Tuesday, January 18, 2022

Fake it Until You Make it: The Story of Elizabeth Holmes and Theranos

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Steve Mintz, Professor Emeritus, Cal Poly, San Luis Obispo. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

A Cautionary Tale for Silicon Valley

Fake it until you make it is an expression that amply describes what happened to Theranos. It also characterizes the actions of the company’s founder and CEO, Elizabeth Holmes. The idea being that by imitating confidence, competence, and an optimistic mindset, Holmes was able to dupe dozens of investors and companies by claiming that by using a pin prick, blood could be analyzed quickly for diseases.

Holmes was dubbed the world’s youngest self-made woman billionaire but, by June 2016, estimates of her net worth had declined dramatically due to serious questions related to Theranos’s business practices. Holmes was forced to relinquish control of Theranos in 2018.

Holmes believed the testing procedures would revolutionize the way diagnostics were done and aid in preventative medicine. Using a machine called the Edison, pharmacies were supposedly able to use this portable blood test from a drop of blood. The problem was that it didn’t work and often gave out false results. Most tests were not able to be performed from a needle prick but required venipuncture.

Earlier this month, Holmes was found guilty of four of 11 charges of fraud; three counts of wire fraud and one count of conspiracy to commit wire fraud by lying to investors to raise money for her company. Each count carries a maximum sentence of 20 years in prison, terms that are likely to be served concurrently. However, Holmes is expected to appeal the verdict.

The Scam*

Holmes duped just about everyone about the efficacy of Edison. For 12 years, she essentially ran a Ponzi scheme by attracting millions of dollars from primarily venture capitalists that saw it as a unique opportunity to cash in on the boom in Silicon Valley.  

It’s not a stretch to label Holmes as immoral. The deeper question is how she was able to fool so many bright people and one of the biggest drug chains in the U.S. – Walgreens. The answer lies in her “cult of personality.” She controlled Theranos through force of personality and control of the communication channels.

The company also stifled dissent as when one of its employees, Erika Cheung, told Sunny Balwani, the former president and chief operating officer, about the flawed quality controls at the company that had ignored problems with the process of analyzing blood. Balwani basically told Cheung to mind her own business.

Cheung realized her concerns were falling on deaf ears. She told John Carreyrou of the Wall Street Journal that “This was not an environment, that is not a culture, where they really care about what consequences this might have on patients.

The Theranos fraud became public in October 2015, when Carreyrou reported that Theranos was using traditional blood-testing machines instead of the company’s Edison devices to run its tests. Theranos claimed the allegations were “factually and scientifically erroneous.” However, Walgreen’s suspended plans to expand blood-testing centers in their stores. The Cleveland Clinic announced it would work to verify Theranos technology.

In January 2016, the Centers for Medicare and Medicaid Services (CMS) sent a letter to Theranos after inspecting its Newark, California lab, reporting that the facility caused “immediate jeopardy to patient health and safety.” Walgreens announced a suspension of Theranos blood tests from the Newark lab.

Corporate Culture

The Theranos case demonstrates what can happen when corporate governance barely exists and there are no independent directors or an audit committee to provide checks and balances on top management. It also illustrates the lengths that a company might go to deceive business partners, patients, and doctors who rely on their blood-testing equipment to produce cheaper and quicker results.

Holmes told John Carreyrou in the interview that she did not start out to perpetrate a con, she just had a vision and lost sight of right and wrong as she pursued a goal to become a billionaire. In other words, she had ethical blind spots because she was immersed in pursuing her own self-interest to the detriment of doctors, business partners, and patients.

Holmes did not tell the board of directors about the problems with the testing equipment and the challenges faced by the company in financing its continued operations. She sought out board members that had accomplished resumes but that did not mean they were experts in matters faced by Theranos or that they would challenge Holmes’s decisions. They did not understand the intricacies of blood testing. They did not know enough to question her decisions. In that regard, they were not independent of Holmes and reluctant to ask probing questions once it became known the company was in trouble.

Fraudulent Reporting of Operating Results

According to the federal indictment, Holmes and Balwani defrauded doctors and patients by:

  • Making false claims concerning Theranos’s ability to provide fast, reliable, and cheap blood tests;
  • Omitting information concerning the limits of and problems with Theranos’s technologies, including that.Theranos was not capable of consistently producing accurate and reliable results for certain blood tests;
  • Making numerous misrepresentations to potential investors about Theranos’s financial condition and its future prospects, including that its patients’ blood was being tested using Thermos-manufactured analyzers; when, in truth, they knew that the company had purchased and used third party, commercially available analyzers;
  • Representing to investors that Theranos would generate over $100 million in revenues and break even in 2014 and that the company was expected to generate approximately $1 billion in revenues in 2015; when, in truth, Theranos would generate only negligible or modest revenues in 2014 and 2015; and
  • Using a combination of direct communications, marketing materials, statements to the media, financial statements, models, and other information to defraud potential investors about the company’s revolutionary and proprietary analyzer, Edison

Financial Reporting and Audit Problems

The operating deficiencies described above and false reporting to partners masked the fact that Theranos was bleeding cash. In December 2017, Holmes was forced to mortgage all Theranos’s assets to Fortress Investment Group in return for a desperately needed $100 million loan. The terms of the loan agreement included the requirement to finally produce audited financial statements, something that had not been attempted since at least 2009, according to Philippe Poux, Theranos’s last chief financial officer.

Poux stepped up the process of preparing financial statements for the calendar year 2017 that could eventually be audited. The goal of the 2017 audit was to get a clean opinion on Theranos’s financials—that is, the auditors’ “reasonable assurance” that the numbers did not include a material misstatement due to error or fraud.

Theranos closed a deal in December 2017 to borrow $100 million from Fortress Investment Group and it became Theranos’s most important creditor. The deal gave Fortress a lien on all Theranos’s assets, including its portfolio of patents.

One additional covenant was a requirement to get an independent auditor’s opinion on its 2017 financial statements by June 2018. Fortress released $65 million when the deal closed, with the rest contingent on achieving certain milestones, as well as the audit. In an interview with MarketWatch, Poux said that: “We would have been in default of the Fortress agreement if a clean opinion was not delivered by that date.”

The external auditors began work on the audit in April 2018. To avoid the auditor’s “going concern” warning, Theranos needed to prove it would have enough cash to support itself for 12 months from the date of the audit report, which was expected to be in June 2018. The problem was the auditors discovered that Theranos did not have sufficient cash to survive long enough to secure regulatory approval for its blood testing product. An audit report was never issued.

Summing it Up

The story of Theranos is a cautionary tale where one lie leads to another and before you know it the story snowballs out of control, coverups ensue, and the company slides down the “ethical slippery slope.” The culture of the company was such that it hid important information from the public, pharmacies, medical professionals, government, and its own board of directors.  

The case of Theranos, at one time a high-flyer in Silicon Valley, portrays a company run by an ambitious person who thought she could get away with just about anything. Absent the checks and balances needed for strong operating controls, and Holmes was able to do just that until Erika Cheung came forward and John Carreyrou did his expose on the rise and fall of the company.

In the end, Theranos is a story of a hard-charging CEO who was motivated by greed and hubris.

In case you missed it, the television program, American Greed, did an expose on the rise and fall of Elizabeth Holmes and the role of Erika Cheung as a whistleblower. 

*Parts of the blog are taken from Dr. Mintz's Accounting Ethics textbook, Ethical Obligations and Decision Making in Accounting: Text and Cases, 6th edition.

Blog posted by Dr. Steven Mintz, The Ethics Sage, on January 18, 2022. You can sign up for his newsletter and learn more about his activities at: https://www.stevenmintzethics.com/. Follow him on Facebook at: https://www.facebook.com/StevenMintzEthics and on Twitter at: https://twitter.com/ethicssage.

Sunday, November 21, 2021

APIRA 2022 Interdisciplinary Accounting Research Webinars

Continuing on from 2021, AAAJ’s 2022 APIRA thought leadership webinars will offer major interdisciplinary accounting research presentations and panel forums. They will be 90 minute webinars on three occasions through 2022. Each live session will also be recorded and available to registrants on the APIRA webpage.

 
February 16th 2022
Accounting in a Covid-World
Presenters and Panel:
Assoc Prof Giulia Leoni (Italy)
Prof Kathryn Haynes (UK)
Prof Laurence Ferry (UK)
 
June 8th 2022
The Accountability Research Agenda
Presenters and Panel:         
Prof Enrico Bracci (Italy)
Prof Warren Maroun (South Africa)
Prof Elena Giovannoni UK)

October 12th, 2022
Accounting, auditing, and digital transformation: Implications and critical issues
Presenters and Panel:         
Prof Indrit Troshani (Australia)
Prof Giuseppe Grossi (Norway)
Prof Jodie Moll (Australia)

Please spread the word to colleagues and doctoral students.

You can register now for the first APIRA 2021 event Feb 16, on the APIRA webpage: https://apira.onlive.events/

Friday, July 23, 2021

UK Audit Reform Proposals: Full of Sound and Fury but Likely to Amount to Nothing

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Francine McKenna, independent journalist at The Dig, a newsletter, an educator and a researcher. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

This piece was originally posted in March 2021 by Francine McKenna in her newsletter, The Dig. The post has proved prescient. The former head of the UK accounting regulator, Paul Boyle, told the FT on June 14 that the government’s plan to shake up the audit market was likely to fail and that industry lobbying had deflected attention from the dominance of the Big Four accounting firms. He believes the proposal would increase costs for companies without fully tackling the lack of competition faced by the Big Four — Deloitte, EY, KPMG and PwC, which audit the entire FTSE 100.

The UK audit firms themselves warned the following week that the plan to significantly increase the number of companies subject to the proposed stringent governance standards risks straining audit firms and their new regulator to breaking point.

Even Sir Jon Thompson, chief executive of the prior UK regulator the Financial Reporting Council, told the Financial Times in May he agreed with criticism of the regulator. Asked whether the FRC was “asleep at the wheel” during corporate failures, he told the FT’s Board Director series: “The answer is yes. Let’s be straight forward about it.” The proposed new regulator to replace the FRC, was not expected to be in place until at least 2023.

Let's all say again that auditors are supposed to be performing their public duty and finding fraud, shall we?

One after another the ongoing revelations of corporate fraud and bankruptcy in the UK remind us that audits — the last defense against failed financial reporting for investors and the markets — are still not preventing, detecting, or warning anyone about it. 

Enron’s bankruptcy, and its auditor Arthur Andersen’s collapse, happened twenty years ago. The financial crisis rocked the foundations of global financial stability a decade ago. Reforms intended to reassure investors and markets that company accounts can be trusted have instead fallen far short. Allegations of accounting muck-ups at UK companies such as Autonomy, Carillion, Thomas Cook, and Patisserie Valerie, to name just a few, prove politicians made empty promises.

The Right Honorable Kwasi Kwarteng, MP, the UK’s new business secretary, has now introduced a jumble of reforms after the latest corporate calamities and the failure of auditors to catch them, or even convincingly own up to a public duty to do so. The Beis proposals are pitched as a UK version of the US Sarbanes-Oxley Law, passed in 2002 in response to Enron’s failure and Arthur Andersen’s collapse.

The UK may be growling up the wrong tree. SOx reforms have always delivered more bark than bite.

It would be a huge mistake for the UK to model its reforms — ones that have so much momentum and urgent need — after US auditor reform that’s failed so miserably. UK investors deserve more.

I wrote in 2012, ten years after Sarbanes-Oxley was passed, that the law and feeble enforcement of it had failed to restore investor confidence in audit firms after Arthur Andersen’s failure to mitigate fraud at Enron. Nearly twenty years on my verdict is even more harsh. The Sarbanes-Oxley law has turned out to be a negotiated mélange of rules that have been barely enforced and gradually watered-down to within an inch of their original intent, all to reduce costs for corporations and increase new share listings.

Is the latest UK reform package truly radical or just more of the same incremental reforms, full of sound and fury yet signifying no meaningful change once again?

Incremental reform is not enough, Atul Shah, an accounting and finance professor at City University of London, told me.

I am afraid it is more of the same and the reforms will be as ineffective as all the rest. That’s because the largest global audit firms have fully captured the government and regulatory apparatus via the revolving door and have a shared objective to prop up the stock market and businesses no matter the cost to workers and small investors. After the 2008 crash, hardly any auditor was fined or went to jail over their failure to warn society.

After that, it got worse. The common factor is the cultural problem, Shah told Bloomberg in an interview this past June. When he spoke to me, Shah said the cultural problem in accounting and finance is being ignored by most universities and the firms when training new professionals. He believes there are vast cracks in the curriculums that ensure that the systemic problems continue to prevail.

Prem Sikka, an Emeritus Professor of Accounting at University of Essex, agrees. Sikka, in Left Foot Forward in September of 2020, wrote, "The audits of large companies need to be performed by a statutory body.” Lord Sikka, who was nominated for a life peerage in the 2020 Political Honours and raises his voice for the Labour Party in the House of Lords, has been a years-long critic of the audit industry status quo. He wrote:

Auditing firms have a choice. They can deliver honest, robust and socially useful audits or vacate the audit market and make way for a new institutional framework.

However, Sikka told me via email that he suspects the government would not like the idea of an independent body appointing and remunerating auditors because big corporations would oppose it.

Reform history

The last time the UK pressured global audit firms to reform was in 2010 when the House of Lords conducted an inquiry into the Big Four audit firms’ role in the global financial crisis. Auditors had failed in their public duty to remain independent, place public interest above commercial interests, and undertake their duties competently, objectively and prudently, Sikka wrote in a 2009 article.

UK regulators went through the motions in 2010, and their issues were even taken up in the European Union. Michel Barnier, a French politician acting as European Commissioner for Internal Market and Services under President José Manuel Barroso from 2010 to 2014, voiced overall displeasure with the audit firms and threatened new laws and regulations that would upend the industry’s structure.

“The status quo is not an option,” Barnier said in October 2010.

 Michel Barnier, however, did eventually accept the status quo. Barnier recently served as the European Commission's Head of Task Force for Relations with the United Kingdom during the Brexit negotiations. He’ll retire from the European Commission this month but stayed in the game long enough to see the audit industry status quo publicly pummeled again.

After the financial crisis, the Financial Times and the Guardian were full of stories about the auditors and what they did, and did not do, to warn of the crisis or mitigate the impact to investors. UK politicians made much more noise over the auditors’ role than US politicians did. In November of 2010 UK audit firm leadership appeared before the House of Lords Economic Affairs Committee and admitted they did not issue “going concern” warnings for any of the large UK banks that were eventually nationalized. That’s because they were assured during private, confidential meetings in December 2008 and January 2009 with Lord Myners, and others that the government would bail out the banks if needed.

The Financial Reporting Council’s Sharman inquiry, prompted by the incredible revelations, let them all off the hook in June of 2012. Bank auditors are not obliged to express doubts about their client’s short-term survival if it is receiving adequate liquidity support, including from the state, and are able to meet its long-term liabilities, the FRC said.

The latest proposals

On March 18, Kwarteng and Beis published “ambitious plans to strengthen the UK’s audit and corporate governance framework and empower shareholders” that have been much discussed and long delayed, most recently by the COVID pandemic. The proposals entertain most of the recommendations of three independent reviews of the UK audit industry completed in recent years.

Sir Donald Brydon, the former chairman of the London Stock Exchange, delivered a 135-page report in December 2019 that recommended significant structural changes to how auditors work and how their firms are structured and regulated including proposing a new definition of the purpose of a company audit. He also emphasized why auditors should be expected to act as “bloodhounds” that detect corporate fraud. (The collapse of Grant Thornton-audited Patisserie Valerie in January 2019 brought a new example of an auditor insisting it was not obligated to look for fraud.)

A Competition and Markets Authority report in 2019 recommended that UK-listed companies should be required to use two firms — preferably one a non-Big 4 firm — to do a “joint audit” of accounts. The year before John Kingman produced a highly critical report focusing on the regulation of the audit industry.

Lord Sikka believes the reform white paper’s foundation, all of the recent studies, is deficient. The Kingman Review only applies to one of five audit regulators and does not explain how to avoid capture, Sikka said. The CMA report does not tackle questions like auditor liability (an important pressure point) or inviting new suppliers of audit services and the Brydon Review does not look at the actual audit process, per Sikka.

The Financial Times Editorial Board has characterized the proposals as an equivalent to the US Sarbanes-Oxley regime, albeit one the UK must introduce carefully, “without piling unfair costs and burdens on to companies struggling to recover from the pandemic.”

The Beis white paper is a 232-page set of proposals and goes out for public consultation and comment until July. Given the number of recommendations and length of the report, the Beis plan is expected to generate plenty of mail.  That is only a first step and there is no guarantee any of the proposals will eventually be mandated.

Kwarteng writes in the introduction:

The Government understands the serious challenges that businesses are facing because of the pandemic and we will not add to those: reforms will be introduced over an appropriate timetable. However, I am committed to our stated aim of reforming the corporate governance and audit regime and we intend to bring forward these reforms later in the Parliament, once we have taken account of your responses.

Separating audit and consulting, in body or at least in spirit via service prohibitions, is a perennial reform recommendation whenever conflicts rear their ugly head. The UK’s Financial Reporting Council already issued a 22-point plan last July for a “ringfence” requirement — the operational separation of the audit side of the largest global firms from the rest of their business. Firms were required to outline how they would make the changes by late last year, and the plan must be implemented in full by June 30, 2024 at the latest.

When the ring fencing requirements were announced, Deloitte said it would work with the FRC to develop its plans, but was concerned about losing momentum with other reforms mentioned in the three reviews.

Deloitte UK has come around. The firm announced in September that its UK audit operations would have a standalone board beginning in 2021. Public relations firm Teneo is announced this week it would purchase the Deloitte UK restructuring arm which reportedly has 250 people including 27 partners.

PwC was less committal but agreed to “continue to engage with the watchdog on the complexity and detail of the principles.” EY said it would work with the FRC, but warned the proposals alone “would not deliver all the changes needed.” The firm said in December that its plans had been submitted to the regulator.

KPMG has said it supports the ring fence plan as a “first step to restoring trust in companies.” Previously, in 2019, KPMG Chairman Bill Michael had warned that "an extreme form of ring-fencing would have significant unintended consequences, especially with regard to audit quality.” Next tier firm Grant Thornton followed the leaders and said the move would fail to boost competition. 

KPMG UK agreed to a £400m deal with private equity firm HIG Capital for its UK restructuring unit. The firm is arguably in no position to complain about regulatory scrutiny. KPMG has been criticized recently — and been heavily fined — for the poor quality of its audits, in particular related to construction company Carillion. In 2020, the firm saw profits drop 6% before tax and partner payouts. Partner payouts were down 11% from 2019. 

KPMG is also the firm where an audit practice ring fence will have the least impact on its results. KPMG’s audit practice generates a higher percentage of total revenue, nearly 29% in fiscal year 2020 than the other Big 4 firms, EY (21.2%), PwC (22.9%) and consulting behemoth Deloitte which only derives 14.8% of its revenue in the UK form audit services.

Conflicts, however, will continue to turn up. The sell-off of restructuring arms, in particular may help firms like KPMG UK avoid the conflict between its work to wind-up companies like Patisserie Valerie and its audit work but won’t prevent the kind of conflict of interest to be replaced on the job. The Patisserie Valerie auditor Grant Thornton is also KPMG’s audit firm. The forced split up of Big Four audit practices from their consulting units may provide an opening for the firms to continue expansion into legal services. 

The US experience

The U.S. Securities and Exchange Commission attempted to “modernize” auditor independence rules — the ones that govern potential conflicts when an auditor  performs tax and consulting services —  in 2000, even before Enron filed bankruptcy. Audit firms were doing more consulting than auditing at audit clients and the concern was the work, and the fees, distracted them from their core purpose: auditing.

That time the Big 4 didn’t wait for regulators to force them to ringfence audit to protect its integrity from the influence of  consulting fees. The Big 4 were so concerned about the growing regulatory and public criticism that two of the four firms sold their consulting practices in 2000 and 2001. The Sarbanes-Oxley Act was passed in July 2002 and PricewaterhouseCoopers Consulting was sold to IBM in October 2002. Deloitte Consulting never separated from Deloitte & Touche, and went on an acquisition spree.  

Arthur Andersen’s perceived unhealthy emphasis on its lucrative consulting work at Enron instead of its audit was the catalyst for critics to succeed in getting nine prohibitions against consulting services to audit clients into the Sarbanes-Oxley law. The service restrictions prohibit audit firms from providing non-audit services such as internal audit outsourcing services, financial information systems design and implementation, and bookkeeping to an audit client including company affiliates.

However, between 2002 and 2012, the SEC and PCAOB made only a handful of enforcement actions against the firms for auditor independence violations and they were minor. This laissez-faire attitude encouraged the Big 4 firms to rebuild and then expand their consulting arms as soon as non-compete agreements with the original buyers of the businesses expired. The easiest prohibition to police – the one that restricts performing software design, development and implementation consulting for an audit client when it would impact the ability to audit accounting and financial reporting - is the one most recently sanctioned by the SEC, against PwC and a partner. In this case, one partner violated this prohibition in 15 clients for 19 engagements over five years, 2015-2019.  

Can the UK succeed where the US has not?

Professor Shah is pessimistic and wrote in a 2019 OpEd, “We have already lived through the costly experience of the failure of “Chinese walls” in banking. Why should we still believe they can and will work here?” 

Kingman’s recommendation for a new regulator called the Audit, Reporting and Governance Authority is also already in process. Following the FRC Review, the FRC, under new leadership, “has taken significant steps to strengthen its capabilities. However, legislation is needed in many areas to complete the task of remodelling the regulator and to establish the FRC’s successor body, the Audit, Reporting and Governance Authority (ARGA),” according to the Beis white paper. 

So, full reform will, again, wait for Parliament.

The UK reform proposals borrow from recommendations made by the Competition and Markets Authority but go around its recommendation to mandate joint audits in the FTSE 350. From the white paper:

It is not healthy for audit quality that the UK audit market is so concentrated, with 97% of FTSE 350 audits undertaken by just four audit firms. This concentration is not helped by the fact that those firms also compete to provide a wide range of other business services to the largest companies.

The reform proposals greater regulatory powers and duties intended to increase choice and competition in the FTSE 350 audit market, initially through a managed shared audit regime, not joint audits, and, later if needed, a managed market share cap.

The operational separation between the audit and non-audit arms of certain firms is intended to lead to separate governance, financial statements prepared on an arm’s length basis, and regulatory oversight of audit partner remuneration and audit practice governance.

Jane Fuller, a fellow of CFA Society of the UK and co-director of the Centre for the Study of Financial Innovation advocates separating audit from consultancy but admits implementing the ring-fence will be challenging. Fuller wrote in her CFSI blog in October:

The devil in the implementation detail lies in the second objective: ‘Improve audit market resilience by ensuring that no material, structural cross-subsidy persists between the audit practice and the rest of the firm. The seriousness of this issue has led a few of my contacts (outside the audit profession) to question whether the ‘standalone’ audit practices will be viable.

 

Legislation would also provide statutory powers for the regulator to “proactively monitor the resilience of the audit market and audit firms, including powers to require audit firms to address any viability concerns that are identified.” This is a big missing piece of US audit firm regulate on since the SEC primarily regulates audits and auditors as their activities impact public company issuers. The Public Company Accounting Oversight Board monitors the process of auditing and the firms and professionals’ adherence to auditing standards.

No one publicly acknowledges a legal obligation to monitor the financial viability of audit firms, despite widely expressed fears of catastrophic private litigation against one of the remaining Big 4 firms and a generally accepted aversion by regulations to put another firm pout of business through regulatory fines or sanctions, resulting in an implied “too few to fail” policy when faced with necessary enforcement actions against any of the Big 4.

The US government hasn’t officially scrutinized the level of concentration in the market for public company audits since 2008. The US General Accounting Office admitted “there was no general consensus for various proposals put forth for addressing concentration.”

In their 2015 paper, “Competition in the Audit Market: Policy Implications,” Joseph Gerakos of Dartmouth’s Tuck School of Business and Chad Syverson of the University of Chicago Booth School of Business explored the possibility of further audit concentration as a result of the unexpected exit of a Big Four audit firm. This impact could be mitigated by new entry into the public company audit market by next tier firms like Grant Thornton.

Spreading the work of auditing listed companies around outside the Big 4 would potentially keep fee increases in check and, maybe, also prevent the Big 4 from operating with impunity. However, next tier audit firms have not been able to successfully dilute Big 4 market power in the developed economies. When Arthur Andersen collapsed completely, for example, Grant Thornton, RSM, and BDO did not step-up to fill the void anywhere.  

In 2018 Grant Thornton UK announced that it would no longer even pitch for audit work with FTSE 350 clients. Perhaps that’s for the best given Grant Thornton’s failed audit of Patisserie Valerie and payment of a £3 million fine for “misconduct” relating to its audits of Nichols and the University of Salford.

In its November 2020 report, the UK FRC said that introduction of mandatory audit tendering and rotation in 2016 had not made much of an impact on industry concentration.

The Big Four firms continue to dominate the FTSE 350 audit market, particularly for the largest companies by market capitalisation. The failure of any one of these firms would threaten the stability of the overall audit market. 

UK firm revenues represent between 6-9% of global firm revenues but that understates the importance of the UK to each firm’s global network as a key spoke in its global seamless service delivery model for multinationals, wherever they are listed.

The UK member firm in each of the Big 4 global networks signs the audit opinion for a handful of key multinationals, some resident in the UK or other parts of Europe, that are listed on the New York Stock Exchange or Nasdaq. For example, Deloitte UK signs the opinion for Glaxo Smith Kline PLC and BP PLC. KPMG UK signs the audit opinion for BT Group, BHP Group, and Barclays and PwC audits Rio Tinto, Pearson PLC, and Santander. EY UK signs for Royal Dutch Shell and the Royal Bank of Scotland.

PwC’s rank as the largest UK firm by total revenues and audit services revenue is likely directly related to its significant activity as a participating audit firm in 81 US listed companies. That highlights how critical the UK Big 4 firms are as member firms of their respective global networks who audit the UK operations for US and other European exchange-listed clients.

As a result of the fraud and failure of German payments processor Wirecard, this has meant investors and regulators, as well as plaintiffs’ attorneys, are keenly interested in what role EY UK and EY US played in the EY Germany audit of Wirecard. Wirecard had a subsidiary in England and one in Dublin, Ireland. Its 2019 annual report said that the subsidiary in England was audited by an EY network firm and its Dublin sub by a third-party firm.

The FCA forced Wirecard’s U.K. subsidiary, Wirecard Card Solutions, to halt operations when its parent company filed for insolvency in Germany in June 2020. The Newcastle-based fintech Railsbank agreed to buy the U.K. subsidiary of Wirecard. Wirecard’s North America unit, which it bought from Citigroup in 2016, was sold by the bankruptcy administrator to a company backed by buyout specialist Centerbridge Partners LP.

The failure to detect fraud

The Beis proposal also, in line with the Brydon Review’s recommendation, proposes to legislate to require directors of public companies, or what are called “Public Interest Entities” in the UK, to report on the steps they have taken to prevent and detect material fraud.

The Brydon Review also identified “both confusion and a gap between the reality and the expectations of performance of auditors [regarding detecting material fraud].” To dispel such confusion, it recommended that the regulator amend the auditing standard on fraud “to make clear that it is the obligation of an auditor to endeavour to detect material fraud in all reasonable ways.”

The proposal says the UK intends “to legislate to require auditors of Public Interest Entities, as part of their statutory audit, to report on the work they performed to conclude whether the proposed directors’ statement regarding actions taken to prevent and detect material fraud is factually accurate.”

It’s one of the biggest myths that the global audit industry perpetuates: The audit is not designed to detect fraud.

Auditors used to acknowledge their responsibility to detect fraud. In March 2007, PwC’s former US Chairman Dennis Nally was interviewed by the WSJ:

WSJ: Is it an auditor’s job to try and find fraud?

Nally: Absolutely. We have a responsibility to perform procedures that are detecting fraud just like we have responsibilities to perform procedures to detect errors in financial statements.

WSJ: You seem pretty certain, but the firms as a whole often eschew some responsibility for finding fraud, especially in court.

Nally: The audit profession has always had a responsibility for the detection of fraud. The debate has always gone toward how far do you carry that, what type of procedures do you have to develop and in what environment. The classic issue becomes the cost benefit of all of that and this is why I think there is this expectation gap.

By 2011, Nally had changed his tune. Helen Thomas of the Financial Times asked PwC Global Chairman Nally, “What about fraud or disingenuous bookkeeping? Surely auditors should rightly find themselves in the line of fire when a case slips through on their watch?”

The FT’s Thomas writes that Nally “crossed his arms across his monogrammed shirt, for the first time looking a touch defensive.”

There are professional standards out there [and] an audit is not designed under those standards to detect fraud,” [Nally] says, pointing out that detecting fraudulent behaviour rests on other indications including a company’s governance, management tone and control systems. The reasons it has been done that way is because, while we always hear and read about the high-profile fraud, the number of those situations that you actually encounter in practice is very de minimis.

You’re not designing an audit for ‘the exception’ because, quite frankly, the cost itself would be prohibitive to all of the capital markets and . . . who wants to pay for that if the benefit isn’t there?”

What happened to change his mind? Satyam happened.

Nally, and his boss, former PwC Global Chairman Sam DiPiazza, were caught flat-footed on the Satyam fraud in India in December 2008. DiPiazza told the Times of India:

What we understand is that this was a massive fraud conducted by the (then) management, and we are as much a victim as anyone. Our partners were clearly misled.

Faced with allegations that PwC India partners were in on the Satyam fraud, now Global Chairman Nally gave a rambling, incoherent interview to Business Today in India in July 2009 – more than six months after the fraud was uncovered by the Satyam CEO not PwC — and reversed his WSJ comments from 2007:

Many times there is an expectation from the investor community that the auditor is in fact fully responsible for the detection of fraud. Now that is not our job, today.

Judge Barbara Jacobs Rothstein of the United States District Court for the Middle District of Alabama, in her decision in the case Federal Deposit Insurance Corporation v. PricewaterhouseCoopers LLP et al, No. 2:2012cv00957, found on December 28, 2017 that PwC had breached its professional duty to exercise reasonable care in performing its audits by failing to plan and perform its audits to detect fraud and failing to obtain sufficient audit evidence that would have led to discovery of the Colonial Bank-TBW fraud.

On July 2, 2018, Judge Rothstein wrote that the FDIC was "entitled to recover all reasonably foreseeable losses Colonial incurred from its ongoing fraudulent relationship with TBW," and “[t]here can be no real dispute (indeed PwC does not raise one) that it was foreseeable that because PwC failed to detect the fraud, Colonial would continue to fund TBW-originated mortgages, both legitimate and fake.” 

Judge Rothstein ordered PwC, the former auditor for now-defunct Colonial Bank, to pay the Federal Deposit Insurance Corp. $625 million in damages arising out of PwC's failure to detect the  "massive fraud" perpetrated by employees of Colonial Bank and Taylor, Bean & Whitaker Mortgage Corporation from 2002-2009, which ultimately led to Colonial Bank's failure.”

It was the largest ever damages award for auditor liability. The two sides eventually settled for $335 million.

Judge Rothstein’s decision in FDIC v. PwC,  should be the last word on whether the auditor has an obligation under law to design the audit to detect fraud and illegal acts at their audit clients.

In November 2013 the PCAOB published a very useful, and at the time very brave Appendix  to a discussion document distributed at a PCAOB Standing Advisory Group meeting. The agenda item for the meeting was, “Consideration of Outreach and Research Regarding the Auditor’s Approach to Detecting Fraud”.

The appendix provides a detailed overview of auditors’ obligations under existing PCAOB standards to design and perform the audit to detect fraud. The document covers the entire audit lifecycle from engagement acceptance and continuance to reasons to resign an audit. 

The Beis director proposals

The Financial Times Editorial Board believes the real “steps forward” in the BEIS proposals are not the audit firm reforms but changes to corporate governance rules.

At the least, directors would be required to sign off personally on the effectiveness of companies’ internal controls and risk management. That stops short of the US approach, where top executives must certify the accuracy of accounts. But making directors sign off on management, compliance and internal audit controls is a significant step — especially backed by the threat of fines, suspensions, or clawing back bonuses if sizeable errors or fraud are later found. It could also potentially make it easier to bring legal charges against them.

Strictly speaking, making directors sign off on internal controls would be quite a few steps above and beyond the US Sarbanes-Oxley requirement for the CEO and CFO to sign off on internal controls and disclosure controls. The FT’s mandarins, however, do not approve of the most severe controls proposed for company directors.

More stringent options proposed in the paper would require auditors to report on their views of how effective internal controls are, or — closest to the US system — give a formal opinion on directors’ assessment of controls. Jumping straight to the strictest option risks imposing unreasonable costs on post-Covid business.

Fuller told me in an interview she is hopeful that the proposed reforms to hold company directors personally responsible will act as a check and balance on executives and auditors.

That’s where the US SOx experience may be instructive.

The Sarbanes-Oxley Act of 2002 mandates that audit committees would be directly responsible for the oversight of the engagement of the company's independent auditor. SOX Section 302 requires that the principal executive and financial officers of a company, typically the CEO and CFO, personally attest that financial information is accurate and reliable. Besides lawsuits and negative publicity, a CEO or CFO who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and/or ten years in prison, even if done mistakenly. Intentional certification of a false report risks even more severe criminal penalties. 

However, there have been very few enforcement actions for violation these SOX provisions and none for some of the highest profile potential cases from the financial crisis. Other than the high-profile prosecution of Health South’s Richard Scrushy for Section 906 violations — he was eventually acquitted — the US Department of Justice did not pursue a single prosecution under these statutes as a result of the financial crisis.

The BEIS proposals have been greatly delayed, including for another month after the FT reported they were imminent. Perhaps the Big 4 audit firms and business weighed in, again, to create more ambiguity and wiggle room for Parliament later.

Media reporting of “pressure on the Big 4 firms” to renounce the commercialism of the status quo and redirect their hearts and minds to serving the public as professionals has often been just be a clever public relations strategy orchestrated by the firms themselves. It allows government and legislators to entertain the mistaken impression they’re actually “regulating.” Auditors then fend off the worst proposals with the same old arguments, for a while longer, under the guise of compromise.

Follow Francine @ReTheAuditors on Twitter
The Dig is my newsletter 
https://thedig.substack.com/
re: The Auditors 
http://retheauditors.com

Sunday, June 27, 2021

Is the PCAOB Obsolete?

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Steve Mintz, Professor Emeritus, Cal Poly, San Luis Obispo. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

Is the PCAOB Obsolete?

The SEC removed William Duhnke as chairman of the Public Company Accounting Oversight Board, the U.S. audit watchdog, on June 4, 2021. This raises serious questions about the relevance of the PCAOB today and whether it has been operating as intended. In other words, is it protecting the public interest against deficient audits? The SEC removed Duhnke and took steps to replace its entire board, as the SEC’s new leader, Garry Gensler, begins to shape the regulator.

 

A recently issued report slammed the PCAOB as being too lenient with the Big Four accounting firms over audit deficiencies, resulting in only $6.5 million in fines during its tenure, according to a new report.  

 

The Project on Government Oversight (POGO), an independent watchdog, said its analysis of PCAOB annual inspection reports showed the board has in key respects been doing “a feeble job” policing the Big Four.

 

“It has taken disciplinary action over only a tiny fraction of the apparent violations its staff has identified,” the report said. “Meanwhile, the financial penalties it has imposed pale into insignificance compared to the fines it apparently could have imposed.”

 

In the 808 cases in which the Big Four performed audits that were so defective that the audit firms should not have vouched for a company’s financial statements, internal controls, or both, only 18 resulted in PCAOB enforcement actions, POGO found.

 

PCAOB, moreover, could have fined the audit firms more than $1.6 billion but has fined them a total of just $6.5 million, while penalties against individuals at Big Four firms totaled $410,000 — “less money than one partner at a big accounting firm can make in one year.”

 

According to Reuters, the POGO report “could increase pressure on the [PCAOB], which in recent years has been criticized for being too close to the industry it oversees and slow to ensure the industry performed its job.”

 

“It’s unacceptable that the agency is taking such a light-handed approach in holding these large audit firms accountable,” POGO’s executive director, Danielle Brian, said in a news release, adding, “By failing to hold the Big Four accountable, the board is putting all Americans’ financial futures in jeopardy.”

 

The report recommends reforms including requiring the PCAOB to clearly identify companies referenced in inspection reports and the individual auditors responsible for alleged audit deficiencies.

 

Holding individuals responsible for alleged audit deficiencies is risky business. After all, quite a few auditors review the financial statements, accounting and reporting, and audit report before they are issued. The firms should be held responsible because it’s their job to make sure deficiencies do not exist in audits.

 

The criticism of the PCAOB boils down to the fact that it does not appear to be making a discernible difference in moving audit firms to reduce audit deficiencies. But the real reason may be the scandal that erupted on January 22, 2018, when a former PCAOB staffer, Brian Sweet, who was hired by KPMG in 2015, leaked confidential information about PCAOB's plans to audit the company. Most of the leaked information concerned which audit engagements the PCAOB planned to inspect, the criteria it was using to select engagements for inspection, and on what these inspections would focus.

 

The motivation for KPMG in hiring Sweet was the high audit deficiency rate at KPMG when compared to the other Big Four firms. The average audit deficiency rate has ranged between 30-to-40 percent since the program started. The rate for Big-4 firms has gotten as low as 21 percent (Deloitte) and gone as high as 54 percent (KPMG). In the case of KPMG, it was determined that the firm too often failed to gather enough supporting evidence before signing off on a company's financial statements and internal controls.

 

It is time for Congress to investigate the accounting profession for a lack of independence and high rate of audit deficiencies. These are the two most prominent failures of the PCAOB during its twenty-year tenure. Independence violations are up and the audit deficiency rate, while declining recently, is still too high. In my view, the public is not being protected and we may be just one scandal away from having another meltdown of corporate financial reporting like we saw in 2008-2009.