How to Evaluate the External Auditors

A new tool will help, but boards also need to stay skeptical and ask penetrating questions to test the quality of the external auditors.

The Audit Committee Collaboration (six associations or firms, including the National Association of Corporate Directors and NYSE Governance Services) recently published External Auditor Assessment Tool: A Reference for Audit Committees Worldwide.

It's a good product, useful for audit committees and those who advise them -- especially chief audit executives (CAEs), CFOs and general counsel.

The tool includes an overview of the topic, a discussion of important areas to assess (with sample questions for each) and a sample questionnaire to ask management to complete.

However, the document does not talk about the critical need for the audit committee to exercise professional skepticism and ask penetrating questions to test the external audit team's quality.

Given the publicized failures of audit firms to detect serious issues (fortunately few, but still too many - the latest being the FIFA scandal) and the deficiencies continually found by the PCAOB Examiners, audit committees must take this matter seriously.

Let me Illustrate with a story. Some years ago, I joined a global manufacturing company as the head of the internal audit function, with responsibility for the SOX program. I was the first to hold that position; previously, the internal audit function had been outsourced. Within a couple of months, I attended my first audit committee meeting. I said there was an internal control issue that, if not addressed by year-end, might be considered a material weakness in the system of internal control over financial reporting. None of the corporate financial reporting team was a CPA! That included the CFO, the corporate controller and the entire financial reporting team. I said that, apart from the Asia-Pacific team in Singapore, the only CPAs on staff were me, the treasurer and a business unit controller. The deficiency was that, as a result, the financial reporting team relied heavily on the external auditors for technical accounting advice - and this was no longer permitted.

The chairman of the audit committee turned to the CFO, asked him if that was correct and received an (unapologetic) affirmative. The chairman then turned to the audit partner, seated directly to his right, and asked if he knew about this situation. The partner also gave an unapologetic "yes" in reply.

The chairman then asked the CEO (incidentally, the former CFO, whose policy it had been not to hire CPAs) to have the issue addressed promptly, which it was.

However, the audit committee totally let the audit partner off the hook. The audit firm had never reported this as an issue to the audit committee, even though it had been in place for several years. The chairman did not ask the audit partner why; whether he agreed with my assessment of the issue; why the firm had not identified this as a material weakness or significant deficiency in prior years; or any other related question.

If you talk to those in management who work with the external audit team, the most frequent complaint is that the auditors don't use judgment and common sense. They worry about the trivial rather than what is important and potentially material to the financial statements. In addition, they often are unreasonable and unwilling to work with management - going overboard to preserve the appearance of independence.

I addressed this in a prior post, when I said the audit committee should consider:

  • Whether the external auditor has adopted an appropriate attitude for working with the company, including management and the internal auditor
  • Whether the auditor has taken a top-down and risk-based approach that focuses on what matters and not on trivia, minimizing both cost and disruption, and
  • Whether issues are addressed with common sense rather than a desire to prove themselves

Does your audit committee perform an appropriate review and assessment of the external audit firm and their performance?

I welcome your comments.


Norman Marks

Profile picture for user NormanMarks

Norman Marks

Norman Marks has spent more than a decade as a chief audit executive (CAE) for major companies, with as much as $28 billion in annual revenue. He has implemented risk management, ethics programs and disclosure processes at multiple organizations.

MORE FROM THIS AUTHOR

Read More