The U.K. government on March 18 set out a series of proposals that would impose additional duties on both company directors and audit firms to detect and prevent fraud as part of a raft of measures designed to improve auditing and corporate governance.
While audit firms have generally welcomed the opportunity to revise corporate governance in the United Kingdom—hailed by David Herbinet, head of audit at Mazars, as “a once-in-a-generation opportunity to transform audit”—all have so far remained silent on the practical (and legal) ramifications of being held more directly accountable for instances of corporate fraud.
Indeed, Compliance Week approached the U.K.’s six major auditors—KPMG, PwC, EY, Deloitte, BDO, and Grant Thornton—for comment, and all declined ahead of the July 8 consultation deadline.
However, other experts have been keen to weigh in, with several questioning how any increased duty on auditors to detect fraud will work in practice.
Phil Crooks, managing director at consulting firm Berkeley Research Group, says the introduction of a duty for auditors to detect and prevent all fraud is “simply not practical.”
“If these proposals come into force, audit firms will need to assign more of the work to senior people who will also need to be more skeptical. This will add to the amount of time it takes to conduct an audit, and that will add to the billing costs.”
Andrew Durant, Senior Managing Director, FTI Consulting
“If there is to be an extension of the auditor’s responsibilities, then there needs to be reasonable guidance on what is meant by ‘to detect and prevent,’ while any new regulatory requirements should distinguish between different types of fraud,” says Crooks.
“For example, one would expect material fraud to be detected by any audit, but that becomes increasingly difficult if those responsible for the accounts, namely management, are involved and purposefully deceive the auditor. Therefore, liability should be weighted more toward directors rather than auditors,” he adds.
Andrew Durant, senior managing director at FTI Consulting, also believes there will need to be prescriptive guidance detailing what is exactly meant by “material fraud” if legislation does come into place that makes auditors responsible for detection and prevention.
He adds the proposed increase in auditors’ responsibilities will also result in “substantial” fee hikes.
“If these proposals come into force, audit firms will need to assign more of the work to senior people who will also need to be more skeptical. This will add to the amount of time it takes to conduct an audit, and that will add to the billing costs,” says Durant.
Durant also questions what the beneficial impact would be of increasing directors’ responsibilities for detecting and preventing fraud. “Given that in many major corporate frauds executives would have needed to have been either actively involved or to have actively looked the other way, requirements for directors to detect and prevent fraud look like asking them to mark their own homework,” he says.
As such, he says, “if these proposals are adopted as laid out, there will need to be a much stronger role for internal audit, compliance, and risk management to challenge the board over their oversight of fraud detection and prevention procedures and controls.”
Durant also dismisses the proposal for joint audits as “one without any benefits.”
“In my experience, incidences of fraud always flourish in situations where multiple parties are involved in carrying out the checks because each believes someone else is responsible for that part of the work,” he says.
Charlie Patrick, partner at fraud and data specialist Forensic Risk Alliance, says “identification of fraud is not always easy and can be time consuming, which is why there are often specialists involved in investigating fraud. It remains conceivable that some fraud will remain undetected by audit procedures.”
He adds any new regulatory regime “needs to be proportionate. Otherwise, there will be an imbalance in the duty of care by the auditors and companies/directors, and likewise the penalties that ensue.”
Patrick also questions just how far an auditor’s duty will be to detect or prevent fraud under the proposals.
While critics have complained auditors have failed to detect major corporate frauds at companies like BHS, Patisserie Valerie, and Carillion, Patrick says the proposed requirement only asks for auditors to conclude the statements boards have made to implement and monitor fraud controls and procedures are accurate.
Likewise, he says, under the proposals, auditors would only be required to report on the work they have done to detect material fraud and the effectiveness of corresponding controls—neither of which would do much to address the “expectations gap” between auditors and the public regarding the purpose of the statutory audit.