Auditors and the Financial Crisis: Part of the Solution or Part of the Problem?

This is the text of my speech for the Society for the Advancement of Socio-Economics Conference last Friday.

The theme of this year conference was “The Institutional Foundation of Capitalism”. Our special session was entitled ‘The New Financial Architecture after Financial Crisis’.

I was a panelist with moderator Guler Aras, Ph.D. and Professor of Finance &  Accounting and Visiting Scholar of Finance at the McDonough School of Business and Center for Financial Markets and Policy at Georgetown University, Thomas Clarke, Professor of Management and Director of the Key University Research Centre for Corporate Governance at the University of Technology, Sydney, Shyam Sunder, James L. Frank Professor of Accounting, Economics, and Finance at the Yale School of Management; Professor in the Department of Economics; and Fellow of the Whitney Humanities Center, and Paul William, Professor, Ernst & Young Faculty Research Fellow, at NC State University. Williams is also Associate Editor for Critical Perspectives on Accounting. The conference was organized by Northwestern University and the University of Chicago and will be held in Chicago.


Auditors have been weak, complacent and, in some cases, complicit in the recent failures and frauds, as well as the illegal acts such as money laundering, foreign bribery and corruption, tax evasion and Libor-fixing we have seen perpetrated by public companies, especially banks, after Sarbanes-Oxley, during the financial crisis and since the crisis.

They no longer follow the mandate of U.S. v Arthur Young & Co., 465 U.S. 805, 817-818 (1984):

…By certifying the public reports that collectively depict a corporation’s financial status, the independent auditor assumes a public responsibility transcending any employment relationship with the client. The independent public accountant performing this special function owes ultimate allegiance to the corporation’s creditors and stockholders, as well as to the investing public.

This “public watchdog” function demands that the accountant maintain total independence from the client at all times, and requires complete fidelity to the public trust.

To insulate from disclosure a certified public accountant’s interpretations of the client’s financial statements would be to ignore the significance of the accountant’s role as a disinterested analyst charged with public obligations.

Instead of being watchdogs, the global audit firms are lapdogs to their perceived clients, the company executives. Their meddling in politics in Hong Kong is a great recent example.

Yes, democracy is disruptive and as the FT’s Michael Skapinker recently wrote:

The accountants appear to be confusing the “rule of law” with “rule by law”…

It may be that they have accepted that China plans to exert greater control and that they would like to retain Beijing’s favour.

There are businesses in other parts of the world that make the same deal, that accept the protection of a government’s strong arm in return for the chance to make money without disturbance.

Myanmar is another good example of all of the Big Four audit firms setting aside obvious issues with rule of law and “China’s encroaching economic interests” there to set up shop for a profit.  In Myanmar the pitch is tax “avoidance” otherwise known as the next big thing in offshore tax evasion.

Twelve years after the passage of the Sarbanes-Oxley Act of 2002, external auditors are still getting used to a new regulatory regime under the Public Company Accounting Oversight Board (PCAOB). Prior to 2002, the US audit and accounting industry operated under a self-regulatory regime with the AICPA, its trade organization, as the rule maker and enforcer.

For example, there’s ongoing sabre rattling between the audit firms and their clients, corporate executives, on one side and the PCAOB on the other over the use of the term “audit failure” by the regulator in its inspection reports, when describing the deficiencies it finds.

Audit firms, and executives, worried that someone will figure out which of companies are the subject of the numerous audit deficiencies cited, prefer that the term “audit failure” be only used to describe when the auditor misses material misstatements that result in a formal restatement.

In March of this year I wrote about this running war of words.

However, when fraud and material misstatements occur, what is the typical auditor response?

  • We weren’t there. Financial statements are responsibility of management.
  • We can’t see. When executives collude even the best audit won’t uncover the fraud.
  • We were duped. If we get bad information from management we can’t be held responsible.
  • We can’t afford to do more. More extensive testing to go beyond the “reasonable assurance” standard means more time and more money. Companies and investors won’t pay for it.

I reminded readers of the role and responsibility of an auditor in a public company audit.

From the standard auditor’s opinion:

These financial statements are the responsibility of the Company’s management. Our responsibility is to express an opinion on these financial statements based on our audits.

We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation.

We believe that our audits provide a reasonable basis for our opinion.

So, the PCAOB finds during an inspection, and says quite often for all the firms, “that it appeared that the Firm, at the time it issued its audit report, had failed to obtain sufficient appropriate audit evidence to support its audit opinion” on either the financial statements or the effectiveness of internal control over financial reporting.

Did the audit firm fail to fulfill its public duty? Uh huh.

Is that an “auditor” failure? Yes.

Is it an “audit” failure? You betcha, if you believe, as I do that an audit opinion delivered without sufficient evidence to support it is a failure to deliver the required audit services.

In a sane world, a professional services vendor that, via a third-party objective quality review, falls significantly short of the contractual requirements to deliver a service under required legal standards and practices would be liable for malpractice and breach of contract. But in the world of the too few to fail Big Four audit oligopoly, the interests of the paying customers and the vendor to deliver minimum service at lowest cost and with the lowest common denominator of quality are aligned. Neither company executives nor the audit firm makes friends by publicizing substandard or illegal accounting and incomplete or misleading disclosure to investors. The likelihood of getting caught and being held liable is too low for both, especially on an individual basis, to make a good, thorough audit worthwhile.

Fortunately, the PCAOB has stepped up their game since. In a recent inspection report for the US arm of PwC, the PCAOB cited four additional restatements, five downgrades to ICFR opinions and nineteen opinions it says should not have been issued out of 59 engagements reviewed.

I’d call that auditor and audit failure.

The PCAOB used tougher language regarding PwC’s auditing failures, perhaps as a warning to the firms to stop whining and step-up.

Certain of the deficiencies identified were of such significance that it appeared to the inspection team that the Firm, at the time it issued its audit report, had not obtained sufficient appropriate audit evidence to support its opinion that the financial statements were presented fairly, in all material respects, in accordance with applicable financial reporting framework and/or its opinion about whether the issuer had maintained, in all material respects, effective ICFR.

In other words, in these audits, the auditor issued an opinion without satisfying its fundamental obligation to obtain reasonable assurance about whether the financial statements were free of material misstatement and/or the issuer maintained effective ICFR.

Whether or not associated with a disclosed financial reporting misstatement, an auditor’s failure to obtain the reasonable assurance that the auditor is required to obtain is a serious matter. It is a failure to accomplish the essential purpose of the audit, and it means that, based on the audit work performed, the audit opinion should not have been issued.

Does that admonishing language sound familiar?  Yay!

Sadly, corporate accounting and disclosure fraud did not end, as promised, after the Sarbanes-Oxley Law was enacted in 2002. The SEC’s newly revived Accounting Fraud Task Force and Operation Gatekeeper initiative seek to hold those responsible for frauds that are still occurring, including looking again at incompetent and compromised auditors.

Again, from my March 2014 post:

The Operation Broken Gate initiative targets auditors, lawyers and directors who enable corporate accounting and disclosure fraud. In fiscal 2013 accounting and disclosure fraud was the largest percentage of the SEC’s Dodd-Frank whistleblower tips, the second year in a row. So, maybe the SEC and PCAOB need to question the increase in characterization of misstatements as non-material and as fixes made only on a go-forward basis.

Why are restatements declining?

  • Auditors make the final call on the necessity of a restatement under pressure from executives and their lawyers. It’s in all parties’ best interest to minimize restatements.
  • Making fewer restatements reduces the likelihood auditors will be named as a defendant in a shareholder lawsuit.
  • Compromising on the requirement for a restatement by downgrading the materiality of errors or misstatements reduces the likelihood auditors will irk executives by setting them up for SOx or Dodd-Frank clawbacks claims. A restatement is required to force reimbursement under both laws.

We now know that fraud drove many of the financial crisis failures. The subprime crisis turned into a credit crisis then a full-blown financial crisis. Major industrial and financial services companies in the United States and abroad were bailed out, forcibly acquired, and effectively nationalized in order to survive.

Look at a company like GM, bailed out to save Detroit. Detroit went bankrupt anyway and now we find that GM has been manufacturing and selling cars with faulty ignition switches that have caused deaths, and denied it before and after its bailout.

Still glad we saved GM?

Just look at how many bank settlements we’re finally seeing that point to the systematic and systemic fraud in the banks’ mortgage businesses. Billions and billions of fines, but alas, no criminal indictments for banks and their executives.

During that time, no warning bells in the form of “going concern” opinions, for shareholders and society as a whole, were sounded by auditors. When the Big Four auditor wasn’t auditing a bank it was consulting to it.

Why not?

From my blog in November of 2010:

In the UK, the leadership of the Big 4 audit firms admitted to the UK’s House of Lords Economic Affairs Committee in 2010 that they did not issue “going concern” opinions because they were told by government officials, confidentially, that the banks would be bailed out.

I’ve asked the question many times why there were no “going concern” opinions for the banks and other institutions that were bailed out, failed or essentially nationalized here in the US.  I’ve never received a good answer.  There has been minimal mention of auditors’ presence or their role in any accounts of the crisis.

There has been no similar admission that meetings took place between the auditors and the Federal Reserve or the Treasury leading to Lehman’s failure and afterwards. No one has asked them. EY was not called to testify before Congress for its role in the Lehman failure. PwC was not called to testify for its role in the failure and nationalization of AIG. Deloitte never testified about the failure of Bear Stearns or the requirement of a forced acquisition of Merrill Lynch and Washington Mutual and the failure and bailout of GM. KPMG was never asked to testify about the nationalization of Citigroup or the failure of mortgage originator New Century.

As financial crisis litigation has matured, five-six years later, we now finally see the extent to which accounting fraud, disclosure fraud, and accounting manipulation played a role in these failures and how often the global audit firms were complacent or, in some cases, complicit in the frauds.

In the first crisis related disciplinary action against auditors, two audit partners, KPMG professionals, were disciplined recently over the fraud at TierOne.  No, I hadn’t heard of them either. The first FDIC suit against a major audit firm for one of its crisis bailouts, PwC’s audit of Colonial Bank, wasn’t filed until November of 2012.

Yeah, another non-Wall Street fraud.

The SEC and PCAOB will, unfortunately, only go after individuals at the audit firms but not the firms themselves in any way that might precipitate another global audit firm failure.

(The firms, like KPMG and its inside trader Scott London, EY and its inside trader Gansman, Deloitte’s inside traders Vice Chairman Tom Flanagan and its former Chief Risk Officer who took casino markers from a gaming audit client or the wife of one of Deloitte’s tax M&A partners who went to jail for passing tips to her relatives in London unbeknownst to her husband, and PwC’s recent partner on ArthroCare who was sanctioned and barred but allowed to retire last month at age 51…will throw partners and employees under the bus to appease prosecutors and redirect attention away from the firm and its current leadership. None of the firms were sanctioned for lax supervision of the professionals in any of these cases.

No regulator wants to be responsible for the “collateral damage” that will occur if a “nuclear bomb” is dropped on the profession as in the Arthur Andersen case or as almost happened in the KPMG tax shelter case. The damage would be extensive, I agree, since there is no Plan B for meeting investors’ needs for timely, sufficient, reliable, and true financial information.

What that truly means is the global audit firms do have a free pass, immunity from criminal prosecution, and they know it. The Big 4 risk management strategy consists of running ahead of catastrophic private litigation – which they’re doing as fast as their skinny legs can carry them  – and hoping no stray lawsuit kills them, especially one outside of the US or UK where judges have often bought into the idea that they can’t put another firm out of business. Judges have openly spoken of protecting audit firm partners instead of the shareholders of companies defrauded. Many hold generally antiquated views of the auditors’ role skewed by defense lawyers who portray their clients as bookkeepers and beancounters who can be duped rather than the public watchdogs they are supposed to be.

The global audit firms run ahead of private litigation, for now, which may, someday, inflict more damage than their enormous profits can withstand.

4 replies
  1. James Ulvog
    James Ulvog says:

    Good read, even if frustrating. Too-big-to-fail or too-big-to-jail or any other formulation of too-big-to-x creates a moral hazard that puts the rest of us at risk. Doesn’t matter whether we are talking of banks, Big 4 firms, or car manufacturers.

  2. Allan
    Allan says:

    What we are seeing is the same expectation gap that has existed since the beginning of the profession. While I find it hard to defend external audit firms, I do understand the limitations they face. Take the GM example from your post. GM as a company had weathered many downturns in the economy before. Would you expect the audit firm to tell the shareholders that current management was not equipped to run the company during this one? On what basis (remember, we are looking back at this event and not from the time and place of the audit opinion). Do we expect the external auditors to know about the ignition switch issue? Where do we stop? Investors should understand that ‘reasonable” is driven off of economics. Also, investors should look at the management of the company and decide if they believe the officers and board are worth investing in. There are three stakeholders in this relationship: Investor, Management, and Audit Firm. All share some responsibility.

  3. Francine
    Francine says:


    The GM ignition switch issue is a very easy example to use in explaining why the auditor is more broadly responsible than almost anyone is forcing them to be.

    Deloitte has been the auditor of GM for a hundred years or so. They have been with the company through thick and thin, ups and downs bankruptcy and back. They’ve even been sued along with the company and its officers and directors for past accounting frauds and manipulations and paid settlements for their negligence. So who better to know if the company and its executives are addressing and recognizing the risk and potential liability, in their financial statements, of a problem we know know the company was aware of for a long time, even before the bankruptcy. Deloitte was allowed to remind GM’s auditor after the bankruptcy, and to advocate for GM with the IRS on the restructuring even though that was arguably an independence violation, because if the firm’s deep , “irreplaceable” knowledge of the company and its executives.

    It’s the auditors role to make sure the financial statements reflect the true obligations and opportunities of the company, including potential legal liabilities. Was GM hiding the issue from its auditors? I’d be surprised. Over the years many, many Deloitte professionals have gone to work for the company. The ties run deep. If the company was hiding the issue from Deloitte, too, what does that say about Deloitte’s competence? In the ignition case Deloitte was either incompetent or complicit in the coverup, especially by legal, that seems to have occurred, if we are to take news and litigation accounts seriously.

    The auditor can not pick and chose what it sees, hears, speaks up about. In fact, it has an obligation under law to perform an audit that identifies the risk of material misstatement due fraud or other illegal acts. If they identify such activities and the company does not address them appropriately, the auditor has an obligation under Section 10A of the Securities Act of of reporting that to the SEC. That is explained here.

Trackbacks & Pingbacks

  1. […] – re:The Auditors – Auditors and the Financial Crisis: Part of the Solution or Part of the Problem? – Survey of issues with Big 4 auditing is a good read. One of many lessons is the moral […]

Comments are closed.