| RegNet Home | Search RegNet Program |

 

AUDITING IN PERSPECTIVE: REGULATORY TOOL, MORIBUND REMEDY OR DEMOCRATIC CHAMPION?

Abstracts of Presentations for Workshop to be held at the Innovations Building, Australian National University, on 6 February 2003

KEYNOTE ADDRESS: EVALUATING THE AUDIT EXPLOSION.
Professor Mike Power, Centre for Analysis of Risk and Regulation, London School of Economics

This paper reviews the claim that there has been an audit explosion in recent years. The argument seeks to refine the audit explosion ‘hypothesis’ in terms of its institutional and behavioural effects, and in terms of its causes and consequences. It remains the case that the most significant behavioural consequences of the audit explosion are empirically elusive. In addition, a framework for greater comparative sensitivity is developed, both in cross-national and cross-sectoral terms, which focuses on variation in the knowledge base, formal organisation and operational process dimensions of auditing. Finally, a preliminary framework for evaluating the design of auditing practices is developed which could inform a post-Enron critical discussion of both the problems and the potential of audit.

SOCIAL ACCOUNTABILITY AUDITS: CHALLENGING OR DEFENDING DEMOCRATIC GOVERNANCE?
Dr Sasha Courville Regulatory Institutions Network, ANU

With the rise of corporate social responsibility, a dazzling array of initiatives to integrate social justice issues into business practices have been established ranging from self-regulatory approaches with company self-declarations to sophisticated private regulatory systems based on independent third party certification. The latter category includes international initiatives such as the Fair Trade Labelling Organisations International (FLO) with its certification and labelling program allowing consumers to identify fairly traded products such as coffee, tea, cocoa, honey, sugar and bananas or Social Accountability International’s accreditation system for certification bodies evaluating facility-based compliance to the SA 8000 standard, based on fundamental ILO conventions.

As a new area of auditing practice addressing subjective issues at the global level, auditors from existing programs, labour leaders, worker rights activists and other specialists recognize that social auditing is complex, vulnerable to bias and often simply incomplete. However, given recent developments in social auditing methodologies and the creation of new organizational structures responsible for standard-setting and certification processes, social auditing systems have much to contribute to the wider debate about the role of ‘audit’ as a tool of regulation and accountability in today’s society. It is argued in this paper that social auditing processes, if done well and situated within a stakeholder-based institution, can aid democratic processes.

This paper begins with an overview of the landscape of social auditing within the broader framework of corporate social responsibility. Unique aspects considered are the voluntary and market-based characteristics of social auditing systems. In order to allow a detailed understanding of social auditing in practice, the second section explores two examples of social auditing and certification systems. This section provides a brief overview of the organizational structures of these initiatives followed by the standard-setting procedures, how the systems address the issue of independence as well as the steps involved in a given audit and the tools used by auditors to evaluate compliance to the standard. Finally, the decision-making processes regarding certification are outlined, as are appeals mechanisms in place. The third section of the paper examines social auditing through the lens of trust, accountability, and ownership of the process.

DEMOCRATIC AUDITING.
Professor Marian Sawer, Political Science Program, Research School of Social Sciences, ANU

Democratic audit is a specific approach to democracy assessment. It does not provide an aggregate assessment but rather enables institutional strengths and weaknesses, threats and opportunities to be identified. It was pioneered in the UK but has since been tested in eight other countries under the auspices of the International Institute of Democracy and Electoral Assistance. The audit frame currently includes over 80 indicators, deriving from basic democratic principles and mediating values. The underlying principles are popular control over public decision-making and political equality. These principles have been expanded by the Australian audit team to identify separately the principles of civil liberties and human rights and quality of debate (deliberative democracy). The separate identification (rather than subsuming) of principles is in recognition of the possible tensions between the majoritarian and liberal elements of representative democracy. Mediating values which guide the audit of political institutions include inclusiveness of representation, accountability, transparency, responsiveness, participation and solidarity.

The audit team is an independent body (including some 35 academics across Australia) collecting quantitative and other data. For example, data showing the increased dependence of major political parties on corporate donations, issues concerning the adequacy of disclosure provisions in Electoral Acts and options for addressing issues of party financing. Stakeholders such as political party representatives, clerks of parliament, electoral commissioners, NGO and media representatives are involved once draft audits are prepared and participate in the workshops that characterise the audits. One of the aims, apart from providing data for longitudinal and comparative purposes is to promote informed public debate on issues of electoral reform.

AIDS AUDIT – HIV AND HUMAN RIGHTS.
Dr Helen Watchirs, Regulatory Institutions Network, ANU

Auditing general human rights in the specific area of HIV/AIDS is important because the virus thrives in vulnerable communities, and in turn exacerbates human rights abuses by providing new opportunities for unequal treatment. It is a new model of human rights monitoring conducted as a tripartite process with community, government and expert representatives. The audit attempts to increase accountability and compliance with the International Guidelines of HIV/AIDS and Human Rights in the dimension of formal law. The tripartite composition attempts to balance the views of both external (community) and internal (government) members, mediated by the independent human rights expert performing the main evidence gathering (that is, research of legislation and case-law) and analytical work. The methodology uses ten qualitative indicators based on justiciable rights in the Guidelines (for example anti-discrimination, liberty, health and privacy) and assigns quantitative scores grouped in four quadrants (substantial, significant, partial or minimal).

The immediate object is to highlight areas of best practice, as well as legislative gaps. The evaluation is designed as an intervention to raise rights consciousness, understanding and debate, and to serve as an advocacy tool for law reform by testing the extent of implementation of international norms at national and local levels. A transparent process involving stakeholders sends a message that human rights are important and can influence opinions legitimizing the norms being measured. In Australia this involves auditing laws in each State and Territory, as well as the Federal jurisdiction. The methodology was originally called a “Rights Analysis Instrument”, but governments were reluctant to participate in the process - cooperation was forthcoming when it was renamed “audit”(using the democratic audit as a precedent for achieving legal reform in the UK) in order to more powerfully communicate its object, as well as promote serious consideration of its tangible results. Indicators have had a difficult history in the human rights area because many of the aspirational concepts are perceived as inherently unmeasurable.

The narrow focus on formal law should lower expectations about what can be achieved by the audit, but there are dangers of complacency where jurisdictions achieve high scores. However, the audit incorporates a very basic notation device where there is a divergence between law and its enforcement, to avoid over-reliance on the results and to flag areas for an anticipated second stage audit of broader dimensions capturing actual practices. It is possible that auditees can manipulate results, but this may not be dysfunctional, for example using the audit as drafting instructions for reforming laws. Requiring legal expertise of participants is an obvious limitation, but a capacity-building function is recognised by also including policy representatives from community and government sectors in the audit. There is room for negotiation of both the terms of the questions and results of the audit in the consultative process. However, what is being tested in these laws needs to be consistent across jurisdictions in order to be reliable, valid and verifiable. A major source of contention is the ambiguity of some laws that requires interpretation (usually based on secondary sources), but structured questions can make evaluation of latent content more objective.

Because the immediate goal of the audit is to stimulate domestic legislative reform it is designed not to be a democratic dead end. A broader anticipated use of the audit is to feed the focused results into the under-resourced UN treaty monitoring system in order to sharpen the dialogue between independent experts, governments and NGOs. Providing comparative data on whether formal laws comply with human rights norms enables internal tracking over time to see whether the situation has improved or deteriorated, and external comparison with other jurisdictions. A longer term objective of the audit is to link results with other quantitative disciplines, such as epidemiology, in order to empirically test the nature of the link between health and human rights. A key challenge is the usefulness of the audit in developing countries where the epidemic is concentrated and there are pre-existing problems with the rule of law and lack of resources for institutions administering justice.

CORPORATE COMPLIANCE SYSTEM AUDIT.
Dr Christine Parker, Senior Lecturer, Law Faculty, University of Melbourne and
Research Associate, RegNet, ANU.

Many regulatory regimes now require organizations to internalize responsibility for their own ethics and regulation through compliance programs via license conditions, requirements of enforceable undertakings and other settlements of potential enforcement action, and even corporate probation orders. The reliance on compliance systems has high stakes. On the one hand it promises a high level of corporate responsibility performance through internalisation of responsibility in every day management. On the other hand it delivers to corporate management and professional advisers a high level of control over the achievement of regulatory objectives and puts regulators in a position where they are virtually guaranteeing the adequacy of companies’ management systems to meet compliance objectives. Regulators rarely have the resources to monitor more than a small number of companies for their compliance processes. In order to bridge the gap, some regulators require third party audit in an attempt to receive assurance that adequate compliance systems are in place.

This paper critically examines the ability of compliance system audits to provide adequate assurance of compliance system performance. My empirical evidence comes from the use of compliance system audit in monitoring compliance with enforceable undertakings agreed between companies (that have allegedly breached the law) and the Australian Competition and Consumer Commission. I also use some evidence from the Australian Securities and Investments Commission’s use of compliance system audit for monitoring compliance with enforceable undertakings and also under the managed investments licensing regime. Data was collected by interviews with regulators and auditors, and analysis of enforceable undertakings and audit reports.

The evidence suggests that the real value of compliance system audits in the enforceable undertaking context is as a management review not as verification that a company has put in place a compliance program. It is the audit’s critical and dialogic aspects that induces better compliance - the fact that corporate management listens to and engages with the auditor’s expert opinion on how to improve compliance management. The regulatory assumption, by contrast, is that auditors will provide ‘cold comfort’ certificates - an attestation that the audit has been able to verify that an adequate compliance program is in place. Yet verification of adequacy of a compliance system is illusory because it assumes the ability to reliably measure compliance system performance. Current compliance systems audits mostly evaluate design and implementation of systems but rarely attempt to measure outcomes and performance of those systems. Furthermore verification implies a full stop in the compliance process – it is an opinion that closes the consideration of compliance management by stating its adequacy rather than opening it up to review and further improvement in the light of changing circumstances. Nevertheless it may be the formal regulatory requirement of verification (and the belief that it is possible) that gives the compliance review its power in encouraging management to listen and respond, and to improve compliance management.

The danger is that the review aspect of the compliance system audit will be captured by management ideologies and concerns. It will be insufficiently epistemically independent of management. In the enforceable undertaking audits, this is evident in a tendency to focus on management systems at the expense of forensic investigation of harm done (or at risk of being done) to consumers, and in a failure to seek out public opinion and input. This style of audit undermines the basic regulatory objective of democratic accountability for corporate responsibility. As Michael Power argues, it is ‘not designed to support public debate or to connect the audit process to wider representative organs or to further machinery of regulatory escalation… the audit process… is not a basis for rational public deliberation. It is a dead end in the chain of accountability’ (p127). I conclude by using the literature on critical social audit to show that there is, nonetheless, significant potential for compliance system audit to open up corporate management to democracy, and to make some suggestions as to how this might be possible.

QUALITY IN THE MARKET FOR FINANCIAL REPORT AUDITS: REGULATION OF AND COMPETITION FOR AUDITOR INDEPENDENCE.
Professor Keith Houghton, Australian National Centre for Audit and Assurance Research

The allegations of audit failure are no longer rare. In several parts of the developed world concerns of the quality of financial report audits are routinely discussed in the media and the wider community. The collapse of a Texas based energy trading company - Enron – has arguably been a catalyst for profound changes and proposed changes in auditing. Many of these focus on the presence and extent of auditor independence.

Financial reports are merely the representations of company management. The audits of financial reports add value by providing a competent and independent attestation of the validity of the representations made. There is significant evidence that audit firms are active rivals in respect of audit pricing and competency but there is little or no observable evidence that audit firms compete in respect of independence.

Auditor independence and the quality of financial report audits more generally is rarely tested with great rigour other than in the circumstance of corporate failure. When it is tested some would argue that its alleged sub-optimality is too common. Often auditors have good defenses as to their competency but rarely do they have equally convincing defenses for the objectivity of their decision-making or the independence of their audit.

A major issue for the regulation of auditor independence is that the threats to independence are frequently subtle and difficult to measure. Hence regulating the decisions that relate to independence cannot rely on crude definitions and imprecise regulatory measures. This paper argues that firms that undertake financial report audits need to be more transparent and competitive in respect of auditor independence. A regulatory model that uses this premise is proposed.

ENVIRONMENTAL AUDIT - CUI BONO?
Dr Roger Burritt, School of Business and Information Management

The roles and benefits of environmental audit are explored in this presentation. What is environmental audit? Is it at the voluntary end of the regulatory mix? How is it linked with environmental management? Is verification important? To whom does it matter? Is there an expectations gap? Are dialogue and trust important? What are the links with maintaining organizational legitimacy? The presentation comments on these issues in the context of audit as a regulatory tool.

AUDITING THE AUSTRALIAN PUBLIC SECTOR.
Colin Scott, Law Program/Regnet ANU and Centre for Analysis of Risk and Regulation, London School of Economics

There is considerable evidence to support the hypothesis that Australian government has undergone an ‘audit explosion’ in the last 20 years. The traditional concern of public sector audit with questions of legality, regularity and probity remains. But supreme audit institutions (SAIs) have taken on wider monitoring functions over public sector bodies, resulting in both a quantitative and qualitative expansion of their work. Additionally other regulators of the public sector deploy audit methodology as part of their regulatory toolkit. A key example is provided by the intergovernmental Australian Universities Quality Agency (AUQA).

The paper has three main sections. The first examines the nature of the traditional public sector audit function at both institutional and normative dimensions. The second section takes as its central theme the observation that audit has become a solution to a much wider range of problems with the public sector than the simple ones that public servants may either run off with the money appropriated to their unit, or devote it to purposes for which it was not appropriated. As performance measurement has become the central technique for promoting expenditure of funds in an ‘efficient, economic and effective’ manner so auditors have become the key professionals. Thus all supreme audit institutions in Australia have a central role in assessing the value for money offered by public sector bodies through the technology of performance audit. Notwithstanding serious questions as to the capacity of audit to answer questions about performance, the appropriateness of performance audit represents orthodoxy. The current battleground is over the extension of auditors’ responsibilities to cover non-financial performance. Some Australian jurisdictions require SAIs to make such assessments while others appear not to permit this practice.

The final section assesses the contribution of modern audit techniques to oversight of the public sector generally, assessing the division of functions between departments, SAIs and other external agencies. In this context the limited regulatory role of audit becomes clear. There is little capacity either to set standards or apply sanctions for breach. Audit has a central role in cultural change associated with New Public Management. On one ‘regulation of government’ analysis its contribution to regulatory oversight over performance is best understood as part of a wider regime structure, which involves other agencies and departments. An alternative perspective sees audit as having the potential to act in a metaregulatory fashion, stimulating, reviewing and steering regulatory capacities innate to public sector bodies. On this analysis the central question is how much and what kind of normative force does an audit regime require to work effectively with the self-regulatory structures of auditees.

AUDITING PUBLIC SECTOR PERFORMANCE INFORMATION: THE INTERNATIONAL EXPERIENCE.
Dr Peter Wilkins, Director Policy, Office of the Auditor General, Perth, WA

Public sector auditors are increasingly being asked to provide assurance regarding the quality of performance information reported by agencies to Parliament. This relatively new type of audit has strong similarities with the traditional auditing of financial statements, but there are also some major differences. There are also similarities with performance or "value for money" auditing, with some of these audits commenting on the quality of the information as part of a wider scope.

In some cases, the audit is restricted to commenting on the accuracy of the data and associated calculations, whereas in others there is a much wider assessment of the relevance and appropriateness of the information. The form of the audit report also varies from a traditional opinion to a more extensive commentary and presentation of findings.

The reasons for requesting this assurance include enhancing the use of the information by establishing its credibility, and through the feedback process enhancing the quality of the information itself. These reasons and some underlying drivers need to be viewed in the context of the continuing debate on the role of performance measurement. Relatively little is known about the usage and usefulness of the performance information, and there is debate regarding the unintended consequences on behaviour and performance.

The paper will explore the role and contribution of this type of audit and the similarities, differences and issues identified above. Possible areas for future research will also be discussed.

THE CONSUMER AND CLINICAL AUDIT - WHAT DO I NEED TO KNOW?
Fiona Tito, Principal Health Policy Advisor, Australian Council of Social Services

Currently in Australia, it is very difficult for consumers to know whether the practitioner that are using has experience or is skilled in a particular procedure, or whether the facility in which the person practices has checked these things. Some of this lack of knowledge relates to the information not being publicly available. But in most cases, it arises because it is not being systematically collected by individual doctors or facilities.

There is a wide range of activities in Australian health care, which are moving towards collecting this information for different reasons. They are using a range of methodologies, including incident monitoring, root cause analysis and clinical audit. This work will be summarized and the likely outcomes of these reforms, so far as better informing consumers is concerned.

Moves to increased clinical audit, at least in the case of the most serious adverse events, may provide some information, but much of it is not going to identify the doctor. There are also needs to address performance feedback loops, so that clinicians can improve and build these into the credentialing processes.

The challenge for all of this is how to give consumers relevant useful information, which can help in their health care decision-making. At a systemic level the challenge is how to create a learning ‘no blame’ environment, while still actively ensuring that there is systemic responsibility for addressing chronically poor performers and the very small number of ‘bad apples’.