By Elliot Wonenyika
WHERE was the auditor? What was the auditor doing? These are old age questions that still boggle the mind for most ordinary men on the street. In Zimbabwe the question has continued to make the headlines given recent failures of banking institutions and listed entities.
Everyone has been asking only but one question “where were the auditors?” Is this a fair question to ask? This paper seeks to address some of the widely held beliefs and myths in respect of the work done by external auditors.
To the general populace these are some of the perceived duties of an auditor:
*To detect and report fraudulent activities within an entity;
*To identify instances of non-compliance with laws and regulations;
*To police/be the watch-dog of management;
*To express an opinion on a set of financial statements;
*To clear companies of any business malpractices; and
*To enhance or promote good corporate governance practices
The question is therefore are the above commonly held beliefs the accurate position in respect of what an external auditor actually does? To answer this question we are going to first of all define the purpose of performing an external audit.
From a Zimbabwean context external audits are provided to companies under the following circumstances:
*When it’s required in terms of the Companies Act Chapter 24:03 (Statutory audit)
*When it’s required in terms of specific regulations e.g. the Banking Act Chapter 24:20 or Zimbabwe Stock Exchange listing rules or Insurance Act Chapter 24:07 etc.
*Through its Memorandum of Incorporation the shareholders have passed a resolution requiring an entity to be audited. (Voluntary audit).
In all the above cases, the work performed by the external auditor is governed by the Public Accountants and Auditors Board (PAAB) professional conduct by-laws which identify the standards to be followed when providing professional services (SI 144 of 1997 section 7). Therefore, when a registered auditor is providing external audit services they have to complying with the following:
*International Standards on Auditing (ISA’s)
*Companies Act Chapter 24:03
*Public Accountants and Auditors Board Act Chapter 27:12
*SI 144 of 1997 Public Accountants and Auditors (Professional Conduct) by-laws, 1997.
*Specific Regulations eg Banking Act, etc.
In order to demystify what exactly the external auditors do, we are going to discuss the auditors’ responsibilities in terms of the frameworks identified above.
International Standards on Auditing (ISAs)
Purpose of an audit of
Quoting from ISA 200 par 3: “The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.”
The question therefore is, besides issuing an opinion, does the auditor have any other responsibilities when performing their work?
Auditor’s responsibility relating to fraud
In terms of ISA 240 par 4 the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. So what is the auditor’s role in respect of fraud?
In terms of ISA 240 the auditors responsibilities with regards fraud can be summarised as follows:
*The auditor is not responsible for performing procedures to detect fraud unless the fraud has or will result in material misstatements to the financial statements.
*The auditor should report identified or suspected fraudulent activities to the appropriate level of management or the board.
*The auditor is, however, not allowed to report fraud to parties outside the entity due to the principle of confidentiality (Public Accountants and Auditors by Laws section 8).
*The auditor will be obligated to report identified or suspected fraud if required to do so by specific legislation which will override the principle of confidentiality. E.g. Banking Act Chapter 24:20 section 43(1) requires an auditor to report to the RBZ any irregularities detected during the performance of the audit.
Auditor responsibility with regards laws and regulations – ISA 250
In terms of ISA 250 par 4 the auditors responsibilities with regards compliance by an entity with laws and regulations can be summarised as follows:
*To perform procedures which will enable the auditor to identify material misstatements of the financial statements due to non-compliance with laws and regulations.
*If an auditor identifies non-compliance with laws and regulations, the auditor should report these to management and the board of the audit client.
*Again the auditor is not allowed to report non-compliance with laws and regulations to parties outside the entity due to the principle of confidentiality (Public Accountants and Auditors by Laws section 8).
From the above it is clear that when an auditor performs an audit in terms of International Standards on Auditing his ultimate responsibility is to report on the fair presentation of the financial statements.
Therefore the auditor does not have a responsibility in respect of any issue which does not affect fair presentation of financial statements whether directly or indirectly.
Now let’s look at the auditor’s responsibilities with regards other frameworks:
The auditors’ duty in terms of the companies act is to express an opinion on whether the balance sheet and profit and loss account of the company are properly drawn up in accordance with the Companies Act Chapter 24:03.
The companies act does not impose any responsibility on the auditor in respect of fraud and non-compliances with laws and regulations. Therefore, if there is fraud or illegal acts identified by the auditor, the auditor will not have any responsibility to report these to any parties outside the entity.
SI 144 of 1997 Public Accountants and Auditors (Professional Conduct) by-laws, 1997
In terms of Section 8 of the Public Accountants and Auditors Professional conduct by laws: “a public accountant or public auditor shall not disclose information about the affairs of a client or an employer acquired in the course of the provision services”.
Therefore from the above requirement unless there is a legal or professional duty to disclose client information the external auditor is bound by the principle of confidentiality.
Banking Act Chapter 24:20
In terms of section 43 to the Banking Act, the auditor has the following additional responsibilities when auditing financial institutions:
lPlan and carry out audit procedures designed to detect irregularities and illegal acts in the conduct of the institution’s business.
lReport to the RBZ an identified irregularities or illegal acts.
Therefore, based on the above requirements, the auditor, when auditing a banking entity, has an obligation to report identified fraud and any non-compliances with laws and regulations to the RBZ.
In conclusion, the auditor’s primary responsibility is to express an opinion on the fair presentation of financial statements. In discharging this duty the auditor reports to the members or shareholders of the audited entity.
I believe that as a country we need the following measures in order to address the expectation gap:
*Update our legislation especially the Companies Act so that it is in sync with the current market expectations.
*Align all legislation which requires financial statement to be audited in order for them to be consistent.
*Engage awareness campaigns to educate users on the role that auditors play.
*Elliot Wonenyika CA (Z) is a director at Chartered Accountants Academy and an ICAZ technical advisor.
Follow us on Twitter on @FingazLive and on Facebook – The Financial Gazette