Ever since the collapse or shoring up of many banks in 2007/8 people have been quietly contemplating the role of the auditors.
Clearly in the case of the banks and their fantastically complex derivative trading your average auditor would have no real clue as to whether what they were looking at was a risky enterprise or not because – assuming they asked the questions- the bank's own risk managers would have no doubt placated them with soft words and reassurances that all was well and banks didn't fail.
Shortly before the roof fell in.
In the case of the banks, audit firms could comfort themselves with the understanding that if the banks didn't know their own risk exposure how were the auditors supposed to know?
These arguments don't wash with Carillion.
This is a construction and services company. What they do is not difficult to understand. There are no complexities here. Auditors cut their teeth on this kind of business – there's nothing special about Carillion except its size.
Investors and the public require sound financial information as a basis for making informed decisions and there is a public perception, an expectation, that one of the roles of the auditor is to detect fraud and to warn against failure.
So, if there is a massive failure by a company which has recently had a clean audit report this raises questions over the purpose of audit and the role of the auditor – i.e. is the auditor simply there to validate accounts prepared by the directors or is their role wider in terms of carrying out risk assessments and reporting to shareholders about risky management practices?
Auditors carry out their audits bound by things called International Standards on Auditing (ISAs) issued by the Financial Reporting Council. These are a non–statutory set of rules which auditors are bound to comply with and failure to comply means that the audit partners have a very uncomfortable interview with the FRC's discipline committee unless they can come up with thunderingly good reasons why compliance wasn't appropriate.
Now one of these ISAs - ISA 570 'Going Concern' - explains that a company prepares financial statements on a going concern assumption that the business is able to continue in business for the foreseeable future. The term 'foreseeable future' is not defined within ISA 570, it is generally agreed to be a period of 12 months from the company's year end.
This is important as it is assumed that the entity has neither the intention, nor the need, to liquidate or significantly curtail the scale of its operations. If management conclude that the entity has no alternative but to liquidate or curtail the scale of its operations, the going concern basis cannot be used and the financial statements must be prepared on a different basis (such as the 'break-up' basis).
So as part of the audit the audit team from KPMG will have asked Carillion's management to show them how the company was going to continue in substantially its present form for at least the next year. They would examine the underlying assumptions and make a judgement as to whether what they have been shown stands up.
For example, if the calculations include:
- an assumption that the company will receive a substantial cash injection from its banks – how realistic is that assumption? Is there any proof that the support will be forthcoming?
- assumptions that Carillion would win lots more contracts from the government? Again how reasonable is this?
The auditors would get out their Excel spreadsheets and test these calculations and do 'what if' scenarios.
If the 'what if' scenarios showed that Carillion was likely to fail if the assumptions didn't come to pass the auditors have a big problem and it is this. They would either have to modify their audit report by saying they had a fundamental disagreement with the directors that Carillion was a going concern or the directors would, effectively, have to admit it and redraft the financial statements to show the business as, effectively, bust and write down all the assets to a knock down price. Carillion would have been condemned ten months earlier.
Instead the auditors must have accepted the directors' version and gone with it. They sounded no warnings in their Auditors' Report nor expressed any doubt as to the validity of the directors' assumptions as to the future viability of the business. Too big to fail? Really?
The question is that if the audit cannot protect investors from irresponsible or highly risky, management practices what use is it?
Should the role of the auditors extend to reviewing management style and practices? The audit profession states it is not their role to tell management how to manage, however regulators, particularly those in the EU have said that they think auditors should be more pro-active and that they accept management assurances too readily. Critics see the relationship as being too cosy and suggest auditors be more challenging.
One major question is how reluctant are firms of auditors to upset clients which pay them big audit and large consultancy fees? Since 1999 the auditors of Carillion have been paid around £29.4m in fees.
In Carillion's last annual report, the company described their auditor KPMG's work as, "a high quality and a very effective service." The company's Audit Committee, in discussion with KPMG, concluded that judgments on revenue and margin recognition had been "reasonable." The accountancy firm also approved Carillion's viability statement, certifying it as strong enough to survive for at least three years.
The company's stock market crash, when it admitted it had overestimated revenues, cash and assets, came just three months later and its ultimate collapse ten months later.
KPMG said that its audits for Carillion had been conducted "appropriately and responsibly." It added that its accountants had been involved in uncovering the shortfalls in company finances last summer. A spokesman said: "We recognise that it is important that regulators acting in the public interest review high profile cases and will of course cooperate fully with any enquiries that the FRC or other regulatory agencies may make."
This, at least, is an accurate comment because not co-operating with the regulator is not really advisable.
KPMG may well be dusting off its indemnity insurance policy and briefing its PR department, but the collapse of Carillion raises much larger questions about the usefulness of audit which have yet to be addressed satisfactorily by the profession
There is no doubt that audit has a valid place in the business world. Without independent scrutiny of financial statements boards of directors would have unfettered control over a company's future and would be able to pillage it, at an even greater level than they do now, without any accountability to the owners of the business. In routine circumstances audit has a valuable part to play.
It is at the margins where hard decisions have to be made that, perhaps, auditors may be found wanting and that could be down to the relationships they have with their clients and the fact that, although the auditors act for the shareholders it is the company that pays the bill.
It may be that the future of audit must be decided by individuals or bodies outside the profession. What does business want from auditors? What do investors want? How can we protect audit firms from the consequences of having to make hard decisions and falling foul of managers?
The collapse of Carillion will reverberate throughout the profession and it may have to face up to some uncomfortable questions before those reverberations have died away.