Audit Integrity was founded in 2002 to serve investors, insurers, auditors, and corporate finance professionals. They say they are the leading independent research firm that rates more than 7,000 North American public companies based on a proprietary measure of corporate integrity. I was aware of them prior but this latest move is quite daring, ballsy even.
In a press release today, Audit Integrity dares the 300 publicly traded corporations in the United States that they rate “Very Aggressive,” their worst rating, to use their new tool, RiskProfiler© , free of charge to pre-evaluate their next quarterly SEC filings. The idea is to identify vulnerability to negative events such as fraud, earnings restatements, restructuring, shareholder litigation and bankruptcy. As rated by Audit Integrity, these companies pose a higher systemic risk to stakeholders including investors, employees, creditors, regulators and, as recent events have proven, taxpayers.
There are some very interesting names on their list. Their 300 Worst companies represent the bottom 10% of the 8000+ listed companies, which includes US based and foreign private issuers. As you can imagine, there are plenty of financial services companies on the list, some surprises and, unfortunately, plenty of repeat offenders. Repeat offenders are companies that have had repeated issues with fraud, restatements, SEC investigations, and litigation yet seem to be unable to get their acts together. I talked to Jack Zwingli, Audit Integrity’s CEO, and did some additional analysis of my own.
First my interview with Jack.
re: The Auditors: Jack, tell me why you’re putting this information out there now?
Jack Zwingli: We didn’t plan this timing, although it’s quite auspicious given everything that’s going on. We’ve been working on our RiskProfiler© tool for a while, primarily for a large client who wanted a tool like this to use in assessing risk for their clients. We’ve seen more interest in the tool, and our reports, from the watchdogs – audit firms, institutional investors and regulators – than from the corporate internal audit or risk and compliance professionals.
re: The Auditors: Why aren’t the corporates interested, in your opinion?
Jack Zwingli: Well, we’ve had both extremes of level of interest from the audit firms, too. The client that supported our development of the automated tool had some discussion with their leadership and their lawyers about the risks that having this information, on record and documented as part of their audit process, presented. They looked at it and decided that it was worth the risk to help clients identify fraud risk and mitigate financial reporting errors and omissions.
Another major audit firm did the same evaluation and their lawyers advised them to pass. What they don’t know can’t hurt them in litigation later. It’s a shame. The attitude of the audit firms towards tools like ours really varies based on the leadership of the firm, their litigation experience, their own tone at the top. They are not all equal.
With regard to corporates, it seems there is still uncertainty about who, which function will take ultimate responsibility for Enterprise Risk Management. We’d like to see Internal Audit, a Chief Risk Officer, or a General Counsel being interested in our tool as a proactive measure but because of internal politics they hesitate. Instead, they are more apt to try to defend themselves when they see their name on our list and try to talk us out of the rating, rather than try to fix the problems. They call and complain, responding as if we were journalists or analysts and our rating is an opinion, something subjective. It’s based on their own reported data and makes no qualitative statement. It’s an objective tool to use to measure risks based on our proprietary methodology that incorporates factors we have seen as having a high predictive value.
There’s also the problem for corporates of attorney-client privilege. When a corporate entity performs an Enterprise Risk Assessment, they can uncover activities that are actionable by third parties. They are uncomfortable in knowing what they don’t want to know before they have to know it. It’s hard to work with that kind of information without being obligated to disclose it at some point and start the investigative process, including opening up potential exposure to SEC investigations and litigation.
re: The Auditors: Where do you see the auditors’ role in this process given their PR claim, after scandals such as Madoff, Stanford, and Satyam were uncovered, that they are not responsible for uncovering fraud?
Jack Zwingli: You and I both know that auditors do have a responsibility to assess risk of fraud and to adjust their audit program, procedures, and testing to address higher fraud risks and risks of misstatements and other financial reporting risk, whether intentional or not. I really can’t understand how and why any get away with those statements. I am thankful for the firms that do accept their responsibility for identifying fraud risk and are wiling to use tool in order to fulfill that obligation.
I’m hearing we’ve had a major rally today, led by some news leaked by Citigroup. It’s criminal that this info was leaked and obscene that anyone is acting on rumor and non verified, non-numbers. I did some additional research on the companies listed on Audit Integrity’s Worst 300 list and, instead of seeing anything to be be “happy” about, I see very weak fundamentals, lots of warning signs, and hard data that tells me that many are still in denial. Whether it’s wishful thinking about Citigroup, who is on the list and one of the worst of the worst, or hopes that mark-to-market accounting will be suspended, it’s a perpetuation of the fantasy that “saying so will make it so.” It’s just not true.
I added information about the auditors of the Worst 300 companies and also information about which of these companies have changed auditors since the beginning of 2008. With news of Apple dumping KPMG for EY, I was reminded that auditor changes are often indicative of hidden issues and that long-running conflicts between the companies and their auditors may have finally come to a head.
I identified the auditors associated with the Top 100+ firms by market capitalization on the list of Worst 300. (Scale is an AGR Rating of 100 is Best and 1 is Worst.) My worksheet with this additional information for these and a few select other previous “problem children” is here.
The auditors of the largest of the Worst 300 firms are fairly evenly divided amongst the Big 4 firms: KPMG (21), Deloitte (29), PwC (23) and EY (26), with a few odd others tossed in for spice. Many of the largest financial institutions are in the largest 100 of the Worst 300 list:
KPMG – GE, Citigroup, Wells Fargo, Bank of New York, Fidelity National Financial Inc. , Motorola, CA, Occidental Petroleum
Deloitte – Fifth Third, Royal Bank of Canada, Met Life, Fiserv, Morgan Stanley, Tyco, United Health, Schering Plough, Procter and Gamble, UPS, Starbucks
PwC – Bank of America, PNC Financial, AIG, Ford, EBay, Chevron
EY – US Bancorp, State Street Bank, Key Bank, Wal-Mart, Coca Cola, Google, HP, Genetech, CVS, Cardinal Health
Interestingly, two of the monoline insurers are also on the list, MBIA (PwC) and Ambac ( KPMG).
Some other interesting companies on the list, a little farther down but still in the Worst 300:
Kodak (PwC), Health South (PwC), Blackstone Group (Deloitte), and ETrade (Deloitte)
If some of these names seem familiar it’s because they are. I’ve written about them many, many times because they are repeat offenders, problem children, incorrigible.
Go ahead, trade the rumor. But in this environment these companies, like GM and others, will fail when you least expect it, in an “unpredictable” way, and regardless of the ongoing propping up. Why? Because when companies, their management, and the watchdogs refuse to accept reality over and over again, they are daring fate to intervene and hand them a situation, an event, a level of volume of problems that they can no longer manipulate. Unless major, fundamental changes occur in many of these companies, the end is inevitable. Unfortunately it will defy all “logic” except the actual facts.