How audit firms are polishing their images

The facts surrounding Arthur Andersen—the poster child of accounting firm failures—are well known: In June 2002, Arthur Andersen was convicted of obstructing a federal investigation for destroying numerous documents relating to the audit of its client, Enron, a now-defunct U.S. energy-trading and utilities company, notorious for perpetuating one of the biggest accounting frauds in history. Although the Supreme Court reversed Arthur Andersen’s conviction, the damage had already been done, leading to its ultimate demise.

Since that time, numerous investigations and enforcement actions have rocked the audit profession in a sector that has been caught in a mess of high-profile corporate scandals. Whether by the U.S. Securities and Exchange Commission, the Department of Justice, the Public Company Accounting Oversight Board (PCAOB) or an international audit regulator, no audit firm has escaped reputational damage in some form.

Deficiencies around Internal Control Over Financial Reporting (ICFR), particularly, continue to be the bane of audit firms’ existence. “Although the number of deficiencies in testing controls that include a review element has decreased over the past few years, these deficiencies continue to be the most frequent findings observed when inspecting ICFR,” George Botic, director of inspections at the PCAOB, said in remarks on Dec. 12, 2018, at an American Institute of Certified Public Accountants conference.

Specifically, common themes in PCAOB inspection findings the past several years generally focus on the audit of internal control, with inspectors flagging such issues as failures to sufficiently test the design or operating effectiveness of certain controls; failures to identify and test controls that addressed identified risks; or failures to test the relevant criteria for revenue recognition. In its inspection reports, however, the PCAOB cautions against regarding deficiency rates as indicative of audit quality at firms, as the inspection process is intentionally geared toward finding problems in higher-risk audits.

“Remediation methods that have worked in the past to address deficiencies may not address current and future deficiencies. I encourage firms to look deeply and broadly to understand the reasons why findings continue to recur and to consider their post-issuance review procedures when deficiencies are identified.”

George Botic, Director of Inspections, PCAOB

“Remediation methods that have worked in the past to address deficiencies may not address current and future deficiencies,” Botic said. “I encourage firms to look deeply and broadly to understand the reasons why findings continue to recur and to consider their post-issuance review procedures when deficiencies are identified.”

BDO USA

The audit firm with one of the poorest deficiency rates is not among the Big 4. In the PCAOB’s 2016 report, 67 percent of mid-tier firm BDO USA’s audits examined failed to comply with standards. Among the 24 audits selected for inspection, the PCAOB said it found multiple problems in 16 of those audits. Across the 16 audits, inspectors called out nearly 100 separate violations of auditing standards, including 38 separate instances of failing to comply with Auditing Standard No. 5, which governs the audit of ICFR.

A spokesperson for BDO USA says the firm “does not comment on PCAOB inspection reports beyond our official response to the PCAOB contained in the report.” Even in the report, however, BDO USA doesn’t say much, only vaguely stating that it has “evaluated each of the matters” and has “taken appropriate actions.”

In one recent case, the SEC in October 2018 suspended three former BDO USA auditors over allegations of backdating audit work papers when an engagement team fell behind and couldn’t meet filing deadlines. BDO USA tells Compliance Week that it is “committed to audit quality and continuous improvement” and “regularly dedicates time and resources to the ongoing enhancement of our quality control programs and the audit services we provide our clients.”

KPMG

Among the Big 4, KPMG has had an especially tumultuous few years. In its 2017 inspection report of KPMG, released in January 2019, the PCAOB highlighted several ongoing deficiencies with KPMG’s audits. Specifically, among the 52 engagements it inspected, the PCAOB said it found deficiencies in 26 of those audits, which suggests, generally, that auditors did not obtain enough evidence to support the opinions they issued, the PCAOB said.

Additionally, the PCAOB published new inspection findings for KPMG for 2016 and 2017, in addition to revised inspection reports for 2014 and 2015 to disclose certain quality control criticisms that it determined the firm did not sufficiently remediate within 12 months of the original publication of those reports (the 12 months ended Oct. 15, 2016, and Nov. 9, 2017, respectively).

The PCAOB’s long-delayed reports cast new light on an information leak orchestrated by KPMG employees that compromised the regulatory inspection process. In January 2018, the Justice Department and SEC brought charges—including for fraud and conspiracy—against the highest levels of KPMG’s U.S. audit leadership, along with a staff member at the PCAOB. According to the SEC orders and Justice Department indictments, former PCAOB staff members hired at KPMG transferred confidential inspection-related information that gave KPMG auditors opportunities to shore up audit files in advance of PCAOB inspections.

It was KPMG that first alerted the PCAOB and SEC of this conduct when it was reported through an internal source in February 2017. This prompted the PCAOB to alter its 2016 KPMG inspection findings, ultimately finding deficiencies in 22 of the 51 total engagements (43 percent) covered by the 2016 report.

In a letter responding to the PCAOB, KPMG noted that it has since dismissed the employees who inappropriately used the PCAOB’s confidential information. “The conduct of these individuals was contrary to the firm’s code of conduct, what we expect and demand of our people, and intolerable,” KPMG said.

KPMG also described extensive remedial measures in its report to the PCAOB, including enhanced supervision and review, a new approach to engagement monitoring, investments in new technology, and new leadership.

Deloitte, EY, and PwC

In comparison to KPMG, the other Big 4 scored reasonably well in the PCAOB’s 2016 findings, with the PCAOB finding deficiencies in 27 percent of EY’s engagements; 24 percent of Deloitte’s engagements; and 20 percent of PwC’s engagements.

Deloitte did even better in the PCAOB’s 2017 inspection report, with a 20 percent deficiency rate—the lowest level the firm has ever recorded since the PCAOB first began providing data in inspection reports in 2009. In that report, the PCAOB said it inspected portions of 55 audit files at Deloitte, 52 of which were integrated audits on both financial statements and internal control over financial reporting. Inspectors said they found deficiencies in 11 of the audits.

In its response letter included in the report, Deloitte said that it took appropriate steps under professional standards to address deficiencies. “We are confident that our ongoing digital transformation, along with the investments we continue to make in our audit processes, policies, and quality controls, are resulting in significant enhancements to our audit quality,” Deloitte said.

Like Deloitte, EY continues to see improved scores in PCAOB’s year-over-year inspection reports. Although the PCAOB’s 2017 report of EY has yet to be released, EY’s 27 percent deficiency rate in 2016 and its 29 percent deficiency rate in 2015 are marked improvements from its 36 percent in 2014; 49 percent in 2013; and 48 percent in 2012.

In further efforts to improve audit quality, EY U.S. announced on Jan. 23 the establishment of its independent audit quality committee (IAQC), whose members include a former PCAOB member, the chairman of the Financial Accounting Foundation, and former CEO of Vanguard Group. The purpose of this group is to “advise senior leadership on the many aspects of the firm’s business, operations, culture, talent strategy, governance, and risk management that affect audit quality,” EY said.

“At EY, we believe in the power of diverse points of view in all aspects of our business; this includes harnessing the value of independent perspectives to further strengthen audit quality,” EY U.S. Chairman Kelly Grier said in a statement. “We believe that gaining insight and advice from the IAQC will help us fulfill our important role of delivering high-quality audits.”

Grant Thornton announced on Jan. 30, 2019, that it, too, has created an audit quality advisory council to bring “deep, practical, and objective advice” to the firm’s partnership board on how to deliver high audit quality. The inaugural council consists of a Grant Thornton partner, who is a current member of the partnership board, and two individuals from outside the firm. Deloitte, KPMG, and PwC already had governing boards.

Like Deloitte, EY, and PwC, Grant Thornton did reasonably well in the PCAOB’s 2016 report, with a 24 percent deficiency rate—a significant improvement from the 41 percent score in 2015; 32 percent score in 2014; and 56 percent in 2013. It saw its worse deficiency rate (65 percent) in 2012. The PCAOB’s 2017 inspection report on Grant Thornton has yet to be re-leased.

Even firms that have scored well, however, have been caught up in some big corporate scandals over the years that have exposed significant problems in financial reporting. In one high-profile case, both Deloitte and PwC, for example, found themselves in legal hot water over their audit work at Taylor, Bean & Whitaker, a mortgage lender that went up in smoke in the financial crisis. Deloitte was TBW’s independent auditor from 2002-2008, until the FBI raided TBW’s headquarters in 2009 and the company ceased operations. Federal authorities described a long-running $2.9 billion fraud scheme at TBW and Colonial Bank, which was audited by PwC, to conceal massive losses in mortgage loans.

Other corporate scandals that have entangled PwC include MF Global; Tesco; and Bank of To-kyo Mitsubishi. For EY, some of its most notorious scandals include the Lehman Brothers and Weatherford International.

Quality matters

Audit firms that spoke with Compliance Week say that audit quality is a key focus in their conversations with audit committees today. Grant Thornton, for example, talks “very openly with audit committees,” both current and prospective clients, “about our processes to evaluate quality, which includes our inspection results from PCAOB,” says Jeff Burgess, Grant Thornton’s national managing partner of audit services. “Quality is the foundation for everything we do.”

“We have very robust processes to monitor the work we’re doing, to identify the jobs we have done particularly well or those that have not been done particularly well,” Burgess adds. From there, a root-cause analysis is conducted on those engagements, he says, “and we use that information to make changes to our process, our methodologies, our tools in an effort to consistently improve our quality.”

PwC U.S. says that “audit committee oversight of auditors is a key element of audit quality and the U.S. financial reporting ecosystem. Through timely, meaningful exchanges, we obtain audit committees’ perspectives and fulfill our professional responsibilities to communicate certain items to them. These communications relate to many aspects of the audit, including auditor independence, the audit plan and strategy, perspectives on fraud risks, companies’ accounting policies and practices, critical accounting estimates, significant unusual transactions, and the results of our audit.”

EY U.S. stresses that independent auditors “have an important responsibility to promote trust and confidence in the capital markets by delivering high-quality audits.” Each year, EY U.S. issues an audit quality report (AQR) to provide stakeholders—including current and prospective clients, audit committees, regulators, investors, peers, and employees—insights into “how we are conducting high-quality audits and our ongoing efforts to continuously improve quality,” the firm says.

For the audit profession, generally, 2019 may bring even greater clarity around any unanswered questions on audit quality. Beginning this year, Botic said in his remarks at the AICPA conference in December, the PCAOB intends “to establish a program that seeks to identify practices employed by firms that promote or enhance the quality of audits.” The PCAOB will then share these practices as part of its outreach initiatives.

Click here for specific results for the big accounting firms.