Stakeholders’ expectations of the auditor, who is seen as a gatekeeper to ensure the integrity, fairness and transparency of financial information, are high and rightly so. However, the role of the auditor across the entire value chain in accounting and financial reporting is not well understood. The value chain begins with the people involved in financial transactions, the preparers of accounts and financial statements. The chain then passes through management, internal auditors, audit committees and the audit board.
Ironically, when fraud occurs, the responsibility shifts to the auditor who is really at the end of the chain, and not to those who had the responsibility to prevent fraud, and those who had the responsibility to detect it.
The history of high profile corporate frauds in India and other countries – including in the cases of Satyam, ILFS, PMC, DHFL and others – points to management failure, callousness, neglect or complicity , including the CEO and CFO, in preparing accounts, financial information and the design and operation of internal control systems. The internal auditor, as the first line of defense, must vouch for the adequacy and effectiveness of the internal control and risk management system. This is something that these listeners failed.
The audit committee did not supervise the external audit, internal control, internal audit and financial information. Boards of directors have failed to discharge their responsibility explicitly under the Companies Act 2013 and others for the proper maintenance of the accounts, the adequacy and effectiveness of internal controls, quality of financial reports and fraud detection and prevention.
On the other hand, the role of the external auditor is to perform audit procedures to express its opinion – reasonable assurance that the financial statements are free from material misstatement, whether caused by error or misstatement. fraud. Due to the nature of the audit, the available evidence and the characteristics of the frauds, it cannot provide absolute assurance. At best, the auditor has a responsibility to detect fraud in certain circumstances.
There are others who are responsible for the prevention as well as the detection of fraud – management under the supervision of the internal auditor, the audit committee and the board of directors. The opportunity or incentive to perpetrate fraud is created by lax oversight, weak controls, connivance or a culture of shortening, self-imposed pressure or giving in to short-term market expectations. This has been amply demonstrated in high profile corporate fraud cases in India and other countries.
Corporate frauds suggest failure of the board of directors, directors (individually and collectively), independent and appointed directors, auditors (both internal and statutory), promoters and management.
The principle of shared responsibility would help regulators and other authorities to determine the root cause of fraud and the parties responsible for it, determine proportionate liability and take the well-thought out preventive and corrective measures necessary to prevent it. does not happen again.
The 2013 Companies Act and regulations adopted from time to time do not explicitly address all links in the financial reporting value chain, fraud prevention and detection, and their liability in the event failure, etc. Auditors, however, have always found themselves center stage when it comes to determining liability and liability for fraud. It is therefore not surprising that the new regulations did not prevent fraud due to the lack of a holistic view.
External auditors, as gatekeepers, must undoubtedly take on greater responsibility and proportionate accountability. However, the disproportionate focus on the auditor has unduly led to a loss of public confidence in auditing and the audit profession. The knee-jerk reactions and piecemeal audit reforms have only done more harm than good.
The author is the former secretary of ICAI.