To what extent should auditors be associated with the information provided by business reporting? That question is the second part of the Committee's charge.
Auditors are associated with business reporting in various ways. They usually are engaged to report on historical financial statements. However, auditors also issue special purpose reports related to specific amounts included in the accounting records, report on the system of internal accounting control, and report on prospective (forecasted or projected) financial statements.
Under current rules, the auditors' work on historical financial statements is performed under the following basic concepts:
The SEC requires that public companies obtain audits of their annual financial statements. The extent of auditor involvement with the financial statements of private companies is determined by negotiation between a company and the users of its financial statements and generally not by law or regulation. However, some private companies, such as financial institutions and insurance companies, for example, are required by law or regulation to obtain audits of their financial statements.
Other private companies obtain audits of their financial statements due to a variety of factors, including size, nature of financing of the business, or the degree of risk perceived by users. Auditors also issue audit reports on individual elements of financial statements, such as receivables and inventories. Users request those reports in areas of specific concern, such as collateral that secures a loan. Reviews of financial statements are common. Smaller private companies arrange for reviews in place of audits of annual financial statements when the cost of an audit is a significant concern or when users perceive the risk to be low. Also, larger public companies often obtain reviews of the quarterly financial statements they file with the SEC.
Auditors rarely provide assurance on quarterly or other interim financial statements of private companies. Auditors seldom publicly report on sections of business reporting outside of financial statements, such as the description of the business and properties, the president's letter, MD&A, and the material in the proxy statement, although standards do not prohibit that reporting. Auditing standards require only that auditors read the information in those other sections and bring to management's attention any matters that are inconsistent with the financial statements or the auditors' understanding of the facts.
In addition to the reports they issue on historical financial statements, auditors frequently are engaged to issue special purpose reports to specifically identified users of the financial statements. Special purpose reports, which result from negotiation between a company and users, are tailored to the unique requirements of the particular user. Examples include reports for underwriters regarding financial measurements disclosed in SEC filings in sections other than the financial statements and reports for creditors regarding compliance with contractual provisions in loan contracts.
Unlike audit procedures in audits of financial statements, which are based on standards, the procedures supporting special purpose reports are specified by the user. Special purpose reports usually state only the procedures performed and the related findings; the auditor usually offers no opinion about what is being reported or about the sufficiency of the procedures for the user's purposes.
A company's system of internal control serves various objectives. Three common ones are that assets are safeguarded, transactions are authorized, and accurate records are maintained. Although reporting on the effectiveness of the system of internal control generally is optional, managements of public companies occasionally report on the effectiveness of internal control systems. Those that do usually do so to add credibility to their business reporting, particularly the financial statements, and to acknowledge accountability publicly. However, auditors rarely report publicly on internal control, even when management does so.
The auditor's report on internal control usually identifies management's assertion about the effectiveness of internal control over financial reporting and provides an opinion on whether that assertion is fairly stated based on control criteria. One notable exception to voluntary reporting on internal control applies to certain financial institutions. The Federal Deposit Insurance Corporation Improvement Act of 1991 requires each large insured depository institution to include in its annual report to the FDIC ; but not in its annual report to shareholders ; a management report on the effectiveness of the institution's controls over financial reporting and an auditors' report attesting to management's assertions.
Standards permit auditors to examine and report on prospective financial statements. Because public companies rarely include prospective statements in public reports and the SEC permits only the highest assurance level of reporting on such statements, auditor reporting on prospective financial statements of public companies is relatively rare. It is somewhat more frequent for private companies and usually results from negotiations between a company and users. An auditor's standard report on an examination of prospective financial statements includes an opinion about whether (1) the statements are presented in conformity with guidelines and (2) the underlying assumptions provide a reasonable basis for the prospective statements.
The Committee included issues of auditor involvement with business reporting in its study of the information needs of users. More specifically, the study focused on questions in three categories:
The results of the Committee's study follows.
Users believe auditor involvement provides independent assurance of the reliability of amounts reported and disclosed in financial statements not otherwise verifiable by thirdparty users. In the survey of users sponsored by the Committee, 95 percent of the participants agreed with that statement ; 68 percent agreed strongly. Both measures were the highest degree of agreement for any of the 112 questions in the survey. The Committee's investor and creditor discussion groups also emphasized the importance to users of auditor involvement with financial statements. Users believe auditors enhance the reliability of financial statement information for three reasons.
First, audit procedures, such as observation, inspection, recomputation, and confirmation, verify the accuracy of reported amounts. Second, auditors focus attention on and encourage improvements in the system of internal accounting control. Those improvements, in turn, reduce the risk of errors in both interim and annual financial statements. Finally, auditor involvement provides a discipline for management to adhere to established reporting standards. Auditor independence from a company and its management is critical to users and is key to the value that auditors provide.
They rely on that independence to provide a useful check on management's natural bias to report on a company in the most favorable light. Users are concerned about current pressures on auditor independence. They believe the need to maintain a good business relationship with clients in a competitive audit environment could, over time, erode auditor independence. They also are concerned that auditors may accept audit engagements at marginal profits to obtain more profitable consulting engagements. Those arrangements could motivate auditors to reduce the amount of audit work and to be reluctant to irritate management to protect the consulting relationship. Users also are concerned about the credibility of business reporting.
Most believe that, in general, rather than report neutrally, business reporting tends to portray the company in the best possible light. In the Committee's survey, 78 percent agreed with that statement and 34 percent agreed strongly. The Committee's discussion groups also indicated concerns over the credibility of reporting, as have earlier studies involving users, such as the 1987 study by SRI International, Investor Information Needs and the Annual Report, and the 1984 study by Hill and Knowlton, The Annual Report: A Question of Credibility ; A Survey of Individual and Professional Investors. Creditors using private company financial statements raise a different concern about auditor association with business reporting. Generally, users prefer audits over reviews because of the increased assurance that audits provide.
However, they accept review reports when they judge the risks to be acceptable in a competitive environment. Creditors are concerned that companies may reduce the extent of auditor involvement to offset increased costs if accounting requirements are increased. Companies could, for example, reduce auditor involvement from audit assurance to review assurance or from review assurance to no assurance.
Users are divided over the usefulness of expanding the scope of audits to include new types of information not now audited. For example, only 57 percent of those who participated in the Committee's survey agreed that auditors should provide some level of assurance about disclosures of forwardlooking information. Further, only 52 percent agreed that auditors should provide some level of assurance on nonfinancial business information disclosed by management. Participants responded to the questions in the context of current business reporting. It is unclear how they would have responded in the context of the Committee's business reporting model, which includes more nonfinancial operating and performance measurements. Further, based on the Committee's work with its discussion groups, users appear to not support auditor reporting on MD&A. They have two concerns:
Although users are not enthusiastic about expanding the scope of audits, one exception relates to internal control. They believe business reporting would benefit from increased auditor involvement in internal accounting controls. The Committee's discussion groups emphasized this point, as did the 1993 Association for Investment Management and Research Report, Financial Reporting in the 1990's and Beyond. Page 58 of that report states: . . . we advocate the continuous involvement of the auditor in the process that generates the financial information an enterprise disseminates externally. . . . we envision external auditors being substantially more involved than at present with the functioning of the internal systems that produce financial data for external consumption.
A majority of users support expanding auditor reporting to include some form of analytical commentary. Discussion group participants noted that auditors know more about a company than auditors communicate in their reports, and they hoped to benefit from that knowledge, particularly in areas that would assist them in evaluating the quality of a company's earnings. Users supported auditor commentary on the following:
Users were not unanimous in their support of auditor analysis, and individuals placed greater emphasis on different areas of potential comment.
The Committee developed recommendations to improve business reporting through enhancing auditor association with that reporting. In developing those recommendations, the Committee considered users' needs for auditor association, alternative ways to meet those needs, and the costs and benefits of the alternatives. The Committee developed recommendations in four categories. Two address auditor involvement with the elements of the Committee's business reporting model. The third relates to analytical commentary in auditors' reports and the fourth deals with other matters.
Allow for flexible auditor association with business reporting, whereby the elements of information on which auditors report and the level of auditor involvement with those elements are decided by agreement between a company and the users of its business reporting. As discussed under the Committee's comprehensive business reporting model, the Committee encourages flexible reporting based on the information needs of users. Under that concept, only certain elements of the model are reported, depending on users' needs for information as resolved through negotiations between users and companies.
The Committee concluded that the same flexibility concept also should apply to auditor association with the elements of the model that are presented. Under that concept, users and companies would negotiate to identify the elements of the model on which auditors would report and select the level of assurance the auditor would provide on each of those elements as well. For example, they could consider various mixes of assurance levels for different elements within the same business report. However, the level of assurance on the financial statements would set the maximum level of assurance possible on all other elements reported.
Thus, if auditors did not report on financial statements, they could not report on any of the other elements of information presented in business reporting. Further, greater assurance cannot be provided in another element of business reporting than is provided on the financial statement element. The Committee is not recommending required expansion of auditor involvement with business reporting. Rather, it recommends the flexible reporting concept for four reasons.
The auditing profession should prepare to be involved with all the information in the comprehensive model, so companies and users can call on it to provide assurance on any of the model's elements. Current standards are not adequate to deal with the varying nature of information in the comprehensive model of business reporting. Current standards focus on audits or reviews of financial statements and the information in accounting records. However, the model includes information not derived from accounting records, such as business strategy. It also includes information that is more subjective than the types of information on which auditors now report, such as business opportunities and risks. Reporting on the various elements of the model, if requested, would require new standards and, in some cases, new skills for auditors.
The Committee believes that one standard setter, the AICPA Auditing Standards Board, should assume responsibility for new audit standards. The board traditionally has established standards for audits and focusing responsibility on a single standard setter offers the best opportunity for progress.
Much of the information in the comprehensive model is objectively verifiable, even though auditors currently do not report on that information. Further, some of the information is derived from the accounting records used to produce financial statements. Examples include the number of employees and the units of product sold. To the extent possible, current standards should be retained. The Committee believes they can be used to guide auditors in auditing information that can be verified objectively. Further, auditors can report on that information following the reporting language used in audits of financial statements. The Committee believes the existing standards are adequate for auditing and reporting on information in some elements of the model but not in others. The elements for which existing standards are adequate are:
Some of the information in the elements of the comprehensive model is composed almost entirely of management's beliefs, intentions, and predictions; in many cases, there may be little objective evidence available (at least within practical bounds of time and costs) to support the veracity of those assertions. Further, auditors could have difficulty determining whether the disclosures are complete. The elements of the model that contain this type of information are:
For those types of information, existing audit guidance is not sufficient and new standards will be required. The Committee recommends a different level of assurance from the level provided for information that is verifiable objectively. For costbenefit reasons, that assurance should be at a lower level. More specifically, that assurance should be expressed using a "reasonable basis for presentation" and "conformity with presentation standards" approach in the style of current attestation standards.
Under that approach, the auditor would report that the element is presented in conformity with the respective standards of presentation and that management has a reasonable basis for the underlying assumptions and analyses reflected in that element. In contrast, the audit of more objective information states that the element is fairly presented, in all material respects, in conformity with the applicable standards. This is not to argue that the Committee concluded the elements identified for reasonableness assurance are incapable of a fairness opinion; rather, it concluded the need to reach for fairness may be unnecessary. Given adequate implementation time, the Committee believes that users will be able to understand the differences in how elements are audited for fairness versus reasonableness based on differences in the inherent nature of the information being audited.
Appendix III includes an illustration of an auditors' report on the comprehensive model. That report illustrates the higher level of assurance for some elements and a lower level of assurance for others. Some people have questioned whether auditors have the skills and expertise to be associated with information outside of financial statements. Some of the information on which auditors may be asked to provide assurance may be beyond the ability of current auditors to evaluate. Examples include disclosures regarding the likelihood of engineering achievements and predicting certain technological directions or evolution. In such cases, auditors may find it necessary to obtain skills beyond those traditionally required.
An analogy may be drawn to the U.S. General Accounting Office, an agency that employs many engineers, scientists, and others with skills in addition to or other than accounting and financial auditing. In conducting audits of federal programs, these skills and many others are necessary to design and perform effective, broadscope audits. Auditing firms, in some cases, have developed groups of individuals with skills other than accounting and auditing. Examples include actuaries and operations research analysts whose skills already are being applied in unique audit situations.
The Committee acknowledges that new skills will be needed to audit the broader disclosures of the comprehensive model. Those added skills will require new ways of building auditing teams, planning and supervising their efforts, and reporting the results of their work. The need for better, broader skills should not be a limiting factor to providing more useful business reports that are capable of receiving audit assurance. The reverse is, in fact, more important: Auditor skills should be challenged, grown, and redirected constantly so auditors are capable of dealing with new types and forms of information.
The auditor's opinions on the various elements of information in the business reporting model should be standardized, just as auditors' opinions on financial statements are standardized today. Standardized opinions are useful to users because they clearly state the auditor's conclusion. Users want and expect a conclusion by the auditor. Further, with standardized opinions, users easily can spot deviations from the standard ; deviations that otherwise might be missed with nonstandardized reporting.
The Committee considered earlier experience with nonstandardized reporting, sometimes called "longform" audit reports. Those reports included greater detail about procedures and accounting principles employed. The Committee concluded that the historical longform report was not an acceptable alternative to a standardized opinion. Longform reporting created several problems, the largest being ambiguity: readers were confused about the auditor's overall conclusion. The usefulness of standardized reporting does not apply to auditor commentary.
The objective of auditor commentary is not an opinion on the fairness or reasonableness of information in a reporting element. Rather, the usefulness of auditor commentary depends upon the auditor's unique insights in particular circumstances. Reporting that insight would require flexible not standardized reporting.
The Committee focused on the nature of reporting the maximum assurance on various elements of the comprehensive business reporting model. With the flexibility inherent in the comprehensive business reporting model, there is an opportunity to consider various mixes of assurance levels for different elements within the same business report. Further, given the varying nature of information contained in the elements, other levels or forms of assurance could be provided besides the audit and review levels currently available. The Committee did not develop conclusions about new levels of assurance because of time and resource constraints and in light of the recently established AICPA Special Committee on Assurance Services. However, the Committee suggests that the Committee on Assurance Services and the Auditing Standards Board pursue the subject using the Committee's business reporting model.
The newly formed AICPA Special Committee on Assurance Services should research and formulate conclusions on analytical commentary in auditors' reports within the context of the Committee's model, focusing on users' needs for information. The model for audit reporting historically has divided responsibilities between preparers and auditors. The preparers make representations in financial statements; auditors give an opinion about whether the financial statements comply with generally accepted accounting principles. The preparers assert; the auditors attest. The reasons for this division reflect decades of development of ideas about auditor independence, materiality, legal liability, and other concepts that have been codified into rules on how auditors express an opinion on financial statements. The result is rules that create highly standardized reports. Departures from the standard language are easy to detect and meaningful. As a result, departures from the standard language frequently are viewed as "warnings" or "bad marks." Sometimes that is exactly what they are intended to be. The financial reporting community seeks "clean" opinions (reports that use only the standard language).
Some have asked whether auditors' reports must always be framed in such standardized terms. Undoubtedly, the auditor must conclude on the fairness of the financial presentation, but could or should the auditor also provide a subjective view of the matters audited? Could there be an "auditor commentary" as well as a standardized audit report? The idea is not new; however, the Committee debated the question within a new context ; the Committee's recommendation for a comprehensive business reporting model. The following discusses the results of the Committee's research about users' needs for auditor commentary. It highlights the benefits of auditor commentary and the barriers and the implementation concerns for that type of reporting.
The AICPA Board of Directors formed the Special Committee on Assurance Services to consider the broad area of auditor assurance and make recommendations for changes to meet users' needs. The Committee supported the board's decision. The new committee will delve into auditor activities and related users' needs beyond the Committee's work. The following discussion sets forth findings so the new committee can enhance its consideration of auditor commentary based on what the Committee has learned.
Users with whom the Committee met were divided in their support of auditor commentary, and individual users placed greater emphasis on different areas of potential comment. Furthermore, it is not clear whether users were interested solely because they sought the auditors' viewpoints or because current business reporting, including MD&A, was not providing needed information the auditors' comments might disclose. The comprehensive model was designed to provide more useful information, both qualitative and quantitative. The Committee did not research user attitudes and needs for auditor commentary within the context of the recommendations for the comprehensive model. Consequently, more research is required to determine the user need for auditor commentary in light of comprehensive model disclosures.
Independent Perspective. The independent view of the auditor constitutes useful information in addition to the reasonable views of management. Management's goals and motivations differ from those of the auditor. That is appropriate. Management occupies a position of stewardship and (naturally) believes in the programs and activities it has or will initiate. The auditor occupies a different position and has a different perspective. The auditor is more objective, dispassionate, and skeptical, for example, about the position and prospects of the company.
Even if management conforms its views to those of the auditor and makes representations consistent with the auditor's views, it is important to establish and report the auditor's independent observations that best characterize the situation and not merely express auditor assurance that management has a reasonable basis for its reported views. This distinction underlies the case for requiring that the auditor formulate and communicate an independent view about the defined circumstances on which professional standards would require comment.
Valuable Information for Users. Whatever opinions the auditor develops as a result of procedures performed could provide more to users than they are receiving currently. Moreover, the perceived independence of auditors is enhanced when auditors render clean opinions but also offer observations that help users understand the subjective matters auditors had to evaluate in reaching those clean opinions. Auditor commentary may alleviate the perception of certainty surrounding financial statements by highlighting the judgments inherent in business reporting.
Impact on Independence and Legal Liability. Auditors have a unique role in business reporting. It is widely accepted that analysts may differ in their interpretations and analyses of business reports. Inevitably, analysts will be wrong, at least some of the time. Auditors, on the other hand, are not expected to be wrong. Having auditors expand reporting to include commentary could raise user concerns that auditor decisions about fairness would be influenced by previous comments. Independence is key to the value of auditing. Auditor commentary could erode independence. Legal liability related to auditor commentary must be tolerable. Auditor commentary related to financial statements would blur the distinction between preparerasserter and auditorattester and thereby may impose more reporting responsibility and legal liability on the auditor. Further, auditor commentary on areas outside of financial statements may expose the auditor to new and untested areas of legal liability.
Impact on the Content of Management's Report. It may be unlikely that auditors could provide meaningful commentary that would not otherwise appear in management's report. Currently, auditors consult with management about the content and readability of disclosure both in and outside financial statements. It may be difficult for an auditor not to propose useful observations to management and, instead, include them in an auditors' report. Accordingly, auditors may not be able to add information to a business report. Instead, the result may be additional standardized language or repetition of management's analytical comments.
Auditor commentary would require a substantial, and perhaps cultural, change by management in the relationship and expectations of the role of the auditor. For example, the presence of auditor commentary in today's environment may be considered by management to be threatening, undermining the credibility of management's report. And when there were honest differences in analytical views between management and auditors, users would have to be able to understand how reasonable people can have different interpretations of the same facts. If there is an information need that auditor commentary could fulfill, the question that could be raised is why accounting standards, including the Committee's comprehensive model, do not impose that reporting obligation on management in the first place. Management may be in the best position to make disclosures. If auditor commentary is needed to fill gaps left by management's report, then accounting standards could be revised to clarify management's obligation.
New Standards and New Skills Needed. Standards would have to be developed to govern this reporting. Auditor commentary should not be essentially freeform. There would need to be a standard set of judgmental areas, such as choice of accounting principles, significant estimates, and matters affecting the quality of reported earnings, to be addressed in each report. These would be guidelines at a high level.
Standards setters would need to consider whether auditor commentary is required or optional. Some believe this reporting would not be viable unless it was required. That is, by making the report required, the profession would invest the training and quality control effort to make the reporting useful. Others believe imposition of these reporting requirements would be contradictory to the notion of a negotiated scope of assurance recommended by the Committee.
The costs of auditor commentary are unknown. Some speculate that the marginal costs are small because the information already has been obtained as part of the existing audit process. The auditor already responds to similar requests from audit committees indicating that such commentary can be provided at acceptable cost. Others argue that audit work is not currently designed to support reports of this nature to outside third parties. For example, under current audit standards, auditors may challenge estimates in financial statements using methods that are different from those used by the preparer. By these means, the auditor can judge whether the preparer's estimate is reasonable but may not be able to explain how variations in the preparer's approach could have changed the estimate materially. Until standards for auditor commentary are proposed and field tested, the question of cost is unanswerable.
Auditor commentary may require new skills within the audit team, depending on the nature of the comments required by standards. The auditor may need different training, and new types of audit team members may be needed. This, in turn, would have implications on auditors' quality control procedures and standards.
The Committee expects the AICPA Special Committee on Assurance Services to continue the process of research and exploration of auditor commentary. Much more must be understood about users' possible need for the information, the nature of this type of reporting, and whether the significant barriers and implementation concerns can be resolved. The Committee urges the Special Committee on Assurance Services to research and formulate its conclusions within the context of this Committee's comprehensive model, with a focus on the information needs of users.
The profession should continue its projects on other matters related to auditor association with business reporting.
During its study of the information needs of users, the Committee gathered useful information about reporting on internal control, concerns about the credibility of business reporting and pressures on auditor independence, and responsibility for detecting fraud. The AICPA and others currently have major projects under way specifically addressing each of those areas. To avoid duplication of effort and to focus its efforts on areas not otherwise being addressed, the Committee excluded those areas from the scope of its work. However, the Committee supports work in those areas and has forwarded what it learned from users to the respective organizations. The Committee recommends that they consider what the Committee learned in forming their recommendations.