Fifth Pass
APPENDIX 1B
Alternative Theories of the
Role of Auditing in Society
In the chapter, we defined auditing as an information risk reducing activity. This definition
follows from the information hypothesis that is used to explain the demand for external audits.
Under the information hypothesis, audit services are demanded to reduce the information risk
to users of financial statements. Information risk is the risk that user decisions may be based
on incorrect information. Thus, auditors are demanded to reduce losses due to faulty decisions
resulting from errors or irregularities in the financial statements. Losses to investors may also
arise because of failure to disclose all the facts about a firm by company management. Auditors
help assess whether this information asymmetry is alleviated through proper disclosure. Less
accurate information may also deter investment, so auditing may also alleviate under investment in the capital markets and result in better resource allocation in the economy.
Another hypothesis that has been proposed to explain the sources of demand for audits is
the monitoring hypothesis. The monitoring hypothesis is based on the principal-agent framework of economic theory. Agency theory predicts that utility-maximizing agents (the managers),
if unchecked, will consume more resources than optimal. However, investors with rational
expectations will take such behaviour into account in pricing a firm’s securities. As a result, the
agents have the incentive to contract for mechanisms to monitor their opportunistic behaviour.
The hiring of an external auditor is one such mechanism. This theory predicts that management
will demand audits whenever the cost of monitoring their activities is less than the wage loss
management suffers without the monitoring. The presumption here is that the owners of the
firm will pay managers more with monitoring of their activities than without monitoring.
The insurance hypothesis predicts that auditors are demanded so that they may be
sued in case there is a business failure. Auditing thus provides investors a form of insurance. If an investor purchases securities on the basis of audited financial statements and
subsequently sustains losses, the law provides some degree of recourse against the auditor.
In this way, the auditor can, depending on how the court’s reasoning works, function as
an indemnifier against investment losses.
The degree of recourse depends on the legal system in force. Under a negligence-based
concept, some form of audit failure needs to be proved. Moreover, for registration statements
under SEC laws (covered in Chapter 19), the burden of proof is on the auditor to demonstrate
that due care was observed in the audit task. Recent court cases in the United States seem to
abandon the negligence concept in favour of an implied warranty concept. Under the implied
warranty concept, the issue of whether the auditor is negligent is irrelevant. The auditor is
responsible once it can be proved that the audited financial statement is wrong. This concept
is concerned with accident (audit failure) prevention, compensating the injured and a better
distribution of losses. Under implied warranty, the audit fee may be little more than a fee for
insurance against otherwise uninsurable business risk (e.g., due to management incompetence).
We say “may” because it all depends on how courts interpret “wrong” financial statements. If
wrong financial statements mean failure to anticipate any adverse business event, then auditors
are responsible for insuring business losses. If, on the other hand, wrong financial statements
mean failure to disclose only those adverse events for which there is information at the time
of audit, then auditors are effectively liable only for information risk. So, much depends on
court interpretation and the amount of damages awarded to the plaintiffs. The punitive damage
award system in the United States—with its high multiples of actual damages—is close to the
kind of system that would make auditors insurers of business risk. It is assumed that any
auditor-insured business risk is then passed on in the form of fee increases to all clients. Clients,
in turn, pass these costs on to society via increased prices for their products. In this way, risks
faced by investors are passed on to society—that is, business risk is socialized.
1
smi51414_app1B.indd 1
12/09/12 5:53 PM
Fifth Pass
2
APPENDIX 1B
cheating principle: principle proposed to represent
the main concerns of
third-party users of
financial statements
smi51414_app1B.indd 2
Alternative Theories of the Role of Auditing in a Society
Each of these theories helps explain some aspect of the audit environment and some
of the reasons audits are demanded. These theories are best viewed as complementary rather
than mutually exclusive. They also appear to apply in different degrees in different countries
and different legal systems. For example, in the United States the risk of an auditor being
sued has traditionally been about 10 times that of the risk in Canada. This suggests that the
insurance hypothesis may be a more important explanation of the demand for audits in the
American business environment than in the Canadian business environment.
Each of these theories can provide a justification for reduced information risk. Clearly,
under the monitoring and information hypotheses, information risk is to be reduced for the
principals and other users, respectively. Under the insurance hypothesis, it may be less obvious
why information risk should be reduced. Under a negligence-based liability system, if the auditor can prove due care in reducing information risk, then the auditor will reduce the possibility
of legal liability. Even under the implied warranty concept of insurance, reduced information
risk will reduce the risk of legal liability, because there is a lower chance of an audit failure or
“accident” to cause the liability. Thus, despite the different explanations these hypotheses provide, they all have in common the auditor’s need to reduce information risk. Some estimate
that information risk is a significant component of cost of capital for many firms. A reduction
in information risk, thus, has the tangible effect of reducing a firm’s cost of capital.
Another noteworthy feature of these theories is that, from the perspective of corporate
governance, all of them can be used to explain audits as a complement for such corporate
governance elements as boards of directors, audit committees, and the internal audit. One
effect of SOX is to institutionalize this complementary role by requiring strong corporate
governance mechanisms in addition to effective, independent external audit function.
A pervasive concern that has become more evident in today’s world is that of management deception in the form of fraudulent reporting and outright fraud. The expectation is
that auditors will detect this cheating. Note that this is a natural consequence of three-party
accountability. We will refer to this as the cheating principle.
A recent objective in audit standards is to detect and deter fraudulent financial reporting. An extension of this might be to detect any cheating (including fraud by management
incompetence) via financial reporting. Fraud of management incompetence includes any
false claim by management of its capabilities. An example of fraud of incompetence in a
university is cheating by students on an exam that earns them a higher mark than deserved
and, as a result, perhaps a better job than qualified for. If such cheating were uncontrollably
rampant it could undermine the credibility of university degrees and the broader economy
as incompetent people, including incompetent auditors, influence key sectors of the economy. Fraud of incompetence is one of many and growing types of fraud clever imposters
think up to exploit institutional weaknesses in all types of economies.
Similarly, detection and deterrence of all types of cheating by capital users against
capital providers may be crucial for preserving trust, and thus the functioning, of capital
markets (See Smieliauskas, W. 2006. “Introduction and Commentary on Forensic
Accounting Forum.” Canadian Accounting Perspectives, Vol. 5 No. 2: 239–256). Fraud of
management incompetence includes such common problems as inability to prepare fairly
presented financial statements. Misstatements might be unintentional yet arise because
of management incompetence or inability to deal with financial reporting issues. The
auditor’s traditional role has been to detect such incompetence but it has not been treated
as a form of fraud. However, if the concept of cheating were defined to include fraud by
management incompetence, then cheating would incorporate poor economic performance due to mismanagement and misleading reporting, including all reporting that
fails to reflect the economic substance of an entity’s activities. Thus detection of cheating
via financial reporting can address the goal of reflecting economic substance of principles-based based standards (International Federation of Accountants [IFAC] 2011
Discussion Paper: The Evolving Nature of Financial Reporting: Disclosure and Its Audit
Implications. IFAC. NY. January) as well as detection of fraudulent financial reporting.
Savage and Van Allen (2002. “Accounting for Uncertainty” in Journal of Portfolio
Management, Vol. 29 No.1) give good illustrations of how cheating can arise through
conformity with traditional GAAP.
08/09/12 6:33 PM
Fifth Pass
APPENDIX 1B
Alternative Theories of the Role of Auditing in a Society
None of the above theories is inconsistent with the cheating principle; however, they lack
the emphasis on detecting deception that the cheating principle implies. Thus, under the
information hypothesis, the concern is not so much about the risk of unintentional misstatements as it is about intentional misstatements by management. Under the monitoring
hypothesis, the goal is not so much to protect management from being underpaid as from
being overpaid. And under the insurance hypothesis, the emphasis switches to insurance for
management cheating as opposed to insurance for broader reasons for business failures.
Cheating detection thus becomes the common theme underlying all the theories, and it may
thus become the most basic principle of auditing. Evidence of this is indicated by trends in
today’s corporate world, such as making management more accountable through certification
of financial statements by beefing up audit standards to increasingly require forensic type
audit procedures on every engagement, and an attitude of greater skepticism on the part of
auditors. These changes are further explained throughout the text.
One issue not covered by any of the above theories, and one that is becoming increasingly
important in today’s world, is the degree to which the profession should be self-regulated. It is
evident from the chapter coverage that some politicians and regulators do not trust the profession to act in the public’s best interests. One important reason for this lack of trust is that the
product of auditing—audited financial statements—has the attributes of what economists call a
public good. A public good has two properties: non-rival consumption and non-excludability.
Non-rival consumption is the property that allows one person’s consumption of a good to
prevent another person from consuming it. Non-excludability is the property that the auditor
is unable to prevent any user from consuming the good. Markets break down under nonexcludability because the seller auditor would be unable to assume that only those who paid for
the good could obtain it. When consumption of a good is non-rival, the provision of the good
through a market will not enable the best or optimal level of output to be produced.
These economic concepts indicate that at best market forces work imperfectly for audit
services. As a consequence, like many public goods, regulations may need to complement
the market mechanism. The problem then becomes a political one with regulators attempting to identify true demand through a political process, rather than relying on market forces.
In conclusion, the market mechanism for controlling the profession has a high-risk of
failure, and some regulatory or semi-regulatory systems need to be considered. Although
it was used throughout the 20th century, self-regulation appears to be a failure. What
worked for much of the 20th century may need to be updated for the conditions and social
expectations of the 21st century. It is wrong to conclude that auditing would not exist
without regulation. We know from the history of the profession that there was a demand
for audit services before the passage of key securities and corporation law legislation.
However, the market for audit services is imperfect due to the public good attributes of
audit services, which means more state intervention appears likely, as the audit function
becomes more critical to proper functioning of capital markets.
The state intervention started with the passage of Corporation Acts in the 1800s and
1900s, SEC laws in the 1930s, and continues to the present day through SOX. Interestingly,
consistent with the cheater-detection hypothesis, audits have always been viewed as fraud
detectors either informally in terms of “expectation gaps” or more formally as indicated in the
earliest textbooks on auditing from the 1800s or in securities legislation. Virtually all legislation
affecting auditors is concerned with “protecting investors.” But protection from what? Implicit
has been protection from intentional deception by management or corporate promoters. There
is hardly any concern expressed in legislation for unintentional misstatements. The issue is
increasingly one of trusting the second party in three-party accountability. All this evidence
suggests that cheater detection may be increasingly important in the evolving “audit society”
with stringent oversight of securities markets and the related financial reporting system.
3
non-rival consumption:
a product of audited financial statements, that one
person’s consumption of a
good prevents another person from consuming it
non-excludability: a
product of audited financial statements, that the
auditor is unable to prevent
any user from consuming
the good
REVIEW CHECKPOINTS
1B-1 Do you think that the auditor’s primary
responsibility should be to detect deceptive
smi51414_app1B.indd 3
reporting (e.g., earnings manipulation by
management)? Yes or no? Discuss in class.
08/09/12 6:33 PM
Fifth Pass
4
APPENDIX 1B
Alternative Theories of the Role of Auditing in a Society
KEY TERMS
cheating principle
smi51414_app1B.indd 4
non-excludability
non-rival consumption
10/09/12 5:09 PM