Among 87 cases where the Securities and Exchange Commission investigated fraudulent financial reporting that led to sanctions against auditors from 1998 to 2010, the failure to gather “sufficient competent audit evidence” was the top audit deficiency, a new report reveals.
The study analyzes the root causes of external audit missteps in the public companies flagged by the SEC during those years. Written by four university professors, the report noted that just 11 of the 87 audits occurred after the end of 2003, which was 17 months after the passage of the Sarbanes-Oxley Act.
“Since Sarbanes-Oxley, members of the public-company audit profession have dramatically stepped up their commitment to audit quality, integrity and professionalism,” says Cynthia Fornelli, executive director of the Center for Audit Quality, the public-policy organization that commissioned the study.
The 11 post-2003 audits cited in the report were of smaller companies, whose median revenues were less than $11 million and median assets were about $5 million, compared to $40 million in assets and revenue for the earlier audits.
Still, the research adds to overall efforts to deter fraud, according to Fornelli. “It is important that public-company auditors, CFOs and other members of the financial-reporting supply chain take their responsibilities in this regard seriously and commit to seizing opportunities for improvement.”
The study’s authors noted that the driver of financial-reporting fraud is the perpetrator who conceals fraudulent actions. But they added, “Auditing standards do place a responsibility on auditors to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.”
After failing to gather sufficient evidence (which applied to 73 percent of the cases), other audit deficiencies mentioned in the report included failure to exercise professional care (67 percent), insufficient level of professional skepticism (60 percent), failure to obtain adequate evidence related to management representations (54 percent) and failure to express an appropriate audit opinion (47 percent). Fifty-eight of the cases cited more than one of the top three deficiencies and 42 cited all three.
A lack of skepticism to begin with was likely to have been a partial cause of inability to gather sufficient evidence as well as some other basic oversight problems, the report noted. For example, some audit firms in the SEC cases relied on management’s inventory reports without testing the reliability of the reports themselves. Also, some failed to obtain additional evidence about estimates used in financial reports or did not substantiate prices used in clients’ software-valuation calculations.
The authors note that another trigger for auditors’ inability to find sufficient evidence may have been a “failure to adequately link audit procedures to underlying risks.” That, they opined, could have been corrected with greater emphasis on quality control. They also suggested that if such mistakes were to occur in the future, audit firms may have to be taught new tools and techniques.
Broken down by auditor, the results show that the number of SEC sanctions involving audits performed by non-national firms (46% of the cases) was not all that much higher than the 35% that involved audits by national firms (which include the current Big Four and previous Big Six firms among other firms). Nine sanctions in the latter category were against Arthur Andersen, which halted its public-company audit operations in 2002.
The report’s authors were Mark Beasley of North Carolina State University, Joseph V. Carcello and Terry L. Neal of the University of Tennessee, and Dana R. Hermanson of Kennesaw State University.