The history of auditing is—in a sense—a history that began when one person entrusted another with work to perform and then had the consequent necessity of checking over that work to ensure it had been properly performed. What may have begun as a relatively simple method of oversight, however, such as reading through the books to see that everything looked in order, has progressed through time to become a much more complicated and highly regulated system of checks. As businesses become increasingly digital and the volume of electronic data processed by them grows exponentially, auditing has had to adjust and update its methods in order to be able to properly protect investors. It has also had to do so in response to the increasingly complicated finances of modern businesses.
Looking back at the start of auditing, historians believe some version of recordkeeping may have been utilized as far back as 4000 B.C. in the Near East for business accounting and tax collection purposes. There are also indications that similar systems were used in China. Babylonia, Greece, and the Roman Empire all had some form of auditing system to make sure there was no fraud or corruption (Research Opportunities in Internal Auditing 3).
Something closer to what we think of as auditing today developed during the Industrial Revolution, as businesses began to increase in size and their accounting needs became much more complicated than they had been previously. The advent of large railroad companies—which were the largest companies created during that time period by far—also led to the need for new ways to manage and oversee accounting operations. Still, at that time, the type of auditing performed was a mere bookkeeping audit.
It wasn’t until just after the stock market crash of 1929, however, that the U.S. government began to regulate the stock market and made many recommendations related to auditing standards. Prior to the Great Depression, U.S. auditing consisted mainly of balance sheet audits related to investigating a company’s assets and liabilities. Financial records that were—at best—misleading and—at worst—fraudulent helped lead to the crash.
In response to the Great Depression, the U.S. passed the Securities Act of 1933, also called the “Truth in Securities Act” or the “Federal Securities Act,” to regulate public offerings by requiring certain financial disclosures. The following year the Securities Exchange Act of 1934 was passed, which established the Securities and Exchange Commission. It also regulates secondary trading between companies and individuals unrelated to original issuers of stocks. The SEC regulates entities such as the New York Stock Exchange (NYSE), self-regulatory organizations (SROs) such as the National Association of Securities Dealers (NASD), and various other organizations performing business transactions on behalf of others.
The government considered whether it should take on the role of financial auditor of corporations at around that time, but the industry assured Congress it would employ independent auditors to carry out that role.
As far as actual practices went, the management of a company continued to control the scope of the independent audit during this time period. Many audits weren’t at all what would now be considered independent. Auditors relied heavily on information given to them by management. It was also during this time—from the 1920s through the 1960s—that the role of auditors changed somewhat. As the ownership of companies became increasingly separate from the management of companies via the stock market and other forms of investment, auditing became a way for the company to convince potential investors that their financial statements and assurances were valid. This was a shift from the earlier audit functions of checking for errors and investigating for fraud for the sake of management.
Generally acceptable accounting standards didn’t exist until the Committee on Auditing Procedure of the American Institute of Accountants drafted and published the “Tentative Statements of Auditing Standards—Their Generally Accepted Significance and Scope” in 1947. This—like most changes in auditing—came about because of a great scandal, the McKesson and Robbins fraud, which occurred in the late 1930s, and the failure of auditors to detect it. It was in reaction to this that the actual physical inspection of inventories and confirmation of account receivables began to be the norm.
Though the name of the American Institute of Accountants eventually changed to the American Institute of Certified Public Accountants (AICPA) and the name of statements promulgated by the AICPA has changed to Statements on Auditing Standards, they are ongoing today.
In the 1950s, even as automated auditing systems began to be created, manual auditing remained the norm. This didn’t change until the 1960s when IBM released its 360 model, which was relatively affordable and marked the beginning of what would eventually be the digital age. Also, Felix Kaufman wrote a book called Electronic Data Processing and Auditing that showed how much more effective auditing could be when auditors utilized and considered information processed by computers as well as the processes, themselves. This marked a paradigm shift in the auditing world.
Still, the auditing world struggled to develop efficient, effective methods and many auditors continued to do physical audits and to ignore, to a certain extent, the information available in electronic form. In 1971, the AICPA commissioned a study group led by Francis Wheat, a former SEC commissioner, to analyze accounting principles and determine—among other things—whether the accounting industry should create its own standard of accounting principles or whether the government should be so tasked. The Wheat Commission eventually recommended that the AICPA establish the Financial Accounting Foundation. The trustees of this foundation were to appoint members to a new regulatory group called the Financial Accounting Standards Board, which would be an industry regulator. The FAF would raise funds for the FASB to keep it independent and insulate it from biases that could be created in response to private funding-related issues.
The Cohen Commission was also formed by the AICPA in the 1970s in response to several catastrophic business failures, including the bankruptcies of Equity Funding Corporation of America and Penn Central Railroad. That commission’s report led to industry reform to diffuse the government’s concerns. The reform included the creation of the AICPA private companies practice section and the SEC practice section.
One interesting outcome of the Equity Funding Corporation debacle is that it was determined that if Electronic Data Processing (EDP) had been used, the fraud would have been detected much more quickly.The Foreign Corrupt Practices Act of 1977 had serious implications for auditors as well. The FCPA prohibits companies from bribing foreign officials to get or keep business and includes requirements for businesses to have safeguards and internal controls in place to prevent these actions from occurring. All companies registered with the SEC had to create internal controls and their accounting systems also became more robust as a result.
As companies became bigger and the financial world became more complex, the focus of auditing began to shift from checking balance sheets to verifying that the internal control system of a company was sound and properly structured. Then, in the 1980s, there began to be a shift toward risk-based auditing, which involved focusing on the specific areas in which there was the greatest chance of error based on an understanding of the industry and its client. This shift occurred because of the expense associated with internal control system auditing.
Additionally, as computers became more widespread, vendors began developing more sophisticated automated tools that became standardized throughout the industry, which freed firms from the necessity of creating their own versions in-house. Computer Assisted Auditing Tools (CAATs) were developed. These changed the face of auditing from the manual functions of earlier times to more sophisticated processes involving data extraction and analysis.
Then in the early 2000s, extensive fraud at Enron, WorldCom, and other companies was revealed, leading to the bankruptcies of those companies and to that of Arthur Andersen, the auditing firm that had failed to detect the fraud.
In response, the Sarbanes-Oxley Act (SOX) was passed by Congress in 2002 by a near unanimous vote. This implemented heightened requirements on all companies registered with the SEC and placed the responsibility on businesses and auditors. It also dictated that auditors spend more time searching for fraud as part of the auditing process.
There are a great many innovations in auditing—such as continuous auditing or continuous data assurance, an automated system that checks for fraudulent activity in real-time—that are still not standard in auditing, but that offer a great number of tools that could prove instrumental in tracking down fraud in large corporations. The data extraction and analytical capabilities of some of these newer tools could make auditing more efficient and more effective. According to the AICPA (Byrnes 2012), global losses caused by fraud amounted to a staggering $2.9 trillion in 2009. With the potential of protecting global markets from the effects of these illegal actions, the auditing industry is continuing to adapt and progress.
Byrnes, Paul Eric et al. Evolution of Auditing: From the Traditional Approach to the Future Audit. New York: American Institute of Certified Public Accountants, 2012.
Research Opportunities in Internal Auditing. Eds. Andrew D. Bailey, Jr., Audrey A. Gramling and Sridhar Ramamoorti. Altamonte Springs: The Institute of Internal Auditors Research Foundation, 2003.