AUDIT COMMITTEE GUIDANCE FOR STRENGTHENED CORPORATE GOVERNANCE

How to cite this paper: Grove, H., Clouse, M., & Xu, T. (2020). Audit committee guidance for strengthened corporate governance. Corporate Board: Role, Duties and Composition, 16(3), 39-51. https://doi.org/10.22495/cbv16i3art3 Copyright © 2020 The Authors This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). https://creativecommons.org/licenses/by


INTRODUCTION
Board of directors' audit committees are instrumental to the well-being of an organization. They have a direct responsibility to oversee the integrity of a company's financial statements and the entire financial reporting process (i.e., Guo, Lin, Masli, & Wilkins, 2020). They should also fulfill the duty to regularly (at least annually) evaluate the external auditor and make an informed recommendation to the board of directors on the hiring, compensation, and retaining of the external auditor (i.e., Alderman & Jollineau, 2019). In addition, the audit committees need to assess the quality and candor of the auditor's communications with the audit committee and the company, and the auditor's independence, objectivity, and professional scepticism (i.e., Li, Pittman, Wang, & Zhao, 2020). The public focus on how the audit committees perform their responsibilities has increased significantly. And it becomes a pertinent task for the boards to develop and enhance the effectiveness, quality, and value of the audit function.
The major research question in this paper is how to provide guidance to board of directors' audit committees in order to strengthen corporate governance. The Center for Audit Quality (CAQ) has created The External Auditor Assessment Tool (EAAT) to assist audit committees in evaluating the external auditor and selecting or recommending the retention of the audit firm. This EAAT includes sample questions to conduct the evaluation of the quality of services and sufficiency of resources provided by the auditor; the communication and interaction with the auditor; and auditor independence, objectivity, and professional scepticism. The EAAT includes relevant U.S. requirements and standards, such as a list of prohibited non-audit services and an overview of auditor communication requirements with audit committees and is updated bi-annually (CAQ, 2019).
The EAAT questionnaire can be used by audit committees to conduct their evaluation of the auditor, i.e., the audit team, the lead audit engagement partner, the audit team, and the engagement quality reviewer. The EATT sample questions highlight some of the more important areas for consideration but are not intended to cover all areas that might be relevant to a particular audit committee's evaluation of the auditor. They do not suggest a "one-size-fitsall" approach.
The auditor assessment should draw upon the audit committee's experience with the auditor during the current engagement, i.e., presentations, reports, dialogue during formal meetings, ad hoc meetings, executive sessions, and prior-year observations. Auditor observations can also be obtained from company management, internal auditors, and other key managers. In obtaining such internal information, the audit committee should be sensitive to the need for the auditor to be objective and sceptical while still maintaining an effective and open relationship. Accordingly, audit committees should be alert to whether management displays a strong preference for or a strong opposition to the auditor and follow up as appropriate.
The audit committee should continuously evaluate, through formal and informal assessments, the auditor's performance throughout the audit process. Formal assessments can include an evaluation of the auditor's scepticism in evaluating unusual transactions and responsiveness to issues. Informal assessments can be made, based on private meetings between the audit committee chair and the lead audit engagement partner, which can help build a constructive and mutually respectful working relationship between the audit committee and the auditor. To ensure that all views are considered, audit committees may wish to finalize their assessment with group discussions during formal committee meetings or conference calls.
Other sources of input into the audit committee's assessment of the external auditor include reviews of regular inspection reports and peer review findings. Audit committees can also request input from the audit firm itself on its performance through reporting as to how an audit firm's management and operations support the performance of high-quality audits. Finally, the audit committee should explain its process, the scope of the assessment, and factors considered in selecting or recommending the audit firm and assessing its performance (CAQ, 2019). Such communications with shareholders are especially important in these times with the rise in power and the importance of both passive and activist investors (Grove, Clouse, & King, 2020; Grove & Clouse, 2019).
The major sections of this paper are a century of audit opinions, 21st-century frauds, fraud analysis, auditor assessment tool (created by The Center for Audit Quality), auditor continuing issues, auditor upgrades, discussion, and conclusion.

A CENTURY OF OPINIONS: COMPANIES WITH AUDITOR TENURE OVER 100 YEARS
Another issue that the board of directors' audit committees need to analyze is the tenure of the company's external auditor (i.e., Calvin, Kim, & Park, 2020; Hsieh, Kim, Wang, & Wang, 2019). Audit Analytics, a leading provider of auditor market intelligence, noted that the average tenure of external auditors with the same client is between 18-25 years for publicly listed companies. 175 companies in the S&P 500 index have had the same auditor for 25 years or more. To be in the list of the 100 longest-lasting auditor-client relationships, a company would need to have used the same firm for more than 50 years. Audit Analytics listed audit tenures that have spanned 100 years or longer. 14 companies have engaged the same auditor for at least a century and the Big Four audit firms accounted for all of these engagements as follows: 1. Ernst & Young had to terminate its relationship with British Petroleum after 108 years because, since 2016, both the United Kingdom and European Law require that an auditor's maximum period as auditor to a listed company be 20 years with a competitive tender process required at least once every 10 years. In 2002, the U.S. Sarbanes-Oxley Act (SOX) was established after the Enron and WorldCom frauds, and it created an auditor-rotation rule which only required lead audit partners to move off an account after five years but no term limits for audit firm rotation. SOX also created the U.S. Public Company Accounting Oversight Board (PCAOB) which, in 2011, tried to get mandatory auditor rotation in the U.S., but the U.S. House of Representatives passed a bill that prohibited such efforts in 2013 (Erickson, 2017). Italy has required mandatory auditor rotation for over 40 years, but some Italian companies have found a way around it. A notorious example is Parmalat, nicknamed the "European Enron." It moved its long-time external auditor to a subsidiary and then moved most of its business to that same subsidiary, so its new external auditor did not have much to audit (Grove & Basilico, 2008).
An analyst at Glass Lewis, an investment research and proxy advisory firm, commented: "After 50 years, there's no way you could think the auditor is remaining as sceptical as a new auditor coming in. They're almost an outsourced part of the accounting department at that point. Some would argue that investors, not companies, are an auditor's true clients. It's under that thinking that mandatory rotation makes more sense" (p. 1). The head of investor protection for the Consumer Federation of America said: "When you look at some of the big audit failures over the years, whether it's Enron or Waste Management, you find instances where they have had the same auditor for in some cases decades" (Aubin, 2011). For those two firms, it was Arthur Andersen, formerly the oldest of the Big Eight audit firms, which had to be dissolved after those two frauds came to light in financial analysts' reports.
For an updated example, after more than one year of research probing General Electric (GE), which has had the same auditor for 110 years, a financial investigator, working for a hedge fund, called it: "A bigger fraud than Enron with an Enronesque business approach that has left GE on the verge of bankruptcy. We believe the $38 billion in fraud we've come across is merely the tip of the iceberg. GE has a long history of accounting fraud, dating to as early as 1995, when it was run by Jack Welch. GE has been running a decades-long accounting fraud by only providing top-line revenue and bottom line profits for its business units and getting away with leaving out the cost of goods sold, SG&A, R&D, and corporate overhead allocations. It's a bigger fraud than Enron and WorldCom combined". In June 2018, GE was booted out of the Dow Jones Industrial Average. It had been the longest-serving component of the blue-chip index at 110 years (Melloy & Rooney 2019).
Concerning audit firm rotation, Lynn Turner, the former Chief Accountant of the U.S. Securities and Exchange Commission (SEC) observed: "Auditors might be inclined to perform tougher audits if they knew their work would be checked when their term ends and a new audit firm comes in. The rotation could also take the pressure off auditors, who would not have to worry as much about losing their firms' longest-standing clients. If you're a partner on one of these big client audits, that's a big part of your billings for the year. If you lose that client, you may very well see your compensation cut at the firm" (Aubin, 2011). An excellent example again was Arthur Andersen where Enron was one of its top five clients for audit revenues before the collapse.

21ST CENTURY FINANCIAL AND NON-FINANCIAL FRAUDS
Major types of financial and non-financial frauds that occurred in the 21st century have been analyzed to develop forensic procedures for fraud risk assessment (FRA) teams of management and boards of directors' audit committees to use for fraud risk assessment. These frauds by 21 companies were so significant that they caused $1.58 trillion in market capitalization losses for investors . Five types of fraud were: financial reporting frauds, involving revenue recognition; expense deferrals; risky investments; merger and acquisition abuses; and competitive analysis, where 16 companies destroyed $1.23 trillion in market capitalization. Five non-financial frauds involved: poor management controls; risky products; insider share selling; unethical practices; and Ponzi schemes, where five companies destroyed $0.35 trillion in market capitalization. Thus, the financial frauds were much more destructive than the non-financial frauds and need more scrutiny by FRA teams. Where were the boards of directors and management of these 21 companies to act as gatekeepers to protect the investors in their companies from major frauds and market capitalization destruction? .
For example, five companies, Enron, Satyam, Wells Fargo, Valeant Pharmaceuticals, and Steinhoff International, had fraudulent revenues and caused $223 billion of market capital losses. Forbes magazine rated the Enron scandal as the number one fraud of the 21st century (Forbes, 2013). Enron's issues were initially discovered by the short seller, Jim Chanos (2001), using his forensic approach for fraud investigation (Chanos, 2017). Enron destroyed $78 billion in market capital for investors. Using similar fraudulent revenue procedures, Satyam has been called "Asia's Enron", Valeant has been called "The Pharmaceutical Enron", Steinhoff has been called "South Africa's Enron", and Parmalat has been called "Europe's Enron" ( (Pender, 2017).
For additional examples of financial fraud, three companies, Qwest, WorldCom, and Health South, had fraudulent expense deferrals and caused $295 billion of market capital losses. A favorite expense deferral method is to capitalize or hide regular operating expenses in both tangible and intangible asset accounts. Instead of recognizing 100% of an expense in the current year, a company could defer it as a tangible or intangible asset and depreciate or amortize it over say five years with only 20% in the current year. For example, Qwest deferred startup and other regular operating expenses into intangible assets which rose to 52% of total assets in the last year before its demise. Similarly, WorldCom deferred $2 billion of regular operating expenses into intangible assets which rose to 43% in the last year before its bankruptcy. HealthSouth did not disclose the reductions in bad debt estimates which helped make its quarterly numbers. However, when such bad debt reductions were insufficient to make quarterly numbers, it resorted to just making up sales before it collapsed in 2005 (Grove & Cook, 2005).
Concerning the non-financial frauds of poor management controls and insider stock trading, Equifax, a U.S. credit-monitoring company, disclosed a hacking data breach of its customers' personal financial information on September 7, 2017. In one of the largest hacks ever, hackers stole such information from 147 million customers. In March 2017, Equifax had learned about cybersecurity risks in its customer personal data systems but had not fixed the problems. The company said that it had learned of the hacking on July 29 but did not disclose this hack publicly until September 7 ( Concerning the non-financial fraud of risky products, two companies, Boeing and Johnson & Johnson, caused $74 billion in market capital destruction. A forensic procedure for all these non-financial frauds is to check for risky products by a company and possible related fraud risk by doing an online investigation of current news, social media, and websites for discussion and analysis of a company's products, operations, and behavior. Boeing is being investigated and sued for its Boeing 737 MAX 8 airplane deficiencies and the fatal Lion Air and Ethiopian Airline crashes. The U.S. Justice Department has started a criminal investigation into Boeing's Federal Aviation Administration (FAA) certificate, including how Boeing "self-inspected" its Boeing 737 MAX 8 airplanes to get FAA approval. The FAA and the European Union have grounded all Boeing 737 MAX 8 airplanes since March 2019. 35 lawsuits have been filed, including victim families' lawsuits, a shareholder class-action lawsuit, and a Southwest Airline pilots' lawsuit (Keenan 2019). Since the two crashes and resulting investigations, Boeing has lost $47 billion in market capitalization.
Johnson & Johnson, an opioid manufacturer, is facing multi-billion-dollar opioid lawsuits from over 2,000 state and local governments in the U.S. The initial lawsuit in Oklahoma stipulated that Johnson & Johnson's marketing strategies dangerously misrepresented the risk of opioid addiction to doctors, manipulated medical research, and helped drive this U.S. opioid epidemic that has claimed over 400,000 lives in the last two decades. Johnson & Johnson was described by one expert witness as a kingpin in the opioid crisis as it created a false narrative of an epidemic of untreated pain in the U.S. to which opioids were the solution (McGreal, 2019). It has offered to settle all these lawsuits for $4 billion (Loftus & Randazzo, 2019). Since its role in this epidemic became public, Johnson & Johnson has lost $27 billion in market capitalization.
Concerning the non-financial fraud of unethical practices, two companies, ExxonMobil and Volkswagen, caused $106 billion in market capital destruction. In November 2015, ExxonMobil was being investigated by the New York attorney general for lying about the risks of climate change. Exxon was aware in the 1970s that carbon dioxide from oil and gas burning could have dire impacts on the Earth and Exxon's Board of Directors had also been fully briefed by Exxon's own scientists decades ago on such risks. However, Exxon decided to "emphasize the uncertainty in scientific conclusions" and from 1998 to 2005, Exxon contributed almost $16 million to organizations designed to muddy the scientific waters. However, in 2007, Exxon finally acknowledged that the Earth's warming was caused in large part by carbon dioxide and promised to no longer fund climate change deniers with their "junk science" (Egan, 2015). There was market cap destruction of $63 billion when this unethical practice became public in 2016.
Volkswagen rigged its sales growth and profits by designing software to defeat diesel engine emission requirements in order to make its short-term performance and executive compensation goals. After Volkswagen admitted to installing "defeat devices" in more than 11 million diesel engine vehicles worldwide in September 2015, it lost 1/3 of its market cap in one week. By July 2016, Volkswagen's market cap was down 42%, or $43 billion, which just in one year destroyed the prior three-year market capitalization increase of $43.7 billion.
There was a June 2016 settlement by U.S. regulators with Volkswagen for U.S. Volkswagen car owners for $14.7 billion: $10 billion on 475,000 2.0-liter diesel vehicle buybacks and $4.7 billion to mitigate pollution from such vehicles (Ewing, 2016). Six VW executives were charged, and VW pled guilty in these emissions cases (Tabuchi, Ewing, & Apuzzo, 2017). There are also many class-action lawsuits against VW in the U.S. where one attorney general commented: "This is an example of a company that not only engaged in deception and fraud on a brazen scale but covered up that deception. The conduct reflects a corporate culture that had no regard for the law, no respect for the American people, and no regard for the environment or people's health" (p. 3). A U.S. lawsuit criticized Volkswagen's Board of Directors for awarding about $70 million in salary and bonuses to the CEO and other management board members in 2015 and said: "Recent actions demonstrate that the company's culture that incentivizes cheating and denies accountability comes from the very top and, even now, remains unchecked" (Ewing & Tabuchi, 2016). One observer commented on Volkswagen's Board: "Outside views rarely penetrate. It's an echo chamber" and another observer said: "It should take years for the full Volkswagen emissions scandal to become apparent" (Stewart, 2015;Medland, 2016).
A forensic procedure is to check for public company variations of the Ponzi scheme, mainly companies using mergers and acquisitions (M&As) to cover up declining sales and declining operating cash flows. Steinhoff and Tyco used new cash from their M&As to fund their own existing operations. A Steinhoff employee recounted how Steinhoff executives were able to acquire and continually consolidate businesses in order to obscure sales and operating cash flow problems (Park, 2018). Tyco used similar strategies with its M&A schemes (Badawi, 2008).

FRAUD ANALYSIS
In assessing the effectiveness of its external auditor, the board of directors' audit committee should determine how Statement on Auditing Standards No. 99 (AICPA, 2002) is being applied. It requires brainstorming on each audit to help the external auditor detect fraud in financial statements . The board of directors' audit committee should determine how (if any) lessons were learned by its external auditor from these 21st-century frauds. For example, has its external auditor applied any financial fraud prediction methods? Five risk assessment screening guidelines have been applied previously, using well-known fraud prediction models and ratios. These guidelines were based upon an approach developed by the Chief Investment Officer of the billionaire John Malone's Private Investment Office for initial screening of potential investments, follow-up screening of actual investments, and possible short sales. The overall objective is to determine if cash is being generated by business operations and accumulated for business opportunities (Sierra,  3. Calculate the Schilit's (2010) quality of revenues ratio (Cash collected/Revenues) since revenue recognition is the starting point for cash flow generation by business operations and is often the foremost manipulator in fraudulent financial statements. This ratio showed red flags for fraud predictions 79% of the time in 52 financial reports. 4. Calculate the Schilit's (2010) quality of earnings ratio (Operating cash flows/Earnings) to determine if cash is being generated from business operations. This ratio showed red flags for fraud predictions 50% of the time in 52 financial reports.
5. If there are red flags for quality of revenue, expand the revenue analysis with the calculation of both the Sales Growth Index (SGI) and the Days Sales Receivable Index (DSRI) from the Beneish Fraud Model. Both indexes compare the current year to the prior year. Per a public company chief financial officer (CFO) who dealt with Wall Street on quarterly conference calls for over ten years: "Wall Street pays for two things: top-line (sales) growth and operating leverage to get the top-line growth to the bottom line" (Coburn, 2018). The SGI ratio showed red flags for fraud predictions 83% of the time in 52 financial reports. The DSRI ratio showed red flags for fraud predictions 54% of the time in 52 financial reports.
These five risk assessment screening guidelines are very relevant in the appropriate order, as also shown by the 21st-century fraudulent financial reporting results. The overall fraud prediction results for the six key screening models and ratios, Dechow Fraud Model, Beneish Fraud Model, quality of revenues, quality of earnings, Sales Growth Index, and Days Sales Receivable Index, were 90%, 73%, 79%, 50%, 83%, and 54%, respectively. When there are so many red flags for fraud prediction, professional scepticism and analysis need to be expanded with such specific screening red flags providing guidance for follow-up forensic procedures, as indicated by the ten types of financial and non-financial fraud (Grove & Clouse, 2020).

AUDITOR ASSESSMENT TOOL
In its 2019 version of the External Auditor Assessment Tool, the Center for Audit Quality has made clear that audit committees should regularly evaluate the external auditor. In order to make an informed recommendation to the board of directors as whether to retain the external audit firm, the board audit committee should conduct an assessment at least annually. The evaluation should encompass the following four key areas: 1. Quality of services and sufficiency of resources provided by the engagement team.
2. Quality of services and sufficiency of resources provided by the audit firm.
3. Quality of communication and interaction with the external auditor.
The EAAT provides sample questions in each of these four areas. The CAQ also recommends that the audit committee ask if the lead audit engagement partner promptly alerted the audit committee if he or she did not receive enough cooperation from management. Given the recent emphasis on greater transparency to investors, media, and other stakeholders, the CAQ emphasizes that the quality of communication between the external auditor and the audit committee is increasingly important as audit committee members or management may be asked questions about the audit process by interested external parties, especially activist and passive investors. The audit committee should collect observations about the external auditor from other sources within the company, including management and internal auditors. Audit committees should be especially alert as to whether management displays a strong preference for or a strong opposition to retaining the external auditor and follow up to understand such reasoning. Also, the audit committee should consider explaining to shareholders and other interested external parties the process and scope of its assessment and factors considered in selecting or recommending the audit firm and assessing its performance (Ryan, 2019).
Examples of these EAAT sample questions in each of these four areas are provided as follows.
Quality of services and sufficiency of resources provided by the engagement team  Did the lead audit engagement partner and audit team have the necessary knowledge and skills (company-specific, industry, accounting, auditing) to meet the company's audit requirements? Did the auditor seek feedback on the quality of the services provided? Was the lead audit engagement partner accessible to the audit committee and company management?
 Did the lead audit engagement partner discuss the audit plan and how it addressed company/industry-specific areas of accounting and audit risk (including fraud risk) with the audit committee? Did the lead audit engagement partner identify the appropriate risks in planning the audit? Did the lead audit engagement partner discuss any risks of fraud in the financial statement that were factored into the audit plan?
 During the audit, did the auditor meet the agreed-upon performance criteria as reflected in the engagement letter and audit scope? Did the auditor adjust the audit plan to respond to changing risks and circumstances? Did the audit committee understand the changes and agree that they were appropriate?
Quality of services and sufficiency of resources provided by the audit firm  If the company's external audit was subject to inspection by the PCAOB or other regulators, did the auditor advise the audit committee of the selection of the audit, the findings, and the impact, if any, on the audit results in a timely manner? Did the auditor explain how the firm planned to respond to the inspection findings and to internal findings regarding its quality control program?
 Does the audit firm have the necessary industry experience, specialized expertise in the company's critical accounting policies, and geographical reach required to continue to serve the company?
 Was the cost of the audit reasonable and sufficient for the size, complexity, and risks of the company? Were the reasons for any changes to cost (e.g., change in scope of work) communicated to the audit committee? Did the audit committee agree with the reasons?
Quality of communication and interaction with the external auditor  Did the lead audit engagement partner maintain a professional and open dialogue with the audit committee and its chair? Were discussions frank and complete? Was the lead audit engagement partner able to explain accounting and auditing issues in an understandable manner?
 Did the auditor adequately discuss the quality of the company's financial reporting, including the reasonableness of accounting estimates and judgments? Did the auditor discuss how the company's accounting policies compare with industry trends and leading practices?
 In executive sessions, did the auditor discuss sensitive issues candidly and professionally: his/her views on, including any concerns about, management's reporting processes; internal control over financial reporting including the internal whistle-blower policy; and the quality of the company's financial management team? Did the lead audit engagement partner promptly alert the audit committee if he/she did not receive sufficient cooperation?
Auditor independence, objectivity, and professional scepticism  Did the audit firm report to the audit committee all matters that reasonably could be thought to bear on the audit firm's independence, including exceptions to its compliance with independence requirements? Did the audit firm discuss safeguards in place to detect independence issues?
 Were there any significant differences in views between management and the auditor? If so, did the auditor present a clear point of view on accounting issues where management's initial perspective differed? Was the process of reconciling views achieved in a timely and professional manner?
 If the auditor is placing reliance on management and internal audit testing, did the audit committee agree with the extent of such reliance? Were there any significant differences in views between the internal auditors and the auditor? If so, were they resolved in a professional manner?
Also, this EAAT included sample questions on obtaining input from company personnel about the external auditor. A five-point Likert scale was used to get ratings of the auditor's performance on each of four attributes. Concerning the first attribute, the quality of services provided by the external auditor, there were four questions. One example was: "Meets commitments (e.g., by meeting agreed upon performance delivery dates, being available and accessible to management and the audit committee)". Concerning the second attribute, the sufficiency of the audit firm and network resources, there were three questions. An example was: "Is technically competent and able to translate knowledge into practice (e.g., by delivering quality services within the scope of the engagement, using technical knowledge and independent judgment to provide a realistic analysis of issues, and providing appropriate levels of competence across the team)".
Concerning the third attribute, communication and interaction, there were two questions. An example was: "Communicates effectively (e.g., by maintaining appropriate levels of contact/dialogue throughout the year, effectively communicating verbally and in writing, being constructive and respectful in all interactions, and providing timely and informative communications about accounting and other relevant developments)". Concerning the fourth attribute, independence, objectivity, and professional scepticism, there were three questions. An example was: "Demonstrates integrity and objectivity (e.g., by maintaining a respectful but questioning approach throughout the audit, proactivity raising important issues to appropriate levels of the organization until a resolution is reached and articulating a point of view on issues)".
In addition to the sample questions in these four areas of the External Auditor Assessment Tool, further investigation by the board of directors' audit committee should focus on how the external auditor is developing and using emerging technology skills. The Chief Technical Partner of Deloitte & Touche stated that innovation is transforming how audits are conducted and even what it means to be an auditor. Auditors do not necessarily need to be technology development experts or computer programmers. However, they do need practical knowledge, experience, and a high level of comfort using cutting-edge, rapidly evolving technology to manipulate and analyze "big data". Important technology skills include (Raphael, 2017):  Mining structured and unstructured data from a wide range of sources.
 Identifying potential data risks and findings (including security).
 Working with relational and non-relational databases.
 Applying statistical methods and advanced analytics within tools to turn raw data into useful insights.
 Understanding how to leverage analytics to perform robust risk assessments to identify areas for further audit analysis.
 Using visualization tools to present complex data analysis in a way that is compelling and easy to understand.

AUDITOR CONTINUING ISSUES
Board of directors' audit committees could obtain external auditor assessment guidance with the red flag warnings from the following analysis of the external audit profession (Grove & Clouse, 2020). Lynn Turner, CPA, consultant, and former Chief Accountant of the SEC recently examined the various root causes of poor audit quality and proposed several possible solutions (Turner, 2020). He discussed four continuing issues with poor audit quality.

Lack of independence
Beginning with the passage of the U.S. 1933 Securities Act after numerous frauds which contributed to the Great Depression in the United States, the U.S. Congress required an independent audit for every publicly listed company in the U.S. External auditors view the management of the companies they audit as their clients, not the public. Audit partners want to maintain the "annuity" income received from their clients paying the audit fees since losing this fee revenue stream from a large company can affect a partner's career. As a result, the need to maintain professional scepticism and to be unbiased conflicts with the need to maintain the annuity income for the audit firm.
The following research studies were consistent with Turner's criticisms about the lack of auditor independence. A recent empirical study reinforced this "annuity" income problem. In the wake of the early 21st-century Enron and WorldCom scandals that exposed a mass failure by the firms' external auditors, the U.S. Congress passed the Sarbanes-Oxley law in 2002, requiring auditors to disclose significant flaws in their clients' internal controls. A subsequent study of 13 years of data from 358 U.S. audits (half were by the Big Four audit firms) showed a 2.2% drop in client growth for each flaw the auditors highlighted while their revenue grew 8% less than competitors who didn't flag such flaws. The research study concluded that auditors were incentivized not to declare clients' internal weaknesses since businesses appear to avoid association with auditors that have a history of being critical of their clients (de Haldevang, 2019). Similarly, auditors that report possible fraudulent or insolvent financial statements for large companies almost always lose such clients versus many more such reports on smaller clients who do not hurt the "annuity income" of audit firms. Thus, most audit opinions for large companies are clean (unqualified), reflecting no such problems. For example, a research study examined the impact of considering key audit matters (KAM) on auditor judgment performance. 73 auditors participated in a KAM of goodwill impairment testing case. Results suggested that auditors exhibit significantly less sceptical judgment where KAM consideration is present than when KAM consideration is absent. This implied that when considering KAM, auditors were more willing to acquiesce to their clients' desired accounting treatments, due to moral licensing or the "annuity" income problem (Ratzinger-Sakel & Theis, 2019).
In studying the accounting scandals over the past two decades, a research study found a lack of competence and independence of external auditors. However, when top management changed, whistleblowing actions were successful, interrupting the company's dependence on serious wrongdoings and preventing a disastrous ending. The success of whistleblowing in preventing company failure made it an effective instrument of corporate governance (Ferri Di Fabrizio, 2017).
Unfortunately, audit committees of boards of directors too often delegate hiring and oversight of the auditor to management, effectively ignoring the Center for Audit Quality's External Auditor Assessment Tool, which is not required, only recommended, for effective corporate governance. Management and audit committees have often retained the same auditor for decades, even centuries as shown in this paper, continuing to pay the "annuity" income or fees and receiving clean (unqualified) audit reports. A research study analyzed the European Union's audit reform in 2014, which required audit firm rotation every 20 years, strengthened the position of audit committees (AC), and restricted the presence of audit firm alumni (AFA) on audit committees. This study had mixed results: the presence of AFA who had recently left their former audit firm on ACs was associated with a higher quality audit, but there was no significant effect on audit quality with regard to AFA who had left their audit firms a longer period of time ago (Baumann & Ratzinger-Sakel, 2020).
Even when using emerging technology skills, such as for types of "big data" analyses, as discussed in this paper, external auditors are still testing a database created and maintained by management. Since the numbers, evidence, and support come from the company being audited, it is doubtful that management is going to provide evidence that does not support the numbers it has created. Generally accepted auditing standards (GAAS), set by the PCAOB, do not specifically address the need for auditors to consider publicly available information that contradicts the management information although, concerning the GAAS hierarchy of evidence quality, external evidence is the highest and internal management evidence is the lowest.
Time and time again, it is this public information that has resulted in analysts and other outside researchers bringing to light errors in financial statements and disclosures as auditors have failed to monitor such information for their audits. Examples cited in this paper from the 21st-century frauds include the billionaire short seller, Jim Chanos, discovering the Enron fraud, the financial analyst blogger, Andrew Left, discovering Valeant, the "Pharmaceutical Enron", the Oldenburg German state prosecutor discovering Steinhoff, the "South African Enron", and financial analysts discovering Satyam, the "Asian Enron", and Parmalat, the "European Enron".
Lack of transparency Investors are not provided with the information necessary to determine the quality of the financial statements and disclosures of the companies they own. Investors are being asked to vote and ratify the selection of the auditor without the information necessary to make an informed decision. Investors are consistently told that audits have been done in compliance with GAAS set by the PCAOB, which is often a misleading statement as the PCAOB has found very high deficiencies in compliance with GAAS in its annual inspections of a sample of U.S. external auditors' procedures and reports. This lack of transparency cost investors $1.58 trillion in market capitalization by just 21 companies in the 21st-century frauds, occurring from 2000 to present, as discussed in this paper.

Lack of independent governance
The large audit firms, which audit the vast majority of publicly listed companies in the U.S. and around the globe, all lack meaningful independent governance of their own audit firms. This lack of governance, which ironically is required for all publicly listed, audited companies, has resulted in low audit quality and poor performance.
Lack of quality Based upon inspection reports from around the globe, audit quality is so poor that the International Forum of Independent Audit Regulators (IFIAR) called in the senior leadership from each of the six largest global audit firms to discuss the issue. The IFIAR undertook an initiative aimed to reduce the frequency of poor inspection findings and audit performance has improved, as reflected in a decrease of 25% of inspection findings over the last four years. Nevertheless, the IFIAR's 2016 inspection findings report stated that inspected audits of listed public companies had at least one finding of deficiency 42% of the time which remains unacceptably high. Finally, audit reports have failed to convey to investors, especially activist and passive investors, and to audit committees of boards of directors, the auditors' concerns, even when those same auditors know management and companies are violating laws and regulations, such as the Volkswagen, Boeing, Wells Fargo, and Johnson & Johnson examples cited in this paper.

AUDITOR UPGRADES
Similarly, the board of directors' audit committees could obtain assessment guidance or red flag warnings if their external auditors were not upgrading their own practices, as demonstrated with the following analysis of the external audit profession. Turner (2020) recommended several audit upgrades that would address and help solve current issues with poor audit quality.

Change the auditing regime
Remove the U.S. 1933 Securities Act that requires a public company to have an annual audit by an independent auditor. Replace it with a shareholderbased requirement that every five years, a shareholder proposal be included in the company's annual proxy statement that asks if shareholders want an independent audit of the financial statements. Accordingly, it would be made clear that independent auditors work for, and serve the public interest of, the owners of the companythe shareholders.
If the shareholders approve an independent audit requirement, the audit committee of the board of directors -not management-would select and nominate the auditor. This responsibility could not be delegated to management and the shareholders would then vote and approve the auditor. The audit committee -again not management -would then be responsible for negotiating the auditor's fee. The audit committee would submit a bill for the audit fee to the PCAOB which would collect a fee from each public company being audited to cover the auditor's bill. PCAOB already has a mechanism in place for collecting the fees legally required from all publicly listed companies which fund the PCAOB budget, not the federal government.
The following research studies were primarily consistent with Turner's arguments concerning auditor fees and auditor rotation. Audit fee research was explored concerning the effect of both the audit committee and the remuneration committee together determining audit fees. The results indicated that this combined job increased the price of audit fees (Akbar & Ramadhan, 2019). Another study examined the impacts of the corporate governance mechanism of audit committee characteristics, the internal audit arrangements, and the management ownership on external audit fees. It found a negative relationship between audit committee expertise and audit fees, indicating that auditors perceived firms with more audit committee members who possessed accounting and finance expertise to be less risky and thus charged less audit fees to these firms (Zain, Wahab, & Foo, 2010). Another study investigated the corporate governance impact of the Russian Corporate Code of Governance which strengthened the role of corporate boards to monitor top management performance. It found that demand for higher quality audits increased and that the audit fees were positively associated with the presence of an independent board chairman, a higher proportion of independent directors, and Russian state representatives on the board (Prokofieva & Muniandy, 2011).
The PCAOB could require companies to tender their audits for proposal if it found the auditors had engaged in improper professional conduct, as defined in SEC Rule 102(e); had a material weakness in their own internal audit quality controls; or had significant deficiencies on an audit in which they had failed to comply with GAAS. In no event would an audit firm serve as auditor for a publicly listed company for a period longer than 20 years, consistent with the maximum duration currently permitted by the European Union. Thus, as shown in this paper, the century-old and 50-year-old client/audit relationships for 14 companies and 100 companies, respectively, as well as 175 companies in the S&P 500 index which have had the same auditor for over 25 years, would all be terminated.
A research study investigated whether the EU mandated external auditor rotation related to increased accounting and audit quality. A state-ofthe-art analysis of empirical research illustrated ambivalent results so that the economic need for this audit market regulation in Europe is controversial (Velte & Eulerich, 2014). The lead researcher updated his initial findings by evaluating 103 empirical research studies on the link between auditor rotation and non-audit services and their influence on earnings quality, audit quality, and investor perceptions. The mixed results were explained by different theoretical impacts and the agency view and the resource-based view (Velte & Loy, 2018). Another study used earnings management, audit quality, audit tenure, firm size, leverage, liquidity, inventories, and losses to predict qualified audit opinions. The results showed that earnings management, audit quality, and audit tenure increased the probability of a clean (unqualified) opinion. Thus, the auditor was likely to give an unqualified opinion to a company that has long been a client (Susanto & Pradipta, 2017).

Make the new audit report universal
The new audit report adopted by the PCAOB should be required on audits of all public companies, including broker-dealers, mutual funds, and employee stock purchase plans. It requires the auditor to state and discuss critical audit matters and to include "a statement that PCAOB standards require that the auditor plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement, whether due to error or fraud". As discussed in this paper, the fraud prediction models, ratios, and related forensic procedures would aid the auditor in these tasks. For example, this paper recommended the forensic procedure of an online investigation of external evidence, such as current news, social media, and websites for discussion and analysis of a company's products, operations, and behavior. Similarly, Lynn Turner has advocated the need for auditors to consider publicly available, external information that contradicts the internal evidence of information provided by management. Also, if auditors become aware of a violation of a law or regulation that could have a material impact of the financial statements or operations of a company, they should be required to disclose it in their audit report. Again, this paper cited the non-disclosure examples of Volkswagen, Boeing, Wells Fargo, and Johnson & Johnson.

Include forensic segments in all audits
In 2000, the SEC's panel on audit effectiveness recommended that each audit include a forensic segment which has been ignored by external auditors to date, possibly due to the threat of losing their "annuity" income. Consideration should again be given to this recommendation, including establishing within GAAS the need for auditors to consider publicly available information that contradicts the evidence management has provided them.

Include audit quality indicators
The disclosure of audit quality indicators should be required for every audit report where the auditor's opinion is provided to investors in the company. These indicators should also be disclosed in the company's proxy statement as part of the board of directors' audit committee report to investors. Audit committees should also be required to disclose, either in the proxy or in the charter of the committee, their procedure for periodically tendering the audit, including their own monitoring of audit quality indicators. Audit firms should already be measuring audit quality on their individual audits if they are in fact managing audit quality. However, audit inspection results from around the globe suggest this is not occurring. All 28 of the potential audit quality indicators created by the PCAOB (2015) are listed in the Appendix. A case study found that the audit committee was generally effective in discharging its oversight role for compliance with legal requirements and best practice processes, though there were areas of concern for control frameworks and financial management to improve corporate governance (Dlamini, Mutambara, & Assensoh-Kodua, 2017).

Improve the transparency of the PCAOB
The PCAOB inspects a very small percentage of the audits of publicly listed companies each year and provides a public inspection report to each inspected firm with its findings. Such reports are the best indicators of audit quality today. Public disclosure of such reports is prohibited until the PACOB enforcement action is final. Unfortunately, audit firms have used this provision to appeal and delay actions against them. When the action is finally completed, they often make a public statement that says the final PCAOB action is now years old and should be ignored. Subsequent legislation, supported by the PCAOB, to make these reports available immediately has not been enacted and has been lobbied against by the Big Four audit firms which have also lobbied for the termination of the PCAOB.

Mandatory audit firm rotation
Current U.S. law requires that an audit partner, but not the audit firm, be rotated off as the lead audit partner of a company after no more than five years. However, there can be many partners on a large company audit and the lead partner can be rotated often. As a result, there are still incentives for partners not to bring up new problems from the past. This problem could be mitigated if mandatory audit firm rotation every 20 years, as required in the EU, is adopted in the U.S.

Make auditors reporters
Require each auditor of public companies to issue an annual report on its own audit firm, containing the following:  Financial statements prepared in accordance with Generally Accepted Accounting Principles (GAAP). This is important for assessing the financial health of audit firms, which have become "too big to fail" after the consolidation of the original Big Eight into the current Big Four, as demonstrated by actions of law enforcement agencies and regulators.
 A discussion of the firm's quality controls regarding all aspects of the audit including independence, hiring, training, and supervision; performance of audits; selection and retention of clients; and testing and enforcement of quality controls.
 A discussion of firm-wide audit quality indicators, as opposed to just individual audits.
 A description of the audit firm's governance structure, process, and procedures.
The European Commission already requires large audit firms to provide a report on such information. The U.S. audit firms do publish annual reports on their own, but they disclose very limited financial information (ironically, since they audit public companies for compliance with GAAP), as well as little information on governance, accountability, and performance measurement.

Additional solutions
Audit firms that audit more than 100 public companies should be required to have independent directors or members on their governing boards. All CPAs should be required to have a master's degree in accountancy. Large audit firms currently encourage students to just earn an undergraduate degree and begin their careers (with less pay) before receiving a master's degree which is disappointing as it highlights a lack of commitment to education. Actions speak louder than words. Finally, the SEC should revise its definition of an audit committee financial expert. The SEC should clarify that audit committees may not delegate this responsibility to management, which is often done today, such as when the audit committee names its required financial expert as just a CEO of another company, thereby defaulting financial expert expertise to management.

DISCUSSIONS
In summary, indications that the current audit regime is not working are significant. Neither the public interest nor the needs of investors are being served by the auditor-client relationship as it exists. The reforms suggested in this paper, primarily by Lynn Turner, the former Chief Accountant of the SEC, represent advances that would help both board of directors' audit committees and the auditing profession become trusted watchdogs of public companies' financial information and strengthen corporate governance.
Such suggested reforms are consistent with the view of an accounting expert who has critiqued the work of corporate managers and auditors over the past 20 years, Edward Ketz: "There is no hope of improved accounting and disclosure and little chance of meeting the needs of the investment community unless and until somebody points out the problems. Accounting reports are still deficient from time to time and auditors occasionally miss key aspects in the audit. The errors and omissions do not stand a chance of correction if accounting experts remain quiet. Do we wish to repeat the accounting frauds of 2002 or the banking crisis of 2008? If not, objective and independent accounting experts must stand up whenever the system reveals cracks and leaks" (Ketz, 2019). Such accounting experts are critical for boards of directors' audit committees to strengthen corporate governance.
Such a re-emergence of the relevance and credibility of the external auditing profession would reinforce and aid the new, modern purpose and responsibility of a public company. In August 2019, the Business Roundtable (BR), representing the most powerful chief executive officers (CEOs) in the United States, issued a 300-word Statement on the Purpose of a Corporation. This Statement included signatures by 183 of the 192 current CEO members of the BR. Since 1978, BR has periodically issued Principles of Corporate Governance. Since 1997, each version of the document has endorsed principles of shareholder primacy, i.e., that corporations exist principally to serve shareholders. This new Statement supersedes previous statements and outlines a modern standard for corporate responsibility. It proclaims: "BR members share a fundamental commitment to all our stakeholders and commit to doing well by our customers, employees, suppliers, and local communities. Each of our stakeholders is essential and we commit to deliver value to all of them, for the future success of our companies, our communities, and our country" (Business Roundtable, 2019).

CONCLUSION
The major research question in this paper is how to provide guidance to board of directors' audit committees in order to strengthen corporate governance. The guidance was provided in the major sections of this paper on fraud analysis, auditor assessment tool, auditor continuing issues, and auditor upgrades. Instead of turning over the external auditor choice and assessment to management as many board of directors' audit committees have done and still do, these audit committees should take on such responsibilities which would strengthen corporate governance.
The audit committees could start by using the Center for Audit Quality's External Auditor Assessment Tool which has many key questions for assessing major attributes of the external auditor's relationship with a company and its board of directors. Unfortunately, this tool is not a required procedure, as indicated in this paper by the major 21st-century frauds in financial reporting by 21 public companies, which lost investors $1.58 trillion, even though public companies are required to have an annual external audit. Although external auditors are required by their own auditing standards to consider the possibility of such fraudulent financial reporting, their efforts have often come up short, and they appear not to have been using the wellknown fraud prediction models and ratios discussed and applied in this paper. They have even testified in court that they do not have an obligation to detect material financial statement fraud which would serve the public interest. The long-term relationships between external auditors and the companies they audit, many over 50 years, may be contributing to these problems.
Lynn Turner raised the four continuing issues affecting the credibility and trust in the auditing profession, namely the lack of independence, the lack of transparency, the lack of independent governance, and the lack of quality (Turner, 2020). He made recommendations on how to reform the audit system and build a sound business model of auditing, such as changing the auditing regime, making the new audit report universal, including forensic segments in all audits, including audit quality indicators, improving the transparency of the PCAOB, requiring the mandatory audit firm rotation, and making auditors reporters. The boards and their audit committees should follow these recommendations to advance the audit quality.
A limitation of the paper is the lack of empirical assessment of this proposed guidance. Future research could focus on tracking the implementations of these audit reforms and related corporate governance, linked to this Business Roundtable recommendation to focus on all stakeholders, not just shareholders, with case studies of board of directors' audit committees, their external auditors, and corporate governance in major public companies listed in both the U.S. and global stock exchanges. For example, a study of companies listed on NYSE Euronext Lisbon found a significant direct relationship in the fulfilment of the recommendations of corporate governance and verification by the external auditor. Greater transparency of information and a reduction of agency problems, fraud, and economic crimes were found (Ferreira, 2019). Another research paper did a critical analysis of existing audit committee literature and found mixed results for audit committee effectiveness (Wu, Habib, & Weil, 2012).