Audit Integrity Says, “I Dare You…” – Who Audits The 300 Worst Companies?
Audit Integrity was founded in 2002 to serve investors, insurers, auditors, and corporate finance professionals. They say they are the leading independent research firm that rates more than 7,000 North American public companies based on a proprietary measure of corporate integrity. I was aware of them prior but this latest move is quite daring, ballsy even.
In a press release today, Audit Integrity dares the 300 publicly traded corporations in the United States that they rate “Very Aggressive,” their worst rating, to use their new tool, RiskProfiler© , free of charge to pre-evaluate their next quarterly SEC filings. The idea is to identify vulnerability to negative events such as fraud, earnings restatements, restructuring, shareholder litigation and bankruptcy. As rated by Audit Integrity, these companies pose a higher systemic risk to stakeholders including investors, employees, creditors, regulators and, as recent events have proven, taxpayers.
There are some very interesting names on their list. Their 300 Worst companies represent the bottom 10% of the 8000+ listed companies, which includes US based and foreign private issuers. As you can imagine, there are plenty of financial services companies on the list, some surprises and, unfortunately, plenty of repeat offenders. Repeat offenders are companies that have had repeated issues with fraud, restatements, SEC investigations, and litigation yet seem to be unable to get their acts together. I talked to Jack Zwingli, Audit Integrity’s CEO, and did some additional analysis of my own.
First my interview with Jack.
re: The Auditors: Jack, tell me why you’re putting this information out there now?
Jack Zwingli: We didn’t plan this timing, although it’s quite auspicious given everything that’s going on. We’ve been working on our RiskProfiler© tool for a while, primarily for a large client who wanted a tool like this to use in assessing risk for their clients. We’ve seen more interest in the tool, and our reports, from the watchdogs – audit firms, institutional investors and regulators – than from the corporate internal audit or risk and compliance professionals.
re: The Auditors: Why aren’t the corporates interested, in your opinion?
Jack Zwingli: Well, we’ve had both extremes of level of interest from the audit firms, too. The client that supported our development of the automated tool had some discussion with their leadership and their lawyers about the risks that having this information, on record and documented as part of their audit process, presented. They looked at it and decided that it was worth the risk to help clients identify fraud risk and mitigate financial reporting errors and omissions.
Another major audit firm did the same evaluation and their lawyers advised them to pass. What they don’t know can’t hurt them in litigation later. It’s a shame. The attitude of the audit firms towards tools like ours really varies based on the leadership of the firm, their litigation experience, their own tone at the top. They are not all equal.
With regard to corporates, it seems there is still uncertainty about who, which function will take ultimate responsibility for Enterprise Risk Management. We’d like to see Internal Audit, a Chief Risk Officer, or a General Counsel being interested in our tool as a proactive measure but because of internal politics they hesitate. Instead, they are more apt to try to defend themselves when they see their name on our list and try to talk us out of the rating, rather than try to fix the problems. They call and complain, responding as if we were journalists or analysts and our rating is an opinion, something subjective. It’s based on their own reported data and makes no qualitative statement. It’s an objective tool to use to measure risks based on our proprietary methodology that incorporates factors we have seen as having a high predictive value.
There’s also the problem for corporates of attorney-client privilege. When a corporate entity performs an Enterprise Risk Assessment, they can uncover activities that are actionable by third parties. They are uncomfortable in knowing what they don’t want to know before they have to know it. It’s hard to work with that kind of information without being obligated to disclose it at some point and start the investigative process, including opening up potential exposure to SEC investigations and litigation.
re: The Auditors: Where do you see the auditors’ role in this process given their PR claim, after scandals such as Madoff, Stanford, and Satyam were uncovered, that they are not responsible for uncovering fraud?
Jack Zwingli: You and I both know that auditors do have a responsibility to assess risk of fraud and to adjust their audit program, procedures, and testing to address higher fraud risks and risks of misstatements and other financial reporting risk, whether intentional or not. I really can’t understand how and why any get away with those statements. I am thankful for the firms that do accept their responsibility for identifying fraud risk and are wiling to use tool in order to fulfill that obligation.
I’m hearing we’ve had a major rally today, led by some news leaked by Citigroup. It’s criminal that this info was leaked and obscene that anyone is acting on rumor and non verified, non-numbers. I did some additional research on the companies listed on Audit Integrity’s Worst 300 list and, instead of seeing anything to be be “happy” about, I see very weak fundamentals, lots of warning signs, and hard data that tells me that many are still in denial. Whether it’s wishful thinking about Citigroup, who is on the list and one of the worst of the worst, or hopes that mark-to-market accounting will be suspended, it’s a perpetuation of the fantasy that “saying so will make it so.” It’s just not true.
I added information about the auditors of the Worst 300 companies and also information about which of these companies have changed auditors since the beginning of 2008. With news of Apple dumping KPMG for EY, I was reminded that auditor changes are often indicative of hidden issues and that long-running conflicts between the companies and their auditors may have finally come to a head.
I identified the auditors associated with the Top 100+ firms by market capitalization on the list of Worst 300. (Scale is an AGR Rating of 100 is Best and 1 is Worst.) My worksheet with this additional information for these and a few select other previous “problem children” is here.
The auditors of the largest of the Worst 300 firms are fairly evenly divided amongst the Big 4 firms: KPMG (21), Deloitte (29), PwC (23) and EY (26), with a few odd others tossed in for spice. Many of the largest financial institutions are in the largest 100 of the Worst 300 list:
KPMG – GE, Citigroup, Wells Fargo, Bank of New York, Fidelity National Financial Inc. , Motorola, CA, Occidental Petroleum
Deloitte – Fifth Third, Royal Bank of Canada, Met Life, Fiserv, Morgan Stanley, Tyco, United Health, Schering Plough, Procter and Gamble, UPS, Starbucks
PwC – Bank of America, PNC Financial, AIG, Ford, EBay, Chevron
EY – US Bancorp, State Street Bank, Key Bank, Wal-Mart, Coca Cola, Google, HP, Genetech, CVS, Cardinal Health
Interestingly, two of the monoline insurers are also on the list, MBIA (PwC) and Ambac ( KPMG).
Some other interesting companies on the list, a little farther down but still in the Worst 300:
Kodak (PwC), Health South (PwC), Blackstone Group (Deloitte), and ETrade (Deloitte)
If some of these names seem familiar it’s because they are. I’ve written about them many, many times because they are repeat offenders, problem children, incorrigible.
Go ahead, trade the rumor. But in this environment these companies, like GM and others, will fail when you least expect it, in an “unpredictable” way, and regardless of the ongoing propping up. Why? Because when companies, their management, and the watchdogs refuse to accept reality over and over again, they are daring fate to intervene and hand them a situation, an event, a level of volume of problems that they can no longer manipulate. Unless major, fundamental changes occur in many of these companies, the end is inevitable. Unfortunately it will defy all “logic” except the actual facts.
KPMG does not audit Fidelity – the Fidelity based in Boston. Please update your post to clarify which Fidelity you are referring to.
KPMG does audit Fidelity National Financial, Inc.
Thanks. I was thinking of writing something like this. The Big 87654 are all over the place. Somuch for their sainted “reputatuions”.
VERY insightful and thought provoking!
The most recent (2006) and most reliable data I could Google says that the Big 4 audit 4,173 of the largest 5,500 public companies in the US (EY – 1,254, PwC – 1,017, KPMG – 1,013, DT – 889), which is slightly over 75%. What was the % of Big 4 in your sample of 100+? It’s difficult to tell without actual numbers. 99 out of how many? I’d be interested to see how that percentage compares to the percentage of all public companies those firms audit.
One other point, your friend Jack Zwingli has apparently confused the phrase “assess the risk of fraud” with “identifying fraud”, and seems to use them almost interchangeably. Obviously, they are very different things, and to use them in this way is misleading. Auditors do have a responsibility to plan audit procedures to address the risks of fraud, and I think most, if not all, of them do a good job of it. However, it is impossible to give reasonable assurance as to the absence of fraud in financial statements.
@C College In the list of Worst 300, I identified the auditors for the largest 110 or so plus a few others. Of the largest 110 by market cap, Big 4 audits all but two. I plan to finish identifying the rest. (It’s a tedious process) But suffice to say, the non Big 4 firms are only auditing the companies under 1 billion market cap, with few exceptions.
This issue of fraud, assessment of risk of fraud versus identifying fraud, is one of the most difficult we have. In my opinion, f auditors had done a better job, more thorough job, of identifying risk of fraud and forcing clients to plug holes or investigate, I think we would not have as much issue with the fact that they were not catching thieves in the act in some of these circumstances. Even the PCAOB says so.
I tried to post this before, but I received some kind of database error. I
“These companies pose a higher systemic risk to stakeholders including investors, employees, creditors, regulators and, as recent events have proven, taxpayers.”
Systemic risk relates to market failure. I don’t think any company in the market has higher systemic risk than any other company. Large companies can create systemic risk. Perhaps you are thinking of specific risk?
Also, as for auditor changes, there are many reasons to dump your auditor. Your auditor could give you lousy service for example. More disclosure would be great during such a change, but the SEC does not require it. That’s something I hope the SEC changes.
Your quote comes from Jack Zwingli. I’m not answering for him, but…
I think many of the companies, especially the financial services institutions and AIG in particular have been saved, bailed out, semi-nationalized, and otherwise put on taxpayer funded life support (including the consideration info this approach for GM) because they are seen as posing a systemic risk to the economy and/or the financial system. Google it. I am sure you will find thousands of examples of government official using this language.
Yes, but the ranking is based on integrity. Systemic risk does not make sense in this context at all. It’s saying, because these companies have low integrity, they pose a higher systemic risk. That doesn’t make sense by itself.
I don’t want to spend a lot of time on it, it just doesn’t make sense in its current context.
The ranking is called an integrity rating but its intention is to flag overly aggressive accounting and other issues such a prior restatements, investigations and fraud. IN the vendors view, these issues are indicative of higher risk for fraud and accounting misstatements. If many of these firms fail or are weakened or crippled by scandal and loss, they have been said to also pose a systemic risk. Given the names on the list I am surprised we are even debating this.
Thank you so much! I’m honored to be on re: the auditors blog!!
Francine – this got linked to at Dealbreaker! Nice job…get in touch with David Lat over there as they are looking for someone to right about the big 4 – perhaps you can do some guest columns…but you gotta turn up the SNARK!
This was a good post. Very prescient.
@Anon 9:39 Thanks! Yes, it was linked by NakedCapitalism.com this morning and caught the day’s end links for DealBreaker.com. I’m a lucky girl.
Could I turn up snark any more ethan I already do? Yikes, you have no idea how the typical accountants view what I’m already doing. Look at comments. 99% of folks that read me need to be anonymous. Risk averse some?
I have met David Lat. He and I had breakfast last time I was in NYC. I think they’d love to find a young former Big 4 guy/gal in NYC/NJ who already blogs under the radar, who’d rather be a writer/journalist. If you’re that person, get in touch. I’m actually too stubborn, independent, and quite expensive for them.
What i think is that audit is to provide an opinion on financial statements. If a company is doing some mis-compliance sort of thing..resposibility of auditor is restricted to qualifying their report…whch i believe they must have done. hence this kind of survey is just bringing disrepute to the world’s most well known firms and nothing else.
I’m surprised that you don’t see my point. Let’s not forget what this is about. Audit Integrity posited that because these companies use aggressive accounting, they create systemic risk per se. That statement is false. The statement should instead say because these companies use aggressive accounting, they may create systemic risk. Let’s look at a few companies on the list:
CSS Industries, Inc. Market cap of 100 M
Internet Brands, Inc. Market cap of 231.46M
On2 Technologies, Inc. Market cap of 34.38M
The failure of these companies would not lead to a catastrophic market failure. However, according to the folks at Audit Integrity, because they made the list, they do pose systemic risk! Nonsense. I proved my point. The per se statement is false. You need to be super-big and be on the list to pose a higher systemic risk.
Yes, if we had a perfect storm and many of these companies failed because of aggressive accounting issues, then we would have a problem. Or, even if a handful of the large corporations failed on your list, we would also see systemic risk. However, you are talking about seemingly uncorrelated events occurring at the same time. I am willing to concede that in this market, events that we would have previously assumed to be uncorrelated could in fact be correlated. However, if we are talking about a failure of a single company, only the biggest of the big corporations will create systemic risk.
Does that make sense?
@Chicago Accountant. You point is made. I don’t think the intention was to say that all the companies on the list posed potential systemic risk if they failed. In fact, that’s why I focused on the 100 largest by market cap and as a subset of that, the biggest names and the financial services and the Big 3 automakers that have been said to be worth taxpayer bailout and subsidization in the billions of dollars.
not to nitpick, but how can 300 companies represent the bottom 10% of 8000+ companies? wouldn’t that have to be 800+
By market cap, not absolute number.