Auditor rotation – pro and con


Auditor rotation – pro and con

The practice of periodically changing, or rotating, your external auditor has been a topic of interest with our customers lately, and there are two schools of thought on this.  The pro-rotation side takes the position that a different set of eyes looking at the same system might see something the other missed.  This is certainly a valid position, and probably originated in the post-Enron/Arthur Anderson days.  In fact, Section 203 of Sarbanes-Oxley (SOX) does require audit partner rotation every 5 years for publicly held companies, but this provision only applies to the lead auditor and the auditor responsible for reviewing the audit, not the auditing firm.

Indeed in interviews conducted in 2003 by the Government Accounting Office among Fortune 1000 companies, the majority surveyed indicated that audit partner rotation (using different individuals within an audit firm) would achieve the same benefits as audit firm rotation (using different audit firms).

Changing auditor firms can also be somewhat disruptive, as the new firm must get up to speed on the particularities of the institution’s control environment.   There is evidence that maintaining the same auditor may actually improve the quality of subsequent audits, as the auditor’s store of institutional knowledge increases.  Additionally, changing auditors too frequently may cause the appearance of “auditor shopping”, or shopping around for better results.

For their part, the FFIEC is silent on the practice of auditor rotation, stating only that:

“…management should ensure that there are no conflicts of interest and that the use of these (external auditor) services does not compromise independence”

Bank examiners are instructed to assess “whether the structure, scope, and management of an internal audit outsourcing (or external audit) arrangement adequately evaluate the institution’s system of internal controls“.  In other words, are they doing what they are supposed to do?

In the end analysis, in the absence of a regulatory mandate there is really only one overriding concern for financial institutions…are your examination results satisfactory? If so, and if there are no conflicts of interest or other independence concerns, there is really no compelling reason to change auditing firms…but periodically using a different set of eyes is definitely a good idea.

Tom Hinkel
As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Write a Comment