Addressing the Role of the External Auditors and the Value of Financial Reporting

Norman Marks, CRMA, CPA, is a vice president for SAP and has been a chief audit executive and chief risk officer at major global corporations for more than 20 years.


The Center for Audit Quality (CAQ) is an interesting organization. Affiliated with the AICPA and holding themselves out to be an independent and objective advocate for quality in external audits, they periodically hold meetings on topics of interest to governance, risk management, and assurance practitioners. I have attended a couple of meetings as a representative of The IIA and found the attendance to be high-quality and the discussions meaningful.

In March, CAQ held one of their workshops on the topic of the "evolving role of the [external] auditor." They summarized the results in this report (PDF).

The most interesting aspect for me is the ‘dog that didn’t bark’ (for Conan Doyle fans): they didn’t discuss (or at least reference in the report) any concerns with the quality of the external auditors’ work. Perhaps they see that as being sufficiently aired in Congress, by the US regulators, and in the UK House of Lords!

Instead, they focused on whether the external auditors should add value to investors by providing more information (reports or opinions) on such matters as management’s discussion and analysis (MD&A).

The one theme that caught my eye is a clear concern among those attending the workshop that the financial reports should provide a clear picture of the organization’s results and condition. The report references the value of non-GAAP information — even in preference to numbers that comply with GAAP — and that complex accounting regulations muddy investors’ view of results.

The auditor’s report that is included in the filed financial statements includes an opinion as to whether they are fairly presented in conformity with GAAP. But if the GAAP presentation is not what investors most find useful, perhaps the answer is not that the auditors should provide additional reports (such as on the MD&A) but that the complexity of GAAP and financial reporting in general is a problem.

What do you think of these suggestions?

  • Management should be required to explain the metrics they use to manage the business, disclose them, assert to their accuracy, and explain whenever they change them. In particular they should disclose whether these are consistent with the measures used to determine executive compensation.
  • The audit committee should assert that they have reviewed the above and are satisfied with the accuracy of the disclosure. They should also confirm that they believe the financial statements, taken as a whole with the non-GAAP disclosures, provide a true and fair view of the company’s results and position.
  • As is the case in many nations, the financial statements should include representations by management that have been reviewed by the board as to the condition of risk management and internal control (which is not limited to the financial statements but includes controls over all areas of significant risk to the organization). I would not ask for an opinion on these topics from the external auditors.
  • The audit committee should confirm that they have reviewed and obtained assurance on both the independence and the quality of the global external audit team.

I welcome your comments.

Posted on Aug 5, 2012 by Norman Marks

Share This Article:    

  1. Having senior management disclose what metrics they are currently using could divolge publicly what they are focusing on  and could in theory expose the business to competitor scrutiny - i.e. seeking to determine potential counter market focus to destroy any advantage measuring those metrics had in the first place.

    Having an internal audit team reviewing these metrics presumes that the auditors have an equal if not better knowledge than management of what should be driving the business. This comment also shows that it is equally impossible for auditors to review which metrics should be in use.

  1. Management pays the external auditors to do a minimal audit to get a "pass."  The Audit Committee may review the audit report, but rarely disagrees (or even comments) on the content, wording, or findings.  The Boards don't expect anymore and don't want to pay for extra services.  The external financial audit is at the 100000 mile limit and unless it's blatantly obvious won't do any additional work concerning controls or fraud unless they want to protect themselves from a lawsuit.  What's even more bothersome is that if Internal Audit points out problems in the financial report that relate to internal controls or other issues, the external auditors have the last say on whether these are "really" problems that management should be concerned about.

  1. In Holland we have the loophole that management can deviate from GAAP if they are convinced that such will provide better information and insight to investors. With the addoption of IFRS this has been limited though still exists.

Leave a Reply