Tuesday, January 10, 2012

Reforming the Auditor Payment Model

The Public Company Accounting Oversight Board's Chairman James Doty made a speech last December entitled, "Auditing in the Decade Ahead: Challenge and Change."  As someone whose career has involved using and issuing public company financial statements, I find the current reform discussion a bit arcane. We have lawyers in Congress writing abstruse regulations which are translated into plain English for managements by in-house or external SEC lawyers; we also have accountants at the PCAOB auditing the work product of the audit firms, all the while engaging in non-value added, tit-for-tat debates. Small companies bear a disproportionate burden from all of this alleged reform, and it's not clear that these procedural and process reforms have a positive cost-benefit ratio.  Maybe there's a better way.

Access to the public capital markets is not a right, but a privilege.  A qualified listing company obtains a real-time price for its securities, based on the voluntary meeting of many buyers and sellers in a transparent market place. The information playing field should be level for all market participants.  This liquidity for corporate securities  is a valuable service to management, whose options can then also be valued, and to all other shareholders, current and prospective.  One of the costs for this access to capital markets is the requirement to issue audited financial statements that fairly and accurately represent the current financial condition of the issuers. Investors use these financial statements, along with other industry, economic, and financial information, filtered through their emotional states to price the issuer securities appropriately.  In well regulated, deep and liquid markets investors can have confidence that they have made their buy and sell decisions on a reasonable basis.  If there is a cost for good regulation, then investor confidence, perhaps expressed by volumes and relatively low volatility, is the tangible benefit.

As Doty writes, "The financial audit is the linchpin for this confidence.  In a world of hyper-charged incentive compensation to ignite management initiative, fraught with risk of self-promotion if not outright self-dealing, the auditor stands apart. Independent, objective, skeptical."

Here's the fundamental problem, "...the auditor is hired and fired by the company itself.  This creates perverse incentives for the auditor not to call the fouls."  No amount of regulation can remove investor risk in the market place.  The auditor's job is not to produce an alternative set of financial statements and then compare them to those prepared by the management.  An audit means a sampling of transactions, with the background of understanding the issuer's business, its processes and controls, and its management's tone at the top.

Here's a solution that applies market prices to audit risk: require all public companies to purchase audit insurance from established, well capitalized insurance companies with extensive records in underwriting commercial lines.  The insurance companies would certify the issuer's financial statements and defend the issuer against lawsuits arising from fraud and material misstatements.  The insurance company, in turn, would contract with audit assurance companies to carry out the actual audit of the issuer's statements.  Investors would have confidence based on the financial strength (A.M. Best Rating) of the issuer's insurer and on its general corporate reputation.

How do the market prices come in?  Insurance companies are fundamentally in the business of appropriately pricing and managing risks for all kinds of perils, and then turning a complicated actuarial analysis into a quoted premium.  I heard a presentation from an insurance actuary about coverage for a client's use of corporate jets.  After going through detailed structures of hazard models, risk mitigation and the like, the actuary said that "we know that if one of our (client's) jets goes down we are looking at about $9 million per seat in costs."  Of course, this is not the premium charged, because this risk is underwritten within a broad portfolio of risks.  The point is that insurable risks are quantified and priced every day. Global property and casualty companies compete vigorously for business, so a lack of bids shouldn't be a problem for most companies.

The insurance company would then hire audit assurance firms based on fees that were appropriate for the scope of the audit, the risks, and on the insurance company's buying power.  If the issuer had other business with the insurer, such as general liability, D&O insurance, or property and casualty on facilities, there would be opportunities for the issuer to benefit from bundling.

In this model, insurers, who are risk averse and skeptical, would more than likely expect their audit contractors to be the same.  The way for auditors to retain business in this setting would not include kowtowing to management, but it would mean protecting the insurance premium by being skeptical and objective. The auditor's client is no longer management but rather the insurance company.

If an auditor were to be fired, then it would be the insurance company that did it, but the management of the issuer wouldn't care, as long as the insurance was in place.  Firms with a history of restatements or misstatements would presumably see very high premiums for their audit insurance.  Investors would be able to draw their own conclusions from these disclosures of the insurance premiums, which of course would be disclosed in proxies and financial statements.

I am not going to claim credit for this idea, as a former controller of mine mentioned it to me almost ten years ago.  He can't remember where he heard it, nor can I find a literature reference.  It is very definitely a worthy idea. Thoughts?

No comments: