It has long been a basic statutory requirement that a company must have its annual financial report audited and must obtain an auditor’s report about the conduct of the audit. Currently, this requirement is found in s. 301 of the Corporations Act 2001 (Cwlth). This requirement has been imposed since the earliest Australian company law statutes. The first Australian companies legislation to include mandatory financial reporting requirements, the Companies Act 1896 (Vic), was enacted ‘in the wake of large-scale company losses, land fraud, and bank and building society failures’ (Peirson & Ramsay 1983, p. 288). Section 28(1) of that Act stated that:
No balance-sheet of any company shall deemed to be filed … unless the same shall have subscribed thereto or indorsed thereon a certificate signed by the duly appointed auditors that such auditors have audited the same and have certified to the correctness or otherwise of the said balance-sheet.
Before outlining the current legal requirements for company audits, it is useful to examine some of the rationales that have been provided for these mandatory audit rules over the past 100 years.
The mandatory audit requirement must be understood against the underlying requirements about the public disclosure by companies of their financial affairs. Mandatory public financial reporting was introduced in the United Kingdom by the Joint Stock Companies Act in 1844. Whilst these requirements were de-emphasised in the subsequent Companies Act 1862, they have since formed a major part of modern corporate legislation and corporate regulation. At the time, these requirements were prompted by concerns over the incidence of corporate fraud. The rationale for these requirements was summed up (some 70 years later) in Mr Justice Brandeis’ famous aphorism that ‘sunlight is the best disinfectant, electric light the best policeman’ (Brandeis 1913, cited in Weiss 1979, p. 575). This concern about the importance of protecting investors from financial fraud has persisted as one of two interwoven rationales for mandatory financial audits. It is premised on ideas of investor susceptibility and lack of expertise. The assumption is that potential victims of corporate misconduct will be able to take note of this publicly available and professionally verified information, and take appropriate steps to protect themselves, or to seek their own remedies.
The second rationale is that audits promote confidence and empower investors to make rational and informed financial decisions. This policy was described by Street CJ in Eq in re Castlereagh Securities Ltd ( 1 NSWLR 624, p. 638) in the following way:
A sound share market and the ability of shareholders to reach reliable conclusions are dependent upon shareholders, brokers and financial experts having access to full and reliable information concerning the affairs of companies. The courts do not, and directors should not, yield to the laconism that the only financial information most shareholders want is the figure on their dividend cheques. It is the clearly discernible intention of the companies legislation that companies should make adequate disclosures to enable shareholders individually, and the market collectively, to reach informed judgments. Over value and under value are both obnoxious. Where authentic details are not forthcoming, inference and even speculation inevitably take over. Decisions based on gossip or on inside information are concomitants of an unhealthy market.
Economic theory has also emphasised this argument. For example, audits are said to ‘improve the reliability of financial statements, make them more credible and increase shareholders’ confidence in them’ (Panel on Audit Effectiveness 2000, cited in Ramsay 2001, para. 4.01). In this way audits are said to ‘add value’ to the financial statements and to the capital markets in general (Ramsay 2001, para. 4.02). The statutory requirement for an audit is then said to reinforce these credibility-enhancing and value-adding functions, providing an independent third party who can verify the financial information produced by a company. In theory, this reduces the costs that users of that information would otherwise incur if they had to verify it themselves. Auditors thus serve as ‘reputational intermediaries’, assisting the efficient operation of the market for corporate information (Corbett 1994, p. 850, referring to Gilson & Kraakman 1984).
A different justification for the mandatory imposition of audit requirements can be found in the ‘concession’ theory of company incorporation. According to this theory, the grant by the State of independent legal status to a company creates a private actor with special powers and capacities (for example, the company’s capacity to issue shares and to enter into contracts). This special status is therefore said to carry certain obligations. On this view, the requirement that a company should publicly disclose its financial affairs on a regular basis and be subject to an audit is the quid pro quo for the grant of incorporation by the State. On this view, when an auditor is engaged to meet the company’s statutory audit requirement, they can thus be said to be performing a dual function. The first function may be described as ‘private’. It arises from the contractual relationship between the auditor and the company. This contract imposes various duties on the auditor, which are discussed later in this chapter. Breach of these duties may result in an action for damages brought by the company against the auditor. Secondly, there is a more public function. The companies legislation not only requires that an auditor should report to the company about its financial statements, but also that this report should become part of the public record about the company. Moreover, while they are conducting the audit and reporting to the company, the auditor is under a number of statutory obligations which cannot be contractually modified. The auditor is prohibited by the statute from contracting out of any liability for breach of their duties to the company (Corporations Act, s. 199A). Furthermore (as noted below), an auditor is required to inform the Australian Securities and Investments Commission (ASIC, the regulator responsible for enforcing the Corporations Act) if the auditor suspects a contravention of the Act has occurred. In this sense, the audit is part of the wider public system of corporate regulation. There is, clearly, a tension between these private and public roles which is most evident when considering the question of an auditor’s liability to persons outside the contractual relationship (a topic dealt with later in this chapter).
 Similar requirements apply elsewhere; for example, see the Companies Act, s. 9, in the United Kingdom, and the Canada Business Corporations Act, ss. 155 and 169. In Australia, the audit requirement also applies to other corporate entities such as managed investment schemes. It does not apply to small proprietary companies unless this is required by at least 5% of the voting shareholders (Corporations Act, s. 293).
 There is disagreement about the contemporary relevance of concession theory, given the relative ease with which companies can now be registered. For a discussion, see Bottomley (1999).