‘Who will monitor the monitors of the monitors? This is a critical question that organisations, professional bodies and regulators who have been tasked with monitoring society need to consider. I believe that external audit falls within this category and we too need to consider this question. In this article I will explain why external audit falls within the ambit of monitors of society and why the profession might need to answer the question about monitors.
Enemy of the state is one of my all-time favourite movies. The plot is typical Hollywood. A leader of an institution tasked with national security goes rogue. He uses the institution’s resources for personal gain thus rendering the institution a threat to the very society it is meant to provide security for.
At the end of the movie, after all cover-ups to the public have taken effect, one of the characters whose family life was turned upside down as part of this bigger scheme of cover-ups is watching a news bulletin. She is touched by what she hears. The government is talking about lessons learned. ‘We learned that we need to monitor those who we have tasked with monitoring our country and society,’ the government says. Irate, the character, responds: ‘But who will monitor the monitors of the monitors?’
External audit as a public service
The external audit profession (the profession) is one of the monitors of society. For example, in South Africa the audit firms provide audit services to monitor and ensure that the business communities’ actions, activities as contained in the annual financial statements are fairly presented and reported; the Independent Regulatory Board for Auditors (IRBA) monitors that the audit firms render high-quality service to business communities; and the government, through the Finance Ministry, monitors IRBA to ensure that it effectively monitors the audit firms. Currently, the majority of registered auditors are members of SAICA and therefore, to some degree, SAICA monitors their members.
Essentially, we have the monitors (audit firms) being monitored by a monitor (the IRBA) and IRBA being monitored by the Finance Ministry.
In recent years, owing to the scandals that have shone a spotlight on our profession, the question about the monitoring structure has become even more relevant and we need to be honest when responding to it.
SA’s audit profession: a fight to rebuild credibility
The profession urgently needs to rebuild trust and credibility. To this end, it has reflected and asked critical questions and continues to do so: ‘What more needs to be done?’ How can the profession rebuild credibility and trust?’ ‘What significant changes/reforms need to be done?’
The proposed answers normally target the elements of the combined assurance model (CAM) or recommend that we introduce increased regulation. These are valid. However, I believe we need to dig deeper and ask more direct and bold questions.
Questions such as if personal interests of some exceed public interest, what would be the most proactive way to curb this?
The most proactive approach would be to also focus on the profession’s organisational cultures, especially the governance of ethics. I believe doing so will to a large extent prevent personal interests from overtaking public interest.
If we do not address it, none of the proposed audit reforms will be effective. Ignoring the governance of ethics and focusing on other reforms brought us more accounting scandals from Enron (2001) to Tongaat Hulett (2019). If the profession keeps tiptoeing around underlying cultures, the same mistakes will be made by different organisations and professionals. Same script, different cast. Why? Because if we do not get to the real issues, we are in effect putting nail polish on a hangnail.
But why should we zoom in on organisational cultures and governance of ethics?
Organisational cultures and governance of ethics
By way of illustration, let us talk about an umbrella. Umbrellas protect us from the rain or the sun. But what happens when the umbrella has holes? It will leak and will not do its job of protecting the user.
In like manner, cultures act like umbrellas. They create barriers against corrosive elements in any organisation or professional environment − corrosive elements such as an unbridled appetite for profit-making, short-termism, appetite for aggressive risk-taking, silencing of dissenting opinions, fear, apathy, unquestioning minds, dishonesty, etc.
What happens if the culture has holes, so to speak? The corrosive elements will seep through.
These elements could contaminate the nobility of intentions, the sincerity of efforts, the integrity of the organisations, the leaders and professionals who form part of the monitoring system. All the elements of the CAM sit under the umbrella of some organisation or profession. The effectiveness of reforms targeting the CAM would be greatly compromised if cultures are not addressed.
Therefore I believe that the question of reforming the way the profession governs its cultures and ethics is key to audit reform. We might need to monitor the monitors of the monitors.
This is neither new nor ground-breaking. Maybe that is why when hearing proposals about scrutinising organisational cultures and the governance of ethics, we give a nonchalant shrug and move on. We have heard it all before. Time and again ethical culture and ethical leadership as a catalyst for reforming the profession is proposed. We know why we need it. Many say that they subscribe to ethical leadership and have effective systems to educate and monitor ethics and ethics outcomes.
What we seem to be unable to coherently answer as a profession is the consistency of the ‘how’. How do we collectively adhere to ethical leadership and ethical culture as a profession?
The external audit profession and the governance of cultures and ethics
Imagine that your audit firm is considering responding to a tender issued by a holding company. Your firm wants to understand the business to perform its risk assessments. The risk assessment will determine whether your firm should pursue this client or not. During this stage, it has been noted that the future existence, relevance, viability and sustainability of the whole group depends on its adherence to ethics. It has been concluded that this is the only key risk factor in determining the group’s ability to remain a going concern in future.
How would the firm ascertain the adherence of ethics across this group?
It would perform enquiries and obtain evidence to ensure that this risk is uniformly managed across the group. For example, it would look for:
- Objectives and intended outcomes across the group
- Design of systems, processes, generally accepted frameworks
- Ensure a coherent system description across the group
- Monitoring structures and identified custodians
- Identified custodians, their qualifications and expertise
- Consistent reporting and reporting frameworks
The firm would also look for documentation that proves that the holding company and its subsidiaries are consistently and coherently adhering to ethics across the board. You would also ascertain whether the client adheres to any existing corporate governance framework such as the King IV report. If none of these is in place, the audit firm would likely change the approach and request a meeting with all the leaders of the components within the group. The audit firm would perform enquiries and request a system’s description on how the ethics risk is managed. In that meeting, the audit firm discovers that each leader has their own view of managing ethics. They each have their own separate risk management framework that they adhere to.
Considering the foregoing, would you accept this client relation if you were the engagement partner assigned to the audit? Would you be comfortable that this key risk, namely ethics – which is critical to the future existence of this group − is adequately managed? You most likely would say no to this group. Most external audit firms would not even consider a relationship with such a client: it would be deemed too risky.
Now, thinking of this example, let us use our profession as an example of a potential audit client. Let us say the holding company name is ‘The Profession Group’. The Finance Ministry is the holding company. IRBA is the wholly owned subsidiary of the Finance Ministry. IRBA has a significant joint venture with SAICA. The audit firms (Audit Firm Inc) are the wholly owned subsidiary of the IRBA. This group has a tender out and your audit firm is interested in the business. Your audit firm undertakes a risk assessment to ascertain whether you would like a client relationship with this group. You determine that adherence to ethics is the one key risk factor to the sustainability of this group. Your audit firm undertakes the aforementioned risk assessment process.
You obtain the annual reports of the IRBA, SAICA and the transparency reports or other reports of the audit firms. You are inspecting these for a set of rules and guidelines that ensure that the governance is consistent, transparent and comparable. Your firm discovers that each of the group’s components adheres to its own set of the risk management framework. You call a meeting with each of the component’s leaders and discover that individual leaders have their own approach to the ethics risk. With this information, you are likely to avoid auditing this imaginary company called ‘The Profession Group’.
Why? Because you would conclude that the ethics risk is not governed coherently across the company.
The example is imaginary, but for the profession this seems to be the reality. For example, we do not seem to have a uniformed and coherent approach to the governance of ethics. As monitors, we expect the companies or organisations we audit to adhere to corporate governance principles or have consistent processes that help them manage risk. These principles and processes help monitor how these businesses or organisations conduct their functions. Also, they give us comfort as auditors that they are ethical organisations that we could have a relationship with.
However, when it comes to us as a profession, we seem to struggle to govern ethics coherently across the profession. Managing ethics coherently and consistently will ensure the sustainability of our profession. We will be able to curb any corrosive elements that threaten the future of our profession. We might start by either adopting an existing framework such as the King IV report on corporate governance or develop a customised framework that will manage organisational cultures and govern ethics for our profession.
By doing so we will be able to answer the question: ‘Who will monitor the monitors of the monitors?’
AUTHOR | Zimkita Mabindla (CA)SA