Audits represent substantial investments of time and capital for any business. In conjunction with the annual audit fee benchmarking report, FERF spoke to Dr. Robert Knechel, the Frederick E. Fisher Eminent Scholar in Accounting and Director for the International Accounting and Auditing Center, on what financial executives should consider when preparing for an audit, the main drivers in audit fee increases, and the impact of emerging technologies on audits.
A transcript of the discussion appears below the podcast player. The transcript was edited for clarity.
FERF: What are some of the main things to consider when preparing for an audit?
Dr. Knechel: As far as getting ready for the audit, the bigger issue is how the auditor must prepare. It’s a coordination issue between the company and the auditor, more particularly with the accounting office and related people in the company who have to figure out when they want auditors running around and when they can make themselves available.
Audits require a high degree of interaction between audit and client personnel; this is really disruptive for the client. As a result, you must make sure that everybody is on the same page regarding when all this is going to happen.
Obviously, there are filing deadlines that are going to influence some things, particularly towards the end of the year. As far as the preliminary work, which could be done six months before the end of the year, there's a fair amount of flexibility.
At the same time, the audit firm is trying to staff their people, right? Because they've got multiple engagements going on simultaneously. So, they must ensure that each engagement gets covered by people when they're actually needed; this leads to an interesting scheduling problem from the accounting firm's point of view. When you’re post year-end, things get even more hectic for accounting firms, because they have numerous, simultaneous audits for a given office – with personnel assigned to multiple engagements who are trying to be in more places than possible. Thus, scheduling becomes really critical, and I suspect that a lot of it has something to do with when the client wants an auditor around and what the client's own filing deadlines are. Sometimes clients want to put out earnings releases before the end of the, you know, before the filing date, so that accelerates things even more.
FERF: Based on your research, what have been some of the main drivers in audit fee increases over the years?
Dr. Knechel: We know a lot about what drives audit fees; it’s probably the most heavily researched area in academia when it comes to audits, because data is available. We've had publicly available data on audit fees since roughly year 2000, and now we're looking at close to 20 years of data regarding the fees that are paid by every listed company in the United States. So, there's been hundreds of papers that have looked at this question, what drives audit fees?
We’ve seen a number of clear patterns emerge. Clearly, the biggest driver of audit fee movement is size (i.e. large companies take more work to audit than small companies). This explains around 70% of variances before considering other factors.
Aside from size, there’s complexity. Complexity often stems from the number of subsidiaries to whether the organization has international operations. As a general rule, the greater the quantity of distinct product lines a company has, the more complex the audit. With this complexity comes more hours and higher fees.
Another category receiving less attention relates to what the client expects from the audit. Audit committees have sought for more robust audits, as the quality of an audit reflects on them. So, the audit committee wants more out of their auditors.
Additionally, internal control and reporting requirements under SOX 404 has driven increases in audit fees. When Sarbanes-Oxley went into effect, there was a new mandate placed on the audit profession. By asking auditors to perform something completely different, we saw a doubling in audit fees from 2004 to 2006. The market for audit fees corrected, as people began to understand the requirements and how to meet them more efficiently. Looking back at it, audit fees probably increased too much from 2004 to 2006.
FERF: According to your research, over what periods have audit fees seen the greatest volatility?
Dr. Knechel: Fees increased right after Sarbanes-Oxley through the beginning of the financial crisis, during which audit fees decreased. Given the increased risk during the Great Recession, you would think that investors and preparers would want more auditing, driving an increase in audit fees. The decrease during this period is at least partially attributable to the pressure to share the pain of the economic downturn. If everyone else was taking a cut, auditors were asked to take one as well.
Since then, audit fees seem to have stabilized. The things that cause audit fee volatility are shocks to the system. If there is another downturn on the horizon, you’ll see fees adjust.
The other wild card is driven on a more localized basis. Auditing tends to be a local market effect, meaning an audit in Chicago is not the same as one in Miami or New York, so the level of competition and bidding for clients tends to be more localized – with some being more industry specific. Thus, if I’m an audit firm in Houston, I have a large interest in oil and gas companies. If one of my competitors has a dominant share of oil and gas clients, the only way for me to get into that market is to undercut those other audit firms, potentially stealing some clients.
Then there’s new companies coming online, new IPOs driving a different type of market. Since Sarbanes-Oxley, the IPO market has slowed down significantly. Still, it is starting to rebound.
The final factor to consider is that audit selections are fairly sticky. While there is some regulatory pressure to switch auditors, it’s not a requirement in the United States to get new auditors. When firms switch auditors, there’s three to six other audit firms who could potentially take over. They all want the engagement, because an audit is like an annuity. If you get the audit today, you’re not going to get replaced next year. Markets don’t like when auditors are replaced too frequently, so if you bring in an engagement – you’re looking at six to seven years minimum. It’s like an annuity because you get the fee every year and you do your job and keep going until the company decides they want to change again.
FERF: What impact do changes in accounting standards have on audit fees?
Dr. Knechel: In the year of the change, you expect fees to go up. Of course, the change in audit fees is dependent on the overall magnitude of the change. Currently, we’ve got some pretty serious accounting changes related to revenue recognition and leases. These raise some tricky questions and the reality is that not everybody knows how to implement the new standards, so there is a learning curve. This learning curve suggests less efficient audits – i.e. higher fees. Audit fees potentially increase during the period of transition, but they don’t stay higher.
From the perspective of economic theory, it’s interesting; because auditors tend to know the most about how to implement new standards, but there’s actually a potential issue of the auditor going to far. The auditors can’t foresee how much work they’re going to have to do, so they are conservative. This is another potential explanation as to why new accounting standards tend to drive up audit fees.
This is illustrated with the changes in internal control reporting back in 2004. Nobody knew what was really needed, and audit fees doubled. With the benefits of hindsight, people were saying that the fee increase was probably too much. Still, you can’t say that the auditor charged too much, because nobody really knew what a fair amount of work was required to deal with the change. The uncertainty associated with complying with regulatory changes or standard changes tends to cause audit fees to trend up for a period. In other words, the year on year audit fee may be a little higher as both sides, the clients and the auditors adjust to the new standard.
FERF: How do information asymmetries impact audits?
Dr. Knechel: Auditing requires complex judgments. You’re keeping a lot of different balls in the air when coming to a conclusion as to whether the financial statements are fairly presented. A CFO sitting at the top of their own job sees everything, at least in theory, going on in the company and they have formed their own opinion as to what’s necessary. The auditor’s perspective is more limited, and they can forget that. External auditors come in without all of that advanced information. They have to form their own independent opinion. Nobody likes disruption from an audit, so it’s not unusual to think that auditors are doing too much. If the auditor is doing too much, there’s pressure from the client to ask for a fee cut – or they’ll have to go to tender and find a new auditor.
With good audit relationships, this tends not to happen because both sides work to understand the other side’s position. In fact, I have a recently graduated PhD student, who did a thesis on how you get a client to accept difficult decisions. In the study, we identified three key attributes or conditions that lead to successful outcomes:
- The Auditor needs to know what they’re talking about;
- You have to have a strong team backing you when preparing for that conversations; and
- You need to have a strong relationship with the client.
The auditor needs to build that trust of being fair and reasonable. If you’ve developed that foundation over time, then delivering bad news possibly leads to a better outcome in many cases.
FERF: What is your advice for financial executives on those difficult discussions, on those disagreements and how to best resolve them?
Dr. Knechel: Nobody enjoys these difficult discussions, but it’s the nature of the job. In the thesis my student was working on, he interviewed an auditor who told a story about a CFO who was unhappy; because, they were looking at some of their fixed asset acquisitions. So, the auditor goes into the CFO's office one day and finds that the entire office has been covered with pictures of the various assets that they had claimed to acquire. The CFO was really irritated by some of the questions. Six months later, that CFO was out the door, because their attitude was poor, and the audit committee got involved.
One way of resolving difficulties is to fire the auditor, but that is a costly, time consuming process. You hear about it when it happens – it’s news. Similarly, a CFO who wants to be difficult may call for an auditor to resign, but that is a bad sign as well.
Resolving disagreements requires a mutual understanding of where each side is coming from and as much accurate information as possible. The thing about financial statements is most numbers are estimates. Most of the key numbers are estimates, and they’re based on the future. Whether you’re talking about valuing assets; whether it be tier three assets or things like bad debts, or warranty or pension liabilities, these things all involve future estimates. Nobody has the rights answer; because, no one has the crystal ball.
Management comes into a room with a number, and the auditor comes into a room with a number. This maybe oversimplifying, but let’s say you have two numbers on the table and there’s going to be a discussion around figuring out how the two sides meet.
There has to be some resolution; because, the SEC doesn’t accept qualified opinions, if you can agree on what the number should be. You have to come to an agreement, or the SEC bounces your report back.
FERF: How has the internal control environment changed over the past five years? I mean, it changed tremendously back 15 years ago, but more recently, how has it changed and how has that impacted audits?
Dr. Knechel: It’s gotten better. When Sarbanes-Oxley came out in 2002, auditors weren’t sure how the audit would go. Then the Committee of Sponsoring Organizations, put out a report on internal controls, which consisted of guidelines you could use for evaluating a company’s internal controls. Since then, there’s been revisions and an update applied on an enterprise-wide basis. One important thing that has happen is the focus to change to risk management. That’s important because the reason you have controls is to mitigate risk. You have internal controls because you’re worried about something going wrong. Until we understood the risk structure of an organization, it was hard to figure out what the appropriate controls should be other than having a checklist, boilerplate approach saying, “Everybody should do this, this, and this.”
Our thinking has evolved to be more sophisticated. Taking the terminology, we have a top-down, risk-based, holistic approach, and process oriented. The idea is that we start at the top and figure out what can go wrong at the top of the business. Then we work our way down into the details. The whole idea is then, what are the critical risks that the organization has? Are they any good at coping with those risks? Do we have any performance indicators that suggest that we’re not very good at coping with these risks? Then the last question, which is a hard one, what does it mean to the audit?
A well-run organization with good controls and no warning signs going off suggests a slightly easier audit, because it’s a less risky audit; however, a company that has poor internal controls, has ineffective management, who has badly designed processes – these are harder to audit because there are so many things that could go wrong. That increase in risk without adequate inter controls suggest the auditor’s job is going to be harder and require more work, more money, and more time. So, over the last five years (actually going back longer than that) I think internal controls across the board have gotten better. Both the companies and the auditors understand this better now. Everybody understands this better; it’s taught better.
Having said all of that, it’s a hard judgment to make. Putting it all in context, we’ve been auditing net income for one hundred years, and we still have debates about what that number means. How do you audit something like an assertion that internal controls are effective? It’s not even a number, right? So, the judgment that goes into that is even bigger than the judgments going into earnings. It’s still a learning curve, but no doubt about it, internal controls across the board have gotten better.
FERF: We’re seeing tremendous potential with new emerging technologies like RPA, blockchain, and machine learning. How do you think these tools are poised to impact the amount of work going into future audits?
Dr. Knechel: That’s a big question, and I honestly don’t think the audit firms know what that means yet. I gave a speech in San Francisco, where I made the incredulous assertion that the future of auditing is not technology. Let me explain that, because of course all of these technologies matter. Of course, this is going to change the way we do things; it changes the way the company operates, and if it changes the way the company operates, it’s going to change the way the auditor operates. From the point of view for the audit profession, I would argue that none of those things change the value proposition of auditing?
Now think about it, you could put Bluetooth and a backup camera on a horse drawn buggy, but it’s not going to make it the future of transportation. Technology alone doesn’t change the audit or the auditor’s goal. It does, however, dramatically change how the auditor does their job. Now, we’re seeing firms that are trying to hire more tech savvy entry-level people. They may have to start hiring more advanced, more senior people; schools have to modify what they’re doing.
Blockchain is an interesting example. In theory, blockchains taken to logical step almost obviates the need for internal controls. Now, I don’t think we’re going to see it – certainly not in my lifetime. For one thing, public blockchains are too complex for the millions of transactions that most companies have to process; however proprietary blockchains designed for those purposes could make that happen. If trust is built into the transaction flow via blockchain, what are the implications for the need for internal control – assuming that that the integrity of blockchain technology is solid?
Somebody more training in the technical aspects would have to figure that out, which suggests a slightly different approach to who we hire as auditors and the kind of training and skills they need to have. In the end, the value proposition is the same. Are the numbers reliable? Are they reasonably stated so that an external investor or other external parties can reasonably rely upon these numbers to make their own decisions?
Machine learning is going to be an interesting tool. How far can it go? I don’t know. It won’t take judgment out of the process. As I said, the extent that the numbers involve future events and future allowances and estimations, these things are always going to some element of judgment. It may even be a higher level of judgment than we see now. The accounting firms have plenty of incentives to worry about how they get this right.
FERF: Thank you Dr. Knechel.