At Deloitte, More Pain Before Any Quality Gain
The PCAOB, the audit industry regulator, shamed global audit firm Deloitte recently when they exposed the private portion of the inspection report of the firm’s 2006 audits. It was the first time that had happened to one the Big Four audit firms, the largest firms that audit the vast majority of publicly listed firms in and out of the U.S..
I’m sure Deloitte, and the rest of the Big Four, thought the PCAOB would never have the nerve.
re: The Auditors has seen a confidential, internal Deloitte training document, prepared this past summer, that reveals the firm expects the worst when the inspection reports for their 2009, 2010, and 2011 audits are published by the PCAOB. The 2009 report should be out by the end of this year. The training document also shows how difficult it is for Deloitte leadership to steer the largest global firm away from the “audit failure” iceberg.
It seems audit competence and capacity to audit complex topics are in short supply at all the firms, based on PCAOB inspection results for audits conducted during the financial crisis period and the reports for 2010 audits at PwC and KPMG released recently. Deloitte has been particularly hard pressed to maintain audit quality since the firm lost several engagements that would have helped to grow specialized knowledge and retain experts. Big clients like Merrill Lynch, Bear Stearns, and Washington Mutual helped pay the bills for subject matter experts and quality control but those revenues were lost to financial crisis failures and forced combinations with better capitalized, non-audit client banks.
I think the PCAOB decided to publicly criticize Deloitte for two reasons.
- The firm has been piling on the negatives via a $1,000,000 fine/disciplinary sanction as a firm for a previous issue, two high level insider trading scandals (Flanagan and McClellan), the failures and frauds of Deloitte China clients CCME, Longtop and now Focus Media, and the specific failures of major clients during the crisis (Bear Stearns, Merrill Lynch, WaMu, Taylor Bean & Whitaker, American Home, and Royal Bank of Scotland, to name a few).
- Deloitte was resistant to the inspections, resistant to the criticisms, and unwilling to make changes based on the PCAOB’s requests. If you can’t fix something that’s one thing. If you won’t and thumb your nose at the regulator, you are getting close to Arthur Andersen-like behavior. We know how that story ended.
If they did nothing, the PCAOB risked having a new major failure of a Deloitte client expose their lack of push on the firm to even respond, let alone improve.
I wrote in American Banker about the special risks to financial services firms when the regulated, like Deloitte, resist the regulator:
The PCAOB’s decision to make the Deloitte 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.
The risk for banks in a situation like this is that an auditor that brazenly irritates its regulator may draw unwanted attention to its clients from their regulators. For example, PCAOB spokeswoman Colleen Brennan reminds me that the SEC knows the names of every company whose audit deficiencies are mentioned in a PCAOB auditor inspection report.
These risks apply to all of Deloitte’s clients and to all public companies if the rest of the firms – KPMG, PwC, and Ernst & Young – are also playing chicken with the regulator.
A little more than a month after releasing the Deloitte private report, the PCAOB released the inspection reports for audits performed by PwC and KPMG in 2009. The Financial Times’ Kara Scannell summarizes the findings:
The Public Company Accounting Oversight Board’s findings from an annual inspection revealed that years after the financial crisis both auditing firms were not adequately challenging companies’ valuations of certain assets when the market for them dried up…
The board reviewed 71 audits completed by PwC in 2010 and 52 audits done by KPMG in 2010.
The Wall Street Journal’s Michael Rapoport tells us how bad the results really were:
The government’s auditing regulator found deficiencies in 28 audits conducted by PricewaterhouseCoopers LLP and 12 audits by KPMG LLP in its annual inspections of the Big Four accounting firms.
The Public Company Accounting Oversight Board said many of the deficiencies it found in its 2010 inspection reports of the two firms, released Monday, were significant enough that it appeared the firms didn’t obtain sufficient evidence to support their audit opinions.
The regulator hasn’t yet issued its yearly reports on its inspections of the other Big Four firms, Ernst & Young LLP and Deloitte LLP.
KPMG’s response to the PCAOB was not quite as belligerent as Deloitte’s persistent irritation at having their “professional judgment second-guessed”. But, it was not exactly conciliatory.
Floyd Norris of the New York Times:
Normally these letters say something like what KPMG wrote:
“We conducted a thorough evaluation of the matters identified in the draft report and addressed the engagement-specific findings in a manner consistent with PCAOB auditing standards and KPMG policies and procedures.”
You may note that said nothing about whether the firm accepted the board’s conclusions or not. That is better than what Deloitte did a few years ago, when it essentially said the board did not know what it was talking about.
PwC, on the other hand, met the regulator more than half way according to Norris:
PwC’s letter addressed that issue, saying that while there were cases where it differed with the board’s conclusions, “they generally related to the significance of the finding in relation to the audit taken as a whole, and not to the substance of the finding.”
“Accordingly,” wrote the PWC officials, “the overall PCAOB inspection results, as well as the results of our internal inspections, were important considerations in formulating our quality improvement plan,” which it then describes.
PwC’s spokesperson sent me this additional statement:
“PwC is built on our reputation for delivering quality. We also recognize that the role we play in the capital markets requires consistent, high-quality audit performance. We therefore are focused on the increase in the number of deficiencies in our audit performance reported in the 2010 PCAOB inspection over prior years. We are working to strengthen and sharpen the firm’s audit quality, including making investments designed to improve our performance over both the short- and long-term.”
Did the quality of the auditing really deteriorate for KPMG and PwC or is the PCAOB getting tougher, and maybe better, at what they do?
We’ll have to see what the upcoming Ernst & Young and Deloitte reports show. Ernst & Young has been criticized for the Groupon multiple S-1 issue, as well as questions about accounting at future IPOs Zynga and Facebook. Now we have Olympus, too. And, of course, the jury is still out on the firm’s role in Repo 105 and Lehman Brothers.
And what about the Deloitte improvement plan for prior years? Has Deloitte accepted the PCAOB’s criticisms and moved on or are they still fighting the regulator? Is Deloitte working hard to get ahead of their 2009, 2010, and 2011 results and avoid the embarrassment or worse – sanctions – if the PCAOB has to publish another private report?
The confidential internal training report, intended to brief Subject Matter Resources (SMR), is called, “FY 2012 Engagement Quality Activities”.
The Audit Quality Activity Plan for FY2012 has been socialized with:
- – The OAQ Steering Committee
- – The Audit Quality Council
- – The RMPs
- – The NPPDs
- – The RILs
- – Leaders in the PPN
- – Extended Leadership Team
- – CFO / CEO
Yeah, that’s a lot of acronyms. And I’m not sure anymore – maybe I’ve been out of the firms too long or maybe I was never in them enough – what “socializing” a quality plan means. Suffice to say, the document, one hundred and eighty-one very dense PowerPoint pages, has tons of information for the SMRs to absorb and pass on to engagement teams like now.
But, by this summer, it was too late to make a difference in the inspection reports for the 2009 and 2010 audits.
- Response submitted on May 4
- Total of 98 comments (56 engagements inspected)
- Expect about 25 engagements to appear in Part I
- Draft report has not yet been issued
- 33 engagements selected to date
- Focus areas
– Continue to include: fair value and impairment determinations; internal controls – Also focusing more on revenue recognition
- 16 completed
– 5 with no written comments
- Total of 24 comments on 11 completed inspections
If Deloitte sent their response to the PCAOB for the 2009 audits on May 4th, why are we still waiting for the final report? Given the PCAOB’s decision to release Part 2 of the inspection report for Deloitte’s 2006 audits last month, I believe Deloitte was still treating PCAOB comments as an affront to partners’ professional judgments.
What are the root causes for so many negative PCAOB comments, according to Deloitte?
When evaluating “what didn’t work” for the various engagement activities, the consistent refrains outlined in the training document are “started too late”, “not enough time”, and “greater discipline and consistency needed”.
But there’s a bigger problem when it comes to audit failures around complex topics like goodwill, deferred tax asset impairment, fair value determination of thinly traded securities, and management estimates of loan loss reserves. There’s a huge intellectual divide between the audit teams and the subject matter specialist teams.
Professionals who are experts in tax or valuation of complex derivatives, for example, are not experts in auditing standards. The auditors, and the education they receive in universities and in the firms, focuses on the technical aspects of accounting – they know GAAP chapter and verse but not GAAS. That’s how we ended up with a defense of Repo 105 from Ernst & Young that the treatment meets the GAAP requirements with no appreciation for the more subtle GAAS disclosure expectations. Until recently, the firms didn’t think the PCAOB would push them to meet such high standards for auditing as long as the accounting was, subject to “professional judgment”, right enough.
But that’s how the auditors missed, or justified looking the other way, as so many banks failed or had to be bailed out during the crisis. This attitude is evident when you read in the training document how many of Deloitte’s policies and methodologies have to be revised to now absolutely require certain tests and additional steps. The steps weren’t performed unless the firm considered them explicitly required. Unfortunately, there’s still a difference of opinion between Deloitte and the PCAOB about what the PCAOB auditing standards explicitly require.
Here’s one example from the Deloitte training document:
Auditing Standard No. 12 – Identifying and Assessing Risks of Material Misstatement
Understanding the company and its environment
Change to our Methodology: We shall consider reading public information about the company (e.g., analyst reports), observing or reading transcripts of earnings calls, obtaining an understanding of compensation arrangements with senior management, and obtaining information about trading activity in the company’s securities. (AS 12.11)
Key Takeaway: This is a more specific requirement for audits performed in accordance with the standards of the PCAOB. Previously, while we may have been considering these items in our audits, their consideration was not explicitly required by our policies or by professional standards.
How does Deloitte intend to meet this higher standard in a quick and dirty, cost effective way?
Run a report using “OneSource” that includes a company summary, corporate overview, strategic initiatives, strengths & weaknesses, competitors report, significant developments), News, Articles and Financial Statements.
Zippity doo da. You now know everything you need to know about the company.
It doesn’t help that the audit firms business model accepts high turnover of staff during the first 5 years. It’s a model that auditors got away with when issues were not as complex as they are now, especially within financial services firms.
For example, how can a senior, someone with 2-4 years experience, test a complex structured derivative for potential fraud (i.e. think of the Abacus deal) which is, in reality, an embedded derivative with multiple tranches and economic and risk characteristics that may not be aligned with the host, sitting off balance sheet, after having been passed thru an SPV sponsored by a “too big to fail” bank?
The manager, senior manager, and partner typically have no idea what the subject matter expert, a member of Deloitte’s Financial Instrument Valuation Risk Analytic team, is talking about when he says the client’s models and assumptions are insufficient, outdated, or flawed. The audit team probably doesn’t even know what a synthetic CDO is.
The most egregious recent example of a subject matter being ignored – it happened in Enron, too – is the case of KPMG’s expert on mortgage securitizations and repurchase risk being told, “We’re done here” when he warned at New Century Financial that the client’s models had obsolete assumptions. That ugly episode only came to light because of the New Century bankruptcy and a robust bankruptcy examiner’s report.
In the recently disclosed Part 2 of the 2006 Deloitte inspection report, the PCAOB told the firm that partners were ignoring experts, too.
The inspection team identified six engagements where there were deficiencies in the procedures relating to the use of the work of specialists. These deficiencies included five engagements where there was no evidence in the audit documentation, and no persuasive other evidence, that the Firm had tested certain data or assumptions that the issuer had provided to the specialist (beyond, in one instance, inquiry of management).
In the sixth engagement, as part of their tests of the issuer’s annual goodwill impairment test, the Firm’s internal valuation specialists performed various sensitivity analyses to resolve concerns the specialists had raised regarding the issuer’s method for evaluating goodwill. For some of the issuer’s reporting units, the sensitivity analyses indicated the fair value of the unit might be considerably lower, or considerably higher, than the unit’s carrying value. The Firm failed to perform further, more precise sensitivity analyses, or other procedures, to determine whether the goodwill associated with these units was impaired.
Deloitte did not use its specialized SEC reporting and GAAP/IFRS consultation group well either.
The inspection team identified complex fact patterns in significant accounting and auditing areas, which were associated with deficiencies noted in seven engagements,35/ including five engagements36/ discussed in Part I.A, where the engagement teams did not consult with the Firm’s National Accounting Research or Quality Assurance departments. In addition, * * * * engagement teams consulted in three instances at below “Level A,” and neither the engagement team nor the National Accounting Research personnel raised the issue to a higher level as allowed by the policies.
Is Deloitte truly committed to a sea change in tone as well as technique? Seems to me the firm puts an enormous burden on the “soldiers” on the front lines and not enough on the “generals”, the partners who sign the opinions.
I’m not convinced they’re committed. Based on this document, and insider reports, I believe the the firm is still resistant. The firm’s big hope is probably that the spotlight moves away from Deloitte when something happens at another firm. Perhaps it will be a new development in the New York Attorney General’s case against Ernst & Young for Lehman.
But I do think the PCAOB is getting bolder and won’t be letting up on the audit firms. The recent inspection reports on PwC and KPMG 2009 audits are proof of this.
Two thumbs way up to PCAOB this time.
While the # of deficiencies noted by the PCAOB for PwC and KPMG is alarming, I seriously doubt whether the vast majority are truly significant from an audit quality perspective. When I was in practice, too often the PCAOB focused on nonsubstantive matters (eg. sample size or form of test/documentation) which would not lead one to conclude that the audit opinion was deficient. That is probably one reason why D&T on the whole disagrees with the PCAOB.
Sample sizes is one area where the firms are getting carried away. And it should be noted that the Big Four firms jump as high as the PCAOB makes them despite the questionable benefit of some of the PCAOB’s recommendations/mandates.
PCAOB inspections in 5 years:
PCAOB Inspector: “Where did you consider the risk that the finance department could be wiped out by an asteroid?”
Auditor: “That’s a great point, we considered that in our partner driven planning process, but ultimately decided it wasn’t a risk.”
PCAOB Inspector: “Where is your documentation supporting that conclusion?”
From CFO magazine:
“In the extended version of the report, the regulator’s inspectors found that Deloitte’s auditors did not do enough testing when they evaluated a company’s estimates or looked at the valuation of investment securities. For example, the PCAOB noted, the auditors “did not obtain sufficient competent audit evidence” to support management’s projections for future financial results that went against historical results.”
This doesn’t sound like the PCAOB nit-picking over audit documentation. This sounds more like:
Client: “As long as revenue grows at double digit rates through this recession, our model shows a FMV of $1 million.”
Deloitte: “Based on revenue forecasts prepared by client, D&T recalculated FMV to be $1 million, see workpaper A/5250 for recalc.”
Having recently switched to a big 4 firm by my companies new private equity backed owners I was quite surprised by the lack of supervision, experience of staff and technical knowledge. i felt the big 4 firm had outsoruced their training to my company as we had to explain basic cash flow disclosures, purchase accouting – the small firm, on the other hand consisted of ex-big 4 staff but with 4 times the average tenure.
Unfortunately the private equity and other investor put too much emphasis on the deep pockets of the big 4.
Did the PCAOB “make an example” of D&T because it does not audit Goldman Sachs? I agree, “audit competence and capacity to audit complex topics are in short supply at all the firms”. So? Only about 2% of CPAs, in my opinion, even understand discounted cash flow (DCF) analysis, much less financial models like Black-Scholes. What makes you think the PCAOB’s people are all that competent? I think they are for the most part a bunch of clerks who do not understand: DCF, probablity theory, etc. So? They only respond to “condition present, condition absent” considerations, lacking judgment or any concept of materiality.
I await the PCAOB telling us all TBTF financial institutions are UNAUDITABLE! They are in my opinion, the Fed included! The Fed is a D&T client and in my opinion presents “cooked” books. So?
Why shouldn’t D&T fight the regulators? I say again: the regulators don’t want TBTF financial institutions audited. Do you remember the “stress tests”? What was their purpose? To shore up public confidence in the TBTF financial institutions! Do the Fed and Treasury want the Big 87654 disclaiming opinions on the TBTF financial insitutions? As I see it, D&T is being squeezed by the PCAOB, when it KNOWS it could not disclaim an opnion on the TBTF financials without incurring the wrath of say “fasbee slowbee” Barney Frank. Do you remember Frank upbraiding Bob Herz over SFAS 157 a few years ago?
The Big 87654 are not “playing chicken with the regulator”. The PCAOB is “playing chicken” with the: Fed and Treasury. You and I live in different worlds.
Do you remember when you congratulated PWC for calling into question AIG’s internal controls? Do you remember my response: PWC went easy on AIG. Why? To protect Goldman Sachs, AIG’s counterparty for many derivatives.
What is the fair value of goodwill? It is unknowable.
What is the fair value of many thinly traded instruments? Unknowable. There are many unknowables in accounting, the PCAOB’s opinion notwithstanding.
That D&T and the PCAOB may differ on what auditing standards require does not bother me. I long ago concluded that much AICPA-PCAOB “standards” are mathematical nonsense!
Why put so much stock in the use of specialists? I’ve seen reports by MIT PhDs that were arbitrary economic nonsense. So? “Experts” gave us derivatives and financial alchemy. Why trust them?
I go further than Smithgolf, much of the PCAOB’s concern is finding the “file stuffer”, inconsequential self-serving memos which show the CPA “at least considered the matter”. Rick’s got it! We shall soon start worrying about the sun becoming a supernova and swallowing up the earth!
How do you “audit” a projection? Please tell me Fry.
I’ll say it again: let the supercompetent PCAOB personnel form their own firm from alumni. These guys will be so good, they willl drive the Big 87654 out of business. How? By providing free audits. Free audits? Sure the PCAOB alumni firm’s audits will reduce their clients’ cost of capital, so the audits will be free! You do believe me Franny? Don’t you?
The PCAOB is running around with a plank in its eye when criticizing the (relative) mote in the Big 87654’s eye, Matthew 7:1-6. Enough. And Merry Christmas!
I will just say two things. You are right about the regulators not wanting qualified opinions on the TBTF banks but it’s the SEC and Treasury, not the PCAOB that is driving that bus as well as the comparable regulators in the UK and other countries.
I never congratulated PwC for calling out AIG’s controls. On the contrary. You need to go back and re-read my earlier posts on that subject. Start with this one. https://francinemckenna.com/2010/02/02/the-great-american-financial-sandwich-aig-pwc-and-goldman-sachs/
Francene don’t be defensive, IA makes great points, notwithstanding the sarcasm.
Please respond to the points made – you would ha e great ideas.
I didn’t mean to sound defensive, just short. Independent Accountant and I disagree on the efficacy of the PCAOB even though we may agree on many other things. I agree with him that in its original design and set up it was deeply flawed. It got off to a very slow start. And it is still hampered by the Sarbanes-Oxley law itself – a negotiated, diluted piece of legislation that gave too much away to the audit firms. In particular, all the secrecy and deference is quite unusual for a regulatory agency. It’s there because the audit firms demanded it and people caved in. And in the beginning the regulator was also hampered by a too close relationship with the firms as far as who did the work and how they operated. There was this idea that the PCAOB was there to help auditors do their job not to make sure they were doing it well on behalf of investors.
The PCAOB, as an independent, kick-ass agency, is much needed and must be even stronger than it has been getting to be during the last year under new Chairman Doty. I doubted his commitment when he was appointed based on his past role as a defender of the firms as a corporate attorney. But I did not look deep enough. I think he wants to do the right thing finally and and is getting the issues on the table, in a big way. Where it will go after that is up to the SEC, unfortunately and up to legislators and the courts. This GOP dominated Congress and corporatist Senate is squeamish about the auditors and the audit firms pay to keep them complacent with lobbying dollars.
The best thing that could happen for Jim Doty is for one of the audit firms to screw up so big, so obviously, so egregiously that neither the Congress nor the courts can ignore their complicity any more. Then finally we may see the whole model change. That’s what’s ultimately necessary.
“the whole model change”. Could you please elaborate further your thinking on this?
Rather than repeat it in a comment I’ll direct you to these two posts. It’s a good start. I’ve elaborated further on it as I’ve discussed proposed reforms in the UK and US. You can also search on “audit reform ” for discussions.
With respect Francine, these 2 articles are heavy on slogans (e.g. “start from the top”) and incredibly light on anything else.
So here are some thoughts:
1. Audit only firms are a stupid idea.
One thing you may not realise is that the audit divisions are significant profit centres for firms (many think they are loss leaders, but this is wrong). This is achieved because in-house experts across tax, IT, valuations do not need a full-time audit base to make acceptable partner profits because they sell work in their own right. Reducing partner profits will reduce a) the attractiveness of partnership, thereby reducing talent supply and b) see the most talented partners leave to work in higher-paying roles. Sorry, but altruism does not pay for college, tuition and above all, talent.
In addition, audit attracts staff as a grounding career and many wish to move to the other divisions to become more specialised later on. This will simply not be offerable by firms, thereby resulting in a lower calibre of talent being attracted into audit. That will only hurt quality.
We should be looking at ways of INCREASING partner profits to attract better people and provide a foundation for more investment in systems of quality.
2. Quality is not proximate to time spent.
Please stop perpetuating this myth. Quality is a function of judgement and judgement alone. In my experience, you would actually cut 50% of the crap out of an audit file, replace it with 25% more time on judgement areas and get a better outcome.
You should be asking regulators to get rid of low-value, meaningless, menial compliance activities that will NEVER impact on audit success/failure and demand higher requirements around judgements.
3. Other services are not the end-all evil
Sorry to defy trends here, but those who say non-audit services always impair independence should stop tarring all people with the same brush. In many cases, the opposite is true. We need a better framework to root out the dodgy operators, not create one size fits all systems, that will have no impact on those already doing the right thing but for which quality is still an issue.
If you really do have something meaningful to contribute to the development of a new business model, please take the time to think like a commercial professional and avoid academic claptrap. It undermines what you are trying to achieve, plays to the masses and turns what you are trying to achieve into yet another round of sensationalist nothingness.
Since I disagree with the basic premise of all three of your points, it won’t make much sense to repeat my reasons. They are on display over and over beyond this post.
But let me comment on one thing. That’s probably the first time I have been accused of being too academic. I wish that I could support more of what I say with academic studies. However, the professors do too little practical research and when they do it it’s based on old data. So, too little too late and irrelevant in many cases to making my points right now.
My opinions are based on commercial reality, gained first hand from observing how decisions were made at highest levels with regard to audit quality, regulatory compliance, legal defense, and independence at PwC. I also worked in and out of the US for KPMG Consulting and BearingPoint, its successor firm, as a Managing Director and practice leader with staff and P&L responsibility in Latin America and saw how the experts you refer to did their own thing as well as supported audit when needed. And plenty of current professionals at all levels have confirmed my views based on today’s practices.
It’s funny to see tax and valuation, for example, take such an integral role again when many of those guys ran for their lives after Sarbanes-Oxley was passed. They thought the independence components of the law would be enforced and they would be precluded from working with audit clients and giving advice on things the firm would later audit. Since that was never enforced, they are back in the Big 4 firms. That’s the natural commercial cycle I see.
I used to work for DTT. Shoddy,but not significantly more shoddy than the other 2 Big 4 “firms” where I used to work. I will relate one incident:
Senior: So, the instrument is valued using a valuation model?
Senior: And how does the model work.
Manager: It doesn’t matter- we have it on file from last year. All we have to do is say they are using the same model as before.
Senior: So we tested the model last year?
Manager: I don’t know- i just got this file an hour ago.
Senior: So, we just take their word?,
Manager: More or less.
That’s some Ivy League thinking right there. Thank you, Larry Summers.