Where In The World Is The Revenue?
Auditing is usually routine, fairly predictable work. But it’s important work, as Phil Baumann tells us on his blog recently.
In the past, relationships were multiyear, both for the firm and the key partners. Over time, the audit firm became very familiar with the clients’ business, sometimes too comfortable. Audit was an annuity relationship, a predictable revenue source. As much as partners like the high growth and sometimes higher fees of the consulting businesses, both before and after Sarbanes-Oxley, even with all the audit litigation, consulting is still viewed by traditional audit-pedigree partners as the more “risky” type of relationship.
Sarbanes-Oxley made audit work sexy, at least from a revenue perspective. Auditors also basked in the spotlight. Even though their good feelings were tempered by being regulated, they were understandably less concerned about regulators than they were about the increase in litigation, as a series of new scandals like backdating continued to cast doubt on their commitment to being guardians of the public trust.
The balance of power in the auditor-client relationship shifted after Sarbanes-Oxley was passed in the summer of 2002. Auditors could hold clients’ toes to the fire and insist on changes and adjustments, if they deemed them necessary. The number of auditor changes during those first few years after 2002 were unprecedented, as both clients and auditors looked for more friendly relationships since auditors were forced to tell some clients, “The buck stops here.”
The days of audit as a commodity during the heyday of the firms’ consulting growth during the late 1990s-early 200X years were over. Three of the remaining Big 4, after the demise of Arthur Andersen, sold off their consulting businesses. They kept a shell of their former selves and their “consulting” practices focused on core competencies like controls and process improvement around financial systems. Deloitte, while maintaining their consulting business, relegated it to the back seat, beholden to the new constraints of the regulation of the audit industry. In an audit firm, audit always comes first and foremost. That is as it should be, for the protection of the independence and objectivity of the auditors charged with protecting interests of their clients’ shareholders.
But then the backlash over auditors’ high fees from Sarbanes-Oxley, both as external auditors and as consultants to their non-audit clients, began. Auditors lost their grip and didn’t sell the concepts well. Regulators and lawmakers started to agree that the auditors’ strict approach, based primarily on their fear of litigation more than a sudden conscience, was cramping capitalism’s style.
Did the audit firms anticipate this and react accordingly? Did they sell their clients on the benefits of having strong controls and best in class processes? No. They’ve never been good as salesmen. Too little competition for too long. They operate much better under rigid, rule based requirements that leave no room for judgment, nuance, or grey space. When they could force clients to follow their rules, they did. When they were afraid of losing the client, they caved in.
Black and white. No attempt to provide a service to shareholders. Pure self-interested survival tactics.
About two years ago the audit firms all started, in varying degrees and at different paces, to rebuild and reinvigorate their “consulting” practices. Deloitte never stopped doing full service consulting, including systems integration, but the others have tiptoed carefully back into bigger and better technology-oriented services, still focused on internal control, security, risk management, process improvement, and now “governance, risk and compliance,” or GRC. They’ve reestablished stronger alliances with the big software firms like SAP and Oracle, they purchased smaller consulting firms in the security, controls, and identity management space and they have made “catalyst” hires, experienced consultants and technologists at all levels, to jump start this work.
Of the firms that have so far reported 2008 results, Deloitte and PwC, both have reported much higher growth of their “consulting” or advisory practices than audit. All the more reason to believe they can count on consulting to replace the revenue that’s no longer pouring in from Sarbanes-Oxley. IFRS implementation is one big opportunity for consulting service growth, as well as providing additional work on the audit side, though not as much as Sarbanes-Oxley did.
More to come on IFRS, because I recently attended an excellent seminar presented by Resources Global and led by Colleen Cunningham, formerly of FEI. It seems that when companies transition to IFRS, they will have to convert at least two prior years as well as current year to the new standard and have the prior financial statements re-audited per IFRS. This is a nice revenue bump for the Big 4, one that will continue as long as companies are converting, but dependent on them getting resources trained and ready in time, at the right time, not too early and not too late. Forecasting staffing requirements and providing just-in-time but proactive training has not been their strong suit, especially when it requires dependence on their non-US “offices” for support and guidance.
One thing to keep in mind with regard to any numbers reported publicly by the Big 4 is that they are unaudited, not prepared according to any standard, and not complete or verifiable. Notwithstanding recommendations made in the Treasury report, I don’t see the firms changing their tune on this topic anytime soon.
I have debated on this blog the size of Deloitte’s consulting practice compared to its audit practice. Depends on if you include the internal audit and risk management practice in the audit/assurance numbers as they do in their published reports or in the advisory numbers as they do internally, whether formally or informally, to make consulting feel bigger.
Same issue with the recently reported numbers from PwC. At the time of posting this article, I have a question into PwC’s PR lead to ask about this categorization. The actual annual report is not yet available on the web site and probably does not elaborate at this level of detail anyway. PwC flip flopped internal audit services into advisory as of 2005 and recently transferred their Systems and Process Advisory (SPA) practice from audit/assurance to advisory. These changes raise questions about how they have categorized revenues. I also asked PwC what percentage of internal audit and IT audit/security/risk management hours were charged to audit/assurance clients versus non-audit clients. As of 2006 when I left, the percentage was high for audit clients. If that’s true, then that revenue will go away as those fees go down. (It’s also a good question I hope they answer about Tax services.)
In addition, the current financial crisis is causing consolidation and a slowing economy that, to anyone with common sense, means less consulting, especially technology related consulting. There are many articles out right now, for example in ZDNet, that talk about the negative impact of the economic crisis on revenues for software and services firms in the technology sector. Every company is going to be more careful and spend only on a discretionary basis, even for GRC services. Big 4 firms lost many of their clients, both consulting and audit/assurance, to the consolidation and failure/disappearance of so many financial service firms. All of the Big 4 are going to see fewer engagements, smaller, shorter scopes, and tighter budgets for approved projects.
So, for example, Deloitte was auditor of Bear Stearns, Merrill Lynch, and WaMu, and one or more of the other Big 4 firms was doing their consulting work. You can see the problem. All audit firms lose when so many companies get acquired or go out of business so quickly, since vendor relationships shift, in particular to respond to independence and concentration concerns. PwC has gained on the audit side with the significant purchases by JP MorganChase and Bank of America, their existing audit clients. But PwC has probably lost consulting work when other companies were sold or went bankrupt.
Moves by the Big 4 to buy smaller consulting firms are really a very short term move, meant to raise their profile, add key resources, and eliminate competition. These firms, like the recent Entology acquisition by PwC may seem attractive, but this strategy is the opposite of what they should be doing. They should be forming strong alliances with these firms instead.
Being acquired by a Big 4 is not in the best interests of the owners and employees of these firms either. Granted, the owners get a quick payout on the current value of their client list and their current revenue. But any Big 4 firm that buys one of these firms can kiss probably one-half to two-thirds of the current client base goodbye due to independence conflicts. Everyone would be better off leaving these firms independent of the Big 4. Current owners of firms in the GRC space should sell to Protiviti or Huron or another independent firm so they can keep their entire client list. Seems like buying these software/services firms in the GRC is really short term thinking, but why am I surprised? Audit firms, partnerships, are run to produce year to year maximum cash flow distribution on an after-tax basis for the partners. That is what it is and that’s all there is.
The Big 4 are not going to see real growth in consulting practices to make up for the slow growth on the audit side. The bankruptcy and workout guys, as well as the investigations and litigation support folks will be busy, but these engagements are short, sweet spurts, not long term annuities. In many cases the Big 4 have been playing on one or the other side of the same failing organizations.
So where will the revenue growth come from? Well, we may never know, since the numbers they publish are whatever they want them to be.
Old accountant joke:
CFO to Auditor: So what’s my Net Income going to be this quarter?
Auditor to CFO: What do you want it to be?
Not really on topic but . . .
I always wondered whether we could simplify the auditor / public company relationship by making the SEC the entity that hired public companies’ auditors. They could also have the power to set rates.
What do you think?
@bill kennedy Interesting idea. We might as well eliminate the duplication of effort and constraint on qualified resources that exists in having a separate corp at PCAOB that reviews the auditors by just having the Feds takeover the audit function directly. Companies could pay the US Government. Way to pay for the bailout that their auditors didn’t warn us about.
I disagree on GRC. If legislators do a pile of revamping then I anticipate a new wave of GRC work. At the very least this should be seen as an opportunity to re-examine some of the practices and methods that have contributed to the problems we are witnessing today.
I also disagree with the notion that auditors perform best when there are no shades of gray. That may be true in the US but as you know I don’t subscribe to rules based methods because they always attract those who try and skirt around them.
@Dennis Howlett I agree that GRC work is additive, just that it won’t ever get to be as big as SOx for the Big 4. Clients will keep it in check. And so much of it is technology and the Big 4 , other than Deloitte, don’t do technology for big bucks. Their GRC projects are dwarfed by the ERP and enterprise software implementations that go to real systems integrators. Big 4 are just getting the functional work and that may be squeezed due to loss of so many of the biggest compliance consulting buyers, the banks.
My comment on auditors and shades of grey was that the typical accountant is trained to apply rules. They are usually most comfortable, at least in US with black and white. But as you know, I am in favor of IFRS and using judgment because I believe the auditors should finally be forced to use and be held accountable for judgments rather than being able to hide behind rules.
There are 2 problems with this statement, “recently transferred their Systems and Process Advisory (SPA) practice from audit/assurance to advisory.”
1) It is the Systems and Process Assurance” group,
2) The SPA practice is still firmly embedded in the Assurance practice, although a few SPA professionals did move to Advisory.
OK – so I know GRC is often positioned as technology but as we both know, there is a lot more to it than that. I’m thinking that the current crisis gives companies an opportunity to re-examine what they’re doing at multiple levels.
It *may* not be the Deloitte’s of this world that get the meat of the work but the work will be there.
It’s a topic I’m exploring at TechEd Berlin so it will be interesting to see what customers have to say. They’re the final arbiters although I do know the s/w vendor in this case is very interested to see what transpires. I’m not surprised.
@ I Just Work Here
Thanks for the clarification. I, of course. know it was called Systems and Process “Assurance” but was making a joke, given what I understood to be the transfer of most of this crew to Advisory. But didn’t a lot of these folks get let go too? Many reports from all over on that subject, including individuals contacting me directly. So, some of the long time, IT audit and security partners suddenly became consultants, some stayed in Assurance and some folks left. So where do you think the revenue for this “practice” will be recorded in PwCs Annual Report? In Assurance for some, in Advisory for others or wherever it makes sense for PwC? I may get an answer from PwC’s PR person, but I doubt it.
Francine – your comment “going to see fewer engagements, smaller, shorter scopes, and tighter budgets for approved projects” is DEAD ON.
I don’t work in the client service side of the house, but I do work for a Big 4 firm and can attest to that statement. We are putting projects on hold or cancelling them all together. We are also feeling the after shocks of the recent financial crisis.
I enjoy reading your blog and being able to better picture what our auditors do on the daily. I know see more clearly what the affects of their decisions have on all of us. For all our sakes, I hope they have been doing the “right thing” this whole time…
@2:27…i’ll second that on the size and scope of projects. Or ones that were in the pipeline are shelved all together.
It’s going to a long, cold year.
I was told only about 60 people moved from SPA to Advisory. That number jives with the number of people I know who came over. It was mostly a realignment to get professionals focusing in the same areas into the same group – somewhere along the line some redundancies developed, especially around the security and ERP controls practices. Most of SPA stayed in Assurance and continues to focus on the audit.
Way way off topic, but it looks as if your Chicago baseball teams are about as competent as the Big 4. Looks like yet another long dark winter for the Cubs. With respect to the White Sux, lowered expectations were in order anyhow.
Moving 60 or so people from SPA into Advisory hardly constitutes a movement of the entire business, as you’ve said.
It seems your views are, as usual, overly simplistic and naive. The SPA practice is comprised of individuals who assist on assurance engagements, individuals who work on advisory engagements, and many individuals who do both. It is impossible to draw bright lines on where the SPA practice should fall, as they cross many borders. You can’t just cram them all into Advisory, or cram them all into Assurance. And frankly, why does it matter?