Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Francine McKenna, independent journalist at The Dig, a newsletter, an educator and a researcher. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.
This piece was
originally posted in March 2021 by Francine McKenna in her newsletter, The Dig. The post has proved prescient.
The former head of the UK accounting regulator, Paul Boyle, told the FT on June 14
that the government’s plan to shake up the audit market was likely to fail and
that industry lobbying had deflected attention from the dominance of the Big
Four accounting firms. He believes the proposal would increase costs for companies
without fully tackling the lack of competition faced by the Big Four —
Deloitte, EY, KPMG and PwC, which audit the entire FTSE 100.
The UK audit firms themselves warned the following week
that the plan to significantly increase the number of companies subject to the
proposed stringent governance standards risks straining audit firms and their
new regulator to breaking point.
Even Sir Jon Thompson, chief
executive of the prior UK regulator the Financial Reporting Council, told the Financial Times
in May he agreed with criticism of the regulator. Asked whether the FRC was
“asleep at the wheel” during corporate failures, he told the FT’s Board
Director series: “The answer is yes. Let’s be straight forward about it.” The
proposed new regulator to replace the FRC, was not expected to be in place
until at least 2023.
Let's all say again that auditors are supposed to
be performing their public duty and finding fraud, shall we?
One after another the ongoing revelations of corporate fraud and
bankruptcy in the UK remind us that audits — the last defense against failed
financial reporting for investors and the markets — are still not preventing,
detecting, or warning anyone about it.
Enron’s bankruptcy, and its auditor Arthur Andersen’s collapse,
happened twenty years ago. The financial crisis rocked the foundations of
global financial stability a decade ago. Reforms intended to reassure investors
and markets that company accounts can be trusted have instead fallen far short.
Allegations of accounting muck-ups at UK companies such as Autonomy, Carillion,
Thomas Cook, and Patisserie Valerie, to name just a few, prove politicians made
empty promises.
The Right Honorable Kwasi Kwarteng, MP, the UK’s new business
secretary, has now introduced a jumble of reforms after the latest corporate
calamities and the failure of auditors to catch them, or even convincingly own
up to a public duty to do so. The Beis proposals are pitched as a UK version of
the US Sarbanes-Oxley Law, passed in 2002 in response to Enron’s failure and
Arthur Andersen’s collapse.
The UK may be growling up the wrong tree. SOx reforms have
always delivered more bark than bite.
It would be a huge mistake for the UK to model its reforms —
ones that have so much momentum and urgent need — after US auditor reform
that’s failed so miserably. UK investors deserve more.
I wrote in 2012, ten years after Sarbanes-Oxley was passed, that
the law and feeble enforcement of it had failed to restore investor confidence
in audit firms after Arthur Andersen’s failure to mitigate fraud
at Enron. Nearly twenty years
on my verdict is even more harsh. The Sarbanes-Oxley law has turned out to be a
negotiated mélange of rules that have been barely enforced and gradually
watered-down to within an inch of their original intent, all to reduce costs
for corporations and increase new share listings.
Is the latest UK reform package truly radical or just more of
the same incremental reforms, full of sound and fury yet signifying no
meaningful change once again?
Incremental reform is not enough, Atul Shah, an accounting and
finance professor at City University of London, told me.
I am afraid it is more of the same and the reforms will be as
ineffective as all the rest. That’s because the largest global audit firms have
fully captured the government and regulatory apparatus via the revolving door
and have a shared objective to prop up the stock market and businesses no
matter the cost to workers and small investors. After the 2008 crash, hardly
any auditor was fined or went to jail over their failure to warn society.
After that, it got worse. The common factor is the cultural
problem, Shah told Bloomberg in an
interview this past June.
When he spoke to me, Shah said the cultural problem in accounting and finance
is being ignored by most universities and the firms when training new
professionals. He believes there are vast cracks in the curriculums that ensure
that the systemic problems continue to prevail.
Prem Sikka, an Emeritus Professor of Accounting at University of
Essex, agrees. Sikka, in Left Foot
Forward in September of 2020, wrote, "The audits of large companies
need to be performed by a statutory body.” Lord Sikka, who was nominated for a
life peerage in the 2020 Political Honours and raises his voice for the Labour
Party in the House of Lords, has been a years-long critic of the audit industry
status quo. He wrote:
Auditing firms have a choice. They can deliver honest, robust
and socially useful audits or vacate the audit market and make way for a new
institutional framework.
However, Sikka told me via email that he suspects the government
would not like the idea of an independent body appointing and remunerating
auditors because big corporations would oppose it.
Reform history
The last time the UK pressured global audit firms to reform was
in 2010 when the House of Lords conducted an inquiry into the Big Four audit
firms’ role in the global financial crisis. Auditors had failed in their public
duty to remain independent, place public interest above commercial interests,
and undertake their duties competently, objectively and prudently, Sikka wrote
in a 2009 article.
UK regulators went through the motions in 2010, and their
issues were even taken up in the European Union. Michel Barnier, a French politician acting as European
Commissioner for Internal Market and Services under
President José Manuel Barroso from 2010 to 2014, voiced overall
displeasure with the audit firms and threatened new laws and
regulations that would upend
the industry’s structure.
“The status quo is not an option,” Barnier said in October 2010.
Michel Barnier, however, did eventually accept the status quo.
Barnier recently served as the European Commission's Head of Task Force for
Relations with the United Kingdom during the Brexit negotiations. He’ll retire
from the European Commission this month but stayed in the game long enough to
see the audit industry status quo publicly pummeled again.
After the financial crisis, the Financial Times
and the Guardian were full of
stories about the auditors and what they did, and did not do, to warn of the
crisis or mitigate the impact to investors. UK politicians made much more noise over the auditors’ role than US politicians did. In
November of 2010 UK audit firm leadership appeared before the House of Lords
Economic Affairs Committee and admitted they did not issue “going
concern” warnings for any of the
large UK banks that were eventually nationalized. That’s because they were
assured during private, confidential meetings in December 2008 and January 2009 with Lord Myners, and others
that the government would bail out the banks if needed.
The Financial Reporting Council’s Sharman inquiry, prompted by
the incredible revelations, let them all off the hook in June of
2012. Bank auditors
are not obliged to express doubts about their client’s short-term survival if
it is receiving adequate liquidity support, including from the state, and are
able to meet its long-term liabilities, the FRC said.
The latest proposals
On March 18, Kwarteng and Beis published “ambitious plans to
strengthen the UK’s audit and corporate governance framework and empower
shareholders” that have been much discussed and long delayed, most recently by
the COVID pandemic. The
proposals entertain most of the
recommendations of three
independent reviews of the UK audit
industry completed in recent years.
Sir Donald Brydon, the former chairman of the London Stock
Exchange, delivered a 135-page report in December 2019 that recommended
significant structural changes to how auditors work and how their firms are
structured and regulated including proposing a new definition of the purpose of
a company audit. He also emphasized why auditors should be expected to act as
“bloodhounds” that detect corporate fraud. (The collapse of Grant
Thornton-audited Patisserie Valerie in January 2019 brought a new example of an
auditor insisting it was not obligated to look for fraud.)
A Competition and Markets Authority report in 2019 recommended
that UK-listed companies should be required to use two firms — preferably
one a non-Big 4 firm — to do a “joint audit” of accounts. The year before John
Kingman produced a highly critical report focusing on the regulation of the
audit industry.
Lord Sikka believes the reform white paper’s foundation, all of
the recent studies, is deficient. The Kingman Review only applies to one of
five audit regulators and does not explain how to avoid capture, Sikka said.
The CMA report does not tackle questions like auditor liability (an important
pressure point) or inviting new suppliers of audit services and the Brydon
Review does not look at the actual audit process, per Sikka.
The Financial
Times Editorial Board has
characterized the proposals as an equivalent to the US Sarbanes-Oxley regime,
albeit one the UK must introduce carefully, “without piling unfair costs and
burdens on to companies struggling to recover from the pandemic.”
The Beis white paper is a 232-page set of proposals and goes out
for public consultation and comment until July. Given the number of
recommendations and length of the report, the Beis plan is expected to generate
plenty of mail. That is only a first step and there is no guarantee any
of the proposals will eventually be mandated.
Kwarteng writes in the introduction:
The Government understands the serious challenges that
businesses are facing because of the pandemic and we will not add to
those: reforms will be introduced over an appropriate timetable. However,
I am committed to our stated aim of reforming the corporate governance and
audit regime and we intend to bring forward these reforms later in
the Parliament, once we have taken account of your responses.
Separating audit and consulting, in body or at least in spirit
via service prohibitions, is a perennial reform recommendation whenever
conflicts rear their ugly head. The UK’s Financial Reporting Council already
issued a 22-point plan last July for a “ringfence” requirement — the
operational separation of the audit side of the largest global firms from the
rest of their business. Firms were required to outline how they would make the changes
by late last year, and the plan must be implemented in full by June 30, 2024 at
the latest.
When the ring fencing requirements were announced, Deloitte said
it would work with the FRC to develop its plans, but was concerned about losing
momentum with other reforms mentioned in the three reviews.
Deloitte UK has come around. The firm announced in September
that its UK audit operations would have a standalone board beginning in 2021.
Public relations firm Teneo is announced this week it would purchase the
Deloitte UK restructuring arm which reportedly has 250 people including 27
partners.
PwC was less committal but agreed to “continue to engage with
the watchdog on the complexity and detail of the principles.” EY said it would
work with the FRC, but warned the proposals alone “would not deliver all the
changes needed.” The firm said in December that its plans had been submitted to
the regulator.
KPMG has said it supports the ring fence plan as a “first step
to restoring trust in companies.” Previously, in 2019, KPMG Chairman Bill
Michael had warned that "an extreme form
of ring-fencing would have significant unintended consequences,
especially with regard to audit quality.” Next tier firm Grant
Thornton followed the leaders and said the move would fail to boost
competition.
KPMG UK agreed to a £400m deal with private equity firm HIG
Capital for its UK restructuring unit. The firm is arguably in no position to
complain about regulatory scrutiny. KPMG has been criticized recently — and
been heavily fined — for the poor quality of its audits, in particular related
to construction company Carillion. In 2020, the firm saw profits drop 6% before
tax and partner payouts. Partner payouts were down 11% from 2019.
KPMG is also the firm where an audit practice ring fence will
have the least impact on its results. KPMG’s audit practice generates a higher
percentage of total revenue, nearly 29% in fiscal year 2020 than the other Big
4 firms, EY (21.2%), PwC (22.9%) and consulting behemoth Deloitte which only
derives 14.8% of its revenue in the UK form audit services.
Conflicts, however, will continue to turn up. The sell-off of
restructuring arms, in particular may help firms like KPMG UK avoid the
conflict between its work to wind-up companies like Patisserie Valerie and its
audit work but won’t prevent the kind of conflict of interest to be replaced on
the job. The Patisserie Valerie auditor Grant Thornton is also KPMG’s audit
firm. The forced
split up of Big Four audit practices from their consulting units may provide an opening for the firms
to continue expansion into legal services.
The US experience
The U.S. Securities and Exchange Commission attempted to “modernize” auditor independence rules — the ones that govern potential conflicts when an auditor
performs tax and consulting services — in 2000, even before Enron
filed bankruptcy. Audit firms were doing more consulting than auditing at audit
clients and the concern was the work, and the fees, distracted them
from their core purpose: auditing.
That time the Big 4 didn’t wait for regulators to force them to
ringfence audit to protect its integrity from the influence of consulting
fees. The Big 4 were so concerned about the growing regulatory and public
criticism that two of the four
firms sold their consulting
practices in 2000 and 2001. The Sarbanes-Oxley Act was passed in July 2002 and
PricewaterhouseCoopers Consulting was sold to IBM in October 2002. Deloitte
Consulting never separated from Deloitte & Touche, and went on an
acquisition spree.
Arthur Andersen’s perceived unhealthy emphasis on its lucrative
consulting work at Enron instead of its audit was the catalyst for critics to
succeed in getting nine prohibitions against consulting services to audit
clients into the Sarbanes-Oxley law. The service restrictions prohibit audit firms from providing non-audit services such as
internal audit outsourcing services, financial information systems design and
implementation, and bookkeeping to an audit client including company
affiliates.
However, between 2002 and 2012, the SEC and
PCAOB made only a handful of enforcement actions against the firms for auditor independence violations and
they were minor. This laissez-faire attitude encouraged the Big 4 firms to
rebuild and then expand their consulting arms as soon as non-compete agreements
with the original buyers of the businesses expired. The easiest prohibition to
police – the one that restricts performing software design, development
and implementation consulting for an audit client when it would impact
the ability to audit accounting and financial reporting - is the one
most recently sanctioned by the SEC, against PwC and a partner. In this
case, one partner violated this prohibition in 15 clients for 19
engagements over five years, 2015-2019.
Can the UK succeed where the US has not?
Professor Shah is pessimistic and wrote in a 2019 OpEd, “We have already lived through the costly experience of the
failure of “Chinese walls” in banking. Why should we still believe they can and
will work here?”
Kingman’s recommendation for a new regulator called the Audit,
Reporting and Governance Authority is also already in process. Following the
FRC Review, the FRC, under new leadership, “has taken significant steps to
strengthen its capabilities. However, legislation is needed in many areas to
complete the task of remodelling the regulator and to establish the FRC’s
successor body, the Audit, Reporting and Governance Authority (ARGA),” according
to the Beis white paper.
So, full reform will, again, wait for Parliament.
The UK reform proposals borrow from recommendations made by the
Competition and Markets Authority but go around its recommendation to mandate
joint audits in the FTSE 350.
From the white paper:
It is not healthy for audit quality that the UK audit market is
so concentrated, with 97% of FTSE 350 audits undertaken by just four audit
firms. This concentration is not helped by the fact that those firms also
compete to provide a wide range of other business services to the largest
companies.
The reform proposals greater regulatory powers and duties
intended to increase choice and competition in the FTSE 350 audit market,
initially through a managed shared audit regime, not joint audits, and, later
if needed, a managed market share cap.
The operational separation between the audit and non-audit arms
of certain firms is intended to lead to separate governance, financial
statements prepared on an arm’s length basis, and regulatory oversight of audit
partner remuneration and audit practice governance.
Jane Fuller, a fellow of CFA Society of the UK and co-director
of the Centre for the Study of Financial Innovation advocates separating audit
from consultancy but admits implementing the ring-fence will be
challenging. Fuller wrote in her CFSI blog in October:
The devil in the implementation detail lies in the second
objective: ‘Improve audit market resilience by ensuring that no material,
structural cross-subsidy persists between the audit practice and the rest of
the firm. The seriousness of this issue has led a few of my contacts (outside
the audit profession) to question whether the ‘standalone’ audit practices will
be viable.
Legislation would also provide statutory powers for the
regulator to “proactively monitor the resilience of the audit market and audit
firms, including powers to require audit firms to address any viability
concerns that are identified.” This is a big missing piece of US audit firm
regulate on since the SEC primarily regulates audits and auditors as their
activities impact public company issuers. The Public Company Accounting
Oversight Board monitors the process of auditing and the firms and
professionals’ adherence to auditing standards.
No one publicly acknowledges a legal obligation to monitor the
financial viability of audit firms, despite widely expressed fears of
catastrophic private litigation against one of the remaining Big 4 firms and a
generally accepted aversion by regulations to put another firm pout of business
through regulatory fines or sanctions, resulting in an implied “too
few to fail” policy when faced with
necessary enforcement actions against any of the Big 4.
The US government hasn’t
officially scrutinized the level of
concentration in the market for public company audits since 2008.
The US General Accounting Office admitted “there was no general consensus for
various proposals put forth for addressing concentration.”
In their 2015 paper, “Competition in
the Audit Market: Policy Implications,”
Joseph Gerakos of Dartmouth’s Tuck School of Business and Chad Syverson of the
University of Chicago Booth School of Business explored the
possibility of further audit
concentration as a result of the unexpected exit of a Big Four audit firm. This
impact could be mitigated by new entry into the public company audit market by
next tier firms like Grant Thornton.
Spreading the work of auditing listed companies around outside
the Big 4 would potentially keep fee increases in check and, maybe, also
prevent the Big 4 from operating with impunity. However, next tier audit firms
have not been able to successfully dilute Big 4 market power in the developed
economies. When Arthur Andersen collapsed completely, for example, Grant
Thornton, RSM, and BDO did not step-up to fill the void anywhere.
In 2018 Grant Thornton UK announced that it would no longer even
pitch for audit work with FTSE 350 clients. Perhaps that’s for the best given
Grant Thornton’s failed audit of
Patisserie Valerie and payment of a
£3 million fine for “misconduct” relating to its audits of Nichols and the
University of Salford.
In its November 2020
report, the UK FRC said that
introduction of mandatory audit tendering and rotation in 2016 had not made
much of an impact on industry concentration.
The Big Four firms continue to dominate the FTSE 350 audit
market, particularly for the largest companies by market capitalisation. The
failure of any one of these firms would threaten the stability of the overall
audit market.
UK firm revenues represent between 6-9% of global firm revenues
but that understates the importance of the UK to each firm’s global network as
a key spoke in its global seamless service delivery model for multinationals,
wherever they are listed.
The UK member firm in each of the Big 4 global networks signs
the audit opinion for a handful of key multinationals, some resident in the UK
or other parts of Europe, that are listed on the New York Stock Exchange or
Nasdaq. For example, Deloitte UK signs the opinion for Glaxo Smith Kline PLC
and BP PLC. KPMG UK signs the audit opinion for BT Group, BHP Group, and
Barclays and PwC audits Rio Tinto, Pearson PLC, and Santander. EY UK signs for
Royal Dutch Shell and the Royal Bank of Scotland.
PwC’s rank as the largest UK firm by total revenues and audit
services revenue is likely directly related to its significant activity as a
participating audit firm in 81 US listed companies. That highlights how
critical the UK Big 4 firms are as member firms of their respective global
networks who audit the UK operations for US and other European exchange-listed
clients.
As a result of the fraud and failure of German payments
processor Wirecard, this has meant investors and regulators, as well as
plaintiffs’ attorneys, are keenly interested in what role EY UK and EY US
played in the EY Germany audit of Wirecard. Wirecard had a subsidiary in
England and one in Dublin, Ireland. Its 2019 annual report said that the
subsidiary in England was audited by an EY network firm and its Dublin sub by a
third-party firm.
The FCA forced Wirecard’s U.K. subsidiary, Wirecard Card
Solutions, to halt operations when its parent company filed for insolvency in
Germany in June 2020. The Newcastle-based fintech Railsbank agreed to buy
the U.K. subsidiary of Wirecard. Wirecard’s North America unit,
which it bought from Citigroup in 2016, was sold by the bankruptcy
administrator to a company backed by buyout specialist Centerbridge Partners
LP.
The failure to detect fraud
The Beis proposal also, in line with the Brydon Review’s
recommendation, proposes to legislate to require directors of public companies,
or what are called “Public Interest Entities” in the UK, to report on the steps
they have taken to prevent and detect material fraud.
The Brydon Review also identified “both confusion and a gap
between the reality and the expectations of performance of auditors [regarding
detecting material fraud].” To dispel such confusion, it recommended that the
regulator amend the auditing standard on fraud “to make clear that it is the
obligation of an auditor to endeavour to detect material fraud in all
reasonable ways.”
The proposal says the UK intends “to legislate to require
auditors of Public Interest Entities, as part of their statutory audit, to
report on the work they performed to conclude whether the proposed directors’
statement regarding actions taken to prevent and detect material fraud is
factually accurate.”
It’s one of the biggest myths that the global audit industry
perpetuates: The audit is not designed to detect fraud.
Auditors used to acknowledge their responsibility to detect
fraud. In March 2007, PwC’s former US Chairman Dennis Nally was interviewed by
the WSJ:
WSJ: Is it an auditor’s job to try and find fraud?
Nally: Absolutely. We have a responsibility to perform procedures that are
detecting fraud just like we have responsibilities to perform procedures to
detect errors in financial statements.
WSJ: You seem pretty certain, but the firms as a whole often eschew some
responsibility for finding fraud, especially in court.
Nally: The audit profession has always had a responsibility for
the detection of fraud. The debate has always
gone toward how far do you carry that, what type of procedures do you have to
develop and in what environment. The classic issue becomes the cost
benefit of all of that and this is why I think there is this expectation
gap.
By 2011, Nally had changed his tune. Helen Thomas of
the Financial Times asked PwC Global
Chairman Nally, “What about fraud or disingenuous bookkeeping? Surely auditors
should rightly find themselves in the line of fire when a case slips through on
their watch?”
The FT’s Thomas writes that Nally “crossed his arms across his
monogrammed shirt, for the first time looking a touch defensive.”
There are professional
standards out there [and] an audit is not designed under those
standards to detect fraud,” [Nally] says, pointing out that detecting
fraudulent behaviour rests on other indications including a company’s
governance, management tone and control systems. The reasons it has been done
that way is because, while we always hear and read about the high-profile
fraud, the number of those situations that you actually encounter in
practice is very de minimis.
You’re not designing an audit for ‘the exception’ because, quite
frankly, the cost itself would be prohibitive to all of the
capital markets and . . . who wants to pay for that if the benefit
isn’t there?”
What happened to change his mind? Satyam happened.
Nally, and his boss, former PwC Global Chairman Sam DiPiazza,
were caught flat-footed on the Satyam fraud in India in December 2008. DiPiazza
told the Times of India:
What we understand is that this was a massive fraud conducted by
the (then) management, and we are as much a victim as anyone. Our
partners were clearly misled.
Faced with allegations that PwC India partners were in on the
Satyam fraud, now Global Chairman Nally gave a rambling,
incoherent interview to Business Today in India in July 2009 – more than six months after the fraud was
uncovered by the Satyam CEO not PwC — and reversed his WSJ comments from 2007:
Many times there is an expectation from the investor community
that the auditor is in fact fully responsible for the detection of fraud. Now
that is not our job, today.
Judge Barbara Jacobs Rothstein of the United States District
Court for the Middle District of Alabama, in her decision in the case Federal
Deposit Insurance Corporation v. PricewaterhouseCoopers LLP et al, No.
2:2012cv00957, found on December 28, 2017 that PwC had breached its
professional duty to exercise reasonable care in performing its audits by
failing to plan and perform its audits to detect fraud and failing to obtain
sufficient audit evidence that would have led to discovery of the
Colonial Bank-TBW fraud.
On July 2, 2018, Judge Rothstein wrote that the FDIC was
"entitled to recover all reasonably foreseeable
losses Colonial incurred from its ongoing fraudulent relationship
with TBW," and “[t]here can be no real dispute (indeed PwC does not raise
one) that it was foreseeable that because PwC failed to detect the
fraud, Colonial would continue to fund TBW-originated mortgages, both
legitimate and fake.”
Judge Rothstein ordered PwC, the former auditor for
now-defunct Colonial Bank, to pay the Federal Deposit
Insurance Corp. $625 million in damages arising out of PwC's failure to detect
the "massive fraud" perpetrated by employees
of Colonial Bank and Taylor, Bean & Whitaker Mortgage Corporation
from 2002-2009, which ultimately led to Colonial Bank's failure.”
It was the largest ever damages award for auditor liability. The
two sides eventually settled for $335 million.
Judge Rothstein’s decision in FDIC v. PwC, should be the
last word on whether the auditor has an obligation under law to design the audit
to detect fraud and illegal acts at their audit clients.
In November 2013 the PCAOB published a very useful, and at the
time very brave Appendix to a discussion document distributed at a PCAOB Standing
Advisory Group meeting. The agenda item for the meeting was, “Consideration of
Outreach and Research Regarding the Auditor’s Approach to Detecting Fraud”.
The appendix provides a detailed overview of auditors’
obligations under existing PCAOB standards to design and perform the audit to
detect fraud. The document covers the entire audit lifecycle from engagement
acceptance and continuance to reasons to resign an audit.
The Beis director proposals
The Financial Times Editorial Board believes the real “steps
forward” in the BEIS
proposals are not the audit firm reforms but changes to corporate governance
rules.
At the least, directors would be required to sign off personally on the
effectiveness of companies’ internal controls and risk management. That stops
short of the US approach, where top executives must certify the accuracy of
accounts. But making directors sign off on management, compliance and internal
audit controls is a significant step — especially backed by the threat of
fines, suspensions, or clawing back bonuses if sizeable errors or fraud are
later found. It could also potentially make it easier to bring legal charges
against them.
Strictly speaking, making directors sign off on internal
controls would be quite a few steps above and beyond the US Sarbanes-Oxley
requirement for the CEO and CFO to sign off on internal controls and disclosure
controls. The FT’s mandarins, however, do not approve of the most severe controls proposed for company
directors.
More stringent options proposed in the paper would require
auditors to report on their views of how effective internal controls are, or —
closest to the US system — give a formal opinion on directors’ assessment of
controls. Jumping straight to the strictest option risks imposing unreasonable
costs on post-Covid business.
Fuller told me in an interview she is hopeful that the proposed
reforms to hold company directors personally responsible will act as a check
and balance on executives and auditors.
That’s where the US SOx experience may be instructive.
The Sarbanes-Oxley Act of 2002 mandates that audit committees
would be directly responsible for the oversight of the engagement of the
company's independent auditor. SOX Section 302 requires that the principal executive and financial
officers of a company, typically the CEO and CFO, personally attest that
financial information is accurate and reliable. Besides lawsuits and
negative publicity, a CEO or CFO who does not comply or submits an inaccurate
certification is subject to a fine up to $1 million and/or ten years in prison,
even if done mistakenly. Intentional certification of a false report risks even
more severe criminal penalties.
However, there have been very few enforcement actions for
violation these SOX provisions and none for some of the highest profile
potential cases from the financial crisis. Other than the high-profile
prosecution of Health South’s Richard Scrushy for Section 906 violations — he
was eventually acquitted — the US Department of Justice did not pursue a single
prosecution under these statutes as a result of the financial crisis.
The BEIS proposals have been greatly delayed, including for
another month after the FT reported they were imminent. Perhaps the Big 4 audit
firms and business weighed in, again, to create more ambiguity and wiggle room
for Parliament later.
Media reporting of “pressure on the Big 4 firms”
to renounce the commercialism of the status quo and redirect their hearts and
minds to serving the public as professionals has often been just be a clever
public relations strategy orchestrated by the firms themselves. It allows
government and legislators to entertain the mistaken impression they’re
actually “regulating.” Auditors then fend off the worst proposals with the same
old arguments, for a while longer, under the guise of compromise.
Follow Francine @ReTheAuditors on Twitter
The Dig is my newsletter https://thedig.substack.com/
re: The Auditors http://retheauditors.com