Featured Video
This Week in Quality Digest Live
Standards Features
Peter Merrill
People, processes, and technology need to be linked together for the QMS to be effective
Joe Bollard
And how to solve them
Dirk Dusharme @ Quality Digest
Critical components of a digital workplace, plus Hurricane Harvey forces us to look at risk management, infrastructure, and resiliency
DNV GL
It’s the people
Mike Richman
Hurricane recovery, tree-structure FMEAs, doing good for profit, and a vision sensor with vision system performance

More Features

Standards News
ISO 18295–1 and –2 include requirements for contact centers and for clients using centers services
3D CIC focuses on CAD collaboration and interoperability for the entire product life cycle
More than seven billion lives may depend on it
BYK-Gardner’s byko-spectra lite
Nominations accepted through June 30, 2017
The FDA’s RMAT designation goes live
Learn the same methods and techniques used by examiners; network with examiners and Baldrige staff members

More News

John Flaig

Standards

Auditors Must Be Independent

If an auditor is hired by the company it’s supposed to audit, is it truly independent?

Published: Monday, August 21, 2017 - 12:03

Independence is an important issue in statistics, so I found the article, “Ethics, Auditing and Enron,” by Denis Arter and J. P. Russell, in the October 2003 issue of Quality Progress quite interesting.

In the second section of the article the QP editor asks, “Must auditors be independent?” to which Arter responded, “No.”

The QP editor followed up on the negative response by asking for specifics. The author then explained that in the financial field, the auditor is a certified public accountant (CPA) who works for the auditing company. He goes on to say that outside auditing firms are hired by the client company and they are paid for their services when the client accepts the audit report. At that point the relationship stops. He then adds that the relationship apparently did not stop at Arthur Andersen (the now infamous auditors for Enron who helped them “cook the books”).

I do not believe the relationship ends when the audit report is accepted. I think the evidence is contained in the author’s own words, “the company hires the auditing firm.” In essence, the auditing firm is an employee of the company it is auditing. Do you think that the “employee” is going to bite the hand that feeds it? If the auditing firm wants to continue to be employed by the client in future audits, they will tend to see things the same way the client does. For this reason I think that auditors must be independent. Oh, and by the way, for those in the quality assurance world, I think this same argument holds for the quality management system standard from the International Organization for Standardization, ISO 9001, and other management systems standards that are audited by a third party. See my letter to the Quality Progress editor, in the January 2004 edition.

How can this be achieved? A simple and inexpensive approach would be to have the auditing firm selected at random and assigned to the client company. In the case of business audits, the American Institute of Certified Public Accountants (AICPA) could perform this task. For example, each time an audit or filing was required, the company would contact the AICPA who would select, at random, a few auditing firms capable of performing the service. These auditing firms would quote the job and the company would select the supplier they wished to use. The company would pay a small fee to the AICPA for performing this service function.

Generally this would mean that each time a company would probably have a different auditing firm, thus helping to prevent an ongoing relationship. This would promote truly independent audits, because this approach breaks the company/auditor (“employer”/“employee”) financial link, which serves as the root cause of malfeasance and corruption of the financial reporting system.

In the quality assurance world, the American Society for Quality (ASQ) could have taken on the same role as the AICPA with respect to ISO audits. The ASQ promoted the ISO auditing program but unfortunately abandoned their ethical responsibility by doing nothing to assure that the audits were independent and reflected real quality performance. I know of one company that was ISO 9001 certified and had a 15-percent defect rate, proving that, from a quality perspective, the company’s ISO certification meant nothing.

Unfortunately our government legislators chose yet another path. They created the Sarbanes-Oxley bill, which does nothing to address the independence issue and at the same time adds significant cost and inefficiencies to both business and government. Their solution is to have government oversight auditors audit the company auditors. This creates another layer of government bureaucracy (which we taxpayers unfortunately pay for) and it still leaves the good-old-boy financial auditing program firmly in place. Companies just have to be a little more careful or wait until funding is cut to the government auditing function in some future conservative administration that thinks the free market is self-regulating and regulations are not necessary.  

Of course regulations and verification by audit are necessary in many aspects of society and industry as the Enron disaster proved. As a society we just need to assure that the audits are efficient and effective. A key factor in achieving this requires that auditors be truly independent.

Discuss

About The Author

John Flaig’s picture

John Flaig

John J. Flaig, Ph.D., is a fellow of the American Society for Quality and is managing director of Applied Technology at www.e-at-usa.com, a training and consulting company. Flaig has given lectures and seminars in Europe, Asia, and throughout the United States. His special interests are in statistical process control, process capability analysis, supplier management, design of experiments, and process optimization. He was formerly a member of the Editorial Board of Quality Engineering, a journal of the ASQ, and associate editor of Quality Technology and Quantitative Management, a journal of the International Chinese Association of Quantitative Management.

Comments

Independence breaks the money link.

Ian,

I think you have suggested a good approach. My comments were directed at corporate financial audits, but for government activities I think your suggestion makes sense. You just have to be sure the people selecting the audit organization are not part of the government. Perhaps an outside professional organization like the one I suggested would work and of course since the money is coming from the taxpayers I don't think we need to worry about them colluding with the government agency that is being audited.

Independence, certification and accreditation

I think you've missed the point, John. Auditors don't work for nothing, why should they? We live in a society where we all pay for products and services, it's normal, it makes our world go round.   

Independence means "free from unseen influence", it's not really about who pays whom, the bigger issue is "who wears the liability?"  

Professional firms like CAs are established under partnership legislation where each partner is wholly and severally liable for the errors and ommissions of all of them. In that scenario PI insurance is both limited and expensive, but human stupidity knows no bounds as the Darwin Awards show us annually as did Arthur Andersen.  In my view this is as good as it gets.

In our world, the system relies on accredited independent 3rd party certification, where the accreditation body at the top reports to a government ministry and the auditor at the pointy end reports to and is paid by a certifier/registrar who is paid by the organisation being audited.  The weakness here is that the certifier/registrars are allowed to be limited laibility companies so the risk to the owners is minimal.  For example, the Takata airbag scandal should see a raft of certifier/regstrars follow Arthur Andersen's into oblivion, it won't because they can avoid liability for the errors of their incompetent ways.   

IAN, Thank for your

IAN,

Thank for your thoughtful comments. Yes, it is true that the potential liability, just like getting a speeding ticket, can influence better behavior. However, this assumes they are caught in which case the horse is already out of the barn. Unfortunately many people can be hurt by this not just the company and the auditing firm. It seems reasonable to me that we try to reduce the motivation to cheat by taking away the finanlcial incentive and assuring the independence of the audit.

Independence how?

Hi John,

Thanks.  Yes, I do get that but how do you do it?  

Here in NZ we are in the middle of a political and media frenzy where a senior manager from our Transport Ministry was jailed for defrauding them of $726,000.   It became evident that this had occurred under a CEO who was appointed subsequently as Audit-General; he has resigned, thank heavens!

An enquiry was commissioned by the Govt but under legal priviledge they refuse to release it.   

And this is here in NZ, reputed to be the least corrupt adminstration in the world!

The only viable alternative I can think of to applying pertnership law, is that all verification auditing involving a financial transaction (to include ISO 9001 and its derivatives) should be done by civil servants funded from taxes.

Any better ideas?

Kind regards

Wearing the Liability

It seems to me that a focus on liability will lead to bias and diminished objectivity. The biggest issue is how to attain the least amount of bias and the most objectivity. 

Definition of the Parties

It is very important to define the parties in an audit. There is the auditor, the auditee, and the audit client. The auditor is the organization performing the audit. The auditee is the organization being audited. The audit client is the benefactor or recipeint of the report. In a first party audit, all 3 of these roles are within the same organiztion. In a second party audit, the auditor and audit client are the same organization which results in 2 parties (auditor/client and auditee). In a third party audit, all 3 of these roles are within different organiztions. For an ISO 9001 audit, the audit client or recipeint of the report is the customer of the auditee. Organizations become registered to ISO 9001 to give confidence (or a report or a copy of a certificate) to their customer.  Keep these definitions or this structure in mind when you read Dennis Arter's writings. 

Thinking about who pays for the audit can muddle one's understanding of the structure of 1st, 2nd, and 3rd party audits. 

Achieving independence is not the goal. Achieving an absence of bias, or objectivinty is the goal. Auditors do not have to be independent, whatever that means. Indepenedence does not garuantee objectivity. 

Bias and Objectivity

Thank for your comment. Well, if independence is not required for an unbiased and objective audit, then what is? Well, you kind of leave us hanging with no insight into achieving these desirable goals. Yes, auditor independence is not a necessary condition, but it is a highly desirable one if we wish to reduce the undue influence of money on the audit results. I'm surprised you have not figured this out because it has been a well known observation for more than 2000 years. For the Bible says "Money is the root of all evil" and of cooked books.

Why might money be considered the root of all evil?

Why might one consider money to be the root of all evil? Because it changes one's defined state of independence / dependence? Or becasue it affects one's objectivity and bias? 

Independence

People often want to use things like titles to show independence. Or money trails or laibility. We all have bias in our thinking. The more an auditor is aware of their style of thinking, their psychology, types of bias, the more their observations in an audit will be objective. We see what we think before we look. Objectivety / a lack of bias is the goal. Indepedence is one possible means to the end goal of objectivety. Objectivity / lack of bias is not obtainable but it is the gaol in an audit. How one defines "independence" might assist in reducing subjectivity in an audit, but objectivity is the goal. Your quote from the bible is biased. 

Every 3rd party auditor I have ever worked with was "independent" but had bias and was subjective for at least part of the audit. 

Note that ISO 9001 does not use the term "independence" as a requirement for auditors. It does include "objectivity and impartiality." 

Spend more time thinking about how you think and less time on trying to define "independence." 

Finally, understanding the 3 roles in a 3rd party audit, will help you understand Dennis Arter's body of knowledge.