Perspective | What Do Auditors Even Do?

By: | February 19, 2019

Roger Crombie is a United Kingdom-based columnist for Risk & Insurance®. He can be reached at [email protected].

External auditors supposedly arrive after the battle is over and bayonet the wounded. But what are they really meant to be doing when they carry out an annual audit? Please, answer the question before reading further.

What did you say? Discover fraud?


Prevent fraud?


Certify financial statements are correct?


According to top auditors in the U.S. and UK, their job entails none of the above and especially not detecting fraud. If they’re right, what are they actually doing?

A public debate has opened as to the meaning of “audit” driven by the 2008-2010 recession and the unexpected business failures it occasioned — and, by subsequent, high-profile business insolvencies. Many companies that fail do so less than a year after receiving a clean report from their external auditors.

In the U.S., the matter has been pushed to the forefront by GE’s consideration of replacing its auditor after more than a century in office, following what Bloomberg described as “high-profile financial stumbles.” In the UK, the spark has been provided by the collapse of Patisserie Valerie, a chain of cake shops, after the as-yet unexplained disappearance of $50 million.

The owners of Patisserie Valerie have discovered they cannot have their cake and dividend, too. The company’s auditors, Grant Thornton, issued a clean audit certificate not long before the fraud came to light. Grant Thornton’s chief executive has said an audit is not designed to look for fraud.

Don’t feel too bad if you went 0 for 3 in the pop quiz. Many people feel auditors owe a duty to a wider stakeholder group, such as future investors, or to any reader of certified financial statements.

I’m one of those people, and I’m fully qualified to carry out audits of public and private companies. I spent the first four years of my career doing just that. The head of the Financial Reporting Council, the UK’s accounting watchdog, has said auditors must look for fraud as part of their responsibilities. We looked for fraud and sometimes found it.

The Institute to which I belong was founded in 1880. External audit is a more recent development, with its origins in the Depression of the 1930s. We’ve had decades to work out what external auditors are supposed to do and still don’t seem to have a clue.

The law is clear. In the U.S. and UK, auditors must certify that financial statements give a “true and fair” view. Easy peasy? Wrong again. It’s too vague. What is truth? “The truth is rarely pure and never simple,” Oscar Wilde said.

Defining the purpose of an audit is long overdue. If all an audit does is to assess a company’s financial situation some months earlier, give or take the odd massive fraud or accounting misstatement, it cannot be said to have fulfilled the intent of the law or anything else very useful.

Audit reports must be made meaningful or be done away with altogether. Or else, it will be time to bayonet the auditors. &

More from Risk & Insurance