Prime Minister Narendra Modi’s sarcastic remarks last year to chartered accountants on the Chartered Accountant (CA) Day came as an unexpected sudden jerk to the one hundred thousand practising chartered accountants in our country. Recently we saw once again, justifiable concerns surfacing on the role of auditors in non-detection of bank frauds and corporate irregularities. Malcolm Forbes had once written to the US President in respect of a certain financial mess, “When it’s your own fault, things hurt worse than when someone else is to blame” and in the same way if official regulators were looking the other way when the banks slipped into a mess, it’s great to affix blame on somebody else, often the auditor in this case.
I am not at all seeking to find alibis here. All that I propose doing is to take a look at the role of the auditors when they certify financials of a company and to what extent can they meet the expectations of regulatory bodies in checking delinquencies. I will also in this context refer to the modified Auditors’ Report format recently notified by the Institute of Chartered Accountants of India (the ICAI). But before I do so, let me dwell first upon the appointment itself of the auditor.
An auditor in a private sector company or a private sector bank is appointed by shareholders in a general meeting. Now since generally the promoters would predominantly be in majority there, it is the independence which is often a question mark. In parallels of government-owned banks or commercial companies, the auditor is appointed and reports through the Comptroller and Auditor General. So the built-in flaw in the system is quite evident in the private sector. Take a case of a private sector bank, say an ICICI Bank – whereas the shareholders equity is only around a thousand billion rupees of which again 75 per cent is held by the public, its deposits and borrowings of Rs 6,000 billion are from the public or public institutions, the risks and stakes therefore of the common public there are no less. This is also the case in most blue chip private sector companies. The point is, even after the elaborate Corporate Governance Rules that our listed companies are obliged to follow, the auditor has no clear independence in his appointment, in fixation of his remuneration and in his operation. In my view, the Securities Exchange Board of India (SEBI) in case of private commercial companies and the Reserve Bank of India (RBI) in case of private sector banks should have a distinct role in appointment of auditors and fixing their remuneration. Otherwise in sheer logics of it, it goes against the doctrine of independence in my view, the elaborate Code of Ethics of the ICAI notwithstanding.
Role of auditors
My second point is on the audit work itself. In our company law an “independent” auditor is required to report on four things: a) A statement that it was the company’s responsibilities for preparing its financials under accounting standards, maintaining proper accounting records as a going concern and in maintaining internal financial controls against frauds and irregularities. b) A reasonable assurance (not a guarantee though) that the audit was carried out in keeping with the standards of the ICAI and whether he found material misstatements which may arise from frauds and errors. c) His opinion on the financials (as prepared by the company) as to whether, from the information and explanations offered to him by the company, the financials are in line with generally accepted accounting principles and whether they present a true and fair view of the state of affairs of the company. d) He has also to state whether his opinion is based on Code of Ethics of the ICAI and whether he has obtained audit evidence, sufficient and appropriate for forming his opinion as above.
So contrary to public perceptions, the auditor is neither supposed to be a policeman nor a detective. The auditor’s clearly defined assurance is largely dependent on a) the quality of the information and explanations made available to him by the company and b) by the quality of controls, accounting records and reporting standards followed by the company. But that’s not all. In the PNB case for instance, the LoUs were off-balance sheet items which means since no money had gone out in terms of cash or accruals, it would be till then an off-balance sheet liability seeking clear disclosure. So if the bank keeps this information away from the auditor, the auditor can still use his own ingenuous devices like say, trend analysis, cross tallies of past remittances and RBI returns vs the securities held/borrowers’ ratings etc – all in terms of “sufficient expertise” as in the Code of Ethics. For this, educational standards at the ICAI need enhancement both in terms of operational skills in newer areas of intense networking, Machine Learning and Mathematical Reasoning on the one hand and forensic skills on the other.
Secondly, the auditors’ report in my view is too cumbersome. In the UK for example the format is notified by the Financial Reporting Council (the FRC, UK), the regulatory body there, and not by the Institute of Chartered Accountants of England and Wales, which is the educational body. The FRC report is short, crisp and to the point. It states the scope, the opinion, the responsibility and the risk assessments, that’s it. The rest is by exceptions. This helps stakeholders understand better. I think the ICAI can take a leaf out of the FRC’s format for this.
Thirdly, the government has now cleared the National Financial Reporting Authority (the NFRA) the new regulators. More like the FRC, this independent body with representatives from the government and the ICAI will have wide ranging powers to regulate and adjudge matters of reporting and I think it is a welcome step.
Accountability is the key in my view and I think it is best addressed professionally, as Forbes’ inhibitions in being content with affixation of blame, rather than quick-fix patchworks.