Revisors rapportering af svagheder i interne kontroller til virksomhedens øverste ledelse

Morten Nielsen & Thomas Nielsen

Studenteropgave: Kandidatafhandlinger


During the last decade, there have been a number of highly profiled incidents of fraudulent financial reporting. Following such incidents the question arises of whether the auditor should have discovered the fraud and consequently, the value of the audits is questioned. Fraud is seldom discovered during audits. Yet, audits are considered to play a vital role in the prevention of fraud, due to the understanding and testing of the company’s internal controls that the auditor is undertaking during the audit. Regulators apparently agree to this point of view and have responded with a higher focus and increased regulations on internal controls. If audits are not suited to discover fraud then a significant question is whether the communication of the auditor is adequate when informing those charged with governance (the Supervisory Board - hereafter the Board) about the findings and limitations in the auditors work, regarding internal controls. The purpose of this thesis is to examine if the auditors reporting to the Board, mainly through the audit minutes, is usable in regards to the Board’s risk assessment of internal controls relating to the accounting processes. The auditors have a high degree of freedom to choose which audit approach that will be the most efficient and are not required to review or test all the accounting processes. As the auditors can only comment on the processes and internal controls they actually have examined, the reporting to the Board is to a high degree dependent of the auditor’s decision of which processes to examine. There are no requirements to inform the board about, which processes are examined by the auditor. This expectation gap may affect the Board’s understanding and the Board may believe that the auditor has investigated more processes than it is actually the case and therefore ascribe more reliance to the internal controls than can actually be merited by the audit. The conducted survey in connection to this thesis indicates that this is the case. The board members consider the auditor’s communication in regards to weaknesses in the internal controls to be valuable. But the survey also shows that the board members tend to expect too much from the auditors work compared to the actual audit procedures which the auditor must undertake according to the generally accepted auditing standards. Furthermore, the board members find that they can understand the problems described in the minutes. However, the survey responses from auditors indicate that the auditors quite often receive follow-up questions regarding the audit minutes, including questions about the understanding of problems described in the minutes. This also suggests that the board member’s perception of the value and usability of the minutes is too high, compared to reality. The Board needs to understand the auditor’s comments on weaknesses correctly. If the Board does not understand the weaknesses that are described in the minutes as intended, then the Board may misjudge the significance of the comment. As a consequence the Board will not be able to make a qualified decision based on the auditor’s comments. In order for the Board to understand the auditor’s comments, the minutes must be written in a way that ensures that the Board and the auditor have the same understanding of the words used and their implications. For example “internal controls” may have a very specific meaning to the auditor but might not be quite so specific to the board members. In this case, the board members understand the words, but may not understand the meaning in the exact same way as the auditor intended. The risk is that the board members misleadingly believe they have understood the auditor’s point, while this might not be the case. A linguistic and communicative examination of a number of audit minutes shows that the auditor takes on a very accurate but not very reader friendly writing style and that this is reflected by a high readability-index as well as use of many technical terms. In addition, many concepts are used that could have another meaning to the board members than to the auditors. As a result, the audit minutes are not very effective from a communicative point of view. Furthermore, the impact of the comments is subject to the way the auditor has chosen to present an issue, e.g. a weakness in internal controls. The emphasis of a comment is very dependent on the auditor’s judgment of the issue. Since there is no objective ‘truth’ the emphasis of a comment from the auditor may turn in to a negotiation with the management, since the management has an interest in minimizing any critical auditor comments. The survey shows that changing the presentation of a weakness have an impact on the reader’s assessment of the risk involved. The study also indicates that the main factor affecting the assessment of risk is how specific a weakness is described, including a presentation of the potential risk. The analysis of the study of the audit minutes indicates that the auditor may very well choose to minimize the impact of the comments in the audit minutes by applying a style that suggest a relative small impact. Based on the analysis and findings, the thesis concludes that the reporting of the auditors is not very usable for the Boards risk assessment of internal controls in regards of the accounting processes.

UddannelserCand.merc.aud Regnskab og Revision, (Kandidatuddannelse) Afsluttende afhandling
Antal sider199