The world of audit is in a state of flux. For a start, the long-standing grumbles about the Big Four (Deloitte, E&Y, KPMG and PwC) dominance in the world of corporate auditing has resulted in debates about regulatory reform domestically and in Europe. Even the Competition Commission is getting in on the act.
Then there are apparent failures of audit to catch major problems in the financial services industry and elsewhere (although, often stated, auditors are watchdogs, not bloodhounds sniffing out wrong-doing).
And more broadly, the whole concept of assurance - encompassing wider risks as well as financial statements - is becoming a make or break issue. Who's assessing the supply chains of big companies? Who's testing the systems and processes for managing those risks? Could, and should, supermarket chains have been checking on their meat suppliers, for example?
And if the FRC has its way and the audit report becomes a less binary opinion ("the account are true and fair "... or not) for shareholders, there might actually be value in having a "value add" component in audit, too.
The debate has been taken up within audit firms - as well as among regulators, investors and companies. Audit partners are increasingly open to a rethink of what they offer. Thats partly down to better technology - allowing the numbers to be checked and cross-referenced much more easily - which gives firms the capacity to look in more detail at the activities that underpin them.
But it's also driven by changes in business. Our analysis shows that UK corporates spend just over 68% of their revenues with suppliers and only 13% on their people. This means about 5/6th of the operating activities are incurred outside the business - often in extended supply chains with little transparency. The end results of those activities find their way into the numbers, of course, and are audited. But how they get there? It's not getting the scrutiny it needs.
So, choosing an audit firm based solely on its reputation for auditing "companies like ours" is problematic. Companies need a full suite of assurance services, and making sure your auditor is capable and willing to look at this broader context for their opinion is now a must. Shareholders want transparency in a number of areas - which means a detailed seal of approval from an independent party is going to be key.
Then whether internal audit and supply chain risk management are managed internally or outsourced, their brief and their ability to understand the entire picture - how all the elements fit together - is also critical. (Just ask the Institute of Internal Auditors.)We'll be looking at the process for bringing in that scrutiny - who buys audit and assurance, how and why - in later posts.