External Auditors Under Pressure in UK

For several months, the House of Lords has been holding hearings into the external audit profession in the UK. They have reviewed the role of the auditors in the financial crisis, whether their dominance of the external audit market (the Big 4 audit 99 or the FTSE 100) affects audit quality, the quality of communications with regulators, and the risk of one of the Big 4 failing.

They have just released their report. The best summary I have seen is by the Telegraph (a national UK newspaper).

One of the key observations, apart from recommending the UK regulators investigate the external audit market, is that while the audit firms may have complied with their legal obligations, they failed to meet their ‘wider’ obligations. By that, they refer to the fact that the auditors provided an opinion based on whether the financial statements complied with IFRS rules, but failed to assess whether those financial statements provide a true and fair view of the results of operations and the financial condition of the company.

I recommend checking out these blogs on the topic:

  • Insider, from the editor of Accountancy Age.
  • Forbes, by Francine McKenna.

The response by the industry is very interesting. The Accountant has good coverage.

My thoughts:

  1. It is important that companies comply with accounting rules. But, it is even more important that the financial statements provide reliable and useful insights into the financial condition and the results of operations. The current external auditor opinion does the former, not the latter.
  2. While it is interesting that consideration was given to having the external auditor assess and report on risk management, I am not in favor of that. I would prefer that management and the board be required to assess and report on the adequacy of their risk management process and have the external auditors focus on the financial statements. They should look at risks only to the extent that they need to perform their financial statement audit. The internal audit function can and should assess and report on the adequacy of the enterprise-wide risk management program.
  3. Regulators, investors, and exchanges around the world should give strong consideration to the House of Lords report. What changes, if any, are required in their market?

What do you think?

Posted on Mar 31, 2011 by Norman Marks

Share This Article:    

  1. Another good post. Thank you Norman. 1. most cfos, chief accounting officers, internal audit vps got their jobs through their big 4 network 2. the audit profession, like others, reward revenue growth, not integrity. Most partners are unethical. 3. this kind of auditor vs. auditee is a game that developed countries can afford to play. in china and other countries, they simply report whatever they want. and it works. china's doing great.
  1. I agree that this is another great post, and I won't be surprised if the US follows suit either.  With External Audits, there is tremendous pressure on fee realization and firms have to generate profits to stay in business.  At the same time, financial executives pressure firms to keep fees down and normally see the audit as a required compliance step rather than adding value to the organizations.  Well run Internal Audit shops, however, can add value and should be looking at the overall risk management process rather than the external auditors.  The external auditors are only concerned about risks that could impact the financial statements (i.e. get them sued) where IA has an enterprise-level view.  IA should be looking at how well all risks are managed and it would be a mistake for this to become part of the external audit.

  1. Norman: If you were to talk to people my my uncle and aunt - who own a farm in the Central Valley of California, they would ask, "Why wouldn't an auditor look at all the risks? I thought they did already." As professionals, we understand our scope - my relatives assume that our profession has looked at these risks for decades and it hasn't worked. Note that my relatives (or the general public) wouldn't make the distinction between internal and external auditors and would assume that "those big firms" are audited completely. Ultimately, I think that's what is in-play for the politicians and regulators.
  1.  Norman:

    Thanks for sharing this and I concur with your thoughts. Internal audit has responsibility for assessing the risk management process. They have not been executing this responsibility. While we can determine many reasons for this including the fact that the skill sets to do so are not up to par, or that there has been an inordinate attention placed on Sarbanes Oxley or because the professional guidance to assess risk management is insufficient, the bottom line is that they have not been executing their responsibilities in what is probably the most important area of their job. So I think that  they will need to construct a plan to do so which will include finding those training courses/materials that will be helpful to build the necessary skill sets. 

    Pressure will keep on mounting this year given all of the prior fiascos and the new SEC rules. No doubt external auditors will attempt to market these services to Boards of companies and it is possible that companies may end up outsourcing this to the external auditors which while it would be quite lucrative for the external auditors would be quite unfortunate as I have seen nothing from any of the large accounting firms in this subject area that would convince me that they have  the skills to execute this work.

    So we do have an excellent opportunity as internal auditors to step up to the plate and we must seize this opportunity right now



  1.  Rick:

    "...financial executives ...normally see the audit as a required compliance step rather than adding value to the organizations."  - Unfortunately, this perception holds even for internal audit in many organisations, esp. in geographies outside of North America and Western Europe if I may say.  The checkbos perception may be prompted either by regulations or by the need to put up an acceptable front to the PEs/financial world in general, but may not graduate to a willingness to derive actual value from IA.

    So while we go about strengthening our skill base and marketing our services, especially in the field of risk management, one elephant in the room may be the tone at the top and organisational governance environment.  Internal audit just can't function in a vacuum, divorced from the reality of the context within which it operates.


  1.  Rick:

    Seriously speaking, where is the support for your statement "financial executives normally see the audit as a compliance step rather than adding value" ? I suggest to you quite strongly that internal auditing currently is divorced from the context; that the real context is more than their current level of understanding in the area of risk management. So we can pretend that it is not the case and when we have another BP situation or TEPCO for that matter, the Board will then seek other parties  that can provide them with the assurance over risk management.

    So if you really feel that it is an elephant in the room, that you have the skill sets to try and foster changes needed and that nobody is willing to listen, perhaps it is time to bail out and find another room? All that you have to bring to the table is your integrity and if this means bringing tough messages to the table, so be it. I recall t he time not so long ago that many internal audit departments were being outsourced primarily because the Big 4 firms were able to convince the Boards that internal audit added minimal value. I suggest that we pull ourselves up by the bootstraps and execute our craft precisely in the way it was intended and in so doing, we will gain the recognition internally that we deserve. If there is internal desire for a compliance function only, then we have a responsibility to coach and counsel that this is inappropriate.



  1. The External Auditors, generally do not take any responsibility on the financials. If you see the wording of both the Auditors Report to the Shareholders and the Letter of Representation (LOR) obtained from the Clients give them comfort for any sort of claims, it is more of a disclaimer, 

    The External Auditors should do an indepth review on all issues i.e. insight into the financial conditions, compliance with Rules and Regulations and all risk related issues included in the financial statements. Although the responsibility of preparation of the financials and all risk related information should rest with the Management.

    Even the Internal Auditors be given the task to review and certify independently, all information prepared by the Management and give comments before the financials are finalized and signed off.

Leave a Reply