It seems like everyone agrees, there is something wrong with auditing. It seems like every time there is a company failure, the auditors are in the firing line, rightly or wrongly. I tend to think auditors can, unfairly, end up being blamed for the failure of companies which are just managed badly.

​

However there have recently been a number of examples of what I would describe as auditor incompetence. One example is BHS which was a particularly poor audit as reflected by the FRCs damming report. Another example is Wirecard where the auditors did not perform the most basic, fundamental and simplest test: confirm the existence and ownership of cash the company claims it has. There are many other examples of such incompetence, such as the audit of JP Morgan’s segregated funds.

​

One of the most confusing aspects of auditing to those outside the profession is exactly who the auditor is responsible to. To understand this it is worth considering the history of capitalism that Britain exported around the world during the empire.

​

Abridged audit history

Around the 18th century the industrial revolution started and Britain's global empire emerged. One of the international trades that grew around Britain's empire was the slave trade. This activity proved to be extremely profitable. However it presented a problem for the investors in the UK. Unlike other businesses of the time, the owners had little oversight of what was going on in the "plantations". Their concerns related not to the living conditions of the slaves, but that the people running the plantations might be misappropriating "assets".

​

Part of the solution was to appoint auditors who would report back to the shareholders to provide assurance that shareholders were getting their fair share and the numbers reported by management weren't works of fiction. Auditors still perform this kind of role today acting as a control on management for shareholders.

​

This brief and incomplete history of auditing, and tethering it to slavery and the empire, is an oversimplification, however it gets to an important paradigm: the auditor was reporting to the shareholders. And it is arguably this paradigm which underlies auditor evasion, rightly or wrongly, of responsibility to anybody other than, supposedly, shareholders. And this evasion of responsibility has been codified in 21st century audit through the use of so called Bannerman disclaimers.

​

However this limitation of responsibility is restricted to commercial dealing in practice. In today’s environment auditors are actually accountable to government. In the UK this is through the FRC (“Financial Reporting Council”) which is a limited company with directors appointed by the government. And it is the FRC that imposes fines on audit firms. It is in large part fear of fines at the whim of government that keeps the auditors honest and one could argue that this arrangement makes the best of a bad situation.

​

The multinational problem

However this domestic government solution does not sit nicely with an economy which relies on multinational companies. For example BT’s latest accounting scandal related to an Italian subsidiary. However it is PwC UK that signed off the BT accounts and may be subjected to a fine for something that was arguably the fault of PwC Italy.

​

It is worth pointing out that the Big 4 accounting firms are essentially domestic franchise operations, whereby each domestic Big 4 effectively franchises “the brand” but is legally separate from each other nation’s equivalent brand. In many respects the Big 4 has more in common with McDonalds than your high street accounting firm and is very distant from what was historically thought of as a partnership.

​

There is legislation which attempts to address the multinational problem of auditing. For example the US for a number of years has demanded enhanced auditing through Sarbanes Oxley, which governs the audit in any nation of any company which is owned by a quoted American company.

​

Another more recent example is EU legislation which forces mandatory audit firm rotation and restrictions on non-audit services to so called Public Interest Entities (“PIEs”) within the EU. These PIEs comprise not just quoted companies but also private companies which might be of interest to the public. This typically means financial institutions, but could also include companies with defined benefit pension schemes. Or perhaps a media company such as the BBC.

​

Sarbanes Oxley is arguably ineffective because it emphasises the audit of process and this possibly distracts auditors from matters of actual substance, such as the valuation of the balance sheet (or just verifying the existence of cash!).

​

By comparison EU mandatory firm rotation probably does improve audit quality. This is because auditors are never independent of their prior year file.

 

The reality of auditing

In practice the staff doing the audit work (as opposed to reviewing the audit work) do not know what they are doing, since they are typically newly graduated 20 somethings who are not yet qualified accountants.

 

Therefore what these junior auditors do is look at the files from last years’ audit and attempt to replicate those files for the current year. What this means is that if an auditor in a previous year got a judgement wrong, that error will be replicated year after year. And this probably happens frequently, particularly as in the first year audit the clueless junior auditor is effectively flying blind.

​

And even if the error is spotted by a competent auditor, they will find that their superiors may well sweep the problem under the rug, as recognising an error in the current year implicitly means errors were made in previous years, which might embarrass the audit partner in front of the client – which is one of the worst things that could happen (particularly as audit partners typically have one eye on becoming a non-executive director in the future).

​

If the strength of the EU PIE legislation is rotation and the associated “clean pair of eyes” (since the new auditor does not have access to the prior year file), is there a way to enhance this rotation of investigation? One solution might be mandatory auditor rotation every single year. Or perhaps an even more radical approach could be taken, what I call: open source audit.

​

Open source audit

The concept of open source is typically associated with software, whereby developers share their code freely and allow anybody to make changes to the code base. The theory is that collectively each individual's contribution to the code base enhances the code. Unbeknownst to most people this is the development process behind Linux, and it is Linux which powers android phones and the vast majority of web servers (aka. the internet).

​

The infrastructure the world now relies on is to a significant extent not made by the big corporates: Microsoft, Apple or IBM, it is made by random people doing it for free. And Linux is not preferred because it is free or because it is opposed to corporate control, it is preferred because it is a better operating system than Windows or OSX.

​

Another example of open source in practice is Wikipedia. In the age of so called fake news arising from social media, traditional media and populist government, it is arguably Wikipedia with its open source approach to reporting which is now the most trustworthy source of information and indeed perhaps more trustworthy than any source information human kind has created to date.

​

What I call open source audit would apply a similar principal of individual contribution to financial audit. Instead of having a big corporate such as KPMG turn up once a year to investigate the year end accounts, companies could open the books up 24/7 365 days a year for full public view.

​

This approach was impossible even 10 years ago but because of enhancements in cloud computing and accounting software, the provision of such data is now feasible. For example any company which uses Xero as its accounting software can provide read only access to its accounts and publish data to the web via an API. And companies such as Blackline are automating accounting systems so processes such as closing the books at month end are no longer needed due to so called continuous accounting.

​

With timely and open data it would be possible for anybody to investigate the detail of accounts. And then it would also be possible to ask questions of management in an online forum. If I was a dodgy CFO I would be more frightened of getting a public grilling from Bill Ackman in an online forum, or for that matter a university student, than a meeting with a EY audit partner.

​

This idea might sound unworkable, however it has already happened in the public sector. In 2015 the Local Government Transparency Code was introduced. It requires local authorities to publish their spend on the internet, by supplier, annually, which allows citizens to see the detail of what local authorities spent and then be able to ask questions of the local authority via freedom of information requests.

​

How open source audit might work

Perhaps a way to make open source audit happen in practice would be to create a new stock market, similar to AIM. This stock market would require 24/7 365 days a year disclosure and participation in an online forum where investors could ask questions.

​

Public questions are arguably the most powerful form of accountability and in the UK this is reflected in two of our most cherished and important institutions, Prime Minister’s Questions and the BBC’s Question Time. And in the United States it is freedom of the press, and therefore the right to ask questions and investigate, that is enshrined into the constitution.

​

Concluding thoughts

It would be unfair to suggest that audit firms are bad and that we would be better off without them. Audit firms provide an enormously valuable social good in the form of keeping a check on management and without an audit, company records would probably disintegrate into total shambles.

​

However one of the paradigms of the 21st century has been dis-intermediation and disruption through technology platforms:

​

• We no longer have a stock broker, we just use IG or Hargreaves Lansdown,

• We don’t know who works at our local bank branch, if we even have one, instead interface with our bank through apps.

​​

And perhaps in the future we won’t rely on an audit firm to act as intermediary between ourselves and company management.