Auditor Rotation and Banks: If It Makes You Happy…
My column today at American Banker is about the PCAOB’s auditor rotation and auditor independence concept release and its impact on banks. My favorite lines that made it in are probably these:
Audit firm CEOs say mandatory rotation would distract them from audit quality assurance and force the partners to focus on responding to constant requests for proposals and marketing activities. The auditor firms would rather collect oligopolistic fees from a government-mandated franchise without having to compete or justify those fees.
I have opposed mandatory auditor rotation proposals, here and in the UK, for a reason that goes deeper than whether it’s the right thing in an ideal world. It is. But we are not living in an ideal world. I wrote a more lengthy post on the subject in Forbes last August when the subject first came up again. Earlier last summer, in July, I wrote here about audit reform proposals, in general, and I was quoted in the FT’s Agenda on the subject.
Auditor rotation is a suggestion that comes up over and over with no resolution.The Financial Times’ Agenda (subscription only) explored the pros and cons of the issue. I was quoted and so were a few other notables such as Denny Beresford, who currently chairs the Audit Committees at Fannie Mae and Legg Mason.I get the last word with this quote:
But even Francine McKenna, an outspoken critic of the industry, does not advocate mandatory term limits. “In a perfect world, if we had enough firms and if we had enough capacity and ability to go around, then it would be a wonderful idea,” she says. “But I think, practically speaking, it would make things worse. Trading one potentially corruptible firm for another potentially corruptible firm doesn’t really help.”
Instead, McKenna advocates radically changing the industry structure. “My personal feeling is we’re not going to get a good audit until we take it out of the companies’ hands and put it into the hands of an agency that controls the fees and controls who does the work,” she says. “You can’t have companies paying for audit firms directly.”
Here are some additional anecdotes that did not make it to the American Banker column due to space:
This past Thursday, New York federal judge Lewis Kaplan sent the New York Attorney General’s case against Ernst & Young back to state court where it was originally filed. New York prosecutors claim Ernst & Young violated the Martin Act, an ancient state law used effective by former New York attorney general and governor Eliot Spitzer to prosecute securities fraud. The Attorney General seeks return of the $150 million in fees that Ernst & Young earned as Lehman’s auditor from 2001 until its bankruptcy filing in 2008.
GE has used KPMG as their auditor since 1909. That longstanding relationship meant no one blinked when KPMG started providing prohibited non-audit services to GE’s tax department. After I wrote about this lapse, the engagement ended. Fannie Mae fired auditor KPMG in 2006, then sued the firm after a $9 billion financial statement fraud. KPMG was Fannie Mae’s auditor for 36 years.
PwC is still the auditor of AIG, the insurance company that was taken over by the US government after AIGs dispute with another PwC auditee, Goldman Sachs, boiled over. AIG shareholders have sued PwC more than once over the years including most recently for its role in AIG’s issues during the financial crisis. PwC paid $97.5 million for a case related to AIG’s 2005 era accounting problems. PwC’s relationship with AIG started more than thirty years ago. PwC has been Goldman Sachs’ auditor since at least 1996, three years before its IPO in 1999. PwC’s former CEO, Jim Schiro, chairs Goldman Sachs’ audit committee.
It is hard for many regulators and the public to believe, but the Big 4 Auditing Firms are not complicit in accounting frauds, with the rare exception of a rogue partner. The Big 4 firms’ reputations are far too important to accept wrongdoing. As a former Big 4 assurance partner, I did the right thing day in and day out saying no to clients, demanding forensic investigations and resigning from clients that did not share our ethical values. As one of our senior assurance leaders once said, “The opportunity for us to do your audit is a privilege to be earned, it is not a right”. And now that I am retired, I thank God that our Tone at the Top, the consistent focus on audit quality and doing the right thing keeps shareholder investments (and my personal pension) safe.
Not sure what point you are trying to make on your additional anecdotes regarding longevity of KPMG or PwC serving those companies. As I think you can appreciate, not all shareholder lawsuits are indicative of a failed audit. In fact, I would say the majority of those lawsuits are the result of losses incurred by shareholders over business failures, not audit failures.
Hearing members of the house committee opine that increasing auditor responsibility and mandate auditor rotation would have a negative effect on jobs, left me in awe. If investors lose faith in the stock and bond markets there will be less capital for jobs. That requests for comment went to the managements of companies tells me that Congress does not get this. The requests for comment should have gone to the investors. Audits are not done for companies, but to those that invest in companies or lend to them.
I agree with the comments at 1
An audit should (under ISAs, and the broad concept is not different under US GAAS) be planned and performed to provide reasonable assurance that the financial report taken as whole is free from material misstatement whether due to fraud or error. The standards specifically make reference to both reasonable, and thus not absolute, assurance and also that due to its nature (collusion potential, misrepresentation, sophisticated schemes designed to conceal……) the risk of identifying a material fraud is greater than for error. Management fraud, such as the ones mentioned on the whole, are also explicitly identified in standards as being harder to identify than those perpetrated by employees?
Unless the auditor has reason to believe the contrary, the auditor may accept records and documents as genuine. If conditions identified during the audit cause the auditor to believe that a document may not be authentic or that terms in a document have been modified but not disclosed to the auditor, the auditor shall investigate further. (ISA240).
My experience in the profession (in both the UK and Australia) is that both partners and staff working on audit engagements of all sizes are ethically sound, skeptical, overtly keen to ensure that appropriate accounting practices are followed and not interested in cutting corners on quality in order to achieve greater margins. It is simply not worth being any other way. FYI I am not an audit partner.
In the past 5 years I have seen significant improvements in quality and I generally saw similar, albeit not such great, improvements in the preceeding 5 years. A personal observation, as are all of my comments obviously, is that the pace of technological change, increases in transactional volumes for large corporates, financial creativity/engineering/complexity and increasingly complex financial reporting frameworks and standards (including the use of significantly more estimates and judgements) all conspire to create an increasingly complex and volatile environment. In other words the audit job is getting harder not easier.
The concepts discussed on this forum regarding audit fees and the associated agency issues are a difficult and complex one. As an auditor I have an ethical issue with considering anyone other than the shareholder being my client, but the idea of the shareholder selecting the auditor is also frought with logistical difficulty and there is no reason to conclude that a current shareholder (who in a scenario of shareholder selection of auditor would be in control of such selection) wouldn’t prefer aggressive policy and treatment for short/medium term price accretion than management, I.e. there would still be incentives and pressures driving behavior – they would just be different ones. To consider otherwise would be to assume that all shareholders are long term investors. Developments in technology have somewhat changed this dynamic over the years, although I accept that share registers of most large corporates do still have long term stalwart investors, an interesting study for another day! Regulator selection of audit firm and agreement of fees is also equally peppered with significant issues and also potential downside risks to audit quality in the long term.
I disagree with the concept of mandatory auditor rotation, principally because from practice know that after 3/4 years of auditing a large client the audit will be “better” than in the first year. This is not to say that the first year engagement would be deficient rather because knowledge of the client (critical to a risk based audit approach) improves as is only natural over time. I am heavily in about of mandatory partner rotation, which currently exists, to ensure familiarity risks are addressed in some manner – as no matter how independent or competent a fresh pair of eyes is required every few periods and allows a person independent of prior decisisions to reassess such key decisions to get comfortable when opining.
A final point that I think should be raised by way of defending the profession is that the matters that hit the news papers are the significant minority of audits undertaken. Given the inherent risks associated with an audit and the concept of reasonable not absolute assurance it is inevitable that there will be a percentage of audits that do not detect a material error or fraud. For the percentage where the audit did not identify a material error or fraud, but one existed and came to light, the immediate conclusion can not be that the audit was deficient given the aforementioned matters. Accounting Standards also implicitly acknowledge from time to time errors may be made that require correction, otherwise IAS 8 wouldn’t exist, I am not suggesting that they are desirable however. A next logical question could be what is an acceptable non-identification rate and should the settings on the audit framework be dialed up or down accordingly. Obviously as I mentioned I don’t believe audit teams are interested in colluding with management to perpetrate fraud and to do so would require a complicit team and the circumnavigation of other quality control measures – there is always a bad apple or two in anything but I would suspect the volume would be significantly lower than unscrupulous or positively biased management teams which the audit profession must remain skeptical against.
So what is the solution to it all, perhaps a federal based audit service. On the other hand given the mass mishandling of simple housekeeping and budgeting by governments around the world reflected by unsustainable national debt levels, perhaps not. Whoops I forgot that auditors are not there to assess managements business decisions rather the accurate reporting of them, although in the case of Greece I might have had some going concern concerns and they aren’t the only ones.