Source: “Corporations and Economic Crime: The Auditors”, Open Secrets, June 2020
The future of the audit industry hangs in the balance, as a raft of indiscretions and, in some cases, flagrantly criminal activity, has tarnished an industry critical to SA’S investment reputation.
This week, advocacy group Open Secrets publishes a searing report into the practices of “the big four” — KPMG, Deloitte, EY and PWC — dismantling the notion that the auditors have been unfairly criticised for their failures, and setting out just how it believes the profession must be reformed.
In SA, these failures include:
● Steinhoff, audited by Deloitte, which failed to detect a R106bn fraud over more than a decade. Says Open Secrets: “It is hard to accept that an alert external auditor, using the proper standard of professional scepticism and common sense, and with insight into all of Steinhoff’s accounts, should not have raised red flags earlier.”
● VBS Mutual Bank, audited by KPMG, where more than R2bn was stolen in a crude scheme. KPMG’S lead auditor on the VBS account, Sipho Malaba, was arrested last week. He is said to have received R33.9m to hide the hole in VBS’S accounts — money he allegedly used to buy Land
Rovers, properties and pay off debt.
● SAA, where PWC failed to pick up misstatements over a number of years.
● The firm, and partner Nkonki, were paid R19m for this, but were only fined R200,000 by the regulator.
● Tongaat Hulett, where Deloitte missed that the sugar company’s assets, including sugar cane, were overstated by more than R10bn.
● Numerous state entities, including Eskom, where Deloitte earned R207m based on an irregular contract, and the SA Revenue Service, where KPMG produced an erroneous “rogue unit report” that was used to fire 50 senior officials.
Looking further afield, PWC acted as auditor and consultant for Sonangol, the Angolan government-owned oil company “which was used by Isabel dos Santos to secrete away billions from the Angolan fiscus through a network of 400 shell companies”.
The real crisis, says Open Secrets, is accountability.
“Where large consultancies and audit firms are implicated in wrongdoing at stateowned enterprises, directors and partners quietly exit their firms and some or all of the illegitimate fees are paid back, but there is no hard accountability for those responsible,” the report says.
One reason for this, it argues, is that the “big four” form a “quasi-cartel” that has made governments fearful of demanding real accountability, lest one of them fail.
As it is, these four audit firms service 497 of the largest 500 companies on the New York Stock Exchange, while in SA, 96% of all the companies listed on the JSE are audited by one of the big four.
But the tentacles go deeper. A quarter of the JSE’S top 40 largest companies have “appointed individuals who were previously employed by their external auditors as chairperson of their audit committees”.
And, when one auditor fails to detect fraud, “it is an opportunity to cash in for those selected to clean up afterwards”.
This was the case at Steinhoff and Tongaat, where Deloitte failed to detect fraud, yet PWC was hired as a “forensic investigator” to find out what went wrong.
The irony is that “PWC itself has been implicated in nearly identical failures elsewhere,” says Open Secrets.
PWC was paid €35m (R682m at today’s exchange rate) to wade through the Steinhoff fraud.
And, when auditors are finally held to account, the penalties levied by the Independent Regulatory
Board for Auditors (Irba) are
What it means:
“usually insignificant compared to the profits these firms continuously amass, or even to the amount made from the contract in question”.
Not a new phenomenon
But it’s not just in SA. Calls for reform have also been heard in the UK, where an independent review of the quality and effectiveness of the profession was conducted by Sir Donald Brydon, who published his findings in December last year.
Michael Marchant, who co-authored the Open Secrets report with Mamello Mosiana, tells the FM: “In our ongoing investigation into state capture, the auditors kept on popping up all over the place, so we decided it would be worthwhile to probe them.”
But if the recent collapses suggest a previously highly regarded industry which has suddenly and tragically lost its way, don’t be fooled.
Khaya Sithole, a chartered accountant and academic, says the country’s audit standards were declining long before the recent wave of scandals, predating SA plummeting down the World Economic Forum’s auditing rankings.
“The inspections report by Irba shows the audit quality has been declining over time,” says Sithole. “It’s only in the past two or three years that the visibility has been amplified, as some of the high-profile cases have come to the public’s attention.”
Mosiana says disturbingly there were common elements to many of these accounting scandals. “Understanding the culture and remuneration structures is key, and it appears that keeping a client [and the concomitant revenue stream] was in most cases a bigger motivation [than] acting honestly or truthfully,” she says.
Sithole agrees, saying in the hurly-burly of professional relationships, where divergent opinions exist, the big concern has been that auditors are under extraordinary pressure to hang onto their clients.
“When there is a disagreement on an issue, the auditor has to decide whether this one issue is so contentious it is worth losing the relationship over, and if the auditors concede, that is the point where things start to escalate,” says Sithole.
The recent spate of scandals has, at least, led to soul searching by the industry.
Deloitte CEO Lwazi Bam tells the FM: “We felt as an audit profession we needed to do our own introspection and identify the issues in the profession that have led to the poor outcomes, as well as generate our own responses to reforming the industry.”
This led to the creation of the SA Auditing Profession Trust Initiative, whose committee comprises senior executives from across the industry. It’s been tasked with recommending an appropriate, responsive plan to rebuild trust in the profession.
Any reform of the industry will have to seriously tackle the “expectations gap”.
As Bam explains, this is the gap between what the public expects of auditors, and what they’re actually required to do. It’s an issue explored in depth in the Brydon report.
The crux is this: as the cases of VBS, Steinhoff and Tongaat show, the public expects auditors to be able to flag fraud and corruption; but auditors say they’re not trained to do this.
Says Bam: “There is a consideration of whether an audit scope should be extended to include fraud, and the scope of fraud.
If the ultimate objective is to reduce corporate failure through fraud, then the whole ecosystem needs to be changed along with the scope of the audit and the role of auditors.”
Mark Stewart, who heads audit firm BDO in SA, agrees, but says that maybe it’s the right time to reimagine what the industry should be.
“The auditing standards are specific and I don’t think as an industry we have made any progress in educating consumers about the issue. But perhaps we should start with what the expectations are, and build from there, and this may well change the profession as we know it.”
This would imply a complete rebuilding of the ecosystem: revising international accounting standards, the role of boards, and the role played by regulators.
However, Open Secrets believes that auditors use this “expectation gap” as an excuse for failing to deliver on the legitimate expectation that they’re meant to ensure corporate financial probity.
“Auditing should be understood as a social utility, given that it is a vital check on accounting abuses to protect the public at large. We should therefore reject the argument that public anger at audit failures is misplaced because the public expects more than auditors can deliver,” the researchers write.
Rather than an “expectations gap”, there is an “accountability gap”, they say.
Critics add that it’s not even that auditors aren’t detecting fraud, they aren’t even maintaining a “healthy professional scepticism”, as they are meant to do — which creates an environment in which fraud can thrive.
One intervention meant to restore “professional
scepticism” was the idea of mandatory audit firm rotation, which in SA meant requiring a company to swap audit firms once a decade so their accounts can be scrutinised by a fresh pair of eyes.
A strong point in the case for rotation is Tongaat Hulett. Here, Deloitte has been the sugar company’s auditor for 82 years.
Still, when Irba mandated audit firm rotation back in 2017, it was met with mixed reaction.
But Sithole agrees with the decision. “I think a new set of eyes asks new questions, and a new broom has a better ability to sweep clean. It’s just a fact that there is bias when you have known a client for a long time,” he says.
The rotation also had a developmental objective that would promote access to “next-tier and black-owned firms,” which operate under the top tier of the big four.
By the end of April, Irba says, one-quarter (91) of Jse-listed companies had rotated firms.
Sithole agrees that without intervention, market concentration could never be addressed. “It could be transformational, but there aren’t enough black players of scale at the moment [to compete for the big audits] and, in any event, they could get bought out or merge with another company as happened with SNG Grant Thornton.”
A conflicted business model
Another big issue flagged by Open Secrets is that of the $134bn earned by the big four audit firms globally in 2017, the bulk came not from auditing, but from “consulting”.
This has led to a confused mandate, muddying the picture in the public mind. And this reliance on consulting services has come even as firms’ “ability to provide accurate auditing services is in decline”.
The solution, say many, is to require firms to split into consulting and auditing companies.
It’s an old script though. When US energy giant Enron folded in 2001, destroying
Arthur Andersen, one of the five largest audit/consulting firms in the world, the debate really took off.
Bernard Agulhas, the outgoing CEO of Irba, makes it patently clear where he stands on the issue: the separation of audit from non-audit services would be “a huge step” in improving auditor independence.
“While audits are performed to serve the public and shareholders, consulting services are delivered to satisfy the client. Where the consulting services start to exceed the audit services, audit quality might be neglected in favour of securing consulting fees,” he says.
Non-audit services can range from designing and implementing a new software system, to consulting on ways for a company to win market share in an industry.
The audit companies, understandably, are less than enthusiastic about the proposed separation.
“At the moment we think there are sufficient safeguards in place to prevent conflicts of interest, which are common across the profession,” says Bam.
“There are regulations that approve how much non-audit services are provided to a client and the ultimate approval for this work is given by the audit committee. It is unlikely an audit client would approve a large non-audit-related consulting contract.”
BDO says its business is primarily auditing — and it simply doesn’t do consulting work for companies it audits.
Stewart suggests a third option. Instead of forcing consulting/audit companies to choose what they want to be, which would entail selling one half of the business, rules could be put in place preventing firms from auditing and consulting to the
Source: “Corporations and Economic Crime: The Auditors”, Open Secrets, June 2020 same companies.
“It has to be very clearly defined and legislated. If it is left to the discretion of the firm, it could become messy and it goes back to the public perception — how do we make it clear they are independent and doing what they are supposed to do,” Stewart says.
But if everyone knows what the problems are, there’s little consensus on exactly how to fix them.
In December, Brydon released his report about reform in the UK, which is likely to provide a template for how SA reforms its auditing profession.
Brydon says the industry needs to go back to first principles, and reconsider how an audit is even defined.
His definition is this: “The purpose of an audit is to help establish and maintain deserved confidence in a company, in its directors and in the information for which they have responsibility to report, including the financial statements.”
If you interpret this widely, it could cer
tainly suggest an extension of their role to include detecting fraud, since this is evidently what the public now expects.
Brydon also suggests directors should be required to state, each year, that the financial accounts are fairly presented in all material respects — and there should be personal liability if this proves not to be true.
And he suggests financial accounts include a “resilience statement”, in which auditors would have to give their opinion on risks to that company’s going-concern status, and disclose all information that might contradict their opinion.
When it comes to fraud, he recommends imposing a duty on directors that obliges them to set out what actions they took each year to detect and prevent fraud. And an “auditor fraud panel” would be set up to judge auditors’ culpability in any fraud.
These ideas are likely to find their way into SA’S reforms too, so it would be wise for firms to consider how practical they might be.
Open Secrets argues there is no “single change” that can reform the profession, but rather a series of solutions to disrupt the status quo and ensure better accountability.
The first is to take the leap and definitively split auditing firms from consulting firms; the second is to boost the power of the regulator and require more transparency; and the third is to require the auditor-general to play a far greater role in monitoring the audits of public entities.
It believes “more effective and intrusive state regulation”, along with “rebuilding the capacity of state agencies tasked with investigating and prosecuting financial and economic crimes” would go a long way to fixing the problem.
Irba, it argues, needs to have far more clout in holding auditors to account, but it must also be more transparent with the public. “Vague newsletters and the refusal to name names — a recurring theme in the case studies — undermines the sanction and prevents other actors from making informed decisions,” it says.
Irba itself, however, is currently mired in a leadership crisis (see page 4) after having appointed Jenitha John to replace Agulhas from this month. While John has impressive credentials, she was also the chair of Tongaat’s audit committee when that fraud was committed. Though she isn’t implicated, she did have the duty of oversight.
As Open Secrets points out, she’ll also have the job of heading Irba, which will have to adjudicate whether Deloitte messed up at Tongaat.
Sithole says, as it stands, Irba isn’t properly equipped for the job at hand. “We are still lacking the institution that can do that. The other problem is that reports are not public so it’s hard to tell what Irba provides to the audit companies. So I think Irba can play a much more constructive role” he says.
However, in its report, Open Secrets sounds a warning about the reform process, saying: “If we are going to reform auditing, then there’s one lesson to learn from the financial crisis: don’t trust the auditors to do it.”
At this point, few members of the public would. But auditors should embrace these reforms: it’s the only way for them to rebuild their legitimacy.
Source: “Corporations and Economic Crime: The Auditors”, Open Secrets, June 2020