Auditing is usually routine, fairly predictable work. But it’s important work, as Phil Baumann tells us on his blog recently.
In the past, relationships were multiyear, both for the firm and the key partners. Over time, the audit firm became very familiar with the clients’ business, sometimes too comfortable. Audit was an annuity relationship, a predictable revenue source. As much as partners like the high growth and sometimes higher fees of the consulting businesses, both before and after Sarbanes-Oxley, even with all the audit litigation, consulting is still viewed by traditional audit-pedigree partners as the more “risky” type of relationship.
Sarbanes-Oxley made audit work sexy, at least from a revenue perspective. Auditors also basked in the spotlight. Even though their good feelings were tempered by being regulated, they were understandably less concerned about regulators than they were about the increase in litigation, as a series of new scandals like backdating continued to cast doubt on their commitment to being guardians of the public trust.
The balance of power in the auditor-client relationship shifted after Sarbanes-Oxley was passed in the summer of 2002. Auditors could hold clients’ toes to the fire and insist on changes and adjustments, if they deemed them necessary. The number of auditor changes during those first few years after 2002 were unprecedented, as both clients and auditors looked for more friendly relationships since auditors were forced to tell some clients, “The buck stops here.”
The days of audit as a commodity during the heyday of the firms’ consulting growth during the late 1990s-early 200X years were over. Three of the remaining Big 4, after the demise of Arthur Andersen, sold off their consulting businesses. They kept a shell of their former selves and their “consulting” practices focused on core competencies like controls and process improvement around financial systems. Deloitte, while maintaining their consulting business, relegated it to the back seat, beholden to the new constraints of the regulation of the audit industry. In an audit firm, audit always comes first and foremost. That is as it should be, for the protection of the independence and objectivity of the auditors charged with protecting interests of their clients’ shareholders.
But then the backlash over auditors’ high fees from Sarbanes-Oxley, both as external auditors and as consultants to their non-audit clients, began. Auditors lost their grip and didn’t sell the concepts well. Regulators and lawmakers started to agree that the auditors’ strict approach, based primarily on their fear of litigation more than a sudden conscience, was cramping capitalism’s style.
Did the audit firms anticipate this and react accordingly? Did they sell their clients on the benefits of having strong controls and best in class processes? No. They’ve never been good as salesmen. Too little competition for too long. They operate much better under rigid, rule based requirements that leave no room for judgment, nuance, or grey space. When they could force clients to follow their rules, they did. When they were afraid of losing the client, they caved in.
Black and white. No attempt to provide a service to shareholders. Pure self-interested survival tactics.
About two years ago the audit firms all started, in varying degrees and at different paces, to rebuild and reinvigorate their “consulting” practices. Deloitte never stopped doing full service consulting, including systems integration, but the others have tiptoed carefully back into bigger and better technology-oriented services, still focused on internal control, security, risk management, process improvement, and now “governance, risk and compliance,” or GRC. They’ve reestablished stronger alliances with the big software firms like SAP and Oracle, they purchased smaller consulting firms in the security, controls, and identity management space and they have made “catalyst” hires, experienced consultants and technologists at all levels, to jump start this work.
Of the firms that have so far reported 2008 results, Deloitte and PwC, both have reported much higher growth of their “consulting” or advisory practices than audit. All the more reason to believe they can count on consulting to replace the revenue that’s no longer pouring in from Sarbanes-Oxley. IFRS implementation is one big opportunity for consulting service growth, as well as providing additional work on the audit side, though not as much as Sarbanes-Oxley did.
More to come on IFRS, because I recently attended an excellent seminar presented by Resources Global and led by Colleen Cunningham, formerly of FEI. It seems that when companies transition to IFRS, they will have to convert at least two prior years as well as current year to the new standard and have the prior financial statements re-audited per IFRS. This is a nice revenue bump for the Big 4, one that will continue as long as companies are converting, but dependent on them getting resources trained and ready in time, at the right time, not too early and not too late. Forecasting staffing requirements and providing just-in-time but proactive training has not been their strong suit, especially when it requires dependence on their non-US “offices” for support and guidance.
One thing to keep in mind with regard to any numbers reported publicly by the Big 4 is that they are unaudited, not prepared according to any standard, and not complete or verifiable. Notwithstanding recommendations made in the Treasury report, I don’t see the firms changing their tune on this topic anytime soon.
I have debated on this blog the size of Deloitte’s consulting practice compared to its audit practice. Depends on if you include the internal audit and risk management practice in the audit/assurance numbers as they do in their published reports or in the advisory numbers as they do internally, whether formally or informally, to make consulting feel bigger.
Same issue with the recently reported numbers from PwC. At the time of posting this article, I have a question into PwC’s PR lead to ask about this categorization. The actual annual report is not yet available on the web site and probably does not elaborate at this level of detail anyway. PwC flip flopped internal audit services into advisory as of 2005 and recently transferred their Systems and Process Advisory (SPA) practice from audit/assurance to advisory. These changes raise questions about how they have categorized revenues. I also asked PwC what percentage of internal audit and IT audit/security/risk management hours were charged to audit/assurance clients versus non-audit clients. As of 2006 when I left, the percentage was high for audit clients. If that’s true, then that revenue will go away as those fees go down. (It’s also a good question I hope they answer about Tax services.)
In addition, the current financial crisis is causing consolidation and a slowing economy that, to anyone with common sense, means less consulting, especially technology related consulting. There are many articles out right now, for example in ZDNet, that talk about the negative impact of the economic crisis on revenues for software and services firms in the technology sector. Every company is going to be more careful and spend only on a discretionary basis, even for GRC services. Big 4 firms lost many of their clients, both consulting and audit/assurance, to the consolidation and failure/disappearance of so many financial service firms. All of the Big 4 are going to see fewer engagements, smaller, shorter scopes, and tighter budgets for approved projects.
So, for example, Deloitte was auditor of Bear Stearns, Merrill Lynch, and WaMu, and one or more of the other Big 4 firms was doing their consulting work. You can see the problem. All audit firms lose when so many companies get acquired or go out of business so quickly, since vendor relationships shift, in particular to respond to independence and concentration concerns. PwC has gained on the audit side with the significant purchases by JP MorganChase and Bank of America, their existing audit clients. But PwC has probably lost consulting work when other companies were sold or went bankrupt.
Moves by the Big 4 to buy smaller consulting firms are really a very short term move, meant to raise their profile, add key resources, and eliminate competition. These firms, like the recent Entology acquisition by PwC may seem attractive, but this strategy is the opposite of what they should be doing. They should be forming strong alliances with these firms instead.
Being acquired by a Big 4 is not in the best interests of the owners and employees of these firms either. Granted, the owners get a quick payout on the current value of their client list and their current revenue. But any Big 4 firm that buys one of these firms can kiss probably one-half to two-thirds of the current client base goodbye due to independence conflicts. Everyone would be better off leaving these firms independent of the Big 4. Current owners of firms in the GRC space should sell to Protiviti or Huron or another independent firm so they can keep their entire client list. Seems like buying these software/services firms in the GRC is really short term thinking, but why am I surprised? Audit firms, partnerships, are run to produce year to year maximum cash flow distribution on an after-tax basis for the partners. That is what it is and that’s all there is.
The Big 4 are not going to see real growth in consulting practices to make up for the slow growth on the audit side. The bankruptcy and workout guys, as well as the investigations and litigation support folks will be busy, but these engagements are short, sweet spurts, not long term annuities. In many cases the Big 4 have been playing on one or the other side of the same failing organizations.
So where will the revenue growth come from? Well, we may never know, since the numbers they publish are whatever they want them to be.
Old accountant joke:
CFO to Auditor: So what’s my Net Income going to be this quarter?
Auditor to CFO: What do you want it to be?