Corporate Responsibility Reporting (6)

Right lads, let's get serious.

Hopefully by now, we have established that the independence of the Big Four is organised within a system of laws, standards, guidelines and compliance mechanisms which are directed towards financial audit. The AA1000 series and the G3, which don’t pertain to financial audit, don’t extensively thematise independence. The Code and other instruments aligned with it, which do talk about independence in quite a bit of detail, pertain both to assurance and financial audit. 

So we can now look at how independence is entangled with an idea of professionalism. There is a long tradition of political and social thought which considers professionalism a socially integrative force, with a coherent pattern of influence extending outside its occupational specialisms. Does the element of professionalism give the Big Four’s independence, despite its orientation to financial audit, some kind of broader applicability?

Well, objectivity requires the practitioner “not allow bias, conflict of interest or undue influence of others to override professional or business judgments” (IESBA 2005:100.4; cf. IESBA 2005:120.1).  Independence of mind is the “state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, allowing an individual to act with integrity, and exercise objectivity and professional skepticism” (IESBA 2005:290.8). The recursive definition of objectivity by independence, and independence by objectivity, is elaborated outward towards more substantive markers with the mention of professional norms, in the phrases “professional or business judgment(s)” and “professional skepticism.” 

The term professional skepticism appears throughout the IESBA’s Code and the ICAEW Manual as something which ought not to be compromised, but it is never directly discussed.  The discussion of ISA (UK and Ireland) 240 is as follows: “The auditor should maintain an attitude of professional scepticism throughout the audit, recognising the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience with the entity about the honesty and integrity of management and those charged with governance.”^[1]

In the US, SAS 99 takes a similar approach: “Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence.  The auditor should conduct the engagement with a mindset that recognizes the possibility that a material misstatement due to fraud could be present, regardless of any past experience with the entity and regardless of the auditor’s belief about management’s honesty and integrity [...] in exercising professional skepticism in gathering and evaluating evidence, the members of the audit team should not be satisfied with less than persuasive evidence because of a belief that management is honest.”^[2]

These elaborations are reminiscent ICAEW’s more bureaucratic-rationalist formulation of objectivity, as “the state of mind which has regard to all considerations relevant to the task in hand but no other” (q.v.).  Their appeal is to pedantically “doing the job” – that is, to a bureaucratic rationality which rejects inductive opportunism, and the short-cuts offered by networks of social capital, in favour of minute compliance with procedure. 

What manifests locally as a laborious literalism is part of the profession’s collective self-constitution.  In this process a social form is created – the unfailing agent of a stipulated practice  – whose utility should outweigh the aggregate utility of various more pragmatic attitudes in their local contexts.

Shall we be a little Habermassy for a moment? So far, everything suggests that the professionalism of accountancy is a feature of systemic integration only. The steering medium of power, institutionalised in the regulatory standards and organisations that have been mentioned, standardises practitioners in an instrumental-purposive orientation.  Compliance with this professional template facilitates the coordination of action by the other major steering medium, money.  To the extent that different practitioners follow like courses in like situations they facilitate the mediatization of those situations. 

Correspondingly, the social substrate of independence seems to be systemically integrated.  It is no accident that the institutional forms of the independent auditor and corporation emerged coevally.  The Limited Liability Act (1855) capped the potential loss of any shareholder at the amount subscribed for in shares.  Similar legislation soon appeared in the US and Western Europe.  The Joint Stock Companies Act (1844) permitted companies to incorporate without royal charter or special parliamentary provision.  The Act also required that shareholders appoint auditors to arbitrate in the event of insolvency.  Initially, these auditors were drawn from among the shareholders themselves (Strange 1996:136).  As corporations grew larger and more complex, specialist insolvency practitioners diversified their services in order to fill the role.  These two Acts are the institutional foundation for the mediatization of owners’ relations.  In other words, nothing here bestows professional independence with a suggestion of applicability outside the audit of financial statements.  If we left our analysis here, professional skepticism would consist at heart of purposive-instrumental rationality.  The appeal to the “reasonable and informed third party” would simply be to the profit-maximising, risk-minimising subject of economic interests.

But another aspect of professional skepticism remains to be excavated. “An attitude of professional skepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party” (IAASB 2005 para 40).  This discussion recapitulates the tendency to discuss the constituents and supports of independence with reference to what they are not.  But there are also some hints here of professional skepticism as an attitude of temperance and restraint. The practitioner is asked to be vigilant against momentary lapses. The practitioner should also not set out to seek contradictory evidence, merely be alert to it. IIASB (2005) continues that the practitioner need not authenticate documents, but should consider “the reliability of the information to be used as evidence, for example photocopies, facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and maintenance” (para 41).

Other discussions of professional skepticism position it more explicitly as a virtuous mean. It's a Goldilocks thing. Professional skepticism can viewed as the contextually appropriate amount of suspicion. The Canadian CICA manual states that an attitude of professional skepticism “means that the auditor makes a critical assessment with a questioning mind, of the sufficiency and appropriateness of audit evidence obtained and is alert for evidence that contradicts or brings into question the reliability of documents or management representations.  It does not mean the auditor is obsessively sceptical or suspicious” (CICA, 2003, 5090.07).

This notion of moderation and contextual appropriateness is the second aspect of the entanglement of independence and professionalism. It should be understood in relation to the ever-evolving ensemble of inferential techniques used by assurors. Seen in this light, professional independence is the capacity to draw knowledgably upon the precedent set in previous use of an inferential technique, while being alert to the inimical features of the circumstances in which it is applied, and the possible necessity of departing from tradition and forming new precedent.

The term inferential technique requires some unpacking.  Independence presupposes that the assuror is not directly familiar with the subject matter.  It is thus invested in the feasibility of some kind of indirect familiarisation.  For assurance to exist as a commodity, the assuror must have techniques to readily gain reliable knowledge of whatever subject matter for which the market demands assurance.

The techniques available to assurors to organise their investigations in particular areas, and to infer further information, often generalising their findings across larger data populations, have been historically variable.  Block tests, such as the detailed inspection of every transaction within a particular month, were a commonplace audit technique in the late nineteenth century, but now are seldom ever used.

In the audit context, three main trends in inferential familiarisation have taken place over the twentieth century.  The first is the rise in importance of internal controls.  Internal controls consist of management procedures and the measures in place to ensure compliance with them.  To take one example, clarity and precision in the allocation of responsibilities and reporting lines is considered a type of internal control.  The segregation of duties is another.  Supply purchasing may be divided into “initiation (e.g. the works foreman decides the firm needs more lubricating oil), authorisation (the works manager approves the purchase), execution (the buying department order the oil), custody (on arrival the oil is taken in by the goods-in section and passed with appropriate goods-in documentation to the stores department) and recording (the arrival is documented by the goods inward section and the invoice is compared with the original order and goods-in note by the accountants department, and recorded by them in their books)” (Mill champ 2002:87).  By the 1940s, the status of the reporting entity’s internal controls also had assumed great significance in determining the scope and methodology of individual audits.  This remains the case.

The next trend is the rise and partial decline of scientific sampling. According to Power (1997:73-75), statistically precise notions of representativeness first took hold in the 1930s.  However, their incorporation into audit practice was far from straightforward.  Clearly a scientistic idiom could improve the eminence of accounting expertise, but it could also erode the exclusivity of professional judgement, if audit were perceived as mechanistic.  See Gwilliam (1987), Elliott (1983) and Abbott (1988) for more on the relationship between audit and statistical methodology. 

The third and most recent trend is the rise of risk-based methodology.  The 1980s saw a shift in audit from the principle of scientific representativeness to one of selectivity based on risk (Power 1997:76).  An auditor will identify key risk areas on a client-by-client basis – for example, allowance for doubtful accounts, inventory obsolescence, accrued royalties, accrued trade spending, classification of intangibles and useful lives, long-term debt classification and revenue recognition – and concentrate scrutiny in these areas.  An event is considered to be risky as a function of both the likelihood of its occurring or having occurred, and its magnitude, typically formulated financially.  Risk provides a common framework for considering both the value of assurance to the client, and the assuror’s liability.

Each inferential techniques is historically variable in the sense of what assurors do, in the typical consequences of their practice, in the reputation attaching to the technique in various segments of society, and in the legal duty of care associated with it. 

This last point deserves expansion.  For it to be worthwhile to accountants to provide assurance, the general level of liability must not be prohibitively high in relation to the inherent limitations of the techniques at hand.  For example, in the landmark ruling re Kingston Cotton Mill [1896] 2 Ch. 297, the courts decided that it was not the auditor’s duty to take stock to check against management representations which were prima facie unsuspicious.  “An auditor is not bound to be a detective, or [...] to approach his work with suspicion or with a foregone conclusion that there is something wrong.  He is a watch-dog, but not a bloodhound.  He is justified in believing tried servants of the company in whom confidence is placed by the company.” 

Inferential techniques which overlap with threats to independence correspond with particularly fierce negotiations of liability and regulatory responsibility.  For example, SOX now obliges US listed firms to rotate their auditors on a regular basis.  Long-term auditor-client relationships, which arguably make it easier for auditors to gather information, are recognised by this legislation as a threat to independence.  This has specific bearing on the technique of rotational testing, in which auditors work their way rotationally through different client site visits and systemic emphasis over a number of years.  Similarly, consultancy work arguably produces an epistemological advantage which can be carried over into audit.  SOX also proscribes the provision of a variety of consultancy services by auditors.

The question which now arises is whether the professional stewardship of this ensemble of inferential techniques, and its relationships with state, market and socio-cultural system, can be understood as systemically-integrated action, characterised by purposive-instrumental rationality.  My view is that it cannot.  Certainly the audit process exists within an envelope of mediatization, insofar as it aims to optimally prepare the audited organisation for steering by the non-linguistified communication medium of money, in its various institutional forms of taxes, fines, investment, loans and so on.  The negotiation of liability is also subordinate to a system imperative.  To put it bluntly, the more the accountancy profession can reduce its liability through the courts, the more lucrative its monopoly franchise on the statutory audit commodity.  But within these territories circumscribed by steering media, communicative action of various strengths plays a significant role.  In its market relationships, the accountancy profession is engaged in educative and learning processes with each audit client.  In familiarising themselves with internal controls, auditors act communicatively with management and employees.  In testing them, important forms of evidence include oral discussion and confirmation in writing.  On its frontier with the state, the profession defends and reformulates its interests deliberatively through the courts and various consultative forums.  In relation to the socio-cultural system, the profession replenishes its head-count not only by training new accountants, but by socialising them into a tradition of the contextually appropriate exercise of an ensemble of inferential techniques. 

The lifeworld resources which the profession draws upon include a permanent regime of training, career progression involving formal and informal mentoring, a tradition of professional congeniality and discussion, a preoccupation with ethics, as well as a relatively homogeneous pool of cultural and ideological norms. 

As well as the purposive-instrumentally rational subject of economic interests, the Code’s appeal to the “informed and reasonable third party” implies an appeal to an agent of this lifeworld.

Phew! This completes the analysis of professional skepticism. Philosophical skepticism with respect to a proposition concerns more than doubting the proposition’s truth. The philosophical skeptic will not assent that the truth of the proposition is in principle knowable. Philosophical skepticism is more than a variety of contrarianism, since there may be many technical and normative implications which follow from a proposition being knowable or not.  A similar concept can be seen to exist within assurance, inasmuch as techniques of inference are supposed to be able to reduce the probability of misstatement, but never to zero.  

But the modifier “professional” of “professional skepticism” does not indicate that the subject of the Code should be philosophically skeptical in relation to a particular object set characteristic of the profession, or that she should endlessly disperse any aura of indubitability that may emanate from this zone of professional responsibility.  The two main connotations of professional skepticism are rule-based consistency and moderation.  Thus professional skepticism is held in tension between a bureaucratic rationality, which emphasises rules, and a legal rationality, which requires balance between tradition and sensitivity to inimitable contexts, and which sediments a particular history of technological development of inference, and the legal negotiations surrounding it. 

Corporate Responsibility Reporting (5)

Okay, this completes the groundwork for our analysis of the concept of independence, as it applies to the independent checking of corporate responsibility reporting.

There is a close link, within liberal political theory, between independence and autonomy, and so between independence and various debates around the ability of individuals to rule themselves, and the conditions under which self-imposed law can be considered authentic. Independence is also an important idea within constitutionalism, especially as pertaining to the separation of powers. There the focus is the insulation of government functions, especially the judiciary, from untoward influence. Appropriate constitutional form is seen by some constitutional thinkers as an important prerequisite of state neutrality. The problematiques of autonomy and constitutionalism are coextensive, inasmuch as questions about the sources of authentic self-imposed law resemble those about the legitimacy of judicial decisions which have regard to private interests.

That very same preoccupation with a mode of non-compromising influence is shared by the literature around assurance. Independence is defined as “freedom from those pressures and other factors that compromise, or can reasonably be expected to compromise, an auditor’s ability to make unbiased audit decisions” (ISB, 2000); it is also described variously as “the conditional probability of reporting a discovered breach” (DeAngelo, 1981:186), “an attitude/state of mind” (Moizer 1994:19; Schuetze 1994:69); “the ability to resist client pressure” (Knapp, 1985).

In this literature, and in the system of overlapping laws, standards, guidelines and compliance mechanisms I’ve alluded to in a previous post, independence is given a concrete discursive form. (Independence is also discursively entangled with a concept of professionalism. I’ll get into that in the next blog post). In this post I want to think about how elements of that concrete discursive form are geared towards the audit of financial statements. In other words, I want to think about how this independence is not really geared towards checking on corporate responsibility reporting, except insofar as there are one or two serendipitous overlaps between financial audit and CRR assurance. So I’m hopefully getting started unpicking some of the complex ways in which the Big Four sometimes have/use/want the wrong kind of independence for what it is they’re doing. Again, some of this isn’t exactly up-to-the-minute, so I’d be very, very interested in any updates from scholars, industry, assuror fandom, etc.

The AA1000AS (2008) and the G3 (which are specific to the CR context and have no applicability to financial audit) had surprisingly little to say on independence. The G3 required that assurance be “conducted by groups or individuals external to the organization who are demonstrably competent in both the subject matter and assurance practices” and “who are not unduly limited by their relationship with the organization or its stakeholders to reach and publish an independent and impartial conclusion on the report.” The AA1000AS (2008) contained the same wording (AccountAbility 2008:14), and required disclosure of mechanisms which ensure independence, and of “any relationships (including financial, commercial, preparation of the report, governance and ownership positions) that could be perceived to affect the assurance providers ability to provide an independent and impartial statement” (ibid.).

Big Four alignment with the AA1000AS (2008) requirement typically comprised just a succinct paragraph, noting that the firm complied with the Code and with internal independence mechanisms which exceed the Code’s requirements, but providing no further detail. (The ISAE3000 referred to the concept of independence elaborated in the Code of Ethics for Professional Accountants (IESBA 2005, referred to hereafter as “the Code”). Two other key guidance documents for the Big Four in connection with independence, the IAASB’s ISA 200 (IAASB 2009), and the ICAEW Members’ Handbook, Section 3, were also aligned with the Code).

The Code applies to financial audit as well as assurance. It divides independence into two necessary conditions: independence of mind, and independence of appearance. Independence of appearance exists if and only if a reasonable and informed third party would judge that independence of mind exists. Independence of mind is considered to consist in a lack of prejudicial relationships. In particular, a professional accountant “should not allow bias, conflict of interest or undue influence of others to override professional or business judgments” (IESBA 2005:100.4). “Relationships that bias or unduly influence the professional judgment of the professional accountant should be avoided” (IESBA 2005:120.2). Independence of mind is characterised as the state of mind “that permits the expression of a conclusion without being affected by influences that compromise professional judgment, allowing an individual to act with integrity, and exercise objectivity and professional skepticism” (IESBA 2005:290.8). ICAEW (2009:283) follows this wording (save for a typo!). The Code characterises objectivity, as it does independence of mind, by what it is not: “The principle of objectivity imposes an obligation on all professional accountants not to compromise their professional or business judgment because of bias, conflict of interest or the undue influence of others.” (IESBA 2005:120.1). There are however a few touches of positive definition here. Professionalism is one, which I’ll be looking at in a later post. The Code expands a bit on “integrity” by insisting on the professional accountant’s “honesty and straightforwardness.” (IESBA 2005:100.4).

Straightforwardness is undefined, honesty is only briefly mentioned again at 150, in the context of professional dignity in self-promotion. See ICAEW 2009:165 for the Members’ Handbook’s limited elaboration of these terms.

We can try some scholarship here. Everett (2005), writing about the Canadian context, trace a shift in accountancy ethics from a Christian idiom based around the concept of a calling, to a scientistic idiom based around objectivity. They note that the chance was gradual and involved many intermediate “mixed” idioms. The unglossed appearance of “honesty and straightforwardness” could be a kind of vestige of this earlier idiom.

The ICAEW Members’ Handbook also provides two definitions of “objectivity,” one using the same wording as the Code (ICAEW 2009:160), and the other that objectivity “is the state of mind which has regard to all considerations relevant to the task in hand but no other” (ICAEW 2009:165). Objectivity here strongly resembles aspects of Max Weber’s ideal type of bureaucratic rationality, in its “exclusion of love, hatred, and every purely personal, especially irrational and incalculable, feeling from the execution of official tasks” (Weber 1960:421). The Code identifies five non-exhaustive categories of threats to independence: self-interest; self-review; advocacy; familiarity; intimidation (IESBA 2005:100.10). The Code attempts ostensive definition because it is “impossible to define every situation that creates such threats and specify the appropriate mitigating action.” (IESBA 2005:100.5). Assurors are expected to use inductive reasoning to recognise threats to independence which are not among the examples, and those which don’t fall neatly into any of the categories. The examples given of self-interest threats are: a financial interest in a client; jointly holding a financial interest with a client; “undue” dependence on total fees from a client; concern about the possibility of losing a client; potential employment with a client; and contingent fees relating to an assurance engagement; a debt arrangement with a client (IESBA 2005:200.4). Self-review threats include: the discovery of a significant error during a re-evaluation; reporting on the operation of systems after being involved in their design or implementation; preparing data used to generate records which become the subject matter of the engagement; and having recently worked for the client (200.5). Advocacy threats include: promoting a client’s shares; and acting on the client’s behalf in litigation, or in informal disputes (200.6). Familiarity threats include: family relationships; gifts and hospitality; other threats (e.g. self-interest threats) pertaining to a family member (200.7). Finally, intimidation threats include: fear of dismissal or replacement; fear of litigation; pressure to inappropriately reduce fees or timetables (200.8). So there we go.

Threats to independence of mind are not decisive, however, since many can be neutralised by appropriate safeguards. Examples of safeguards at the assuror level are “Chinese walls” arrangements, which isolate sensitive information through internal rules and controls, software, and physically secured working and storage spaces. PwC’s code of conduct states, “[w]e aim to avoid conflicts of interest. Where potential conflicts are identified and we believe that the respective parties’ interests can be properly safeguarded by the implementation of appropriate procedures, we will implement such procedures” (PwC 2008:8). Moreover, the threat categories are non-exhaustive. 

Okay, I think we are now in a position to trace the orientation of this concept of independence to the audit of financial statements. In a way, this part of the argument is a fortiori, since we have already established that those sources with substantial things to say about independence are expressly interested in audit rather than assurance!

However it could still be useful to develop a more detailed analysis, particularly for when I come to look at the entanglement of independence with professionalism. The first thing to note is that in the Code, as in the GRI and Accountability formulations, independence of mind is considered essentially a privative quality, not a positive one. It is about something that is not there. And the thing that can’t be there is, roughly speaking, a relationship of interiority, or what you might call being “all up in” the client. Independence of mind is a relationship of duly-influenced exteriority with respect to the client (compare GRI definition q.v.).

Various factors can be decisive in creating a relationship of interiority or undue influence. One type of factor, however, dominates. That is, independence of mind is threatened if the practitioner’s action is steered by money or power which either originates in the client or steers her client.

This factor is exemplified by the first two threats to independence mentioned by the Code, the existence of a financial interest in the client or a financial interest held jointly with the client. Financial auditing constitutes organizations as economic entities and economically specifies their continuity over time. Thus, the orientation to financial audit is expressed in the priority given to threats enacted in steering media. Complete causal isolation would obviously be an absurd construal of independence; there must exist some causal stream between auditor and audited organization! But so long as no economic forms supervene on the causal microfoundations of audit, they are likely to be considered insignificant.

We can expand on this point by returning to the term materiality, which I think I previously treated as a loose synonym for significance. The International Accounting Standards Board (“IASB”) defines materiality, in the audit context, as follows: “Information is material if its omission or misstatement could influence the economic decision of users taken on the basis of the financial statements. Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative characteristic which information must have if it is to be useful.”

In this definition, judgments about materiality are to be founded on the rationality characteristic of the economic sphere. (What a surprise). One might anticipate that for assurance of CR report, judgments about materiality should be steered by consideration of rational decisions characteristic of the spheres of social and environmental governance, reflecting Elkington (1994)’s triple bottom line. The idea of independence upon which assurance depends would correspondingly be construed according to threats exceeding this materiality threshold. Indeed, the G3 defines the Reporting Principle of materiality as follows: “The information in a report should cover topics and Indicators that reflect the organization’s significant economic, environmental, and social impacts, or that would substantively influence the assessments and decisions of stakeholders” (GRI 2006:8). The G3 definition contains both elements – the triple bottom line, and the appeal to the decisions of users – but it stops short of combining them. This is unsurprising, since it is difficult to imagine models of “socially rational” or “environmentally rational” decision-makers which would not be torn apart by the de facto plurality of norms, dispositions and interests constitutive of the former, and by the ideological conflict for the custody of the latter.

Economic rationality, by contrast, can suppose a comparatively harmonious orientation towards the highest profits at the lowest risks. Even those who do not share this orientation will promptly recognize it as the basis on which they are addressed as economic agents. The G3’s vague and inclusive definition is an indication of how difficult it is to reorient the materiality concept for settings which are not highly systemically-integrated; roughly speaking, for places that aren’t completely saturated with economic incentives and/or administrative power.

However, certain of the exemplary threat categories, which I’ve just mentioned, suggest that independence of mind may also be sensitive to social integration factors. It’s not all about stacking paper and ticking boxes! For example, gifts and hospitality, and acting on a client’s behalf in informal disputes, imply some level of communicative action involving the assuror and client.

But before we allow this to argue that the orientation to audit is not complete, we should see it in light of the relationship between independence of mind and independence of appearance. An important corollary of “independence of mind” is that organisations do not have minds. The subject of the Code, and the basic unit of independence, is the practitioner. A threat to independence is thus first affectively disclosed. The practitioner is the first to know about it, and is responsible for escalating it into the regulatory architecture. For example, if a Big Four practitioner has any doubts about her independence, she can speak to one of the partners in charge of her project or her regional service line, to a national risk partner, to dedicated in-house legal teams, to the anonymous ethics helpline which each Big Four firm maintains, to the ICAEW, to the professional body of which she is personally a member (for accountants whose training is Big Four-sponsored, usually the ICAEW or ICAS), or even to the AADB. Such appeals are practical approximations of the Code’s appeal to the “informed, reasonable third party.” The regard of this regulatory architecture cannot be principally to affective status of the practitioner, so it is again to homo economicus, the rational economic subject. Some of these mechanisms are punitively specialised, but the run-of-the-mill independence threat will not be met with investigative and disciplinary procedures. It will be resolved by the institution of safeguards, a change or clarification of engagement scope, the transfer of the practitioner to other duties out of the zone of risk, or in an extreme case the withdrawal of the organization providing assurance. Independence of mind is characterised through a labyrinthine system of recursively-defined terminology including integrity, objectivity, professional, honest, straightforward, fair, bias, undue influence and conflict of interests. The most substantive elements of this system are its several exemplary threat categories. But these cannot straightforwardly determine whether or not independence of mind exists, since a safeguard may potentially neutralise each threat, and the Code does not contain criteria to arbitrate the skirmish of threat and safeguard. However, the Code assumes that margins of safety are cheap, and so the practitioner is directed to draw them generously. If the practitioner receives any hint that her independence of mind is jeopardised, there are abundant candidates, unambiguously economically disinterested, to fill her position. The Code gives an overall impression of great fungibility of practitioners. The assumption of easy disengagement is emphasized by the fact that “concern about the possibility of losing a client” (q.v.) is itself identified as a threat to independence. Because there is so much room to manoeuvre, so much opportunity to switch practitioner for another, it is appropriate to situate the mechanism for invoking regulatory oversight in the affective state of the very person whose judgment is potentially impaired.

The orientation of this idea of independence to audit can be made clear by a comparison with the CR context. For the assurance of CR reports, by contrast, a far more claustrophobic topology of interests obtains. The typical assurance engagement is one in which nobody is disinterested. Social and environmental independence cannot be privatively formulated as feasibly as economic disinterest can.
Were the Code’s concept of independence were oriented to assurance, rather than audit, it would probably have to relinquish the ideal of a materially disinterested assuror, and acknowledge that material threats to independence are ineradicable.

It would have to accept doubt as a constant accompaniment of independence. It would have to address in far greater detail how threats to independence are exacerbated and mitigated in their interactions with one another and with various safeguards.

Okay, it’s worth emphasizing that I’ve only been examining the discursive construal of independence in the Code. I don’t mean to suggest that assurors really walk about in a reverie of internal monitoring, frequently deferring to regulatory oversight as their independence of mind undergoes some questionable shift! Indeed, most evidence is to the contrary. The Big Four have enthusiastically taken to the principle of safeguards, and employ sophisticated computerized conflict check systems to automate the allocation of practitioners to projects. PwC’s code of conduct states, “[w]e aim to avoid conflicts of interest. Where potential conflicts are identified and we believe that the respective parties’ interests can be properly safeguarded by the implementation of appropriate procedures, we will implement such procedures” (PwC 2008:8).

This may demonstrate professionalised preoccupation with independence of appearance over independence of mind. Independence of appearance exists if and only if a reasonable and informed third party would judge that independence of mind exists. This stipulation may at first appear redundant. The factors which, to a hypothetical third party, could argue a lack of independence, are coterminous with the factors for which the subject of the Code is supposed to take responsibility. As the subject of the Code has responsibility for hypothesising the reasonable and informed third party, it is at first unclear what constraint the provision adds. But the provision is not redundant. I think there are three reasons I can give for this. First, the term “informed” implicitly includes practical limitations to evidentiary completeness. The subject of the Code may have spent the day in a room with a snazzy pink folder containing sensitive information, and not have opened it; the subject knows that her independence of mind is not compromised, but fact that the subject definitely did not open the snazzy pink folder must be excluded from the information possessed by the hypothetical third party. Next, the hypothetical third party provides any disciplinary interpreter of the Code with a ready-made cast to occupy and to control in response to situational political imperatives. Making the role of a reasonable and informed third party a decisive one gives a very free hand to the concrete institutions invested with authority to decide upon the Code. To a lesser extent, the same can be said of the recursive system of normative terms loosely associated with honesty. These generate an ambience of raised normative expectation without microfoundation in any concrete norm-governed practices. In favouring a “principles based” approach over detailed specifications, the Code concentrates powers in the hands of concrete authorities. Most importantly however, the derivation of independence of appearance from independence of mind is not a one-way process. The categories of threat which the Code lays out are impersonal, public phenomena. They are not a phenomenology of independence. They do not suggest what it might feel like if independence were threatened. They belong, in short, to the sphere of appearance.

The subject of the Code is thus as likely, or more likely, to use independence of appearance as a yardstick for independence of mind, as the other way around. Indeed, inasmuch as the Code requires the practitioner to escalate any doubt about independence, its basic cognitive mode it requires is one of dubitable doubting (in other words, of apparent doubts, which can be studied to determine if they “actually are” doubts), a mode difficult or even impossible to inhabit except via an imagined intersubjectivity.

The assertion that independence of mind is foundational for independence of appearance is thus contradicted throughout the Code.

The appeal to the reasonable and informed third party pervades the Code; in its pervasiveness, independence of mind, ostensibly a definiendum from which independence of appearance is derivative, actually emerges coevally with it. I see two main ways of understanding this pervasive appeal to a reasonable and informed third party. Both of these confirm independence’s the orientation to audit, rather than assurance. First, it could be considered the Code’s positivist moment. “Reason,” in this interpretation, is regarded as unproblematically homogenous and accessible, and to be “informed” is merely to possess all the “facts.”

While parts of the Code pay lip service to consensual, rather than objectively-given reality, their significance can be traced to this conviction that there is what you might call a transcendental givenness which conforms itself both to thought (“reason”) and to the world (“information”). This understanding is plausible, and is roughly the position taken by Power and Laughlin (1992:116): “the image of accounting as a simple mapping of an independent reality is naïve […] a more radical critique of the representationalist credentials of accounting would see it as a practice that was “creative” in a much deeper sense, i.e. not as a deviation form an objective standard but as a practice without objectivity.”

The second understanding, which I prefer and will further develop, is that the appeal to the reasonable and informed third party is actually one of the places in which the Code most explicitly acknowledges its basis in consensus. “Reasonable” and “informed,” on this interpretation, must be understood as outcomes of socialisation, not positivist indexicals. The independent practitioner is the professionally reasonable and informed practitioner. As Power (1997:80) notes, “Auditability is a function not of things themselves but of agreement within a specialist community which learns to observe and verify in a certain way.” The consensual basis of independence is reproduced through professional practice, which will be the subject of the next installment!

Corporate Responsibility Reporting Assurance (4)

Okay, a sort of interlude to peer into how the accountancy profession and other assurance providers hope to systematise CR reporting. My info here may be a little archaic (often to the tune of four or five years); I’ll try to bring it more up-to-date eventually, but in the meanwhile anyone who wants to chip in, please do!

Standards

Despite the mostly voluntary character of CR reporting and assurance, there are many signs of standardisation. Most of the largest 250 companies worldwide use guidelines developed by the Global Reporting Initiative (“GRI”), and they seem to try to keep pretty up-to-date.

Look a little closer, and the full extent of this standardisation is difficult to decipher. The GRI guidelines are widely used in some form or another, but the guidelines are designed to be incredibly flexible. Compliance with the G3 version of the guidelines comes at three “Application Levels” according to how many CR indicators the company is able to report on; compliance can be self-assessed, or checked by the GRI or by a third party; reports can also be assured or not (the next iteration, G4 is likely to drop this feature).

Assurance may also be restricted to certain aspects of a report, and it may be either at the “reasonable” or “limited” level. This last distinction relates to the amount of work done to verify the subject matter. Reasonable assurance results in a positive form of the assurance statement (“is fairly stated”) whereas limited assurance results in a negative form (“nothing has come to our attention to suggest that it is not fairly stated”). Statutory audit of financial statements is always at the reasonable level. Limited assurance is used in a variety of other contexts, for example, in quarterly reviews of financial statements. A KPMG survey in 2008 showed that “the majority of the G250 (51 percent) obtain report assurance that is a ‘limited level’ of assurance—a lower level that requires less work from the assurance provider and therefore lower costs. […] From a company perspective, choosing a limited level is not surprising since assurance on corporate responsibility information is mainly a voluntary activity.”

The most significant standard of assurance provision applicable to the Big Four is the ISAE3000, maintained by the International Federation of Accountants (“IFAC”) through the International Auditing and Assurance Standards Board (“IAASB”). For member organisations, ISAE3000 has become compulsory where there is no national alternative (such as the Australian AS/NZS 5911 standard). This applies to the Big Four through their memberships in ICAEW. Specialist assurance providers (such as SGS and Two Tomorrows) typically don’t use the ISAE3000. It is a very flexible, generic standard, applicable to a wide range of non-audit assurance engagements. It assumes that the scope of the assurance engagement will be set by the reporting entity. In the UK, the Auditing Practices Board (“APB”) has responsibility for implementing standards issued by the IAASB. It does not currently promulgate the ISAE3000. The APB has expressed the view that the ISAE3000 aims to address too broad a range assurance engagements.

Then there’s the AA1000AS standard. The AA1000AS was developed by the non-profit organisation AccountAbility specifically for the assurance of CR reporting. The Big Four comply with this standard at their clients’ discretion. The AA1000AS (2008) seems still to be the most recent incarnation.

KPMG describe their use of the AA1000APS (2003) as a two phase process. Phase 1 considers whether the scope and materiality of the report is appropriate. During Phase 1, KPMG run their own analysis of scope and materiality. This consists of establishing five input channels: stakeholder engagement; media search; sector knowledge (e.g. peer CR reports, industry body guidelines); client knowledge; and prior year CR commitments. Phase 2 considers whether the individual claims are accurate and complete. Phase 2 is a lengthy process of identifying and taxonomising material assertions. “This results in a detailed assurance plan (including a list of people to be interviewed and a list of the required documentary evidence) at corporate, business/regional and site level (if relevant), together with the selection of sites to be visited. The type and amount of evidence required varies depending on the type of assertion and the level of assurance being sought.”

AA1000AS was developed to complement ISAE3000. For example, AA1000AS’s moderate and high levels of assurance, which the standard recommends for “new” and “mature” issues respectively, are intended to be consistent with ISAE3000’s “limited” and “reasonable” levels of assurance.

One important difference between the AA1000AS series and the ISAE3000 is that the assuror’s consideration of “materiality” is not limited in a scope set by the reporting entity. Materiality is a crucial concept of financial audit methodology, that has been carried over into assurance. Very loosely speaking, material information is significant information. It’s what matters. (I may get more detailed elsewhere).  Under the AA1000AS series, the assuror assesses the degree to which the reporting entity’s scope has correctly identified its stakeholders and their needs. In other words, the assuror must make judge the reporting entity’s choices about what is and is not significant, by appeal to its stakeholders.

So those are the main standards used in the assurance of CR reporting. The Big Four have also developed their own tools relating to CR reporting, for instance Deloitte’s Sustainability Reporting Scorecard (2004), thirty criteria against which to assess a CR report. I’m not sure how much uptake there was of this.

Monitoring

There is comparatively little independent monitoring of this assurance itself (well, you do have to stop somewhere, I suppose). The G3 includes guidance on satisfactory assurance, but compliance must be self-assessed. One GRI representative commented, “An organization should look at the definition on pg. 38 of the GRI Guidelines and make its own assessment in conjunction with the assurance provider as to how they wish to communicate their engagement publicly. We will not take a position on whether a given engagement does or does not constitute ‘external assurance’ as it is impossible for us to assess the full range of engagements put in front of us” (2009).

AccountAbility don’t monitor the use of the AA1000AS (2008) to a detailed level. Each use of the AA1000AS (2008) in an assurance statement requires payment of a license fee to AccountAbility. AccountAbility pre-checks only the statement itself, although an acceptable statement must include a description of methodology. In partnership with the International Register of Certificated Auditors (“IRCA”), AccountAbility offers individuals training and certification in the use of AA1000AS (2008). AccountAbility also has an assuror membership programme (which includes all of the Big Four). However, neither of these are requirements to use the AA1000AS (2008).

The accountancy profession’s self-regulation mechanisms monitor compliance with the ISAE3000. In the context of indepedence, it's worth pointing out that the organisations which embody these mechanisms scoop their members from the cream of the accountancy profession, including Big Four partners. A quick scan suggests that about half the members of the APB are current or former associates of the Big Four, with the remainder drawn from business, law or academic backgrounds. The Big Four are also well-represented on the IFAC board.

High-level oversight of the ISAE3000 is provided by the Public Interest Oversight Board (“PIOB”), an extension of IFAC. In the UK, an infringement of the ISAE3000 would be reported to the professional body of which the firm or one of its employees was a member. All of the Big Four are institutional members of the Institute of Chartered Accountants in England and Wales (“ICAEW”). The Financial Reporting Council (“FRC”) is the UK’s independent regulator responsible for the accountancy and audit profession. The FRC, through its Professional Oversight Board (“POB”) has a statutory responsibility to ensure that these bodies have effective arrangements in place to investigate complaints against their members and member firms. The FRC recommends that professional bodies escalate cases concerning the public interest to its Accountancy & Actuarial Discipline Board (“AADB”). The AADB may also autonomously initiate investigations. As noted above, the APB does not currently promulgate the ISAE3000. In 2009, Executive Director of the APB commented, “While the ICAEW have some sort of monitoring of all services provided by audit firms in the UK (Practice Assurance), in reality I think it is fair to say that there is no monitoring of compliance with it [the ISAE3000].” There is thus something of a regulatory gap; certainly there is less oversight of this standard than of comparable audit standards.

A few more bits & pieces

In addition to all these standards and frameworks described, the Big Four aim to conduct their assurance work in accordance with the Code of Ethics for Professional Accountants, maintained by IFAC’s International Ethics Standards Board for Accountants (“IESBA”), as well as with their own codes of conduct and independence policies, and with appropriate national laws.

Important national legislation includes SOX, enacted in the US in 2002 in the aftermath of a number of major corporate and accounting scandals, above all the collapse of Enron and subsequently of their auditors, Arthur Andersen. Among its provisions, it prohibits professional services firms from doing audit and certain consultancy work for the same client. SOX also extends the scope of statutory audit to a range of internal fraud-prevention controls. ICAEW comments, “The most effective way to ensure the reality of independence is to provide guidance centred around a framework of principles rather than a detailed set of rules that can be complied with to the letter but circumvented in substance.” The focus of these blog posts is the UK system, characterized by this “principles”-based approach. It should be noted however that in the US context, largely as a consequence of SOX, threats to independence are subject to far greater “bright line” legislative specification and governmental regulation.

Finally, an there is the Audit Firm Governance Code, a code of best practice applicable to firms that audit more than twenty listed companies. This comprises the Big Four and four other large professional services firms. As far as I’m aware this doesn’t contain any provisions which are not chiefly oriented to the audit of financial statements.

Okay! Onward!

Corporate Responsibility Reporting Assurance (3)

What is assurance anyway, Lara? Ha! I'm glad you asked.

OK, so let me introduce assurance and begin to analyse the concept of independence on which it depends. The contemporary assurance market is rooted in an explosion in social accounting experiments in the 1970s (Hess 2001). CR reporting declined and theoretical interest waned during the recession of the early 1980s. Environmental auditing and reporting picked up in the 1990s, and then underwent a steady expansion of remit. See Elkington (1994) on the “triple bottom line” of economic, social and environmental dimensions of organisational success. CR reports characteristically address all three dimensions.

In 2007 nearly 80% of the largest 250 companies worldwide issued annual CR reports, compared to about 50% in 2005 (KPMG 2008). I'm unsure where we are today, although I have a horrible feeling CR and CR reporting has slipped down the list of priorities since the most recent global financial crisis. CR shouldn't be one of a set of priorities: it should be the most important aspect of every priority a firm has.

CR is a highly complex and divisive concept. CR disclosure, especially in the form of annual standalone CR reports, is seen as one way of improving the deliberative setting in which the concept is contested.

Whenever there has been growing interest in CR reporting, there has also been a rise in independent assurance of CR reports. This is unsurprising, given the “growing body of social and environmental accounting research that finds corporate posturing and deception in the absence of external monitoring and verification” (Laufer 2003:254). Surveys regularly show public distrust of statements of business leaders (see e.g. BBC 2002). In 2007, about 40% of companies of the largest 250 companies worldwide used some form of assurance in their reports.

Before we go any further, we need to settle on a stipulative definition of assurance. As used by accountants, it is a very broad term covering the audit of financial statements, as well as various due diligence, attestation and agreed-upon-procedures engagements, and customised services which may or may not result in a standard form of report.

In the context of CR reporting, assurance sometimes refers to any tactic intended to add credibility to a corporate disclosure. This may include those which bear no obvious relation to accounting methodology. SustainAbility (2005:1) offer four categories of assurance unrelated to accounting methodology: evaluation, certification (e.g., against the SA8000 standard), expert statement (e.g., from NGOs or academics), and stakeholder commentary.

To further confuse matters, academics sometimes use audit as a broad term encompassing certification, consultancy and assurance activities which the accountancy profession would categorise as non-audit. This use is characteristic of Critical Management Studies; there “audit” emphasises the financial origins, and ostensibly mathematically-reductionist presuppositions of a positivist governance paradigm, for example Power and Laughlin (1992).

There is some inconsistency in the way the term assurance is used by the Big Four. Generally speaking, audit of financial statements is recognised as a sub-type of assurance. But since it is the main sub-type, referring to assurance rather than audit can imply that services other than financial audit are meant. PwC, for example, calls its core service line “Audit and Assurance,” tacitly differentiating the two.

In these blog posts, except where noted, assurance refers only to the assurance of CR reports in a manner that is “systematic, documented, evidence-based, and characterized by defined procedures” (GRI 2006:38), not to any of the wide range of engagements identified above. Audit refers only to the audit of financial statements.

The Big Four and a few other large accountancy firms dominate the assurance market. Technical or issue experts and specialist assurance provider firms have a sizeable minority share. Many companies use stakeholder panels and other third-party commentary to add credibility to their CR reports, but few firms combine these methods with formal assurance (KPMG 2008).

In addition to financial audit and assurance, the Big Four offer their clients a huge variety of consultancy and certification services. Assurance needs to be provisionally distinguished from these services. In assurance, there is a subject matter, a set of suitable criteria, and a tripartite relationship between assurance practitioner, entity responsible for the subject matter, and intended users of the subject matter. This standard break-down can be seen for example in IAASB 2004:283. A case in point is: the Vodafone Corporate Responsibility Report 2008/09 (subject matter); GRI’s G3 Guidelines and AccountAbility’s AA1000APS (criteria); KPMG LLP (assuror); Vodafone Group plc (responsible entity); Vodafone’s stakeholders (intended users of the subject matter).

The intended users of a subject matter often include the responsible entity itself, but to speak of “assurance” implies that the responsible entity is not the only user. This distinguishes assurance from consultancy. Assurors are “third parties,” positioned between the responsible entity and the intended users of the subject matter. The assuror applies the criteria to the subject matter, and issues a statement summarizing its findings. The assuror thereby advises the intended users on what level of trust they can place in the subject matter.

This assurance statement is usually included in the CR report itself. The statement is often of the form that the subject matter is “fairly stated.” The statement usually also includes a high-level summary of methodology, and sometimes includes areas in which the responsible entity could show improvement. A formidable liability statement is the final piece of the assurance statement.

This liability statement points to the difference between assurance and certification. Assurance is characterised by a comparatively low transfer of liability to the assuror. If the subject matter proves, contrary to the assurance statement, to be misstated, the assuror is fairly well-protected from torts initiated by those who have relied on it.

Liability is roughly correlated with reputation. In other words, if a certification agency only had the degree of confidence implicit in assurance when it issued its certifications, they would probably lose their credibility. However, the correlation is more exacting in the business world than in the wider public domain. In the case of financial audit, the transfer of liability to the auditor is consistently beneath public expectations. Audit has a reputation as certification against fraud – but is not considered so by auditors or by the law. Ha! See Millichamp (2002:2). This disparity is known, in a rather smug and patrician and euphemistic sort of way, as the “expectation gap.” Humphrey et al. (1992:57) argue that the expectation gap allows the accountancy profession to “convey an impression of responding to public concern; to reaffirm its independent and selfless image; to assert the validity of its own perspectives on the nature of the audit function; and to direct questioning away from the existing audit system to the limits of proposed reforms and solutions for closing the expectations gap.” For empirical work on the expectation gap see e.g. Monroe and Woodliff (2009).

Indeed, the boundaries of consultancy, certification, and assurance are in practice often blurred. There is an iterative quality to assurance, such that the responsible entity is advised periodically what steps are necessary to acquire an assurance statement. KPMG comment, “Once we receive a reasonable draft of the client’s sustainability report we can check whether the identified issues are covered and whether the information on a material issue is balanced. This is usually the start of a lively debate with the client about what different parties may perceive to be material for their organization, which is more difficult to define if the client’s own stakeholder engagement processes are not fully developed” (AccountAbility 2007:9).

In this way, assurance may drive improvements in CR reporting and underlying CR policies. However, Big Four descriptions of assurance accentuate how their independence can generate credibility, not how it can drive organisational change.

 This is our first indication of an orientation to the audit of financial statements. A brief history will help to explain. The link between audit and consultancy has been by far the most publicly contentious issue relating to auditor independence. In the late 1990s fierce criticism and a string of court cases persuaded all of the Big Five except Deloitte to sell or spin off their consultancy businesses. Deloitte also initially announced its intention to split into separate audit and consultancy firms. Following the collapse of Arthur Andersen (producing the Big Four from the Big Five) after its provision of dubious consultancy and audit services to Enron, a raft of tighter regulatory measures, notably the Sarbanes-Oxley Act 2002 in the US (“SOX”), seemed to take the problem of the relationship between audit and consultancy out of the Big Four’s hands. Deloitte thus elected to retain its consultancy business, which proved extremely profitable throughout the next decade. The other Big Four firms have quietly rebuilt their consultancy businesses. The issue remains a senstive one, however, and the Big Four seldom seek to thematise any complementarity of audit and consultancy.

But as Bendell (2005) argues, the link between CR consultancy and assurance is not so obviously problematic. Declining to assure a CR report does not lead to a dramatic loss of investor confidence, as is typical when an auditor refuses to sign off on a set of financial statements, or challenges a company’s “going concern” assumption. Similarly, “shopping around” for an assuror of CR reports is unlikely to make investors nervous in the same way switching auditors tends to, so ideas for organisatonal change can be drawn from a larger pool. Such advantages may outweigh the risk that assurors exaggerate the success of systems which, wearing their consultancy hats, they helped to design. See Beattie and Fernley (2003) for a literature review around auditor independence and the provision of non-audit services, and Cragg (2005:96-97) for examples of independence issues arising from consultancy in the context of CR report assurance and social audit.

The Deloitte web site offers a typical Big Four rationale for assurance: “As the importance in and reliance of [sic] these [CR] reports increases, there is a growing trend to add credibility to the information presented through assurance. The benefits include greater transparency, increased stakeholder confidence and enhanced regulatory compliance.”

The appeals to “greater transparency” and “increased stakeholder confidence” confirm that in Deloitte’s view, the point of assurance is credibility. “Enhanced regulatory compliance” whispers at organisational change, but it is an oblique phrase in need of some interpretation. Corporations in the UK are not legally obliged to undertake CR policies. The Companies Act 2006 requires that publicly listed companies include information in their annual report on “environmental matters,” “the company’s employees” and “social and community issues” (Section 417, Para 5). Assurance thus neither constitutes, nor falls under, any kind of state-mandated compliance regime. Listing “regulatory compliance” simpliciter as a benefit would make mandatory activities appear to depend on discretionary ones, and the main function of “enhanced” is to neutralise this connotation.

But there is also a ubiquitous expectation that CR will be increasingly legalised, and that reporting will be an early focus of this legalisation. For example, France has required publicly listed companies to publish annual environmental and social reports since 2001. A European Parliament resolution in 2007 recommended the revision of the Fourth Company Law Directive to include social and environmental reporting alongside financial reporting requirements. “Enhanced” thus also carries a sense of “ahead of the game” – organisations which assure their CR reports will find the transition easier when CR and CR reporting are inscribed in law. In this connection, “enhanced regulatory compliance” also imparts a sense of “enhanced standardisation”; that is, of compliance with widely-recognised standards like the G3, even though such guidelines are not regulatory in any straightforward sense.

That typo - a botched edit, actually - is exemplary of the kind of anxiety and confusion surrounding the purposes and priorities of CR reporting. It is likely that the phrase was originally “the reliance in and importance of these reports”; reliance connoting de facto market realities, importance with just a hint of idealism about it. The importance was deemed more important, but the editor left traces of his or her work.

Elsewhere Deloitte (2009:3) are confident enough to set a date on legalisation. “2015-2030 – Increasing legislation, regulation and tax policies force reactive organisations to adopt sustainable behaviour which now becomes a license to operate as unsustainable supply chains seem increasingly outdated. A few popular sustainable approaches and quality stamps emerge as standard, allowing benchmarking and greater consumer visibility. Increasing collaboration between non-competing organisations emerges as the main route to sustaining competitive advantage.”

From the Big Four’s perspective, responsibility for the economic, social and environmental impact of business is migrating inevitably from the public sector to the state sector, driven by ratcheting public expectations. Good CR policies, such as the assurance of CR reports, have their value in positioning businesses advantageously in this shift, and allowing them to shape a few of its specific characteristics.

Corporate Responsibility Reporting Assurance (2)

First, a little caveat: some of this could be dated. At the time when I pulled most of this material together, I did a kind of close reading of "independence." I checked out Big Four’s web sites and other marketing materials; I examined the assurance and general ethics standards promulgated by the International Federation of Accountants (“IFAC”) and by the Institute of Chartered Accountants in England and Wales (“ICAEW”), the popular AA1000 standards developed by the non-profit organisation AccountAbility, the G3 standards developed by the non-profit Global Reporting Initiative, and some of the assurance methodology recommended by audit text books. I also tried to get a sense of the self-regulatory mechanisms of the accountancy profession. I did this by looking at the web sites of various entities, and corresponding with very nice representatives from IFAC and the Financial Reporting Councial (“FRC”) - though not, if I remember rightly, from the Big Four? - to further clarify this regulation architecture. This close reading exposed how the concept of “independence” is constructed in close relation with two others, “professionalism” and “stakeholders.” So I also engaged closely with primary sources which articulate these concepts. This was all about four years back though; a lot may have changed since then. If something has changed, or I'm wrong about something, I'd love to hear from you.

Second, a quick digression. It's a funny world, corporate responsibility. And corporate responsibility reporting is a funnier world inside it. The funniest little world is corporate responsibility reporting assurance.

Or perhaps it's corporate responsibility reporting awards-judging. It's that time of year again: CorporateRegister.com wants you to vote for your favourite CR report (AKA sustainability report or CSR report)! You have a chance of winning cash prizes if you vote! What's that? You don't have a favourite CR report? I'm sorry, I don't understand.

Perhaps those incentives are there because so few people will trouble themselves reading one, let alone two, let alone many CR reports. And even if you did read one, how are you supposed to say if you like it? We like the CR reports that are the most true. Which are they?

Yet a company's CR and CR reporting are really the only things about that company that matter to most sensible people.

There needs to be more journalistic mediation between places like CorporateRegister and members of the public. At the very least, there needs to be an accessible, one-stop-shop that summarises the assurance processes which have gone into each report.

CorporateRegister: you in particular, for your "credibility through assurance" category in particular, need to rejig your layout so that information about who the assuror was, if GRI criteria were used, etc. appears on the same page as you cast your vote. That allows for a quick comparison, and energetic voters can still do depth research if they need to (which one of our two tomorrows does Two Tomorrows really support? etc.).

Third, an introduction to one or two concepts from political sociology. (I didn't really need them to do this analysis; in fact, I think it would have been a lot stronger had I proceeded without formal methodology, and only that sense common to the humanities / liberal arts. But as it happens, I did use them, and at least the history of these concepts being applied is enriched (if only enriched with my bungling)).

It is difficult to invoke Habermas with a clear conscience in a blog post about anything other than Habermas. His core preoccupations undergo constant and nuanced revision throughout his ouevre. I've elected to take concepts from The Theory of Communicative Action, but their application here also points to successors in later and precursors in earlier works by Habermas. One point I'm going to make later on - that organisations seeking a “license to operate” from society are systemically hampered, in harvesting credibility, by the disparities between genuine sources of legitimacy in the socio-cultural sub-system and the representative institutions open to those organisations - recalls Legitimacy Crisis (1975). In characterising the accountancy profession’s structure of mixed orientation to success and to understanding as legal rationality, I'll be parallelling one core idea of Between Facts and Norms (1996), that law derives its legitimacy from networks of communicative power, and thereby expresses the tension between the claims of reason as concretely specified and their context-transcending idealizations (Habermas 1996:449). Furthermore, there are parts of The Theory of Communicative Action which I have only cursorily engaged with here. The concept of legal rationality constitutes abbreviated and speculative reconstruction of aspects of knowledge embodied in accountants’ everyday practices, whereas Habermas’s theory of reconstructive science provides a comprehensive framework within which the concept could be more rigorously linked to empirical fallibilistic enquiry.

Power and Laughlin (1999) also apply Habermas to the accounting profession, suggesting that “the nechnical neutrality of accounting practice is illusory and that accounting is a potentially colonizing force which threatens to ‘delinguistify’ the public realm” (132). To suggest a model of the entanglement of independence and professionalism, which can operate outside both concrete discursive connections and a sociology of the professions, I'm going to draw on categories developed by Habermas (1985), especially socially-integrated and systemically-integrated action settings. Habermas develops these to contest Max Weber’s “identification of instrumental reason with the rationalisation characteristic of modern life” (Power and Laughlin 1999:121).

Habermas’s analysis of modernity proposes two parallel processes of rationalisation. In the domain of instrumental-purposive action, action is oriented to success. Rationalisation here consists in the optimisation of success. Action can be optimally integrated by steering media, that is, non-linguistified communication media such as money and power. These steering media relieve the participants in complicated regimes of action of the burden of achieving linguistic consensus, while preserving and extending the integrity of their action networks. Each actor is steered according by the contours of incentives and disincentives which confront her, not motivated by her linguistically-attained intersubjective understanding. This is what is meant by “systemic integration,” contradistinguished from “social integration.” Since action in this domain is oriented to success, its systemic integration by steering media is considered non-pathological.

In the domain of communicative action (the “lifeworld”), however, action is oriented towards understanding. Rationalisation in this domain consists in the accumulation of intersubjective moral-practical understanding. This process is identical with the increasing generality of that understanding, which Habermas understands as the gradual uncoupling of the institutional, cultural and personality symbolic structures which together comprise the lifeworld. To make sense of this triptych, we need to consider that social integration consists in the reciprocity of socialisation (the internalisation of cultural values by the personality system) and social control (the internalisation of cultural values by institutions). As the lifeworld rationalises, and the three symbolic structures float apart from one-another, their interpenetration coming more and more to depend upon the interpretive accomplishments of actors, who reciprocally raise and redeem the validity claims inherent in their communicative practices. See Habermas (1985:146).

Socially-integrated action in this domain is non-pathological. But systemically-integrated action is associated with the distortion of communicative rationality. The tendency for this to occur is what is meant by “the internal colonisation of the lifeworld.” It is this tendency – and not rationalisation in either the dimension of purposive-instrumental action or of communicative action – which is the closest correlate to Weber’s understanding of rationalisation as the expansion of formal reason to ever more domains of social life.

Is that OK? Does that seem about right to you?

Now, in my view, the professional independence of auditors means that audit cannot be reduced to the internal colonisation of the lifeworld. In line with Habermas’s thesis that purposive-instrumental action remains anchored in communicative action (1985:196), I'm going to argue that the systems rationality embodied by auditor independence relies on the lifeworld resources of the accounting profession, including: a permanent regime of training and mentoring, a tradition of professional congeniality and discussion, a preoccupation with ethics, as well as a relatively homogeneous pool of cultural and ideological norms. Professional independence straddles both system and lifeworld. It contains a mixture of strategic and communicative action. Somewhere in the coming posts, I'll analyse this mixture, in its institutional specification in the accountancy profession, as that profession’s legal rationality.

Corporate Responsibility Reporting Assurance (1)

Okay Fawks, in the next few posts I want to talk about the independent assurance services provided by the world’s largest professional services firms, PwC, Deloitte, KPMG and E&Y (“the Big Four”) on their clients’ Corporate Responsibility (“CR”) reports.

The Big Four’s core business is audit. All publicly listed companies are legally obliged to publish financial statements, informing shareholders and the general public of the company’s financial position. They are also legally obliged to have these financial statements verified by an external auditor. The Big Four perform this role for the world’s largest corporations. In the UK market for example the Big Four audit all of the FTSE100.

The Big Four’s reputation for independence stems from their auditing of financial statements. The governance structure which they rely upon to protect their independence is also oriented towards this activity.

However, to assure CR reports, a different type of independence is required. Unlike financial statements, CR reports try to address the needs of all stakeholders in a company. Instead of being limited to financially material information, CR reports aim to cover all the social and environmental issues which are important to these stakeholders.

The assurance of CR reports thus requires a type of independence resembling the liberal idea of state neutrality. The Big Four are required to arbitrate among a plurality of often contradictory demands. With only the independence inherited from the financial audit context, the Big Four regularly fail in this role. As a result, many stakeholders remain incredulous towards CR reports, and corporations themselves are confused about the levels of transparency they are achieving.

The Big Four should shift to “critical independence,” abandoning many claims to disinterestedness, and acknowledging the specific place from which they speak.

Assurors of the future

I am working on a specula principum for the Big Four (four cutting edges, like a Wilkinson Sword Quattro: they are Deloitte, KPMG, E&Y and PwC). I'm focusing, obv., on their provision of assurance of corporate responsibility reporting.

I've drafted this wish-list of features which I think a good assurance engagement should have. I'd love to hear your views (I mean anyone!).

Is there something I've left out?

I've tried to be as ambitious as possible, but are some of these just completely unrealistic longings?

"CR" stands for "Corporate Responsibility" (something like CSR, corporate citizenship, or sustainability). "CRR" stands for "Corporate Responsibility Reporting." CSO and NGO are "Civil Society Organisation" and "Non-Governmental Organisation."

Third-party involvement in CRR: best practice and risks




(1.1) Stakeholders - best practice

Critical independence
- The assuror is an expert on the public interest, conceived as a global phenomenon ("the common good" etc.)
- The assuror constantly maintains its expertise through consultation with -- and procurement and recruitment from -- CSOs, NGOs, academia, business, grassroots activists, the political class, and through original research
- The assuror's opinion is widely regarded as credible, but the assuror's ultimate reference standard is the public interest, not the protection of its own credibility
- The assuror doesn't take the existence and salience of different stakeholders as a "given," but considers how CR and CRR can influence the formation, salience and empowerment of stakeholder constituencies
- The assuror also takes into account the formation of different stakeholder models and representations by CR and CRR -- different ways of imagining or modelling stakeholder expectations
- The assuror recognises itself as a stakeholder, and does not present itself as neutral
- The assuror recognises that it is a nexus of stakeholder views
- The assuror itself is subject to independent oversight
- The assuror employs third (fourth, I suppose?) parties to double-blind assure randomly selected CRR assertions
- The assuror treats liability as a transformative instrument, not just as a risk to be avoided
- The assuror’s employees possess independence of mind
- The assuror’s independence is not structurally compromised
- The assuror always constructively criticises the reporting entity’s CR and CRR (there are no clean bills of health)
- Criticism is always addressed by the reporting entity, not normalised as a permanent feature of CRR
- The assuror ensures that stakeholder conflict is reflected in the reporting entity's CRR

(1.2) Stakeholders - risks

Independence is confused with objectivity
- The CRR obscures the political dimension of the reporting entity’s activities -- disguising political conflicts with winners as losers as "challenges" which can be tackled to everyone's satisfaction
- Processes which cannot be quantified are neglected
- Processes which cannot be validated are neglected
- Measureable indicators are mistaken for hard facts

Pandering to stakeholders
- Stakeholder-orientation leads to neglect or misuse of expert knowledge
- Stakeholder-orientation leads to overemphasis on credibility at the expense of accuracy
- Goals which cannot be associated with specific stakeholders are ignored

Inventing stakeholders
- Stakeholder-orientation causes assurors and reporting entities to see well-defined constituencies where no such constituencies exist
- "Communities" or "the community" abstract away real differences, fragmentation and conflicts among stakeholders

Malign transformation of stakeholders
- “Symbiotic” stakeholder constituencies, which legitimate corporate activities in return for minor concessions, marginalise other stakeholders
- Traditional democratic resources are eroded by the emergence of corporate stakeholder constituencies (e.g. time spent in stakeholder dialogue is diverted from traditional civic participation)
- Improvements in CR damage the identities of critics of the reporting entity (e.g. critics are marginalised, "defeated" and/or radicalised, rather than transferred to new appropriate targets)
- CR compels individual stakeholders with unique characteristics to assimilate into blocs



(2.1) Holism - best practice

Intelligent responsibility

- CRR allows corporations, states, CSOs, NGOs, international institutions and other actors to dovetail their efforts towards achieving the public interest
- The assuror helps the reporting entity to define scope and materiality, not just test accuracy
- Materiality is defined with respect to the public interest
- The burden of proof lies with the assuror in determining that it or the reporting entity “is not in the business of [x]” (i.e., that [x] is a matter for private morality / government regulation / someone else in the supply chain etc.)

Intelligent comparability
- CRR identifies the real drivers of CR and allows easy policy transfer to underperforming entities
- CRR encourages the growth of SRI and engages in critical dialogue with ranking agencies and investors
- CRR is tailored by context, including entity size, industry, sector and geographical spread
- CRR occurs at the appropriate organisational level, which may be above or below that of corporate reporting
- At each level, CRR facilitates CR at every level -- e.g., CRR at the level of the individual corporation facilitates the launch of CR programmes at the industry level

(2.2) Holism - risks

Inappropriate responsibility
- In defining materiality, the survival or “success” of the reporting entity takes precedence over public interest
- In defining materiality, partial social goods, such as job security or local community development, take precedence over public interest
- The reporting entity’s CR is benchmarked against a limited model, against competitors, or against an abstract idea of “public expectations” or of “progress”
- Too many scenarios and interactions are considered, incurring unecessary costs and obscuring priorities
- Responsibility is confused with accountability, making it difficult to tell where accountability channels exist
- CR successes are “consolidated” by unnecessary or counterproductive regulative regimes
- The assuror and / or the entity hold unrealistic expectations about the limits of the law

Inappropriate comparisons
- CRR invites misleading comparisons, either because reports are insufficiently tailored to context, or because errors occur in translating between contexts

Malcoordination
- Different visions of the public interest interfere with one another
- Important issues “fall between the cracks” between businesses, states, assurors and other actors
- Corporations are encouraged to try to replicate context-specific or one-off successes



(3.1) Business case - best practice

Conflicts of interest
- The assuror does not just avoid conflicts of interest or seek to neutralise them with Chinese walls, but resolves them in favour of the public interest

Appropriate scope and depth
- Neither assuror nor reporting entity view assurance as primarily a commodity
- Where possible, assurance is not a commodity - for example, provided free of charge with large contracts, or incorporated into the assuror's own CR programmes
- The assuror achieves the appropriate balance between driving change and ensuring comparability across reporting entities
- Assurance always contains "spot checks" in which randomly selected material items are assured to a higher level than they otherwise would be
- The scope of the engagement between the reporting entity and the assuror is not determined by the reporting entity, but by the global public interest
- The scope of the engagement between the reporting entity and the assuror is not determined by the assuror, but by the global public interest. Increases in scope are not reflected by increases in fees (for example, the expanded scope engagement could be passed over to a second assuror)
- The scope of the engagement is not limited by financial considerations - if the reporting entity cannot afford the required level of engagement, the assuror or some other actor meets the funding gap
- The assuror drives change at substantive, procedural and cultural levels
- Assurors and reporting entities achieve the appropriate balance between long-term relationships and fresh perspectives
- Assurance involves a long-term on-site presence
- Assurance involves off-site interviews of employees and management

(3.2) Business case - risks

Assurors sell legitimacy
- CRR is callibrated to maximise legitimacy, not to accurately reflect CR

“Box-ticking”
- CRR is dominated by a compliance-orientation

Cultural change is emphasised in the wrong areas
- Compliance-orientation is underused. CR which could safely and easily coordinated through systems rationality places an undue burden on communicative rationality

Notes

At the moment, I'm coming at the issue from the perspective that "stakeholder" is in danger of becoming a magical concept, capable of solving any CR problem. But the definition of a stakeholder is notoriously contested, and certain groups of stakeholders may simply get certain issues wrong.

Once I've finalised my model of a perfect assurance engagement, the next step is to see how the Big Four measure up to it! Then to insinuate myself as a mist under boardroom doors.