Auditing has been an ever-changing discipline since its birth over 100 years ago, but how much have the challenges auditors face really evolved over the last half century? This article will review some of the problems in auditing that have stubbornly resisted solution since they were identified decades ago in The Philosophy of Auditing, a 1961 landmark work by Robert K. Mautz and Hussein A. Sharaf. Despite the attempts of regulators and other efforts to address these issues over the years, they remain familiar to auditors today, in the 21st century.
***
In 1961, Robert K. Mautz, a highly respected and accomplished university professor and prolific author (and eventual member of the Accounting Hall of Fame), wrote The Philosophy of Auditing, together with coauthor Hussein A. Sharaf, an Egyptian educator. The monograph (as it was characterized by its publisher, the American Accounting Association) was a scholarly, intellectual analysis that advocated development of the then-elusive, integrated, conceptual framework or theory—a philosophy, if you will—to support and guide the activities of auditors. In revisiting this work during the preparation of this article, this author was once again impressed with its insightfulness and amazed at how little of its content is obsolete, even though the work is now over 50 years old.
Auditing was seen by many in 1961 as less of a professional activity and more of a “completely practical … series of practices and procedures, methods, and techniques” with little need for support from any cohesive, underlying theory or set of principles. In seeking a unified philosophy, Mautz and Sharaf identified and later explored what they called “some of the most vexing,” “perplexing,” “unsolved problems” that “plagued” auditing at that time.
Some of the Persistent Problems
The problems selected for discussion in this article stand out among several that stubbornly persist in auditing today and continue to get substantial attention from investors, reporters, auditors, standards setters, and regulators alike. Consider the following short list of questions selected from the monograph that should still seem quite familiar to today’s auditors:
- Should a set of minimum procedures be required to be performed in every audit? Have not auditors, standards setters, and regulators long been debating (philosophically, one might say) whether auditing standards should merely guide and encourage auditors as to the proper use of professional judgment in matters of scope determination or should be more rigid, prescriptive, and precise (like a “cookbook”) to preclude errors in judgment in such matters? In other words, should auditing standards be more principles based or rules based?
- Are the tests and samples customarily relied upon sufficient to support an opinion? How many test items are enough?
- What should be the auditor’s responsibility with regard to asset devaluations (impairments)? Have auditors not been challenged more than ever with problems auditing fair value and other accounting estimates?
- How far may the auditor go advocating for a client’s interests in tax work or giving operating and financial advice and still be independent? Is performing consulting and other nonaudit services for an audit client inconsistent with independence and, therefore, incompatible with auditing?
These are just a few of the many issues about which Mautz and Sharaf stated “the existence of so many fundamental questions implies the absence of accepted principles which might serve as guides for their solution.” And there are others mentioned or not mentioned in The Philosophy of Auditing (for example, the content of an audit report, the extent of internal control reporting, and the auditor’s responsibility for discovering fraud).
Consulting Services and Independence
In the opinion of this author, the independence question is the issue one furthest from a resolution. Independence has long been recognized as the cornerstone of the auditing profession. Moreover, it has long been universally acknowledged that auditors must be independent not only in fact but also in appearance. Independence is the primary—if not the sole—source of value ascribed by society to audit activity.
Foremost among the independence questions explored philosophically by Mautz and Sharaf in a chapter devoted entirely to the subject is whether the performance of consulting and other nonaudit services is inconsistent with auditor independence. For example, Mautz and Sharaf examined doubts expressed by some in the 1950s whether auditors trying to obtain favorable tax treatment for clients, thus acting as de facto client advocates before the IRS, was consistent with the audit function.
The issue, in essence, is whether the performance of such nonaudit services creates a mutual interest with client management, places the auditor in the position of serving as part of management, or leads to the auditing of one’s own work. Mautz and Sharaf articulated the principal arguments of their day that supported the practice (and that continue to prevail in large respect): 1) that there is a “real and substantial difference between giving advice to management,” which management is, of course, “at liberty to accept, modify, or reject,” and 2) that “because independence is a state of mind, the competent auditor can maintain his personal independence” (the weaker argument, because it does not overcome an appearance of lack of independence).
From a regulatory standpoint, the subject was approached cautiously by the SEC in 1978 when it adopted a requirement for registrants to disclose the dollar volume of audit fees versus fees earned by their auditors for tax and other nonaudit services, including consulting (Accounting Series Release 250). In 1990, the SEC Practice Section of the AICPA prohibited its member firms from providing SEC audit clients with certain limited types of consulting services, consisting of psychological testing, public opinion polls, merger and acquisition assistance, executive recruitment and actuarial services. In 2002, section 201 of the Sarbanes-Oxley Act (SOX) expressly prohibited eight other nonaudit services for SEC issuer audit clients that would impair a firm’s independence: 1) bookkeeping; 2) internal audit outsourcing; 3) valuation and related services; 4) financial information system design and implementation; 5) service as a director, officer or employee, or in any decision-making, supervisory, or ongoing monitoring function; 6) services as a broker or dealer, investment adviser, or investment banker; 7) legal services; and 8) expert or other advocacy services. These remain the only specific regulatory prohibitions against consulting services by auditors of SEC registrants. Subject to certain limitations imposed by the PCAOB on certain services previously performed infrequently, tax services remain virtually untouched.
Feeling the pressure to avoid threats to its independence, also in 1990, one of the then Big Six firms, Arthur Andersen, spun off its highly profitable and still-growing consulting division into a separate partnership (see the August 4, 2003, speech by retired Andersen partner Arthur R. Wyatt, “Accounting Professionalism—They Just Don’t Get It,” https://www.usi.edu/business/cehlen/WyattSpeech.pdf). Except for Deloitte, the others soon took steps to avoid offering consulting services to their SEC audit clients. And then, between 2000 and 2002, four of the then remaining Big Five (again, except for Deloitte) sold off their IT consulting practices. But since late 2006, the largest accounting firms have been rebuilding and expanding their consulting businesses, according to Francine McKenna, a reporter for MarketWatch (published by Dow Jones & Co.). In 2011, she reported that, despite the foregoing list of prohibited services, the “level of enforcement of these independence prohibitions is practically nil” (http://retheauditors.com/2011/03/02/auditors-and-consulting-claims-of-no-conflict-strain-credibility).
In 2012, McKenna cited “numerous examples of audit firms still earning at least as much of their fees from audit clients, or multiples of their audit fees, from what were, in my mind, supposed to be prohibited services to those companies.” She added, as an example, “auditors provide non-audit related advice on GAAP and SEC reporting for specific transactions and get paid extra for it. Who goes back to check and see if they audited their own advice?” (http://www.forbes.com/sites/francinemckenna/2012/11/27/consulting-by-auditors-nyu-stern-ross-roundtable-explores-post-enron-reemergence). This author notes, however, that McKenna was incorrect in that providing clients with “advice on GAAP and SEC reporting” is not a “prohibited service” and in fact, subject to certain limited constraints, it is encouraged by the SEC staff:
The staff recognizes that questions arise in certain circumstances as to the proper application of accounting standards. … The staff believes that as long as management, and not the auditor, makes the final determination as to the accounting used, including determination of estimates and assumptions, and the auditor does not design or implement accounting policies, such auditor involvement is appropriate … [and] may positively impact audit quality and the quality of financial reporting” (Division of Corporation Finance, Office of the Chief Accountant, “Staff Statement on Management’s Report on Internal Control Over Financial Reporting,” May 16, 2005; see also speech by V. Karapanos, Associate Chief Accountant, December 10, 2007, https://www.sec.gov/news/speech/2007/spch121007vk.htm).
Despite the foregoing appearance of inattention since 2006, the question of potential conflicts for auditors providing consulting services continues to surface every now and then. As recently as October 2015, former SEC Chairman Arthur Levitt wrote: “In recent decades, consulting assignments have served to diminish the aura of integrity and independence that is vital to public confidence in the profession. … The perception—if not the reality—of a conflict has created tension between auditors, firms, and regulators” (The CPA Journal, “Putting the Public First,” October 2015, p. 16).
Auditors’ Judgment in Determining Scope
In recent years, we have seen debates among standards setters and their constituents and critics about whether the operative professional standards should be more rules based, governing and prescriptive, or principles based, allowing room in more circumstances for the exercise of professional judgment. The early seeds of this controversy are evident in Mautz and Sharaf’s 1961 analysis, in which they discuss the pros and cons of standardized audit programs and point to alternate views that either 1) express concern that rigid standards “may have a stifling effect on the individual judgment of the practitioner” or 2) advocate unquestioning acceptance of “inherently more reliable” products of careful deliberations by an authoritative body. Julian E. Jacoby and Neal B. Hitzig point out in a July 2012 letter to the editor in The CPA Journal that “when ordered to bow to prevailing … ‘judgment’ that the Earth was stationary, Galileo famously muttered, ‘Nevertheless, it moves.’”
Like Mautz and Sharaf’s early observations, the public debate over principles-based versus rules-based standards, at least since Enron and SOX, have focused more on accounting than auditing. According to FASB, “many assert that the standards have become increasingly detailed and rules based (with ‘bright-lines’ and ‘on-off’ switches)” (FASB Report, November 27, 2002). The same, however, may be (and has been) said about auditing standards.
Rules-based or prescriptive auditing standards prevail in a regulatory framework and are characterized with many “unconditional” or “presumptively mandatory” requirements that are to be followed with little or no consideration how the rules may be relevant to a particular situation. In contrast, principles-based auditing standards are characterized by consistent guidelines that auditors are obligated to consider how to apply in a given situation. While no body of auditing standards can be said to be wholly one or the other, U.S. GAAS as issued by the AICPA’s Auditing Standards Board (ASB) are seen by many as more principles based than those standards recently issued or proposed by the PCAOB, which are frequently seen by many as being too rules based (presumably in the perceived interest of protecting investors).
Those in favor of more prescriptive, rules-based auditing standards see them as improving the clarity and understandability of auditing standards and affording less risk of missing the procedures necessary to ensure that all common audit risks are adequately addressed. It is often argued that having more precise requirements in auditing standards leads to a higher level of uniformity in auditing and a corresponding improvement in audit quality, as well as making it easier to monitor audit performance against the standards.
On the other hand, the main argument in favor of principles-based audit standards is that more prescriptive standards afford little or no opportunity or incentive for tailoring audit procedures to a client’s particular situation. Overly rules-based standards do not sufficiently encourage or allow for auditor judgment consistent with risk assessment principles; this can be inefficient, leading to the performance of mandatory procedures when unwarranted by the risks and circumstances (i.e., overauditing, particularly in audits of small entities with relatively simple transactions). It can also be ineffective, because audit staff operating in an overly prescriptive environment will not gain the experience necessary to make sound judgments, and rules-based standards often do not provide adequate guidance to auditors as to how to apply such judgment with respect to determining scope. Furthermore, there is a risk of underauditing attributable to the low probability that auditors trained and operating under an overly prescriptive system will have the skills necessary to identify circumstances that should lead them to perform audit procedures not expressly mandated by the standards.
Among the primary characteristics of a professional are the ability and acceptance of responsibility to exercise sound professional judgment. Those opposed to making auditing standards too prescriptive argue that, in the long term, a growing pattern of inflexible rules will cause audit work to become mundane and routine and ultimately result in a future generation of less talented, checklist-driven auditors capable only of a robotic approach to auditing. Better candidates for entry into the profession will seek alternative careers that afford them greater intellectual stimulation, challenge, and the opportunity to call upon one’s knowledge and experience to exercise professional judgment.
How Many Are Enough?
It has always been accepted that an audit consists primarily of a series of tests of less than 100% of the items within an account balance or class of transactions. If this were not the case, it would be impossible to complete financial audits timely and at a reasonable cost. So in 1961, Mautz and Sharaf stated that “auditing is also concerned with sampling and should naturally resort to a study of the theory of statistics.”
But until the ASB’s Statement on Auditing Standards (SAS) 39, Audit Sampling (now AU-C section 530 and the PCAOB’s reorganized AS 2315), was issued in 1981, most auditors tended to avoid statistical sampling in favor of relying indefensibly on their “professional judgment”—generally based solely on their number of years’ experience—to determine how many items to test in what was generally called (incorrectly) a “sample.” Some termed this inappropriately “judgmental sampling.” Others relied on a concept known as “coverage”, wherein they tested the largest dollar items in a population until their professional judgment told them that they had tested enough; this was ordinarily conducted without regard to whether the results of the test could properly be projected to the untested portion of the population or whether it was too large to allow it to remain untested. These approaches—also generally indefensible if challenged—were probably attributable to most auditors’ natural discomfort with statistical sampling, traceable, most likely, to a lack of familiarity with the underlying probability theory.
SAS 39 effectively limited the use of sampling (and the term “sampling”) to the “selection and evaluation of less than 100 percent of the population of audit relevance such that the auditor expects the items selected (the sample) to be representative of the population and, thus, likely to provide a reasonable basis for conclusions about the population.” Because many auditor judgments must be made to enable proper sampling (including, but not limited to, determining the proper sample size), the term “judgmental sampling” could no longer be correctly used to describe audit procedures that failed to meet the foregoing definition; such procedures are more properly termed “nonsampling” procedures (see sections 1.21–.25 of the 2014 edition of the AICPA audit guide, Audit Sampling). SAS 39 also showed that if an auditor chose not to apply sampling, whether statistical or nonstatistical, the untested population had to be subjected to other auditing procedures if it was large enough to present a significant risk of material misstatement.
Following SAS 39, the use of sampling in auditing increased substantially for a while. Nevertheless, there is evidence that many auditors continued to shy away from it, most likely because they believed it often required sample sizes that were too large. Instead, they continued to prefer their “professional judgment” to determine how many items to test. Critical of language which suggests that “experience and judgment” may be a valid basis for determining a minimum sample size (Audit Sampling, section 3.62), Jacoby and Hitzig maintain that this kind of thinking amounts to “little more than a variation on an argument for guesswork, disguised as “judgment,” as a substitute for [objective] measurability. … [thus] guesswork has been embedded in a generic approach for determining the extent of testing, without any supportable basis in theory or fact” (“Letter to the Editor,” 2012).
In recent years, the PCAOB has focused on, observed, and criticized pre–SAS 39 behavior in many firm inspections, and it is now receiving attention in peer reviews as well. Often, when observing the foregoing, PCAOB inspectors have typically concluded that portions of a population that remained untested were too large and so-called “sample” sizes were inadequate because they were not determined based on “(1) the relationship of the sample to the relevant audit objective, (2) tolerable mis-statement, (3) the auditor’s allowable risk of incorrect acceptance and (4) characteristics of the population,” as dictated by accepted statistical probability theory and required by the PCAOB’s AU section 350.16 (now AS 2315.16). Accordingly, the “sample” size was not “comparable to, or larger than, the sample size resulting from an efficient and effectively designed statistical sample,” as required by the PCAOB’s AU section 23A (now AS 2315.23A).
Auditing Fair Value and Other Accounting Estimates
As Mautz and Sharaf touched upon briefly in 1961, primarily with regard to asset impairments, auditing accounting fair value measurements and other accounting estimates has long been a challenge for auditors. This has been particularly true over the past decade for several reasons, including the introduction of more complex financial instruments; the increased volatility in economic conditions raising questions about the realizability of asset carrying values; and, primarily, the proliferation of accounting standards that caused a marked increase in the use of fair value estimates, both in measuring financial position and operating results and in measuring required disclosures. Examples of accounting estimates include allowances for doubtful accounts, impairments of long-lived assets, valuations of financial and nonfinancial assets, and estimates of revenues from contracts with customers. While some accounting estimates may remain easily determinable, others are inherently subjective or highly complex and often entail considerable judgment, as well as growing reliance on the work of valuation or other specialists.
Auditing standards and practice guidance addressing, to varying degrees, the auditing of accounting estimates (broadly or narrowly) have been issued, superseded, and reissued frequently over the years. Most recently, in a 2014 Staff Consultation Paper (SCP), Auditing Accounting Estimates and Fair Value Measurements, the PCAOB sought public comment on proposed revisions to its current standards in response to a perceived need for change for the following reasons: 1) increased use of estimates as described above, 2) “significant audit deficiencies in this area” observed with respect to extant standards, and 3) concerns expressed by some auditors over perceived inconsistencies in existing standards. The SCP contains the preliminary views of the PCAOB staff for replacing several extant standards with a single auditing standard.
As evidence of the proposal’s controversy, the PCAOB received 42 letters of comment in response to the SCP. Significant among the responses was a letter from the AICPA-affiliated Center for Audit Quality (CAQ), which was critical of the SCP because it saw it as “a ‘one-size-fits-all’ solution to the issues in these complex areas, and it may be challenging to develop a single auditing standard that would address all issues related to auditing accounting estimates, including fair value measurements.” Many of the staff’s other preliminary views regarding the specific, substantive changes needed were also addressed by the CAQ’s letter; in this author’s view, these issues should be of substantially greater concern.
For example, the CAQ letter stated that “it may be more appropriate to create overarching principles related to auditing accounting estimates, including fair value measurements, and address certain specific auditing issues or topical areas (e.g., third-party pricing services) in a more targeted manner (possibly through the development of supplemental guidance).” More significantly, the CAQ advocated that a final standard give greater recognition to an auditor’s risk assessment for determining the sufficiency and appropriateness of the audit scope and the cumulative nature of evidence to be sought and obtained. These views are tantamount to advocating a more principles-based approach, as discussed above.
Consistent with other views expressed by the CAQ, the Institute of Management Accountants (IMA) and several other commentators called for greater recognition in a final standard of the following realities: 1) many accounting estimates, including fair value measurements, could be subject to a significant degree of estimation uncertainty, and 2) such inherent uncertainty will exist no matter how much audit effort is expended. Accordingly, in various ways, many commentators suggested that any final standard should not imply that an unrealistic level of precision should be expected in an inherently imprecise measurement. These commentators believe that neither auditors, users, nor regulators should be encouraged to hold a view that there is or should be a single correct or most correct estimate.
For example, Ernst & Young stated that an auditor could not reasonably be expected to eliminate inherent estimation uncertainty through the performance of additional audit procedures nor conclude that “the subsequent outcome of a fair value measurement or an accounting estimate that deviates significantly from the recorded amount is an indicator of an audit failure.” And the IMA pointed out that an auditor’s objective in auditing estimates should be directed at obtaining evidence that management made appropriate use of all available relevant information in supporting an estimate that is, therefore, reasonable in the circumstances and not seek a conclusion that the recorded estimate is the only reasonable or supportable estimate.
What Now?
Although auditing standards have been codified several times over the years, the profession does not yet have a single set of consistent auditing standards that could serve as an underlying philosophy to guide professional judgments and activities in all circumstances. Instead, we are now dealing with multiple sets of auditing standards—three in the United States alone, namely those promulgated by the ASB, PCAOB, and the GAO (i.e., the “Yellow Book”)—that still diverge in many significant respects despite all the efforts in recent years directed towards international convergence.
The purpose of this article, however, was not to philosophize, as Mautz and Sharaf did in 1961, but rather to briefly revisit a few of the more significant of the issues they raised to see what progress (if any) has yet been made to resolve them now that more than a half century has passed. A great deal of time, energy, and thought has been expended by bright and dedicated professionals over that half century. But we still have a long way to go.
It is unfortunate that The Philosophy of Auditing is out of print because, in the opinion of this author, this resource is one of the best places to obtain a true understanding of what auditors do (or should do). Ideally, it should be read by every auditor and every auditing standards setter, educator, and regulator. The AICPA library, housed at the University of Mississippi, has 10 copies available to lend out. Get one and read it.