility more salient for most companies and auditors.
There is no simple cause of these problems, and no simple solution. Popular views of corrupt auditors collaborating with management so they can get paid off with high fees seem simplistic, but there is no denying that auditors face pressures to develop good relations with management to retain clients and grow fees.
However, in family-owned business, external reporting may be less critical and fraud may more often take the form of individuals misappropriating assets. This is an area where auditors are less likely to be held responsible for detecting fraud.
Auditors are also required to analyse weakness in company’s accounting policies and procedures and to make recommendations for improving the quality of processes. This analysis is usually presented in separate report, called ‘Management Letter’, which is only distributed to directors and senior management. This is one way in which auditors have strived to make their work more valuable to an organisation and may be the most important source of benefit that an audit can provide to family-owned business.
EXPANDING THE ROLE: FOCUSING ON RISK MANAGEMENT
There has been significant change in the way auditing firms approach their professional obligations over the past decade. Regulatory responses to perceived problems have driven part of this change but much can be attributed to auditors trying to increase the value of their services to all stakeholders. The focus has been on the concern of stakeholders about risk, whether to them personally or to the organisation.
Risk is defined as the likelihood that outcomes in an organisation will be less than desired. It is manifested in the myriad decisions that underlie the actions of shareholders, management, creditors, employees, customers, etc.
Many risks are shared – presumably all stakeholders are interested in the success of the organisation. Threats such as competition, negative economic events, increased resource costs and loss of customer confidence are risks to virtually all stakeholders. However, each group of stakeholders also has its own concerns about risk: shareholders are concerned about the behaviour of management and corporate governance; creditors wish to protect the standing of their claims; employees fear job insecurity and being misused by management; and management wishes to avoid loss of operational control and to minimise the impact of uncontrollable circumstances. With all these stakeholders focused on risk, efforts to manage risk have become critical to most organisations, whether they recognise this or not.
Conscientious stakeholders will always consider the riskiness of course of action and undertake steps to mitigate perceived risks as best as possible. In general, there are four ways to respond to risk. Firstly, accepting it as inherent in situation, ie little can be done about it. Secondly, avoiding it by choosing alternatives that make the risk irrelevant. Thirdly, transferring it to another party through insurance, risk-sharing arrangements or outsourcing. Finally, controlling it through specific actions. proactive approach to risk reduction is common for the most serious concerns an organisation faces.
A risk management perspective allows broader view of the accountant’s role by recognising that an accounting system and financial reports are just one form of measurement system used to manage risks. The skills and knowledge needed to conduct an audit of financial statements might easily be adapted to broader range of areas that could be addressed by auditors. Historically, independent accountants have been expert at evaluating information systems and determining the accuracy of information. These skills can apply to any information system or data where reliability and accuracy is important; systems and information related to management decision-making and risk management could be audited as readily as financial information. broader possibility is that accountants could evaluate whether systems and measurements are appropriate for the risks being monitored.
Auditors might also assist in the identification of risks and help to plan responses to risk, or evaluate management’s efforts in these areas.
With their broad business experience, industry knowledge and independence, external auditors can evaluate whether management has addressed all potentially significant risks and prioritised them appropriately. Once the auditor has developed the knowledge base to allow broader examination of risk and risk management, that knowledge can be used to evaluate whether responses to risk are adequate, reasonable and c
