In my recent blog on the uptrend in compliance audits, I wrote that internal audit should be risk-centric, meaning that our focus as auditors should evolve to align with prevailing risks and the concerns of our stakeholders. One risk getting a lot of attention these days from regulators and the media is the quality of external audits.
Wall Street Journal Senior Editor Emily Chasan reports in her Sept. 13 CFO Journal blog that external audits are headed for a new era of disclosure. The U.S. Public Company Accounting Oversight Board (PCAOB) is drafting new auditor identification rules to pierce the veil of anonymity that created the opportunity for some individuals to perpetrate fraud. And the International Auditing and Assurance Standards Board is seeking comment on a proposal to enhance audit reporting standards.
Among the more significant changes in the proposal is a recommendation that external auditors of listed companies begin reporting specific findings or “key audit concerns,” in addition to the conventional pass/fail general opinion. In this regard, external audit reports could start to resemble internal audit reports.
Another goal of the proposed changes is to engage senior management and board members in the external audit process, increasing both the depth of understanding and the accountability of lead auditors.
I believe internal auditors, as a key resource for audit committee members on audit matters, can fill an important advisory role for the audit committee, applying their knowledge of risk and control frameworks to evaluate the overall performance of the external auditors. Such an assessment would serve as an important data point for the audit committee’s use in formulating its own assessment of the external auditors.
Obviously, nothing that internal audit does by way of assessing the external auditors’ performance should impair the external auditors’ independence. I am not suggesting that we show up at the external auditors’ door with an audit plan in hand and pour over their engagement records like the PCAOB does. I am merely suggesting that we be prepared to provide an assessment of the external auditors’ work based on our own observations and analysis. We can then share our assessment either by report or in executive session with the audit committee.
From my experience, many audit committees are already availing themselves of internal audit’s perspectives on the external auditor, and I predict more will follow in the future. I think that mutual accountability makes sense and should become standard practice. As audit professionals, internal auditors are uniquely qualified to advise their boards on external audit matters.
What do you think? Has your audit committee sought your input on external audit quality? Is this something you see as valuable? Is there a downside? I’d love to read your opinions.
Richard Chambers, CIA, CFE, CGFM, QIAL, CRMA, CGAP, is the founder and Chief Executive of Richard F. Chambers and Associates, LLC. From 2009-2021 he served as the president and CEO of The Institute of Internal Auditors (IIA), the global professional association and standard-setting body for internal auditors. Chambers has more than four decades of experience serving in and on behalf of the internal audit profession.