- Email: [email protected]
A STAKEHOLDER APPROACH TO AUDITING
Critical Perspectives on Accounting (1998) 9, 217]226 Article ID: pa970170
A STAKEHOLDER APPROACH TO AUDITING T. A. LEE Culverhouse School of Accountancy, University of Alabama, Tuscaloosa, AL, USA
The US Single Audit Act 1984 is proposed as a convenient mechanism to introduce a social dimension of public accountability to corporate stakeholders. Its emphasis is on the audit of corporate regulation and control compliance. The purpose of this commentary is to critique the proposal from the perspective of audit. The critique is constructed around the idea of audit, and is placed in the context of an observed explosion of audits in practice. The commentary reviews the requirements of the Single Audit Act as they relate to extending the corporate audit from its traditional financial focus, and it specifically deals with the issue of translating the requirements of the Act from the public to the private sector. The argument comments on audit matters such as auditing to provide accountability to stakeholders rather than information for user decisions, and auditor competence and independence. It concludes with an argument that the Single Audit Act proposal could be expanded to an external audit of management rather than be limited to an assessment of managerial controls.
Q
1998 Academic Press Limited
Introduction A proposal has been made by Sutton and Arnold in their paper ‘‘Towards a Framework for a Corporate Single Audit’’ for an alternative corporate audit based on the US Single Audit Act 1984 (henceforth SAA). The rationale for the proposal is the danger to stakeholders of reporting systems that over-emphasize the ‘‘ financial’’ and ignore the ‘‘social’’ of corporate activity. The purpose of this paper is to provide a critical commentary on the idea of ‘‘audit’’ contained in the proposal. The commentary begins with an explanation of the proposed audit framework prior to critically reviewing its implications for stakeholders and auditors. Address for Correspondence: Professor T.A. Lee, Culverhouse School of Accountancy, University of Alabama, Box 870220, 310 Alston, Tuscaloosa, AL 35487-0220, USA. Email: [email protected] Received 7 November 1996; revised 18 April 1997; accepted 20 July 1997
217 1045-2354/ 98 / 020217+ 10 $25.00 / 0
Q 1998
Academic Press Limited
218
T.A. Lee
The Single Audit Act Proposal The SAA applies to US federally-funded organizations of a governmental, educational or not-for-profit nature. The intention of the SAA is to ensure that these organizations prepare and file appropriate financial statements, operate adequate internal controls, comply with federal guidelines and make legitimate use of funding. The motivation for the legislation goes beyond the stewardship relationship of principal and agent which is typically satisfied by attestation of financial statement quality. Instead, it attempts to achieve social accountability to stakeholders who are perceived to represent the public interest in federally-funded organizations. The SAA auditor has a variety of verification and reporting tasks. First, for the organization as a whole, there is a requirement to attest the accounting quality of its financial statements, the adequacy of its internal controls, and its compliance with federal funding rules. In addition, for each funded program of the organization, the auditor provides a schedule disclosing federal assistance to the program, comments on the effectiveness of its internal controls and funding compliance procedures, and discloses any fraud discovered by audit. With respect to rule compliance, the auditor reports on nine topics, i.e. political activity, minimum wages, civil rights, cash management, relocation assistance and property acquisition, federal financial report filing, cost principles, a drug-free workplace and other administrative requirements. What the SAA therefore requires is that the auditor verifies and reports beyond the traditional area of accounting for the overall organization (i.e. its internal controls and financial statements), and attest other matters concerning rule compliance both for the entity and its major segments. Three audit reports are required for the overall organization, and a further four reports for each of its main funded programs. The focus of the audit is on the success of the organization in complying with various regulations which are intended to limit its actions within a socially-defined ‘‘game-plan’’, e.g. with respect to proscribed political activity, federally-regulated labor issues (i.e. wages, civil rights, relocation, and drugs), funding abuses (i.e. in cash management and costing), and non-compliance with mandated procedures (i.e. various administrative matters such as health and safety at work). The proposed extension of the SAA to corporate enterprises is made in the context of recent arguments for these organizations to report to a public audience for which social accountability is a major focus. Examples of green accounting and illegal act detection are used as introductions to the argument.
The Idea of Audit The proposal to translate the SAA to the corporate world would add to what Power (1994) describes as an audit explosion. It can therefore be
A stakeholder approach to auditing
219
perceived as part of a seemingly continuous societal search for accountability, in which everything and everyone are potentially targets for audit. As Power argues, audit is the principal means by which accountability is attempted when trust in relationships disappears. Throughout history, audit has displaced trust and then been an important means of restoring it. The main objective of audit appears to be a need to demonstrate accountability by identifying auditees with which there is a potential lack of trust concerning their behavior and actions. The SAA proposal implies a considerable lack of trust in corporate activity and management. The proposal’s principal assumption is that corporate stakeholders do not trust managerial agents to create and maintain adequate reporting, internal control, and rule-compliance systems. As a consequence of this mistrust, stakeholders are further assumed to require comprehensive audit verification and reporting on these matters to assist their use of disclosed information. The general question posed in this commentary as a result of these implications and assumptions is whether the SAA proposals should and could be translated effectively to the corporate sector. The commentary attempts to examine this question in part by reference to a critical framework of audit by Power (1994). Power’s most fundamental idea is that audit is a system of administrative control and governance. It attempts to maintain traditional hierarchical and authoritarian control structures within the context of a societal need to cope with control failures. In particular, audit provides societal comfort by focusing on a policing of organizational controls rather than by a direct verification of the objects of these controls. Power further argues that, as an exercise in ‘‘control of controls,’’ audit makes the organization less rather than more visible (because audit becomes a black box), increases public criticism of the auditor (rather than the idea of audit) and results in calls for more auditing (thus perpetuating the audit explosion). According to Power, audit shapes the organization in ways which make verification more feasible and creates public expectations of what auditing should achieve. Means of accountability other than audit tend to be ignored, and it becomes a substitute for democracy. What emerges as important is not the consequence of how things are done but rather that they are done in an environment of controls. Audit can therefore be argued to be an exercise in which evidencing compliance with controls is the dominant focus rather than attesting other outcomes of accountable behavior. In other words, the ability of the manager to ‘‘stay within the rules’’ of the organization becomes the primary focus of audit.
Extending the Financial Audit The SAA proposal recommends that all SAA provisions should apply to corporate organizations, at least as a first step to improving corporate
220
T.A. Lee
reporting, and as a substitute for a more radical reform of the latter function. The ‘‘driver’’ in the proposal is a perception that corporate stakeholders need information beyond that contained in the conventional financial statement package. This suggests there are at least three matters which should be considered in the proposal. The first matter is the general proposition that legislation constructed for federally-funded organizations is adaptable to the corporate community. The second matter is the proposal’s specific ‘‘consumer’’ focus on stakeholders rather than shareholders. The third matter is the reporting extension beyond conventional financial statements for the entity as a whole and its segments. Each of these issues is considered in turn.
Adapting to the Corporate Sector Any transplant is problematic. Uprooting something designed for one environment to place it in another is not easy and can be unsuccessful. The environments may appear similar on the surface, but closer inspection typically reveals significant differences. These variations may result in rejection of the transplant. In this case, the SAA was designed by US legislators to deal with a very specific and rule-oriented type of organization with an operational mission of a public nature. Federal funding is typically given only when certain organizational restrictions and conditions are in place and agreed. These matters are usually the subject of very detailed funding rules. The primary factor at work is that federal funding is made in the name of a public interest to which the operations of the organization are directed (e.g. education). Thus, US taxpayers’ money is a funding source which, as a matter or routine, is perceived by legislators to require oversight. For this reason, it is natural that federal funding is closely associated with accountability exercises of a public nature. The accountability is largely concerned with monitoring funds received and how they have been used. In other words, the SAA exists to protect US taxpayer funding. By its very nature, it is a vivid example of the ‘‘control of controls’’ thesis of Power (1994). Financial statements are disclosed in order to exercise an indirect public control of management, and statement quality is attested to enhance the credibility of that control. Statement attestation is made on the basis of audit reviews of management’s internal controls and accounting compliance procedures. The uses to which funds are put are also examined in the context of specific usage rules and the possibility of fraud and funding abuses are investigated. However, the effectiveness of management beyond its control and rule compliance procedures is not questioned by the auditor under the SAA. Consequently, it is not unreasonable to suggest that the SAA conforms with Power’s (1994) perception of audit, i.e it polices the controls of federally-funded organizations and gives societal comfort that such policing has taken place. As a consequence, it does not dispel the relative
A stakeholder approach to auditing
221
invisibility of the organization and its management to its stakeholders. SAA audit practice is clearly an example of what Power describes as administrative control and governance. It is designed to protect a public interest in federally-funded organizations, and does not, nor is it intended to expose their economic or social effectiveness. For this reason, it has to be questioned whether the SAA should and could be translated to private sector companies. In these organizations, despite pleas for disclosures such as green accounting (Gray, 1990), the concept of public interest is rarely an issue from a reporting and auditing point of view. Corporations are deliberately constructed to maximize the financial interests of private investor communities, and US reporting and auditing prescriptions reflect this (e.g. AICPA, 1973, 1995; FASB, 1978). This does not mean that the public interest in corporate affairs is ignored by accounting policy-makers. However, what typically appears in their prescriptions is a strawman of public interest by specification of all potential report user groups and their information needs. These groups are then stated to have common financial information needs which can be satisfied by general-purpose financial statements. The perceived commonalty of information needs is usually based on an investor decision model. Such reasoning constructs a public interest by means of mental mirrors, and fails to disguise their private capitalist nature. The essential issue with corporate organizations is that their privateness (despite public markets for their shares) and devotion to achieving financial success for shareholders, run contrary to a public interest with which they are clearly associated. There are very obvious aspects of public interest in corporate activity. No company, however large or small, can avoid the reality of doing business within an economic and social context which involves and affects the public. It would be a very foolish management that ignored public aspects of corporate operations. But companies are, by nature, more private and less visible than federally-funded organizations. Thus, it is hard to see how the SAA proposal of ‘‘control of controls’’ could make companies less private and more visible, other than attesting their control and rule-compliance effectiveness. Operational and managerial effectiveness would remain a black box for stakeholders. What appears to be relevant in the corporate sector is a need to directly monitor managerial behavior in areas where, despite rules and regulations, managers can take advantage of the moral hazard created by the principal-agent relationship, and operate in ineffective economic and social ways. In this respect, auditing corporate managers rather than managerial controls would appear to be a worthy task in a world in which corporate invisibility creates so many economic incentives for managers to misbehave. The SAA proposal does not address this issue. Instead, it transplants the philosophy of ‘‘control of controls’’ to the corporate sector} a comforting prospect but not necessarily useful to stakeholders.
222
T.A. Lee
A Stakeholder Approach
The SAA proposal is predominantly concerned with managerial accountability to a variety of stakeholders with perceived interests in a range of financial, economic and social variables in corporate activity. The name of this game would be stewardship, with the managerial stewards held responsible to more than shareholders. Thus, the proposal contrasts with recent thinking over the last three decades concerning corporate reporting. Whether in the US or elsewhere, the focus has been squarely on satisfying individual decision needs. Although the UK Accounting Standards Steering Committee’s The Corporate Report (ASSC, 1975) can be identified as the first serious attempt in that country to advocate a stakeholder approach to financial reporting, its philosophical influence was modest. The Committee’s major reporting objective was stated as the satisfaction of the information needs of a wide range or defined user groups. Decision-usefulness was not made explicit in the study, and the overall philosophy of the Committee was expressed in terms of an aim to disclose general-purpose financial statements as a mechanism of public accountability. As such, therefore The Corporate Report was a financially-orientated precursor to the SAA proposal which is the subject of this critique. However, since 1975, various UK studies of corporate reporting have explicitly embraced the decision-usefulness approach, with particular emphasis on the decision needs of investors and creditors (e.g. McMonnies, 1988; Solomons, 1989; Arnold et al., 1991; ASB, 1991) These suggestions mirror the approach of US accounting standard-setters since 1973 (e.g. AICPA, 1973, 1995; FASB, 1978). From this perspective, the ‘‘stewardship of stakeholders’’ and philosophy of the SAA proposal does not fit easily with current thinking about the decision-usefulness of corporate reports. And perhaps there is no reason why it should. However, the question has to be asked whether a proposal to improve accountability will also assist in the various decision processes with which corporate report users are known to be involved. More specifically, will the ‘‘control of controls’’ audit to attest reporting, control and regulatory compliance help with various stakeholders to make more informed decisions concerning corporate activity? The SAA proposal moves reporting away from the narrow confines of a condensed accounting to shareholders to a wider view of the company for stakeholders. But that wider view has to assist both accountability and consequential decisions. As it stands, the proposal would report on the ‘‘control-worthiness’’ of corporate management, and ignore what is arguably the more decision-relevant issue of the economic and social effectiveness of management in the context of rules and controls. Corporate stakeholders may be able to take comfort under the SAA proposal that controls and rule compliance procedures have been audited, but they would remain ignorant of the economic and social effectiveness of managements’ actions.
A stakeholder approach to auditing
223
Responsibility to Stakeholders The SAA proposal implies a specific auditor responsibility to stakeholders generally unless its remit were offered with a legal safe harbor. The proposal is inconsistent with contemporary legal developments. For example, courts of law have been reluctant to extend the corporate auditor’s duty of care beyond shareholders because of the issue of privity of contract (Gwilliam, 1991), i.e. for the auditor to be held responsible for the nature and quality of audit procedures, courts have held there has to be at least an implied private contract between the auditor and the potential audit beneficiary. Opening up the audit to a social accountability exercise to a more public focus, as suggested in the SAA proposal, introduces concern about its legal acceptability. The basic question here is whether there is privity of contract between the auditor and the generality of corporate stakeholders. If this case can be made, it runs contrary to recent efforts by professions generally, and the public accountancy profession particularly, to reform professional liability to ensure a fairer justice system for professionals in the context of reliance on their expert services (e.g. Cook et al., 1992; Pincus, 1996). Public accountants have made concerted efforts to limit their liability and duties. For example, professional bodies now permit limited liability partnerships, and the SAA proposal is conceptually opposed to Congressional intentions in the Private Securities Litigation Reform Act 1995. Given the expectations of public accountants to extend litigation reform beyond the 1995 Act (Andrews & Simonetti, 1996), it is not unreasonable to suggest the SAA proposal could meet with opposition from accountants and their regulating bodies because of the potential litigation issue. This possibility does not mean the proposal should not be considered. But it does require a closer examination of the stakeholder-public interest foundation on which it is based. Any proposed extension of the responsibilities of public accountants will work only if they can be held accountable at law for the quality of audit.
Auditor Competence and Independence It has long been recognized in corporate audit thought that the success of such an audit is largely conditional on the independence of the auditor. If this condition does not exist, the degree to which the audit opinion can be trusted as an objective statement is limited. In addition, as Lee and Stone (1995) recently argued, if the auditor is incompetent, independence is not an audit characteristic to be anticipated. Lack of competence, because of lack of expertise and experience, forces the auditor to rely on client management in terms of asking questions and assessing responses. These matters appear to be of relevance to the SAA proposal, i.e. given the nature of its provision, is the current corporate auditor capable of carrying out such an audit successfully? The answer to this question depends on the extent to which the
224
T.A. Lee
SAA’s provisions are put into operation. The current audit focus is on numbers generated by an accounting system dependent on internal controls and rule compliance procedures. In this respect, the auditor is a trained accounting expert capable of examining accounting controls, rules and numbers, and there should be no problem related to competence and independence on those aspects of the SAA proposal. However, the proposal goes beyond conventional auditing, and requires verification and reporting on compliance with rules and regulations in a variety of non-accounting areas such as political activity, minimum wages, civil rights, relocation, health and safety, and pollution. It is therefore questionable whether corporate auditors trained to review accounting controls and numbers are sufficiently expert to deal with non-accounting controls and procedures. There can be little doubt that the training of an auditor would be useful in these situations, i.e. in terms of the general principles of seeking and evaluating evidential material. However, such training is insufficient if the nature of the audit subject-matter requires skills not held by financial experts. The issue here, therefore, is not with attesting the quality of financial statements and the control systems and accounting principles on which they depend. Instead, it concerns other compliance issues which require expertise in areas such as economics, law, engineering, biology and medicine.
Auditing Controls or Management? When considering each of the above comments on the SAA proposal, it is apparent there is a need to question its compliance nature, and whether this is actually what is needed in order to effect adequate social accountability to stakeholders. At the heart of corporate activity is the potential moral hazard of the principal]agent relationship. This is usually interpreted in terms of management taking advantage of shareholders by misappropriating shareholder funds. What is somehow minimized in these arguments is the potential for management to misuse these funds, i.e. not because of any fraudulent motivation but more out of incompetence or ineffectiveness. Classical economics might argue that efficient markets pick up signals of incompetent managerial behavior. However, a casual empirical observation of corporate activity over nearly 200 years suggests otherwise. Companies fail despite market monitors such as audit and, in these situations, it is not only shareholders who lose out. All stakeholders are subject to the moral hazard of the principal]agent relationship. The SAA proposal does not appear to fully address this issue. As previously argued, its audit emphasis is on rule and regulation compliance in accounting and non-accounting areas. The managerial object of the controls is not the main target. Thus, there is a case to be made that, rather than ‘‘control of controls,’’ the SAA proposal should look more radically at the idea of a management audit for shareholders and
A stakeholder approach to auditing
225
other stakeholders. Throughout the history of corporate activity, management has been left to manage, despite laws and regulations requiring periodic compliance reporting. For example, despite nearly a century of shareholder-orientated legislation, it was not until the Companies Act 1948 in the UK that shareholders were effectively recognized as needing an extensive accounting from corporate management (Bircher, 1991). The SAA proposal does not appear capable of truly forcing management to account for its actions. It is therefore suggested that, in addition to compliance auditing, the SAA proposal should be extended to be an effective management audit. This would involve not only whether managers compiled with controls but whether their actions were effective in economic and social terms. Management would require to specify its financial and non-financial targets, and the auditor would report on variations between actual and budgeted performance. Such a proposal is not radical, and has been made from time to time in the auditing literature. Innes (1984), for example, provides a comprehensive review of the concept of external management audit. He observes initial thinking in the UK and US in the early 1900s, and more developed suggestions in the 1960s and 1970s. The earliest proposals included the publication of audit reports on the effectiveness of management in areas such as production and distribution. Later recommendations covered matters such as the verification of all financial and non-financial disclosures by corporate management. In 1969, these ideas progressed to the point at which an unsuccessful Parliamentary attempt was made in the UK to mandate external management audits of corporate operational efficiency. Practical examples of management audits are not hard to find, particularly in the public sector. Innes (1984) lists a considerable number of management audit activities in Europe and North America, including the work of the National Audit Office in the UK, the Auditor General in Canada, and the General Accounting Office in the US. Public accountancy firms in each of these countries also have limited experience of commissioned management audits in the private and public sector. While continuing to recognize concerns expressed earlier about auditor competence in non-accounting matters, expanding these experiences into the private sector on a recurrent basis would appear to be worthy of at least discussion and debate and would add to the audit explosion in a relatively controlled and meaningful manner. Making the results of these audits public would be the major change from the current position, as not all current management audit reports are available for public disclosure and use.
Conclusions Despite the above criticisms of its content, the proposed SAA adaption to the corporate sector should be taken seriously. Its focus on the inadequacies of the conventional financial reporting package with respect
226
T.A. Lee
to social accountability to stakeholders is a serious issue for corporate governance. The major flaws in its present form relate to its original non-corporate purpose and several difficulties concerning the audit of non-financial matters for beneficiaries other than stakeholders. The greatest advantage of the SAA proposal is that it forces a needed debate on corporate audit, i.e. what it is and should be, and who should benefit. Its greatest disadvantage is its present structure which would increase Power’s (1994) ‘‘control of controls’’ audit explosion. A more direct management audit has been suggested. Let the debate begin.
References American Institute of Certified Public Accountants, Objectives of Financial Statements (New York: American Institute of Certified Public Accountants, 1973). American Institute of Certified Public Accountants, Improving Business Reporting: A Consumer Focus (New York, NY: Special Committee on Financial Reporting, American Institute of Certified Public Accountants, 1995). Andrews, A.R. & Simonetti, G., ‘‘Tort reform revolution’’, Journal of Accountancy, September 1996, pp. 53]55. Arnold, J., Boyle, P., Carey, A., Cooper, M. & Wild, K., The Future Shape of Financial Reports (London: Institute of Chartered Accountants in England and Wales, 1991). Accounting Standards Board, ‘‘The objectives of financial statements and the qualitative characteristics of financial information’’, Statement of Principles Exposure Draft (London: Accounting Standards Board, 1991). Accounting Standards Steering Committee, The Corporate Report (London: Accounting Standards Steering Committee, 1975). Bircher, P., From the Companies Act of 1929 to the Companies Act of 1948: A Study of Change in the Law and Practice of Accounting (New York: Garland Publishing, 1991). Cook, J.M., Friedman, E.M., Groves, R.J., Madonna, J.C., O’Malley, S.F. & Winbach, L.A., The Liability Crisis in the United States: Impact on the Accountancy Profession (Chicago: Arthur Andersen et al., 1992). Financial Accounting Standards Board, ‘‘ Objectives of financial statements by business enterprises’’, Statements of Financial Accounting Concepts 1 (Stamford, CT: Financial Accounting Standards Board, 1978). Gray, R., The Greening of Accountancy: The Profession After Pearce (London: Chartered Association of Certified Accountants, 1990). Gwilliam, D., ‘‘The auditor’s liability to third parties’’, in M. Sherer & S. Turley (eds), Current Issues in Auditing (London: Paul Chapman Publishing, 1991) pp. 60]75. Innes, J., ‘‘External management auditing of companies} a survey of bankers’’, Doctoral Thesis, University of Edinburgh, 1984. Lee, T.A. & Stone, M., ‘‘ Competence and independence: the uncongenial twins of auditing?’’, Journal of Business Finance and Accounting, 1995, pp. 1169]1177. McMonnies, P.N., Making Corporate Reports Valuable (London: Kogan Page, 1988). Pincus, A.J., ‘‘The Reform Act: what CPAs should know,’’ Journal of Accountancy, September 1996, pp. 55]58. Power, M., ‘‘The audit society’’, in A.G. Hopwood & P. Miller (eds), Accounting as Social and Institutional Practice (Cambridge: Cambridge University Press, 1994) pp. 299]316. Solomons, D., Guidelines for Financial Reporting Standards (London: Institute of Chartered Accountants in England and Wales, 1989).
A STAKEHOLDER APPROACH TO AUDITING T. A. LEE Culverhouse School of Accountancy, University of Alabama, Tuscaloosa, AL, USA
The US Single Audit Act 1984 is proposed as a convenient mechanism to introduce a social dimension of public accountability to corporate stakeholders. Its emphasis is on the audit of corporate regulation and control compliance. The purpose of this commentary is to critique the proposal from the perspective of audit. The critique is constructed around the idea of audit, and is placed in the context of an observed explosion of audits in practice. The commentary reviews the requirements of the Single Audit Act as they relate to extending the corporate audit from its traditional financial focus, and it specifically deals with the issue of translating the requirements of the Act from the public to the private sector. The argument comments on audit matters such as auditing to provide accountability to stakeholders rather than information for user decisions, and auditor competence and independence. It concludes with an argument that the Single Audit Act proposal could be expanded to an external audit of management rather than be limited to an assessment of managerial controls.
Q
1998 Academic Press Limited
Introduction A proposal has been made by Sutton and Arnold in their paper ‘‘Towards a Framework for a Corporate Single Audit’’ for an alternative corporate audit based on the US Single Audit Act 1984 (henceforth SAA). The rationale for the proposal is the danger to stakeholders of reporting systems that over-emphasize the ‘‘ financial’’ and ignore the ‘‘social’’ of corporate activity. The purpose of this paper is to provide a critical commentary on the idea of ‘‘audit’’ contained in the proposal. The commentary begins with an explanation of the proposed audit framework prior to critically reviewing its implications for stakeholders and auditors. Address for Correspondence: Professor T.A. Lee, Culverhouse School of Accountancy, University of Alabama, Box 870220, 310 Alston, Tuscaloosa, AL 35487-0220, USA. Email: [email protected] Received 7 November 1996; revised 18 April 1997; accepted 20 July 1997
217 1045-2354/ 98 / 020217+ 10 $25.00 / 0
Q 1998
Academic Press Limited
218
T.A. Lee
The Single Audit Act Proposal The SAA applies to US federally-funded organizations of a governmental, educational or not-for-profit nature. The intention of the SAA is to ensure that these organizations prepare and file appropriate financial statements, operate adequate internal controls, comply with federal guidelines and make legitimate use of funding. The motivation for the legislation goes beyond the stewardship relationship of principal and agent which is typically satisfied by attestation of financial statement quality. Instead, it attempts to achieve social accountability to stakeholders who are perceived to represent the public interest in federally-funded organizations. The SAA auditor has a variety of verification and reporting tasks. First, for the organization as a whole, there is a requirement to attest the accounting quality of its financial statements, the adequacy of its internal controls, and its compliance with federal funding rules. In addition, for each funded program of the organization, the auditor provides a schedule disclosing federal assistance to the program, comments on the effectiveness of its internal controls and funding compliance procedures, and discloses any fraud discovered by audit. With respect to rule compliance, the auditor reports on nine topics, i.e. political activity, minimum wages, civil rights, cash management, relocation assistance and property acquisition, federal financial report filing, cost principles, a drug-free workplace and other administrative requirements. What the SAA therefore requires is that the auditor verifies and reports beyond the traditional area of accounting for the overall organization (i.e. its internal controls and financial statements), and attest other matters concerning rule compliance both for the entity and its major segments. Three audit reports are required for the overall organization, and a further four reports for each of its main funded programs. The focus of the audit is on the success of the organization in complying with various regulations which are intended to limit its actions within a socially-defined ‘‘game-plan’’, e.g. with respect to proscribed political activity, federally-regulated labor issues (i.e. wages, civil rights, relocation, and drugs), funding abuses (i.e. in cash management and costing), and non-compliance with mandated procedures (i.e. various administrative matters such as health and safety at work). The proposed extension of the SAA to corporate enterprises is made in the context of recent arguments for these organizations to report to a public audience for which social accountability is a major focus. Examples of green accounting and illegal act detection are used as introductions to the argument.
The Idea of Audit The proposal to translate the SAA to the corporate world would add to what Power (1994) describes as an audit explosion. It can therefore be
A stakeholder approach to auditing
219
perceived as part of a seemingly continuous societal search for accountability, in which everything and everyone are potentially targets for audit. As Power argues, audit is the principal means by which accountability is attempted when trust in relationships disappears. Throughout history, audit has displaced trust and then been an important means of restoring it. The main objective of audit appears to be a need to demonstrate accountability by identifying auditees with which there is a potential lack of trust concerning their behavior and actions. The SAA proposal implies a considerable lack of trust in corporate activity and management. The proposal’s principal assumption is that corporate stakeholders do not trust managerial agents to create and maintain adequate reporting, internal control, and rule-compliance systems. As a consequence of this mistrust, stakeholders are further assumed to require comprehensive audit verification and reporting on these matters to assist their use of disclosed information. The general question posed in this commentary as a result of these implications and assumptions is whether the SAA proposals should and could be translated effectively to the corporate sector. The commentary attempts to examine this question in part by reference to a critical framework of audit by Power (1994). Power’s most fundamental idea is that audit is a system of administrative control and governance. It attempts to maintain traditional hierarchical and authoritarian control structures within the context of a societal need to cope with control failures. In particular, audit provides societal comfort by focusing on a policing of organizational controls rather than by a direct verification of the objects of these controls. Power further argues that, as an exercise in ‘‘control of controls,’’ audit makes the organization less rather than more visible (because audit becomes a black box), increases public criticism of the auditor (rather than the idea of audit) and results in calls for more auditing (thus perpetuating the audit explosion). According to Power, audit shapes the organization in ways which make verification more feasible and creates public expectations of what auditing should achieve. Means of accountability other than audit tend to be ignored, and it becomes a substitute for democracy. What emerges as important is not the consequence of how things are done but rather that they are done in an environment of controls. Audit can therefore be argued to be an exercise in which evidencing compliance with controls is the dominant focus rather than attesting other outcomes of accountable behavior. In other words, the ability of the manager to ‘‘stay within the rules’’ of the organization becomes the primary focus of audit.
Extending the Financial Audit The SAA proposal recommends that all SAA provisions should apply to corporate organizations, at least as a first step to improving corporate
220
T.A. Lee
reporting, and as a substitute for a more radical reform of the latter function. The ‘‘driver’’ in the proposal is a perception that corporate stakeholders need information beyond that contained in the conventional financial statement package. This suggests there are at least three matters which should be considered in the proposal. The first matter is the general proposition that legislation constructed for federally-funded organizations is adaptable to the corporate community. The second matter is the proposal’s specific ‘‘consumer’’ focus on stakeholders rather than shareholders. The third matter is the reporting extension beyond conventional financial statements for the entity as a whole and its segments. Each of these issues is considered in turn.
Adapting to the Corporate Sector Any transplant is problematic. Uprooting something designed for one environment to place it in another is not easy and can be unsuccessful. The environments may appear similar on the surface, but closer inspection typically reveals significant differences. These variations may result in rejection of the transplant. In this case, the SAA was designed by US legislators to deal with a very specific and rule-oriented type of organization with an operational mission of a public nature. Federal funding is typically given only when certain organizational restrictions and conditions are in place and agreed. These matters are usually the subject of very detailed funding rules. The primary factor at work is that federal funding is made in the name of a public interest to which the operations of the organization are directed (e.g. education). Thus, US taxpayers’ money is a funding source which, as a matter or routine, is perceived by legislators to require oversight. For this reason, it is natural that federal funding is closely associated with accountability exercises of a public nature. The accountability is largely concerned with monitoring funds received and how they have been used. In other words, the SAA exists to protect US taxpayer funding. By its very nature, it is a vivid example of the ‘‘control of controls’’ thesis of Power (1994). Financial statements are disclosed in order to exercise an indirect public control of management, and statement quality is attested to enhance the credibility of that control. Statement attestation is made on the basis of audit reviews of management’s internal controls and accounting compliance procedures. The uses to which funds are put are also examined in the context of specific usage rules and the possibility of fraud and funding abuses are investigated. However, the effectiveness of management beyond its control and rule compliance procedures is not questioned by the auditor under the SAA. Consequently, it is not unreasonable to suggest that the SAA conforms with Power’s (1994) perception of audit, i.e it polices the controls of federally-funded organizations and gives societal comfort that such policing has taken place. As a consequence, it does not dispel the relative
A stakeholder approach to auditing
221
invisibility of the organization and its management to its stakeholders. SAA audit practice is clearly an example of what Power describes as administrative control and governance. It is designed to protect a public interest in federally-funded organizations, and does not, nor is it intended to expose their economic or social effectiveness. For this reason, it has to be questioned whether the SAA should and could be translated to private sector companies. In these organizations, despite pleas for disclosures such as green accounting (Gray, 1990), the concept of public interest is rarely an issue from a reporting and auditing point of view. Corporations are deliberately constructed to maximize the financial interests of private investor communities, and US reporting and auditing prescriptions reflect this (e.g. AICPA, 1973, 1995; FASB, 1978). This does not mean that the public interest in corporate affairs is ignored by accounting policy-makers. However, what typically appears in their prescriptions is a strawman of public interest by specification of all potential report user groups and their information needs. These groups are then stated to have common financial information needs which can be satisfied by general-purpose financial statements. The perceived commonalty of information needs is usually based on an investor decision model. Such reasoning constructs a public interest by means of mental mirrors, and fails to disguise their private capitalist nature. The essential issue with corporate organizations is that their privateness (despite public markets for their shares) and devotion to achieving financial success for shareholders, run contrary to a public interest with which they are clearly associated. There are very obvious aspects of public interest in corporate activity. No company, however large or small, can avoid the reality of doing business within an economic and social context which involves and affects the public. It would be a very foolish management that ignored public aspects of corporate operations. But companies are, by nature, more private and less visible than federally-funded organizations. Thus, it is hard to see how the SAA proposal of ‘‘control of controls’’ could make companies less private and more visible, other than attesting their control and rule-compliance effectiveness. Operational and managerial effectiveness would remain a black box for stakeholders. What appears to be relevant in the corporate sector is a need to directly monitor managerial behavior in areas where, despite rules and regulations, managers can take advantage of the moral hazard created by the principal-agent relationship, and operate in ineffective economic and social ways. In this respect, auditing corporate managers rather than managerial controls would appear to be a worthy task in a world in which corporate invisibility creates so many economic incentives for managers to misbehave. The SAA proposal does not address this issue. Instead, it transplants the philosophy of ‘‘control of controls’’ to the corporate sector} a comforting prospect but not necessarily useful to stakeholders.
222
T.A. Lee
A Stakeholder Approach
The SAA proposal is predominantly concerned with managerial accountability to a variety of stakeholders with perceived interests in a range of financial, economic and social variables in corporate activity. The name of this game would be stewardship, with the managerial stewards held responsible to more than shareholders. Thus, the proposal contrasts with recent thinking over the last three decades concerning corporate reporting. Whether in the US or elsewhere, the focus has been squarely on satisfying individual decision needs. Although the UK Accounting Standards Steering Committee’s The Corporate Report (ASSC, 1975) can be identified as the first serious attempt in that country to advocate a stakeholder approach to financial reporting, its philosophical influence was modest. The Committee’s major reporting objective was stated as the satisfaction of the information needs of a wide range or defined user groups. Decision-usefulness was not made explicit in the study, and the overall philosophy of the Committee was expressed in terms of an aim to disclose general-purpose financial statements as a mechanism of public accountability. As such, therefore The Corporate Report was a financially-orientated precursor to the SAA proposal which is the subject of this critique. However, since 1975, various UK studies of corporate reporting have explicitly embraced the decision-usefulness approach, with particular emphasis on the decision needs of investors and creditors (e.g. McMonnies, 1988; Solomons, 1989; Arnold et al., 1991; ASB, 1991) These suggestions mirror the approach of US accounting standard-setters since 1973 (e.g. AICPA, 1973, 1995; FASB, 1978). From this perspective, the ‘‘stewardship of stakeholders’’ and philosophy of the SAA proposal does not fit easily with current thinking about the decision-usefulness of corporate reports. And perhaps there is no reason why it should. However, the question has to be asked whether a proposal to improve accountability will also assist in the various decision processes with which corporate report users are known to be involved. More specifically, will the ‘‘control of controls’’ audit to attest reporting, control and regulatory compliance help with various stakeholders to make more informed decisions concerning corporate activity? The SAA proposal moves reporting away from the narrow confines of a condensed accounting to shareholders to a wider view of the company for stakeholders. But that wider view has to assist both accountability and consequential decisions. As it stands, the proposal would report on the ‘‘control-worthiness’’ of corporate management, and ignore what is arguably the more decision-relevant issue of the economic and social effectiveness of management in the context of rules and controls. Corporate stakeholders may be able to take comfort under the SAA proposal that controls and rule compliance procedures have been audited, but they would remain ignorant of the economic and social effectiveness of managements’ actions.
A stakeholder approach to auditing
223
Responsibility to Stakeholders The SAA proposal implies a specific auditor responsibility to stakeholders generally unless its remit were offered with a legal safe harbor. The proposal is inconsistent with contemporary legal developments. For example, courts of law have been reluctant to extend the corporate auditor’s duty of care beyond shareholders because of the issue of privity of contract (Gwilliam, 1991), i.e. for the auditor to be held responsible for the nature and quality of audit procedures, courts have held there has to be at least an implied private contract between the auditor and the potential audit beneficiary. Opening up the audit to a social accountability exercise to a more public focus, as suggested in the SAA proposal, introduces concern about its legal acceptability. The basic question here is whether there is privity of contract between the auditor and the generality of corporate stakeholders. If this case can be made, it runs contrary to recent efforts by professions generally, and the public accountancy profession particularly, to reform professional liability to ensure a fairer justice system for professionals in the context of reliance on their expert services (e.g. Cook et al., 1992; Pincus, 1996). Public accountants have made concerted efforts to limit their liability and duties. For example, professional bodies now permit limited liability partnerships, and the SAA proposal is conceptually opposed to Congressional intentions in the Private Securities Litigation Reform Act 1995. Given the expectations of public accountants to extend litigation reform beyond the 1995 Act (Andrews & Simonetti, 1996), it is not unreasonable to suggest the SAA proposal could meet with opposition from accountants and their regulating bodies because of the potential litigation issue. This possibility does not mean the proposal should not be considered. But it does require a closer examination of the stakeholder-public interest foundation on which it is based. Any proposed extension of the responsibilities of public accountants will work only if they can be held accountable at law for the quality of audit.
Auditor Competence and Independence It has long been recognized in corporate audit thought that the success of such an audit is largely conditional on the independence of the auditor. If this condition does not exist, the degree to which the audit opinion can be trusted as an objective statement is limited. In addition, as Lee and Stone (1995) recently argued, if the auditor is incompetent, independence is not an audit characteristic to be anticipated. Lack of competence, because of lack of expertise and experience, forces the auditor to rely on client management in terms of asking questions and assessing responses. These matters appear to be of relevance to the SAA proposal, i.e. given the nature of its provision, is the current corporate auditor capable of carrying out such an audit successfully? The answer to this question depends on the extent to which the
224
T.A. Lee
SAA’s provisions are put into operation. The current audit focus is on numbers generated by an accounting system dependent on internal controls and rule compliance procedures. In this respect, the auditor is a trained accounting expert capable of examining accounting controls, rules and numbers, and there should be no problem related to competence and independence on those aspects of the SAA proposal. However, the proposal goes beyond conventional auditing, and requires verification and reporting on compliance with rules and regulations in a variety of non-accounting areas such as political activity, minimum wages, civil rights, relocation, health and safety, and pollution. It is therefore questionable whether corporate auditors trained to review accounting controls and numbers are sufficiently expert to deal with non-accounting controls and procedures. There can be little doubt that the training of an auditor would be useful in these situations, i.e. in terms of the general principles of seeking and evaluating evidential material. However, such training is insufficient if the nature of the audit subject-matter requires skills not held by financial experts. The issue here, therefore, is not with attesting the quality of financial statements and the control systems and accounting principles on which they depend. Instead, it concerns other compliance issues which require expertise in areas such as economics, law, engineering, biology and medicine.
Auditing Controls or Management? When considering each of the above comments on the SAA proposal, it is apparent there is a need to question its compliance nature, and whether this is actually what is needed in order to effect adequate social accountability to stakeholders. At the heart of corporate activity is the potential moral hazard of the principal]agent relationship. This is usually interpreted in terms of management taking advantage of shareholders by misappropriating shareholder funds. What is somehow minimized in these arguments is the potential for management to misuse these funds, i.e. not because of any fraudulent motivation but more out of incompetence or ineffectiveness. Classical economics might argue that efficient markets pick up signals of incompetent managerial behavior. However, a casual empirical observation of corporate activity over nearly 200 years suggests otherwise. Companies fail despite market monitors such as audit and, in these situations, it is not only shareholders who lose out. All stakeholders are subject to the moral hazard of the principal]agent relationship. The SAA proposal does not appear to fully address this issue. As previously argued, its audit emphasis is on rule and regulation compliance in accounting and non-accounting areas. The managerial object of the controls is not the main target. Thus, there is a case to be made that, rather than ‘‘control of controls,’’ the SAA proposal should look more radically at the idea of a management audit for shareholders and
A stakeholder approach to auditing
225
other stakeholders. Throughout the history of corporate activity, management has been left to manage, despite laws and regulations requiring periodic compliance reporting. For example, despite nearly a century of shareholder-orientated legislation, it was not until the Companies Act 1948 in the UK that shareholders were effectively recognized as needing an extensive accounting from corporate management (Bircher, 1991). The SAA proposal does not appear capable of truly forcing management to account for its actions. It is therefore suggested that, in addition to compliance auditing, the SAA proposal should be extended to be an effective management audit. This would involve not only whether managers compiled with controls but whether their actions were effective in economic and social terms. Management would require to specify its financial and non-financial targets, and the auditor would report on variations between actual and budgeted performance. Such a proposal is not radical, and has been made from time to time in the auditing literature. Innes (1984), for example, provides a comprehensive review of the concept of external management audit. He observes initial thinking in the UK and US in the early 1900s, and more developed suggestions in the 1960s and 1970s. The earliest proposals included the publication of audit reports on the effectiveness of management in areas such as production and distribution. Later recommendations covered matters such as the verification of all financial and non-financial disclosures by corporate management. In 1969, these ideas progressed to the point at which an unsuccessful Parliamentary attempt was made in the UK to mandate external management audits of corporate operational efficiency. Practical examples of management audits are not hard to find, particularly in the public sector. Innes (1984) lists a considerable number of management audit activities in Europe and North America, including the work of the National Audit Office in the UK, the Auditor General in Canada, and the General Accounting Office in the US. Public accountancy firms in each of these countries also have limited experience of commissioned management audits in the private and public sector. While continuing to recognize concerns expressed earlier about auditor competence in non-accounting matters, expanding these experiences into the private sector on a recurrent basis would appear to be worthy of at least discussion and debate and would add to the audit explosion in a relatively controlled and meaningful manner. Making the results of these audits public would be the major change from the current position, as not all current management audit reports are available for public disclosure and use.
Conclusions Despite the above criticisms of its content, the proposed SAA adaption to the corporate sector should be taken seriously. Its focus on the inadequacies of the conventional financial reporting package with respect
226
T.A. Lee
to social accountability to stakeholders is a serious issue for corporate governance. The major flaws in its present form relate to its original non-corporate purpose and several difficulties concerning the audit of non-financial matters for beneficiaries other than stakeholders. The greatest advantage of the SAA proposal is that it forces a needed debate on corporate audit, i.e. what it is and should be, and who should benefit. Its greatest disadvantage is its present structure which would increase Power’s (1994) ‘‘control of controls’’ audit explosion. A more direct management audit has been suggested. Let the debate begin.
References American Institute of Certified Public Accountants, Objectives of Financial Statements (New York: American Institute of Certified Public Accountants, 1973). American Institute of Certified Public Accountants, Improving Business Reporting: A Consumer Focus (New York, NY: Special Committee on Financial Reporting, American Institute of Certified Public Accountants, 1995). Andrews, A.R. & Simonetti, G., ‘‘Tort reform revolution’’, Journal of Accountancy, September 1996, pp. 53]55. Arnold, J., Boyle, P., Carey, A., Cooper, M. & Wild, K., The Future Shape of Financial Reports (London: Institute of Chartered Accountants in England and Wales, 1991). Accounting Standards Board, ‘‘The objectives of financial statements and the qualitative characteristics of financial information’’, Statement of Principles Exposure Draft (London: Accounting Standards Board, 1991). Accounting Standards Steering Committee, The Corporate Report (London: Accounting Standards Steering Committee, 1975). Bircher, P., From the Companies Act of 1929 to the Companies Act of 1948: A Study of Change in the Law and Practice of Accounting (New York: Garland Publishing, 1991). Cook, J.M., Friedman, E.M., Groves, R.J., Madonna, J.C., O’Malley, S.F. & Winbach, L.A., The Liability Crisis in the United States: Impact on the Accountancy Profession (Chicago: Arthur Andersen et al., 1992). Financial Accounting Standards Board, ‘‘ Objectives of financial statements by business enterprises’’, Statements of Financial Accounting Concepts 1 (Stamford, CT: Financial Accounting Standards Board, 1978). Gray, R., The Greening of Accountancy: The Profession After Pearce (London: Chartered Association of Certified Accountants, 1990). Gwilliam, D., ‘‘The auditor’s liability to third parties’’, in M. Sherer & S. Turley (eds), Current Issues in Auditing (London: Paul Chapman Publishing, 1991) pp. 60]75. Innes, J., ‘‘External management auditing of companies} a survey of bankers’’, Doctoral Thesis, University of Edinburgh, 1984. Lee, T.A. & Stone, M., ‘‘ Competence and independence: the uncongenial twins of auditing?’’, Journal of Business Finance and Accounting, 1995, pp. 1169]1177. McMonnies, P.N., Making Corporate Reports Valuable (London: Kogan Page, 1988). Pincus, A.J., ‘‘The Reform Act: what CPAs should know,’’ Journal of Accountancy, September 1996, pp. 55]58. Power, M., ‘‘The audit society’’, in A.G. Hopwood & P. Miller (eds), Accounting as Social and Institutional Practice (Cambridge: Cambridge University Press, 1994) pp. 299]316. Solomons, D., Guidelines for Financial Reporting Standards (London: Institute of Chartered Accountants in England and Wales, 1989).