Sri Lanka’s securities watchdog, the SEC, is contemplating introducing new laws, requiring audit firms to report to the regulator irregularities in the financial statements of listed firms they audit.
While a requirement for auditors to police firms exists in Malaysia, it is an exception. Auditors have maintained that their report isn’t a statement of fact but an opinion. An unqualified audit report is also not a certificate of good governance nor a testimonial to prove a firm is well run, auditors maintain.
If SEC does add a whistleblowing responsibility on external auditors, it will be a significant extension of their role. Their current responsibilities are spelt out in Sri Lanka’s Companies’ Law.
Expectations of auditors have been growing; something the industry itself recognizes. However, auditors’ legal responsibility is to shareholders. By adding a whistleblowing responsibility the number of stakeholders to which it must be accountable will be expanded greatly.
Insurance Ombudsman, legal academic Dr.Wickrema Weerasooria discussed the perception versus reality for auditors.
Q What is an auditor’s principal role and function?
The answer to this question depends to whom it is directed. Is it posed to a shareholder or director of a company, or to a regulator like the Securities and Exchange Commission (SEC)? Or is the question posed to a creditor like a bank or a person or company intending to buy-over a particular company. The perceptions of each of them may differ as to what is expected of an auditor.
I can answer the question as a lawyer and academic who has to some extent studied the law relating to and governing auditors in Sri Lanka. About ten years ago I contributed an article to the journal of the Institute of Chartered Accountants on ‘The Legal Liabilities of Auditors’ and a highly respected former Supreme Court judge Mr Dheeraratne wrote a rejoinder contesting some of the views I expressed. In my article, I had said that auditors in Sri Lanka should be governed by English Law but Justice Dheeraratne argued that auditors are like any other profession governed by the principles of Roman-Dutch Law and not English Law.
The basic difference is this. To attach legal liability to professional under Roman-Dutch Law is more difficult than under English Law. The Roman-Dutch Law is a very conservative law and in the absence of intentional wrongful conduct, or dolus, it would be difficult to attach blame to a professional. On the other hand, in English Law negligence alone, or culpa, may be sufficient and intention, dolus, is not required.
Before going further into the difference between English Law and Roman-Dutch Law, let me as a legal academic start by formulating some general points or features relating to the role and function of auditors. Here again, I must emphasize that I am speaking as a lawyer.
Firstly, we have our company legislation, here I refer to the Companies Act No. 7 of 2007. There are several sections in this Act which relate to auditors. These are sections 154 to 165 and they all very important and I cannot think of any auditor who does not know of those statutory sections.
Next to legislation—the Companies Act—the most important area is case-law or judicial decisions affecting auditors. Fortunately, there are no reported Sri Lankan judicial decisions on the subject. This speaks well for the auditing profession. The absence of case-law shows the absence of serious litigation against auditors.
There may have been instances where the thought of suing an auditor may have been contemplated but the decision to institute the case may not have been taken because the law is stacked in the auditors’ favor. I will show why later on.
But in comparison, we have many Sri Lankan cases where bankers and insurers have been sued, but not auditors.
Apart from statute law (Companies Act) and case-law there can be codes of conduct affecting auditors. I am not conversional in such codes on auditors and this area can be best covered by the Institute of Chartered Accountants.
Let us examine the statutory requirements. Many professionals do not study these and they rather give sermons on textbook principles relating to auditors. You ignore the statute at your peril. Auditors are very sharp. They echo the statutory requirements in their reports which they call ‘Opinions’ and I will deal with this later.
Let us look at the statutory provisions.
Section 154 relates to the appointment of auditors and section 155 deals with auditor fees and expenses. Section 156 permits a partnership to be an audit firm. Section 157 outlines disqualifications from being an auditor. For example, an auditor must be a member of the Institute of Chartered Accountants.
Also, no company or corporate body can be an auditor. Section 158 deals with provisions to re-appoint an auditor. Sections 159 and 160 respectively deal with the appointment of the first-auditor and the replacement of an auditor respectively. Section 161 formulates the statement by a person ceasing to hold office as an officer. Section 162 is a very important section which behoves an auditor to avoid a conflict of interest.
In my view Section 163 is the most important section. It outlines what the auditor report or opinion should consist of. This is the section that auditors use to protect themselves from legal liability.
Section 164 gives auditors full access to all the information they require and Section 165 deals with auditor entitlement to attend shareholder meetings.
Q To whom is an auditor accountable to and to what extent?
People should first look at the law governing auditors. Many professionals read textbooks and pontificate on what auditors should and should not do. This is very wrong especially when the laws are so few and clear. According to statute, or Section 163 of Companies Act, auditors are clearly answerable to shareholders and no one else. Many think that auditors are answerable to the public, but this is not what the law says. Auditors don’t even have to answer to directors of a company. In any case, auditors are already protected by the Roman-Dutch Law because proving intentional wrong-doing is very difficult and does not cover negligence.
Now the Companies Act is English Law, but there is no definitive statement on what governs auditors so judges here hold that auditors are covered under common law, or Roman-Dutch Law, which is practiced in only two countries in the world, Sri Lanka and South Africa.
Over the years, English Law governing auditors has developed further with case-law.
English judges have said auditors owe responsibility to shareholders. By stretch of law or legal development, auditors are responsible to directors as well. By extension, English judges have said that auditors can be held accountable to creditors like banks and also corporate predators. But all of them must first prove that they relied on the auditors reports. There have been many instances where auditors have been successfully sued in England, where the laws are less lenient towards auditors than in Sri Lanka. This appeared in a famous case ‘Caparo Industries Vs Dickman’ in 1990 where the whole aspect of auditors was taken up.
In my opinion, English law should apply to auditors here, but in the absence of case law and the Companies Law itself cloth auditors in protective armour.
Q The auditors’ report is really an opinion. What is the legal scope of an audit opinion?
It appears that unlike any other professions the law and the courts, and especially the courts have taken care, may not be deliberate, to protect auditors because they give a report technically called an opinion.
The late Gamini Wijesinha, former president of the Institute of Chartered Accountants used to state at every lecture he gave that an audit report was not a statement of fact, not a review of operations, not a testimonial nor a certificate of good governance, not a testimonial that a company is well run and is not a certificate on the efficiency of directors. The audit report is an opinion based on information that is disclosed to us, he would say.
This word opinion is crucial and is an inbuilt safeguard in the Companies Act. Everyone can accept that an opinion can be different or even a mistake, but it’s still an opinion. Opinions can be criticized but cannot be challenged legally. The term opinion is found only in this piece of legislation and nowhere else; it’s not found in other legislation for bankers, insurers, architects and even medical professionals.
Also, the law clearly says auditors rely on financial statements prepared by the company, so the responsibility lies with directors. If misleading, false statements are given to auditors, then auditors may be deceived. But then one may ask shouldn’t auditors detect them.
If they are so obvious, then yes. If there is an open-and-shut case, glaring discrepancies, glaring omissions, glaring fraud, glaring mistakes then no auditor can be heard to say my report is justified because I acted on what I was told. They can comment on it or refuse to audit.
Old English judges asked are auditors bloodhounds or watchdogs? When I was a law student in the 1960s we were read judgements of famous English judges. A watchdog will bark, bark and bark and alert us to an intruder. A bloodhound will go further, it will follow the trail after the thief or robber has run away, it will follow the trail of blood and help capture the crook. Today, auditors can no longer consider themselves watchdogs, this is an old concept. The world has moved on, company laws have developed and auditors must play a more active role. They must be bloodhounds.
The Companies Act states that the audited report shall state the basis of opinion, this word ‘opinion’ suddenly springs up in the statute for the first time. Auditors also shall state scope and limitations of audit. They should state that ‘we could not do the following and we did not do the following’ but I don’t envisage auditors doing that because anyone reading it would think twice about investing in the company.
Some may argue why an auditor did not call for certain information. Here again, opinion. The requirement for information is a subjective test, not objective. An auditor may argue ‘In my opinion I did not require it,’ and it will hold.
So everything is weighed in favor of auditors, unless a blatant, very obvious error or mistake takes place. You cannot challenge an opinion. You can challenge the facts but not an opinion.
Why go after auditors? Pramuka Bank failed in early 2000s. There was a thought to sue the auditors but nothing happened. We also have the Golden Key debacle but no legal action was taken on auditors. Normally case-law is developed by litigation. Here again the Companies Act gave them protection, and the absence of litigation is a big plus. Auditors cannot be sued.
Banks have been clawed by litigation where judges have further developed the law with case-law. Here in Sri Lanka there is not one case against an auditor.
No matter how great or weak a company, the independent auditor’s report is just one page. To call it a report is incongruous.
Q The public, regulators and lawmakers often believe that auditors should be held responsible when companies fail or when irregularities come to light. Is this perception fair?
This perception will always be there, but it’s not fair.
Blame should fall on directors and then management. My advice to people is do not invest in a company without understanding, and understanding can be easily acquired.
Auditors are already covered by the law and court system. But auditors can always qualify a report, when this happens directors are exposed and thy may plead, coerce and bribe but auditors must say no.
The law protects the auditor and society treats him with a lot of respect. Their parental body, the Institute of Chartered Accountants, is one of the best professional bodies in the country and is highly regarded.
Auditors have been sued in civil courts and successfully, in England where there is less protection for auditors. In Sri Lanka no lawyer will take on an auditor because of the statute and absence of case law. Guilt is difficult to establish unless there is manifest wrongdoing and where codes of professional conduct are violated like conflict of interest. But these are more likely to be settled outside courts, because will do their best to avoid a public scandal and have the finances and legal backing to so. If I can get a partner to the witness box I will be very happy.
The institute can build up self-regulation and set fire to the people not doing their work and set the ball rolling to discredit them.
Case-law is the only thing that can develop legislation further, not seminars and lectures. But the Institute of Chartered Accountants can enforce a high degree of professionalism and keep our auditors beyond moral and legal reproach.
Section 163 of the Companies Act No.7 of 2007 is the most important section in the statute dealing with the role and legal responsibilities of auditors. Excerpts of the Companies Act No.7 of 2007:
(1) The auditor of a company shall make a report to the shareholders on the financial statements audited by him.
(2) The auditor’s report shall state-
a. The basis of opinion;
b. the scope and limitations of the audit;
c. whether the auditor has obtained all information and explanation that was required;
d. whether in the auditor’s opinion as far as appears from an examination of them, proper accounting records have been kept by the company;
e. whether in the auditor’s opinion the financial statements give a true and fair view of the matters to which they relate and if they do not, the respects in which they fail to do so, and;
f. whether in the auditor’s opinion the financial statements and any group statements comply with the requirements of section 151 or section 153, as the case may be, and if they do not, the respects in which they fail to do so.
(3) The auditor of the company shall at the same time as he delivers his report to the company, deliver to the company a statement of-
a. the existence of any relationship (other than that of auditor) which the auditor has with, or any interests which the auditor has in, the company or any of its subsidiaries; and
b. the amounts payable by the company to the person or firm holding office as auditor of the company as audit fees and expenses and as a separate item, any fees and expenses payable by the company for other services provided by that person or firm.
(This interview first appeared in the Abacus, a quarterly journal published by CA Sri Lanka)