Madoff, Enron, that Indian company… all were frauds, all were audited. So how responsible are the auditors in these situations? To what extent are they financially liable? I know it’s not fully, but surely it goes beyond the loss of reputation.
How would it affect the system if auditors were fully financially liable for frauds they failed to discover? After all, isn’t it their job to make sure the books aren’t cooked?
Well, it depends on exactly what they did. Simple incompetence wouldn’t neccessarily be criminal, but their might be civil damages dependong on who contracted what with whom. If the malfeasance was more… deliberate, then other things turn up.
In the case of Enron, their auditors, Arthur Andersen were convicted of obstruction of justice were forced to surrender their CPA licenses, and are effectively out of business. Even after the Supreme Court unanimously overturned the conviction due to bad jury instructions, Andersen has yet to resume any kind of accounting business, and still has hundreds of lawsuits to defend.
As for Madoff, his books were audited by some fly-by-night two-man accounting firm that nobody had ever heard of. Yet, people still thought it was a good idea to invest with him, despite the complete lack of transparency.
This is why I like index funds.
(Are you talking about external or internal audit? Bit of a difference there.)
Assuming the former, if external audit firms were financially liable for fraud nobody would operate in that business. Management is responsible for prevention and detection of fraud, and for building controls to those ends. External auditors are present for a relatively short period of time to inspect accounting records maintained by management, to opine on whether those accounts provide a true and fair reflection of the actual situation, and to determine whether the accounting treatment of assets and liabilities is appropriate given applicable rules and legislation.
It’s not feasible to guarantee that no fraud has occurred given the fact that external auditors aren’t embedded in firms and therefore don’t see everything that happens, and given that they rely on information provided by management (albeit nowadays with some high-level controls review of the processes and systems that produced that information).
That’s not to say that audit firms don’t make big mistakes, cut corners, offer incorrect opinions, or have too close a relationship with their clients at times. It’s also not to say that it could never be otherwise. But, making those firms financially liable will see them rapidly pull out of that business and into other less risky activities (like consulting projects).
One point driven into us over and over and over in my internal auditing class, was that the hardest type of fraud to uncover was collusion by management.
Most controls are designed to prevent against mistakes or one person working alone. One person checks another persons work. But when those two people collude, it becomes harder to find the fraud. And when management is involved (such as in the cases you cited) it becomes harder still. Management typically has the power to cover things up in ways that make it very hard for auditors to find.
Auditors are there just to make sure that management is lying the right way and not being as stupid about it as they would be without someone telling the silly bastards what to do. Pardon me while I go spit this bitter taste out of my mouth.
If I’m not mistaken, one of the problems with the big accounting firms in the Enron era was the conflicts of interests that developed because of the consulting sides of their businesses. It was hard to scrutinize the books of the companies they were auditing when they were worried it would jeopardize the lucrative consulting work they were performing for them. I don’t know if any limits were placed on the “Big 4” in terms of their consulting relationships after Enron or if the fear of an Arthur Andersen-type collapse is enough to keep them in line.
The Institute of Internal Auditors has strict codes of allowed behavior. Typically, to follow with these codes, a company will work with two separate auditing companies. One to do their auditing of financial statements for SEC compliance, and a completely different company for consulting.
So for instance, a company that has PWC do their auditing might hire KPMG for consulting work.