Two Wildly Different Stories About Deloitte: Or Are They?
In the last few weeks, I’ve written two very different stories about Deloitte:
One, published as media criticism by the Columbia Journalism Review, skewers new Deloitte Global CEO Barry Salzberg – and The New York Times – for misdirecting readers from real world issues with a puff piece.
The other calls a recent lawsuit against Deloitte by truck-maker and defense contractor Navistar, “proof there’s no statute of limitations against idiocy.”
It may surprise you to see me defending Deloitte, if you can call it that, in a case with enough worms to feed the three baby birds nesting in the eaves of my front porch for the duration of the summer. And I hate to have to criticize the New York Times, a place where so many have been so kind to me and where I recently invested in a 7-day a week print subscription for my parents’ 50th wedding anniversary.
But both stories stuck in my craw and, well, one must call them as one sees them.
If you searched the comments of this blog, you’d find lots of negative comments about Deloitte and about Barry Salzberg as Deloitte US CEO. They were especially numerous during the period early 2008 to late 2009 when Deloitte was cutting staff and partners left and right in response to the economic conditions pre- and post- September 2008 when Deloitte lost more clients to bank failure and acquisition than any other Big 4.
And yet, Salzberg prevailed. As did his colleague in the UK, Steve Almond, the former lead auditor of failed nationalized client Royal Bank of Scotland (RBS). Almond was recently named Chairman of the Deloitte Touche Tohmatsu Board of Partners. In the UK, investors, and taxpayers who bailed out RBS, are understandably upset.
The Telegraph, June 3, 2011, Deloitte attacked for appointing former RBS auditor as chairman
A group of institutional investors has launched an extraordinary attack on Deloitte Touche Tohmatsu for appointing the former auditor of the Royal Bank of Scotland as its new global chairman…
“The audit firms and the standards they operate are dominated by a tight group that has no interest in shining a light into the industry. The appointment of Mr Almond absolutely epitomises this.”
My piece for the Columbia Journalism Review focused on an interview of Salzberg for the Sunday Times “Corner Office” feature, a compendium of profiles of important leaders on leadership, and such. The interviewer asked about mom and apple pie topics like hiring and ignored Deloitte’s role in the financial crisis. There is so much more the interviewer, Adam Bryant, could have asked about how the audit firms’ hiring and employment practices might have contributed to their accidentally or deliberately missing all the failures, but that was not the point.
The audit industry continues to have a “good crisis” because auditors are generally overlooked by the media. Unless someone files a new lawsuit or one is settled they’re invariably left out of the story. Lucky them. By contrast, however, there’s been plenty of coverage of the industry’s failures in the U.K.,thanks in larger part to more active regulators, including a recent statement by the Office of Fair Trade (OFT) that the market for audit services is “distorted and restricted.” But we’ve seen no equivalent clamor by regulators, legislators, or the press in the U.S. for auditor accountability. Too bad.
Maybe the Times should have asked Salzberg more pertinent questions: like how he’ll lead the firm through extreme downward pressure on audit fees, loss of his firm’s market share in the financial services audit area, the boom-bust staffing cycle the firms juggle given a business model highly dependent on a steady stream of low-cost college recruits, and the huge amount of time and money spent on litigation instead of enforcement of audit quality.
Better still, Salzberg might have been asked where Deloitte will find CPAs who can demonstrate professional skepticism, rather than worry, as so many auditors do, about fitting in, how the firm will train them to resist company pressure to compromise standards, and how to support the ones who blow the whistle on fraud and accounting manipulation.
Now, that would be a Q&A.
I wrote yesterday for Forbes about the kinds of people the firms say they want and the kinds that are hired and eventually succeed. Salzberg shows his hand by comparing his hiring process to a “marriage” and talking so much about “fit”.
And throughout my interviews with people, I’m searching to determine whether that marriage is there. It shouldn’t be one-sided, because if it is, it’s not going to be a successful marriage. So I’m looking for values. I’m looking for priorities. I’m looking for personality. I’m looking for fit.
Square pegs do not fit into the round hole audit firms.
A week ago I wrote about the lawsuit Navistar has filed against Deloittte, more than five years after firing them. It’s not that Deloitte, auditor of Navistar for almost 98 years when they were dismissed, didn’t make some mistakes. After the Sarbanes-Oxley Law was passed in mid-2002, all the large audit firms did some major cleanup of their complacency over the years, including shedding risky clients, to protect themselves from new liability. To accomplish that with Navistar, Deloitte brought in a former Arthur Andersen partner to replace the good-old-boy who was part of a long line of client approved partners who previously “fit” with Navistar’s culture and modus operandi.
Whether because of his recent experience with Andersen’s failure, fear of personal liability, a “not on my watch” attitude, or possibly a heads up on interest by the SEC in some of Navistar’s accounting, this new partner cleaned house. Many prior agreements between auditor and client and many assumptions about what could or could not be gotten away with were thrown out.
The client, Navistar, went ballistic.
The problem Navistar has with this lawsuit is that they were illegally overdependent on Deloitte to hold their hand in all accounting matters, even after the Sarbanes-Oxley Act prohibited that reliance. I’m incredulous that not one, not two, but four law firms signed off on a complaint that uses these damning and very embarrassing admissions of culpability as clubs.
According to Navistar’s complaint:
“Deloitte provided Navistar with much more than audit services. Deloitte also acted as Navistar’s business consultant and accountant. For example, Navistar retained Deloitte to advise it on how to structure its business transactions to obtain specific accounting treatment under Generally Accepted Accounting Principles (GAAP)…Deloitte advised and directed Navistar in the accounting treatments Navistar employed for numerous complex accounting issues apart from its audits of Navistar’s financial statements, functioning as a de facto adjunct to Navistar’s accounting department….Deloitte even had a role in selecting Navistar’s most senior accounting personnel by directly interviewing applicants.”
That Deloitte went along with any of that is to their debit. That Deloitte, the firm, supported until the bitter end a reversal of that approach is to their credit. But it was the Navistar Board’s responsibility to enforce independence between the auditor and the company. Navistar’s management had to admit their faults in their SEC filings.
From the 2005 10K filed in December 2007. (Emphasis is mine.)
“The Audit Committee’s extensive investigation identified various accounting errors, instances of intentional misconduct and certain weaknesses in our internal controls. The Audit Committee’s investigation found that we did not have the organizational accounting expertise during 2003 through 2005 to effectively determine whether our financial statements were accurate. The investigation found that we did not have such expertise because we did not adequately support and invest in accounting functions, did not sufficiently develop our own expertise in technical accounting, and as a result, we relied more heavily than appropriate on our then outside auditor. The investigation also found that during the financial restatement period, this environment of weak financial controls and under-supported accounting functions allowed accounting errors to occur, some of which arose from certain instances of intentional misconduct to improve the financial results of specific business segments.”
It was also listed as their first Material Weakness. Again from the same 10K:
Material Weakness Description
1. Accounting Personnel: We did not have a sufficient number of accounting personnel with an appropriate level of accounting knowledge, experience and training in the application of GAAP as it relates to accounting for receivable securitization transactions. This resulted in inadequate segregation of duties and insufficient review of the information pertaining to securitization accounting. Additionally, because of the lack of internal accounting personnel, we relied heavily on our prior independent registered public accounting firm to help us develop conclusions related to application of GAAP.
The complaint against Deloitte also references audit discrepancies cited in PCAOB inspections of Deloitte at the time that Navistar believes refer to their company. They use this as evidence of Deloitte’s lack of quality control and of hiding these issues from Navistar.
This is an interesting development.
Although PCAOB inspection reports are public, the names of the companies whose audits are reviewed as part of that inspection are kept secret by the PCAOB. In addition, Part 2 of the inspection reports which discusses the administrative review of the firms quality control, partner compensation, and independence policies and processes is private unless a firm doesn’t make progress to correct exceptions cited within a year. No large global accounting firm has ever had their Part 2 report disclosed.
Jonathan Weil of Bloomberg strongly disagreed with the PCAOB’s position on the issue of client secrecy in inspection reports in a recent case involving KPMG’s audit of a Bermuda insurance comapny.
What’s most troubling about the PCAOB’s secrecy here is it seems to be a matter of choice. Ever since it issued a 2004 policy statement on the subject, the board has clung to the position that a certain section of the Sarbanes-Oxley Act “expressly restricts” it from identifying the names of companies in the public portions of its inspection reports.
The statute doesn’t actually say that, though. The section in question, titled “Confidentiality,” covers the handling of information that the board obtains through an inspection. It says the board can’t be compelled to provide such information in court proceedings, including civil discovery. It also says the material is exempt from disclosure under the Freedom of Information Act. In other words, the board doesn’t have to disclose it. That’s different than saying it can’t.
In fact, another section of Sarbanes-Oxley says the public portions of the board’s inspection reports “shall be made available in appropriate detail,” subject to “the protection of such confidential and proprietary information as the board may determine to be appropriate.” Put another way, it’s the PCAOB’s call whether to disclose clients’ names, although the Securities and Exchange Commission, which oversees the board, could overrule it. The board has chosen not to.
In spite of Weil’s disclosure of the auditor and the issue with the audit just before the company’s annual meeting, the shareholders voted to retain KPMG as the auditor. Although I agree with Weil on full disclosure, I’m not sure he should have realistically expected a new Chairman to reverse a prior practice and start naming companies just because a journalist figured out which public company audit was the one public company audit the PCAOB reviewed during their inspection.
I’m confident the new PCAOB Board is on the side of transparency. Chairman Jim Doty is unrelenting in calling for transparency over the disciplinary proceedings against auditors, for example, and has made other moves towards openness and accountability of the Board to investors. His words sound to me like a guy who’s decided, perhaps, dammit, he’s going to have an impact on the “sufficient number [of] troubling questions, not the least of which are whether these audit partners are unaware of, or simply unconcerned about, the independence rule that should make such considerations irrelevant to their compensation, and why a firm would allow such unawareness or unconcern to continue unabated.”
What Weil has proven, instead, is that shareholders are willing to ignore even the most obvious signs of auditor incompetence. Or maybe it’s that the proxy process and SEC rules on “advisory only” auditor retention votes render shareholders impotent in this matter. Instead, Audit Committees like Navistar’s, acting as puppets of management fire auditors usually because they are threatening to do their job well, not the other way around.
It’s about “fit”.
PCAOB Chairman Jim Doty also recently spoke about long-term auditor relationships like Navistar’s – and KPMG’s with Citigroup or PwC’s with AIG – that can damage the independence and credibility of the audit process.
In the early years of a relationship. the auditor might be trying to build a long-term relationship by pleasing the client. In later years, however, the incentive is to avoid being the engagement partner that lost the client. It’s worth exploring how we can mitigate these incentives, and the answer may not be the same for both.
The PCAOB’s efforts to address these problems through inspections and enforcement are ongoing. But considering the disturbing lack of skepticism we continue to see, and because of the fundamental importance of independence to the performance of quality audit work, the Board is prepared to consider all possible methods of addressing the problem of audit quality – including whether mandatory audit firm rotation would help address the inherent conflict created because the auditor is paid by the client.
Doty also addresses the issue of auditors keeping inspection results from Audit Committees or dismissing the importance of the results. In some cases, it seems, the PCAOB believe auditors have done both.
I recognize that firms may approach such audit committee discussions with one eye on taking care not to waive any privilege the firm might have, in a different context, against compelled disclosure of inspection information. That caution, however, does not explain other more troubling assertions by firms — such as that a particular audit deficiency cited by our inspectors is based on nothing more than incomplete documentation; or that it reflects merely a difference of professional judgment within a range of reasonable judgments…
An audit committee armed with a proper understanding of our process would recognize that those kinds of assertions are seriously suspect. Those assertions are, without exception, directly at odds with the considered collective conclusion of a group of very experienced auditors on the inspection staff.
Such a conclusion means that, in a concrete, identifiable respect that is not reducible to a mere difference in professional judgment, the inspections staff has determined that the firm failed to perform an audit that provides what the audit committee contracted for and what investors deserve – reasonable assurance about whether the financial statements are free of material misstatement.
In addition, in response to deficiencies cited by inspectors, firms often represent that they have complied with applicable standards governing an auditor’s conduct with regard to post-opinion indications of possible deficiencies.[5] Typically, the representation is that the firm has taken necessary follow-up steps and determined that it can support its previously issued opinion. Too often, however, that representation seems at odds with reality as it appears to the inspection staff.
The PCAOB can neither open its inspection files to audit committees nor compel auditors to disclose inspection information to them. But we can and should help audit committees be better informed about our processes and better equipped to engage with their auditors about inspections without settling for responses that distort the significance of inspection results. You will hear more from us along these lines in the near future.
I can’t wait.
I agree with you on the Navistar partners – the one who was replaced prior to the “clean up” of the job was a real piece of work. Since I’m writing this anonymously, I’ll leave it at that.
I’m actually preparing to leave before the fall, and it is interesting to look back at your 2008-2009 comments and the aftermath of all those angry D&T auditors. Many of them left, of course, both voluntary and otherwise. Some stuck it out and wondered why, like me. Maybe a few others will have a change of heart and see a future with the firm.
But I don’t believe much has been done since then to win back the little people’s trust at the firm, so morale is not good overall. Unless you include implementing a new audit methodology. You’ve had all of these unhappy folks waiting for the economy to turn, and now you’ll see quite a bit of turnover, I would imagine. Maybe it won’t be any more than any other year. But if the firm doesn’t address the source of people’s frustrations, choosing to accept high turnover and hire more enthusiastic noobs, then the cycle repeats itself. My biggest concern is with the type of people who choose to stick around and accept the abuse. They are less empathetic because many think they’ll be partners one day and we should all just “suck it up.”
That’s how public accounting works, and I’m not asking to revolutionize the system. But the partners and senior managers can at least pretend to give a damn once in a while.
Anyways, it’s been fun. To those of you sticking it out, I hope someday your clients let you raise fees again.
Plain and simple – D&T is an organization with bad fundamentals – poor leadership, cronyism, pervasive incompetency, and below par services. If I were any analyst, I’d recommend selling and selling quick. With the economy in the tank, it is just a matter of time before the “right sizing” initiative begins again.
FM:
How strange. Me, the SKEPTICAL CPA defending a Big 87654 firm, D&T. That’s easily explained, You write, “Those assertions are, without exception, directly at odds with the collective conclusion of a group of very experienced auditors on the inspection staff”. So? My opinion is: the vast majority of PCAOB inspectors are of marginal competence. Having worked for a Big 87654 firm and seen PCAOB inspectors first hand, I assume the Big 87654 firm’s people are more competent! I not only would match my skills against ANY PCAOB INSPECTOR, BUT ANY TEN! I repeat, they stink. What can you say about a group of people, none of whom understand discounted cash flow analysis? In my judgment, the PCAOB inspectors are glorified clerks. They can’t distinguish a valuation issue from an allocation issue! Really!
The PCAOB open its files on the audits of: Citigroup, Goldman Sachs, B of A, etc.? Are you kidding? Any REAL audit of Citigroup would reveal it is insolvent. Does the Fed or Treasury want such insolvency exposed? The Fed with its phony “stress tests”? The FRed with its own cooked books? The Fed which I estimate is insolvent by at least $100 billion? Get real.
Francine, the PCAOB will never reform the accounting business. It’s just another paper shuffling federal agency. I saw Jay Hanson down here in Houston about a month ago. What did I conclude from his presentation? He’s another CPA stiff. A get along to go along guy. INCOMPETANT. So? That makes him perfectly situated as a PCAOB board member.
Have a nice day.
IA
Profits should be created through voluntary exchange, rather than the exploitation of people – investors, employees, and customers. The PCAOB may very well be full of idiots. However, every business serves multiple stakeholders. Based on comments to date on FM’s site (and others), it is clear that DT has few fans. When there is no brand or employee confidence or loyalty, a downward spiral to oblivion is forthcoming.
Francine have you ever asked the Big 4 what their disciplinary procedures are for a PCAOB finding.
You may find this interesting to know that at least one (and I suspect all four) FINE their partners for A SINGLE PCAOB finding on their file inspected. This is a significant sanction and one which should be supported by those seeking higher quality, at least prima facie. I also suspect this is at the behest of the PCAOB.
What I can tell you, however, is that it is in fact having the opposite effect. It is forces auditors to document the the nth degree all aspects of work. For low risk areas, this is just silly. What this does risk is creating a culture of ticking the box to document, rather than actually challenging key issues and assumptions.
This is regulator driven. Perhaps a fullsome analysis of what the regulatory intervention should be. If you recall textbook auditing, the definition of Audit Risk was the provision of an incorrect opinion. Statistically, there is a 95% probability that 5% of all opinions are wrong (this is the definition of reasonable assurance). However, now Audit Risk is the risk is the file won’t make the PCAOB happy.
And there is debate about whether the right talent is getting into the profession? The problem is that smart people want to use their brains to challenge and think, not write down stuff for the sole purpose of ticking a box.
@Anon
The issues you raise are worthy of a post longer than I want to provide in a comment. I will say this… Audit risk is, I am assuming, the risk of audit failure. But “audit failure” is another term which has a million definitions. We now have a regulator that defines it as such:
“The PCAOB defines “audit failure” as, “a failure to obtain reasonable assurance about whether the financial statements are free of material misstatement. That does not mean that the financial statements are, in fact, materially misstated. Rather, it means that the inspection staff has determined that, because of an identified error or omission, the firm failed to fulfill its fundamental responsibility in the audit — to obtain reasonable assurance about whether the financial statements are free of material misstatement. In other words, investors were relying on an opinion on the financial statements that, when issued, was not supported by sufficient appropriate evidence.” By that definition, they’ve documented a whole lot of failure over the last several years.”
http://www.forbes.com/sites/francinemckenna/2011/08/17/auditor-rotation-proposal-just-more-spin/2/
The PCAOB is the regulator and they get to make the definitions.
Francine
Audit risk since the invention of time has been the risk of issuing an incorrect opinion. The regulators changed it and the definition you post above is really interpreted as per my post in practice. This is because of recent changes to documentation standards which assume that “if it’s not documented, it’s not done”.
In theory, this is all fine. However, it doesn’t alter the observation that this has the unintended consequence of driving at a compliance, tick-the-box mentality. If audit quality is to be improved to the satifaction of capital market participant’s expectations, there needs to focus on the quality of the judgements in the areas that create significant risk and not just whether things have been documented for every single attribute from beginning to end of a file.
@Anon
I don’t disagree with you but I wanted to point out that’s it’s no use arguing definitions. The regulators set the course. The fact that the firms interpret the regulatory emphasis – which is dramatic since it is external rather than n the cozy peer review of prior – as a paperwork shuffle is based on their own fear of legal liability. All this being said, judges like Kaplan are still not holding auditors responsible because the standards are still too vague. What do to you make of that?
Francine
Not sure if you have ever been subject to a PCAOB review yourself. But a friend of mine who is an auditor once reflected on his experience. The PCAOB did not even raise for discussion an accounting issue that was very grey and required a great deal of judgement. Instead, they raised a range of trivial issues relating to how the documentation was assembled and the conclusions were documented. They did not disagree with the conclusions.
Any human reaction to that kind of review would be to place additional emphasis on documentation, with no change to judgement behaviour.
If the PCAOB had instead have focused on the judgement quality, and not raised trivial documentation issues, then I suspect this would have driven a different behavioural change.
That the standards are vague in certain areas (as you illustrate), this probably drives the regulator to focus on what is less vague (e.g. documentation). Who knows, but I think we are both agreeing nonetheless.
I think I remember you mentioning you would like to see an auditor register for those signing off as lead partners, with quals etc. You may look at the Australian requirements, where partners who sign off do so in both their own name and in the name of the firm. This offers an interesting model to contemplate.
@Anon
I suspect that the quality and experience of PCAOB inspectors varies as much as the quality and experience of lead partners and IT partners does in the firms. An interesting anecdote… I have a very good friend who is an experienced partner on the IT risk advisory side. As such, this partner is subject to many more inspections than any individual financial partner since members of the IT risk team are parceled out to support multiple engagments todo their 10-20%. This partner has not only never had a deficiency noted on any of the team’s engagements but said that the quality of the inspections has improved dramatically over the years. Remember we are talking about IT general controls, security, ERP controls, etc. where standards were even more vague and not emphasized in the beginning given how much work was to be done to remediate basic financial controls.
I have more examples like that but rest assured this partner covers big companies given the market. It can be done, it is being done and there are very good professionals out there who take a hands-on, coaching appraoch with their teams and take no prisoners with their clients and fellow partners.
Re: signatuures on the reports. I am convinced based on the U.K. experience that it is not enough to have a partners name on the report. Investors must have full information about the audit, tax and other services leadership team on the engagement during the annual auditor confirmation process, before the audit, during the audit, and after the report is filed and not just when they have to sue them.
Francine
You raise an interesting point. There are excellent auditors working in all firms. And all the firms having significant compliance units who monitor, inspect and report on their audit quality. National offices at all the major firms are feared as much as the PCAOB!!!
The debate about audit quality needs to move up a few notches. There needs to be a more rigorous analysis of why there is not consistency in talent (a proxy for quality auditors) across the sector, how to attract and retain more of this without the only response being remuneration alone. There needs to more time spent on how evolution in business complexity is being translated into the quality of auditor training and field experience. I could go on and on.
But the reality is that essentially laying the blame at the feet of integrity and professionalism alone is both simplistic and short sighted.