Ranking the auditing stuff ups

Tom Ravlic

The severity of breaches of auditing standards is a topic climbing higher on the industry and regulatory agenda.

‘Severity’ is one of the things worth reflecting on almost four months after the report on audit regulation by the Parliamentary Joint Committee on Corporations and Financial Services.

Auditing standards are a part of the Corporations Act and auditors must comply with them.

An alleged breach pointed to by the corporate regulator is an alleged breach of an auditing standard with which compliance is required and not some lofty guidance that has no legal enforceability.

The notion of the severity of breaches has come into play because there are times when breaches are deemed minor by are still recorded as a breach of law.

Fair enough? Sure. The problem, however, is whether the breach is significant enough to warrant an auditor being pinged for failing to comply with the law.

Grading breaches by severity is one option seen by the accounting firms and the regulator as a way to put alleged sins committed against the auditing framework into perspective.

It would also give the community a better idea of what might be considered more serious from a regulatory standpoint as opposed to a transgression that is viewed as being administrative.

Grading audit transgressions in severity might give a better read of things that are major stuff ups or minor blips on the radar, but it opens up a separate question for the regulator, the firms and the broader community to consider.

What happens when non-compliance in the most severe category is alleged? The issue that automatically arises is: what triggers enforcement action on the part of the regulator? If the lowest ranked stuff ups don’t merit regulatory action then do the higher ranked allegations of non-compliance attract regulatory action?

This is what ought to be the natural conclusion of a ranking system, a system that puts breaches into categories of ‘degree of stuff up’.

A move to a severity regime, which is yet to be completed, would eventually lead to questions being asked of the corporate cop.

It is a question that the community will ask when a severity ranking regime becomes de rigueur. What will the Australian Securities and Investments Commission actually do with the results?

Or would it simply be an exercise of public shaming for accounting firms that then promise to ensure their auditors will do better next time?

There is also another aspect to all of this that needs a greater examination. The accounts being audited belong to an entity and not the audit engagement partner nor his firm.

Some reflection may also be required on the proliferation of media releases that constantly note that an entity has changed its accounting for a particular line item following meaningful discussions with the corporate regulator.

It may just be time to tighten the screws across the board and not just on the audit firms.