The auditor's duty to report matters of concern uncovered during the course of an audit to regulatory authorities provides a further example of the audit expectation-performance gap. This issue has come to the fore since the mid-1980s and has centred on auditors' duties to report cases (or suspected cases) of corporate crime and doubts about a company's solvency. As explained below, it is also an area in which new duties have been imposed recently on auditors in Britain, New Zealand and Australia, primarily as a result of legislation relating to the financial services sector.
In recent years, particularly in Britain and the United States, politicians, haud investigation agencies, the financial press and others, have called on auditors to accept a duty to report to regulatory authorities in cases where the public interest is at stake, for example, where corporate fraud or illegal acts are involved. The extent of the duty expected of auditors is reflected in the call by Howard, the British Minister for Corporate and Consumer Affairs, for auditors to report to regulatory authorities cases of suspected fraud by management even without the client's knowledge, where informing the client might amount to a 'tip-off. He is quoted by Barclay (1985b, p.4) as saying:
I do not think that recognition of such a duty is in any way inconsistent either with the best traditions and practices of your profession or with your duty to your clients. Even auditors are not islands. You have duties to the rest of the community of which you are part and you owe that community a more compelling duty which must, on occasion, take first place. Public expectation must be given full weight in these matters.
Howard also stressed that if the profession did not voluntarily adopt an obligatory duty to report to regulatory authorities it would be forced on them through legislation. In this he was supported by Williams, controller of FIG, who asserted that legislation would
remove all doubts as to the existence of such a duty and would override any concerns about auditors' duties of confidentiality.
Working parties of the British Accountancy Institutes, set up to investigate the auditor's role in detecting and reporting corporate fraud (see footnote 7), strongly opposed any suggestion that auditors be required to report suspected management or employee fraud to regulatory authorities (lCAEW, 1985a; ICAS, 1985). They stressed that if auditors accepted such a duty they would face at least three serious difficulties, namely:
• the problem of trying to reconcile such a duty with their professional duty of client-confidentiality;
• the danger that if they reported their suspicions of fraud, but this did not lead to conviction, they might be exposed to suits for defamation of character;
• an undesirable change in auditor-client relationships: instead of being seen as
neutral umpires between shareholders and management, they were more likely to be perceived as informers, with a consequent adverse adjustment in management attitudes towards them (Porter and Cameron, 1987a, p.46).
In Britain at least, there appears to be a distinct gap between the expectations of the public who (judging from the statements made by politicians and others) expect auditors to report cases of corporate crime to regulatory authorities, and those of auditors who reject such a duty. A similar gap in expectations is evident in the United States. There, the Subcommittee on OverSight and Investigation of the Committee on Energy and Commerce (the Dingell Committee), for example, has made it clear that they expect auditors to play a far more active role in reporting fraud than the auditing profession currently acknowledges (News item, Accountancy, 1988, p.9). However, the gap may not be as wide as it at first appears. Examination of, for example, the ICAS's Memorandum,
Fraud and the Financial Services Industry
(1985) and the ICAEW's Audit Brief,The
Auditor and Fraud
(l985b), shows that, contrary to press reports of the time, British auditors did not reject outright a duty to report to regulatory authorities. Rather, they sought assurance that should they accept such a duty, provided they act in good faith and on reasonable grounds, they would be given legal protection against liability for breach of their duty of confidentiality and claims of defamation.Be that as it may, recent legislation in Britain, New Zealand and Australia has settled the issue to some extent, at least in these countries. Legislation relating to the finandal services sector has significantly extended auditors' reporting duties within this sector, taking them close to the public's expectations and, in so doing, has served to narrow sharply the deficient standards component of the audit expectation-performance gap.
In Britain, where public and political attention has focused on the alarming rate of growth of corporate fraud, particularly in the financial services arena, the perceived need was to protect investors from fraud and unexpected insolvency. Concern about these matters prompted the Financial Services Act 1986 (effective from May 1988). This Act requires all investment businesses in the United Kingdom (whether incorporated Of <not) to be duly authorised and to comply with strict rules laid down by the Securities .. and Investments Board (SIB) or the relevant Self-regulating Organisation (SRO) to which the SIB has delegated regulatory powers. The Act includes a requirement for auditors of authorised investment businesses to report matters of concern arising from their duties as auditors to the appropriate regulatory authority. Similar provisions have been included in the Building Societies Act 1986 and the Banking Act 1987. It is significant that the legislation also provides protection for auditors against legal action by clients where information is given to the regulatory authorities in good faith.
Auditors' duties resulting from this legislation are set out in an Auditing Guideline Exposure Draft,
The Implications for Auditors of the Financial Services Act
1 986 (CCAB, 1988b). In discussing auditors' duties to report to the regulatory authorities, the Exposure Draft stresses that it is important for auditors to preserve their professional relationship with their client. Accordingly, it states that auditors should normally ask client firms to communicate to the regulatory authorities matters about which they (the auditors) are concerned. For example, auditors should ask client firms to communicate to the authorities Significant weaknesses in the maintenance of accounting or other records, or in their internal controls, discovered during an audit (para.77). However, theExposure Draft also points out that in exceptional circumstances the auditor should report directly to the relevant regulatory authority without first informing the management of the client company. These are circumstances in which the auditor considers it expedient to do so in order to protect the collective interests of investors. Examples of such circumstances include (para.78):
• the occurrence of an event which causes the auditor to lose confidence in the integrity of the directors or senior management, for example, where the auditor believes that the directors or senior management have committed a fraud or other misappropriation, or there is evidence of an intention to do so;
• the occurrence of an event which causes the auditor to lose confidence in the competence of the directors or senior management to conduct the firm's business. in a prudent manner so as to protect the collective interests of investors.
The proposed Auditing Guideline points out further, that the auditor's abilit
y
to communicate matters to the regulatory authorities is not restricted to information about the client. Under the Financial Services Act 1986 [UK], auditors may communicate any relevant matters about anyone which come to their attention in their capacity as auditors of authorised investment businesses. Thus, in their communications with the authorities, auditors may discuss not only the affairs of the firm but also, for example, information about the firm's customers obtained during the course of their audit investigations (para.72).The reporting duties of auditors which have arisen under the Financial Services Act 1986 have been incorporated in, and extended to the audits of all entities by, the British Auditing Guideline Exposure Draft,
The Auditor 's Responsibility for Detecting and
Reporting Fraud and Other Illegal Acts
(CCAB, 1988a). This Exposure Draft confirms that the auditor's duty of confidentiality normally precludes reporting irregularities to third parties without the client's permission (para.46). However, it also acknowledges that in circumstances where it is justified in the public interest, the auditor's duty of confidentiality may be disregarded and information disclosed directly to the regulatoryauthorities. Examples of such circumstances include the discovery of significant weaknesses in the maintenance of accounting records or internal controls, and the commission of a serious fraud or other misappropriation by the directors or senior management (para.49).
It is noteworthy that, in contrast to the duty imposed on auditors under the Financial Services Act 1986, this duty to report directly to regulatory authorities has been accepted (or proposed in the Exposure Draft) voluntarily by the auditing profession in Britain. This may be a response by the Auditing Practices Committee of the CCAB to Howard's warning that if auditors fail to incorporate such a duty in their Guidelines it will be forced on them through legislation. However, it seems more likely that the professional body is prepared to accept this duty as it is confident that the protection afforded auditors under the Financial Services Act 1986 will be extended to cover them if, in exceptional circumstances, they report to regulatory authorities irregularities uncovered during the audits of entities which are outside the financial services sector.
It is observed that similar changes have not been incorporated in the Auditing
Standards issued in the United States in April 1988. Despite vociferous calls by
politicians and others for auditors to accept a duty to report, in appropriate cases, to
regulatory authorities, and the inclusion of such a provision in H.R.5439, the Wyden
Bill entitled
Financial Fraud and Disclosure Act of
1986 (co-sponsored by Representative Dingell and 17 other Congressmen) (Newman, 1986, p.104), the AICPA has continued to emphasise that an auditor's duty of confidentiality precludes reporting to partiesoutside the audit client, except in four very restricted circumstances (AICPA, 1988a,
1988b) (see footnote 9). However, rather than reflecting opposition by the auditing profession in the United States to a duty to report to regulatory authorities, the failure
to acknowledge such a duty may reflect instead the absence of legal protection for
A duty to report to regulatory authorities has also been imposed recently on auditors in New Zealand and Australia as part of each country's Reserve Bank prudential supervision procedures. The duties are set out, respectively, in Auditing Guideline 17,
Audit Implications of Prudential Supervision
(NZSA, 1988a) and in Auditing Guidance Release 4,Audit Implications of Reserve Bank Prudential Reporting Requirements
(AARF, 1987).In New Zealand, political concern has centred on the stability of the
financial system. Reflecting this, Section 38M(l) of the Reserve Bank of New Zealand Act 1964 (as amended, 1986) requires auditors of specified institutions to disclose to the Reserve Bank any information relating to the affairs of a specified institution obtained while performing their duties as auditors where, in their opinion, the institution is in serious financial difficulties. These disclosures are to be made after the auditor has informed the institution of an intention to do so. Specified institutions are defined in Section 38K of the Act to include registered banks, authorised dealers in foreign exchange, and other financial institutions designated as such by the Reserve Bank. Aswith the British legislation, the New Zealand Act provides protection for auditors against legal action by the client, where they provide information to the regulatory authority in good faith.
In Australia, the Reserve Bank prudential supervision procedures primarily aim to protect the interests of investors and depositors. The Reserve Bank requests auditors to
-� assist with prudential supervision by forming an opinion and reporting, inter alia, . whether there are any matters in relation to their client banks which, in their opinion, may have the potential to prejudice materially the interests of depositors. The report is made with the full knowledge of the client bank as, in the first instance, it is sent by the auditor to the bank. The bank is then required to forward a copy to the Reserve Bank.
The reporting duties recently imposed on auditors in Britain, New Zealand and Australia are decisive steps in narrowing the audit expectation-perfonnance gap. However, it must be recognised that they are generally limited in their application.
Apart from the British Auditing Guideline Exposure Draft (CCAB, 1988a), which provides for reporting corporate fraud to regulatory authorities whenever it is in the public interest to do so, the extensions to auditors' duties to report are limited in their application. In Britain they apply to authorised firms in the financial sector, in New Zealand to specified institutions, and in Australia to banks. Auditors have similar reporting duties under other legislation; for example, under the Securities Act 1978 (NZ) they have a duty to report to the trustee for debenture holders if they consider the interests of debenture holders are at risk. But again, such duties are very limited in their application. It is submitted that, from the tenor of statements made by politicians, the financial press, the courts and others in recent years, the public expects auditors to accept a general duty to report to regulatory authorities concerns they have about corporate crime and company failure whenever these arise in the performance of their duties as auditors.
It appears that although the gap has been narrowed, a difference remains between the public's and the profession's position in relation to auditors' reporting duties. Given the present socio-economic environment of the English-speaking world, the public's expectations do not seem to be unreasonable. Therefore, it is submitted that the gap in relation to this issue primarily derives from deficient standards. However, it is suggested that the real problem lies not in a reluctance by the auditing profession to ->-accept the reporting duties expected of them by the public, but in their exposure to the risk of litigation if they do so. If auditors were given legal protection against actions for breach of their duty of confidentiality or defamation of character, where they report matters of concern uncovered during an audit to the appropriate authorities in good faith, it seems likely (from the · trend evident in Britain, for example) that the profession's stance would be found to accord quite closely with that of the public, and that the expectation-performance gap relating to this issue would be sharply reduced.
Regarding auditors' duties to report, it is pertinent to recall the steps the auditing profession has taken to ensure that auditors report to shareholders far more candidly than hitherto on matters relating to doubts about a company's continued existence and corporate fraud (see sections 2.3.3 and 2.3.4 above). However, these moves are only currently in process1 0 and it remains to be seen to what extent they will be operationalised by practitioners and thus, what effect they will have on the audit expecta tion-performance gap.