The audit report is the final document of the external auditor’s work and is used by various users of financial statements, from an entity’s equity holders to potential investors. In the case of banks, it is especially of interest to banking sector regulators and supervisors, and to companies in general.
Mozambique is a developing country whose economy heavily relies on external financial aid, and where banks play a crucial role in overseeing proper fund management. Therefore, it is important for its financial information to be credible, whereby the audit of the banking sector is subject to strong scrutiny, both nationally and internationally. Thus, if there are relevant differences in expectations regarding the work of the external auditor in the Credit Institutions and Financial Companies (CIFC) in Mozambique, with emphasis on banks, the role of the external audit can be questioned.
In this context, this intends to verify the possible existence of an Audit Expectation Gap between the auditors and stakeholders of the audit reports of banks in Mozambique (supervisors, managers and financial staff from companies and banks). The study focuses on the expectation gaps regarding the scope of the audit, the materiality underlying the audit process, the audit risk and the auditors’ responsibility regarding different aspects, namely, fraud and going concerns. In this sense, the perceptions of different parties were collected through a questionnaire, and the results were triangulated via interviews with one or two representatives from each involved party.
2. External Audit in Banks of Mozambique
According to the
Bank of Mozambique (
2021), in 2021, the Mozambican banking system had 16 banks and 12 microbanks, as well as 1586 microcredit operators. All banks were universal, although some decided to focus on specific business segments (retail banking, corporate and investment banking, microfinance, etc.). The microbank is a type of credit institution whose main purpose is to carry out restricted banking activity, operating in particular in microfinance; that is, it can only grant credit or capture deposits as long as they are authorized by the Bank of Mozambique, and only perform other operations and services if they are strictly necessary for the adequate execution of these operations
1. The microcredit operators are entities registered only to carry out, in a habitual and professional manner, credit functions
2.
The trend in recent years has been a reduction in banks (in 2017, there were 19) and an increase in microbanks (in 2017, there were 9) and microcredit operators (in 2017, there were 506). This trend is linked to a policy of bringing banking activity closer to the population through smaller interlocutors who can provide a greater geographic coverage of banking services.
Considering the distribution of their share capital, 14 banks were largely owned by foreign shareholders, being mostly subsidiaries of foreign banks or financial groups. The remaining two banks are majority owned by Mozambican shareholders, and one of them is considered a “public bank”, as it is owned by the Mozambican state. According to
KPMG (
2020), South Africa leads the list of countries of origin of banking capital, followed by Portugal.
According to the
Bank of Mozambique (
2022), the Mozambican banking system has high levels of concentration, being dominated by the four largest banks, which together hold more than 50% of the system’s assets. However, there is a downward trend in concentration levels.
In the 1980s, Mozambique underwent a series of economic reforms, which resulted in an opening of the economy and a flow of multinational companies to the country. Thus, in 1990, Decree no. 32/90 of 7 December (regulation of auditing, review and certification of accounts. Council of Ministers, Mozambique,) was approved, with the objective of regulating auditing activity.
Through Law no. 1/92 of 3 January (defines the nature, objectives and functions of the Bank of Mozambique as the central bank of the Republic of Mozambique. Assembly of the Republic. Mozambique), the Bank of Mozambique ceased to both carry out commercial activities and be the country’s central bank, and became solely the central bank of the Republic of Mozambique.
As a result of this process and the need to monitor the financial system, characterized by the constant emergence of new institutions, products and services, a review of the legislation was carried out at the time, applicable to credit institutions, credit auxiliaries and non-monetary financial intermediation, giving rise, in 1999, to Law no. 15/99 of 1 November (regulates the establishment and exercise of the activity of credit institutions and financial companies. Assembly of the Republic. Mozambique), revoking Law no. 28/91, of 31 December, Decree no. 34/92, of 26 October, and Decree no. 43/89, of 28 December.
In 2020, as a result of developments in the national and international banking sector, Law no. 15/99 was revoked through the approval of Law no. 20/2020 of 31 December—CIFC Law (law on credit institutions and financial companies. Assembly of the Republic. Mozambique). This law strengthens licensing, governance and supervision requirements, and stipulates mechanisms and resolution instruments for institutions considered to be at risk of viability. But it did not change the provisions relating to external auditing, stipulating, in its article 93, that the activity of the CIFC must be subject to the external audit of a recognized company in Mozambique.
Under the terms of no. 1 of article 9 of Decree no. 65/2011 of 21 December (regulation of the activity of external auditors and accounting technicians in credit institutions and financial companies and revokes Decree no. 48/2001, of 21 December, Council of Ministers, Mozambique,), the activity of the external auditor of the CIFC is subject to the approval of the Bank of Mozambique, and must be carried out by a recognized company in Mozambique, which must notify the Bank of Mozambique of serious breaches of legal and regulatory standards relevant to supervision which the auditor detects in their activity.
This regulation establishes, among others, rules regarding the following matters: technical competence requirements (article 4), principles of rotation (article 5), conflicts of interest (article 6), verification of duties, recommendations and information (articles 7 and 8) and requirements for approval of the external auditor by the regulatory authority (articles 9 and 10).
The audit definitions presented by the
American Accounting Association (
1973), the Sarbanes–Oxley Act (United States Public Law 107-204) and
Costa (
2023), in essence, converge to the fact that the external audit is an independent function, which is based on rules that aim to ensure the credibility of information about the business and activity of an entity, prepared based on certain references, by obtaining evidence, and for this purpose, it issues an opinion, through a report, which is disclosed to the different stakeholders.
The International Federation of Accountants (IFAC), through the International Standard of Auditing
ISA 200 (
2021), paragraph 3, states that the objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. It also mentions that the ISAs do not cover the auditor’s responsibilities that may arise from legislation and regulations. Thus, there may be divergences on certain points, and it is the auditor’s responsibility to ensure compatibility between the ISAs and compliance with all relevant legal, regulatory and professional obligations.
In this context, it is important to analyze the responsibilities and level of security underlying the auditor’s work.
By combining
ISA 200 (
2021) and
ISA 700 (
2021), the auditor’s responsibility lies in their opinion on the financial statements, obtained through compliance with the ISAs’ requirements, and not on the content of the financial statements, which is the responsibility of the management body.
In the case of Mozambique, in accordance with Article 4 of Notice no. 4/GBM/2007 of 2 May (which harmonizes the accounting regime of credit institutions and financial companies with the International Financial Reporting Standards, Bank of Mozambique), the CIFCs, which include banks, must prepare consolidated or individual financial statements in accordance with International Financial Reporting Standards and the conceptual framework of the International Accounting Standard Board.
It should be noted that this standard does not present specific models of financial statements, so the Bank of Mozambique established, for supervisory purposes, through Circular no. 3/SHC/2007 of 12 June (Reporting of financial statements and other elements of accountability of institutions that adopt the International Financial Reporting Standards (NIRF), Bank of Mozambique), models of Balance Sheets and Income Statements for individual and consolidated accounts.
The issue of liability for fraud has been the subject of great debate, especially due to the financial scandals that have come to light.
Chong (
2013) notes that stakeholders have pressured auditors to include fraud detection in audit programs and reports.
ISA 240 (2021) states that the prevention and detection of fraud and errors is a responsibility of both those charged with governance and the entity’s management, who must ensure that the entity establishes and maintains an internal control that provides a reasonable guarantee of reliability regarding the credibility of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations.
Auditors, under the ISAs, are required to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. This view is also supported by the Auditing Standards Board of the American Institute of Certified Public Accountants in SAS AU-C Section 240 (
AICPA 2019). Thus, frauds that are audit concerns are those that are materially misstated that could result in fraudulent financial reporting and the misappropriation of assets. Therefore, it is important for auditors to assess the reliability of internal control.
The design and implementation of an adequate internal control, as well as the guarantee of its effectiveness, is a matter of the responsibility of the entity management. This fact is corroborated by paragraph 34 of
ISA 700 (
2021), which also assigns to the management of an entity the responsibility for designing, implementing and maintaining internal controls relevant to the preparation and fair presentation of financial statements that are free from material misstatement, either due to fraud or error. This liability should be described in the audit report. The role of auditors, in accordance with
ISA 315 (
2021), is to assess relevant internal controls with a view to identifying risks of material misstatement in the financial statements, as well as determining the nature and extent of audit procedures.
In addition to understanding the scope and responsibility of an external auditor, it is important to understand what kind of assurance is obtained as a result of an external audit.
According to
ISA 200 (
2021), in its paragraph 17, the auditor obtains reasonable (and not absolute) assurance that the financial statements are free from material misstatement. The impossibility of obtaining absolute security results from the limitations inherent to the audit, which have an impact on the ability to detect material misstatements. Such limitations include, among others, the following factors: the use of tests; limitations inherent to internal control; the fact that most audit evidence is more persuasive than conclusive; and the strong influence of professional judgment.
The other element to be considered in the auditor’s work, and which, in a way, affects the issue of safety, relates to the concept of materiality.
When conducting an examination of the financial statements, auditors consider the concept of materiality both in planning and in assessing identified misstatements.
ISA 200 (
2021), in its paragraph 6, recognizes that the auditor is not responsible for detecting misstatements that are not material to the financial statements taken as a whole.
Therefore, a clean opinion on the financial statements does not necessarily mean that there are no misstatements either due to fraud or error, but that the identified misstatements, whether individually or aggregated, are not material, independently of the audit risk (there may be distortions that were not detected).
3. Audit Expectation Gap
Several authors (
Porter 1993;
Pierce and Kilcommins 1996;
Lee et al. 2009;
Devi and Devi 2014) agree that the term Audit Expectation Gap was initially introduced in the literature by Liggio, in 1974, having been defined as the difference between the levels of expected performance from an auditor’s perspective and from the perspective of the users of financial statements.
Devi and Devi (
2014) state that, in 1978, the Cohen Commission extended Liggio’s definition by considering that there could be a gap between what the public expects or needs and what the auditor can or should do.
Porter (
1993) proposed that the gap be defined as the gap between society’s expectations about auditors and auditors’ performance, as perceived by society. According to this author, differences in auditing expectations have two major structural components, the reasonableness gap (difference in expectations between what the public expects the auditor to achieve and what the auditor can reasonably achieve) and the performance gap (mismatch between what the public can reasonably expect auditors to perform, and the public’s perception of the auditors’ performance). The author also distinguishes two components in performance differences, deficient standards (the difference between what can reasonably be expected of auditors and the auditors’ duties according to the standards) and deficient performance (the difference between the performance that auditors should have and the public’s perception of the auditors’ performance).
Gray et al. (
2011) added reasons for inadequate performance (lack of competence and independence of the auditor), inadequate standards (lack of independence from the profession) and unreasonable expectations (lack of clarification of the auditor’s role and lack of technology).
The perspective of
Ruhnke and Schmidt (
2014), which reflects the view of
Porter (
1993), is that it has been proven in the past that the public’s expectations regarding the scope of action and responsibilities of auditors are broader than the public perceptions of auditors’ performance.
In turn,
Füredi-Fülöp (
2015) introduced a new structural component to
Porter’s (
1993) scheme, the so-called interpretation differences component (the existing difference in the interpretation of audit results between auditors and different users).
The
ACCA (
2019) defines the Audit Expectation Gap as the difference between what the general public thinks auditors do and what the general public would like auditors to do. It also proposes that the gap be divided into three components, namely, the knowledge gap (the difference between what the public thinks the auditor does and what the auditor actually does), the performance gap (differences resulting from the auditor not doing what audit standards or regulations require) and the evolution gap (differences resulting from the auditor’s lack of action due to a lack of monitoring of technological evolution, the complexity of standards or other aspects; this gap exists in audit areas where there is a need for evolution, taking into account the demands of the general public, technological advances and how the entire audit process can be improved to add more value).
Akther and Xu (
2020) present the term Audit Expectation Gap in two different paradigms, namely, an unreasonable gap (difference between what society believes the auditor can achieve and what in practice it can achieve) and a sensible gap. In turn, this last gap can be divided into a sensible performance gap (difference between what society expects from auditors regarding their current level of performance compared to the standard performance described in current regulations) and a sensible standard gap (what society expects from auditors if there is a change in current legislation required by participants and if it is cost-effective to make such an amendment).
In essence, the definitions of the Audit Expectation Gap converge to the fact that there are differences between the expectations of financial statements users in relation to an audit and what auditors actually do.
In studying the theme of the Audit Expectation Gap, it is also important to understand its causes, as the establishment of adequate strategies for its reduction depends on a clear understanding of its causes.
Lee and Ali (
2009) systematized a set of studies associated with the theme of the Audit Expectation Gap, concluding that the causes of this phenomenon can be summarized as follows:
-
The complex nature of the audit function, a fact associated with the subjective nature of audit terms and concepts and also, as
Alawi et al. (
2018) note, with society’s lack of knowledge of the auditor’s profession;
-
The conflicting roles of auditors, which is essentially related to the fact that auditors provide non-audit services to their clients;
-
The evaluation of the auditor’s work quality is carried out after the opinion is issued, when other facts may already have occurred that jeopardize the opinion;
-
The time lag in responding to changes in expectations, which is linked to the time lag between identification by auditors and the response to continuous changes and expansion of public expectations, especially in times of crisis;
-
The self-regulation process of the audit profession, which can lead to a kind of monopoly of the profession, which, in turn, can lead to a lack of incentive for quality;
-
The lack of knowledge and unreasonable expectations of the public, which may be associated with the mismatch of expectations due to unrealistic perceptions of auditors’ performance (
Salehi 2011), or the fact that the public does not perceive audit limitations (
Kamau 2013).
In addition to assessing the level of the Audit Expectation Gap and its causes, several authors have also tried to present some solutions to reduce it. In this context, the following strategies have been identified to reduce the Audit Expectation Gap:
Best et al. (
2001) concluded that expanding audit reporting has the potential to increase the value of financial reporting.
Lee et al. (
2009) note that empirical studies were conducted in the United States of America, the United Kingdom and Australia that provide evidence that an expanded audit report can be used as a way to reduce the Audit Expectation Gap. This is because it provides a better understanding of the nature, scope and extent of an audit, as well as the role and responsibilities of auditors and management. This was one of the reasons why the IFAC changed the content of the audit report in 2015.
Pierce and Kilcommins (
1996) concluded that there was a reduction in the lack of understanding of auditing standards among students who attended a full course or an auditing module, compared to those who did not take auditing-related subjects. However, they state that education alone may not be an adequate response, as this issue must be accompanied by communication in the audit reports of the support bases used by the auditors.
In the same sense, the
ACCA (
2019) states that, in order to reduce the knowledge gap, the various audit stakeholders need to commit to informing the public in a fair, balanced and comprehensible manner about auditing regulations and standards.
Lee and Ali (
2009) note that it is believed that the Audit Expectation Gap is likely to reduce if the public is satisfied with the performance of auditors. However, the studies analyzed by them reveal that there is no consensus on the effectiveness of this methodology in reducing the Audit Expectation Gap. The audit approach for a client depends on the assessed risks, and these depend on several factors, such as the nature and environment of the business, as well as the volume of transactions. As such, it may not be beneficial to use a standard audit program for all firms.
Lee and Ali (
2009) note that some studies suggest that auditors should expand their scope of action as a way to reduce the Audit Expectation Gap. Expanding auditors’ responsibilities is likely to be an appropriate way to respond to public expectations. However, the costs of such services must be considered. These costs would be charged to the companies, as the public would understand them to be the responsibility of the auditors. Therefore, a company may be reluctant to request these services from auditors unless they are required by law.
Koh and Woo (
1998), citing Humphrey et al. (1993), note that the reinforcement of auditors’ independence can be achieved through the establishment of an independent entity, which supervises the appointment of auditors and regulates audit fees. However, they point out that the magnitude of the Audit Expectation Gap and the costs and benefits of this solution must be carefully evaluated before being implemented.
-
Improvements in auditing standards (
ACCA 2019)
For the ACCA, the creation of clearer auditing standards that avoid creating requirements that may introduce bias in the judgment, or that are difficult to implement objectively, is a means of reducing the gap.