Enhanced reliability or cold comfort? Auditor association with information outside of audited financial statements

With entities using diverse methods to communicate financial, narrative and qualitative information to help improve stakeholder decision making, some may think the auditors have reviewed and approved that information as part of the audit of the entities’ financial statements.

With entities using diverse methods to communicate financial, narrative and qualitative information to help improve stakeholder decision making, some may think the auditors have reviewed and approved that information as part of the audit of the entities’ financial statements. But have they?

Because audited financial statements are often the base for much of the information entities provide, users may expect that auditors have been involved with that information beyond the audit of the financial statements, adding a level of comfort about its reliability. Take the common situation of an entity’s annual report (which is primarily designed to give shareholders information about an entity’s developments, financial results and financial position) that includes the audited financial statements. When the annual report is available before the auditor signs the auditor’s report on the financial statements, auditing standards require the auditor to read the annual report and look for inconsistencies with the financial statements. The auditor’s primary focus is to make sure that there is nothing in the annual report to indicate that the financial statements are misstated. If the auditor, on reading the annual report, becomes aware of an apparent misstatement of fact, the auditor is required to discuss with management and take appropriate action. That might provide some limited comfort to a reader of the annual report.

Even in this relatively straightforward situation, however, a reader might wonder just how much comfort they are getting. For example, what does “reading the report” really mean? Does it include reading the whole report, even parts that may not contain any financial information? How much checking does the auditor do, particularly with respect to information that is not directly extracted from, but may be reconcilable with, the financial statements? What lens does the auditor apply when reading the annual report – is it just from the perspective of the audited financial statements or is it broader, taking into account the auditor’s knowledge of the entity and its environment acquired during the audit? Further, does the auditor communicate clearly the auditor’s involvement so that users do not take inappropriate assurance as to the information’s reliability?

This issue becomes more complex with respect to information other than the annual report, and when information is issued sometimes long after the audit of the financial statements is completed. For example, when a small business owner is seeking to borrow funds and puts together a package of information including the audited financial statements for potential lenders, what can the bank conclude about the auditor’s responsibility with respect to the package?

Research in this area suggests that there is an expectation gap between what users believe auditors do and what auditors actually do, as well as a lack of consistency in how involved auditors are with other information. A lack of consistency may affect audit quality and, for this reason, global standard setters are focusing on the issues through projects to revise standards for audits of financial statements and the auditor’s responsibilities relating to other information.

In Canada, the Auditing and Assurance Standards Board (AASB) has a project underway to revise its standard on association, Section 5020, Association. This standard provides guidance to help auditors address their professional responsibilities when they are associated with information, including how to report their involvement with it. The revised standard would not cover situations already addressed elsewhere in auditing standards, such as when the auditor’s report is contained in a securities offering document. One of the challenges with this project may be developing standards that reflect an appropriate balance between meeting ethical responsibilities and the public interest. On one hand, the auditor may need to be involved with information in order to comply with professional ethical requirements not to be associated with information that is false or misleading. On the other hand, the risk readers may misinterpret the auditor’s involvement can vary significantly depending on the nature of the information, so having auditors perform the same work in all cases may not be appropriate.

The AASB expects to issue an exposure draft of its proposed revisions in 2014.

Keep the conversation going….when do issues with auditor association with other information arise in practice? What needs to be done to address these issues?

Post a comment below; or email me directly.

About the Author

Eric Turner, CPA, CA

Director, Auditing and Assurance Standards, CPA Canada