Deloitte’s Bonga Nyembe believes identifying fraud and restoring trust are the responsibility of all stakeholders.
This Future of Audit Series interview is proudly brought to you by ACCA.
Bongisipho (Bonga) Nyembe, partner at Deloitte South Africa, notes that as corporate reporting evolves, it’s important to focus on building a healthy ecosystem, of which audit is one part. “We are not dealing with a static environment,” he says, highlighting changes in technology and policy, as well as the increasing complexity of organisations.
Bonga holds two roles at Deloitte South Africa. He is the deputy managing partner of the audit business (comprising the audit and assurance business across Africa) and the managing partner for responsible business and public policy. These dual roles mean he has an understanding of both the shifting environment in which auditors are operating, as well as the way that the audit product itself is changing in response.
“I think the calls for the role of the auditor to evolve are important calls and we need to investigate that,” he says. “If we are delivering a product, the product needs to be relevant to the market itself.”
However, he adds, it’s also important to address the roles and responsibilities of other role players in the corporate reporting ecosystem, including boards of directors and regulators. “Auditors come in at the end of the overall assurance provision, rather than being the only player in that ecosystem,” he explains. “The controls that build up from beginning to end are quite critical.”
Bonga gives the example of the post-Enron reforms in the USA, which included the responsibilities of management, the governance requirements from the board, and the introduction of the Public Company Accounting Oversight Board (PCAOB) to oversee the audits of public companies.
“In the US, an auditor could go to jail for not doing their job, but at the same time, the CEO or the CFO could go to jail for not doing their job. They haven't tilted the responsibility to one side. They've looked at the entire ecosystem and balanced that responsibility,” he says.
Although there is an increasing focus on using technology tools to improve audit efficiencies and accuracy, Bonga underscores that these are limited in value unless systemic issues are addressed. “Whatever technology you bring as an auditor, it needs to be overlaid on an effective environment that can receive it and work with it. If your controls are poor, my tools can’t work. If your systems are outdated, my tools can’t work,” he says.
Bonga cites the financial system as an example of creating “balanced accountability”, where all stakeholders are held responsible for their part. Prudential regulation aims to ensure that financial institutions and market infrastructures operating within the financial system are inherently safe and sound. This includes regulation of South Africa’s banks and other financial services providers by the Prudential Authority, within the administration of the SARB.
“The CEO and CFO of the bank are actually signed off by the Prudential Authority to be clear on who the person is who has the custodial and oversight responsibility,” he says. “That's the balance we need to see, to say, when you're dealing with public funds, you can't say ‘this is my business’. You've got to understand that there is a higher responsibility. There is a responsibility to understand the systems in place to protect the public and to ask how you’re responding to those systems. That starts to make sure that the people taking on the responsibility of CEO, CFO or chairman of the audit committee really understand the full extent of their responsibility.”
Bonga advocates strengthening the corporate reporting system in its entirety. “We need to split the accountability appropriately and ensure that if we hold a custodial responsibility on public funds, we can’t take that lightly, and we can’t be careless about the responsibilities.”
Deloitte has embraced mandatory audit firm rotation, with the view that this will also play a role in highlighting where organisations have historically relied on auditors as being a system of internal controls. “This will improve the control environment, ensuring management takes responsibility for documenting their thinking, rather than assuming the auditors have documented their control processes,” says Bonga.
The evolving audit product
Bonga says that there is a need for audit to adapt not only to increased organisational complexity, but also to play a greater role in fraud identification.
“Currently the audit product is assurance-based where we have different levels of confidence depending on whether it's an audit or review, and it doesn't talk to fraud.” While fraud may be identified during an audit, there are limitations in the process – signs that point to fraud may not show up in the books. For example, some things can be hard to determine through audit, such as issues related to collusion or the design of management controls.
“We need to ask where, in the quantum of information we have the access to, both within our organisations and publicly, can we find the things that will help us evolve the product, so that the red flags are better understood, better identified and better responded to,” says Bonga.
This means using technologies like artificial intelligence to program bespoke responses to the work that is being done, however Bonga notes that such capabilities can be pricey and change the construct of the audit. “Designing those and implementing those does mean that the cost of an audit changes, but it also starts to increase the lens that the auditor has with which to look at the company,” he says.
While the value of an audit is in the assurance, he does believe that insights generated can be a useful by-product that can be supplied to an organisation’s management to help them improve the way businesses are run.
“At Deloitte, we also actively reviewing our product to explore which elements of our product we can change within the current requirements of the standards,” says Bonga. “There is always a balance here because some of these things have a cost implication, but are investing in the re-imagining of how our product looks and how our clients experience our services.”
Business in the future
“When you look at things that start to break organisations, they are broader than financial issues,” says Bonga. “And when you look at the stakeholder mindset that is starting to emanate at a global level, it's broader than numbers. A very practical example is that climate change is a factor that needs to be considered in the sustainability of businesses.”
Bonga believes audit will need to develop to include a focus on the future viability of the organisation being audited. “As a country, we need to start thinking about the elements we consider important beyond just the financials, as the UK has done, and then how we include these in our reports to look at the broader impact that the organisation has on society. Then we need to bring in appropriate specialists to assess these reports. We must start to have a more holistic view of the of the corporate and its footprint, and the outcomes of what it does through the year, based on views from different assurance providers.”