Who Will Watch the Watchmen? Audit Shortcomings
For The Wall Street Journal for Saturday/Sunday, August 14-15, 2021, a pair of reporters wrote: “Oversight is Weak of Private-Firm Auditing.” The article contrasts the degree of oversight of auditors of private companies with that of auditors of public companies. Since the passage of the Sarbanes-Oxley legislation in 2002, public company auditors are subject to review and discipline by the Public Company Accounting Oversight Board (“PCAOB”), a governmental body in turn supervised by the U.S. Securities and Exchange Commission (“SEC”). The distinction is not entirely accurate, as audit firms may be held to account if misleading financial information is involved in the sale of securities, even by a private entity.
See my March 2, 2021 Blog “Being Held Accountable: The “Education” of KPMG at the College of New Rochelle,” where the SEC issued sanctions against two auditors of the college, a private entity, in connection with the issuance of municipal securities. Those auditors lost their ability to practice before the SEC.
Nonetheless, The Wall Street Journal does raise some very troubling issues. Specifically, the only regular evaluations of audit performance of firms auditing private entities (except where an issuance of securities is involved) are unofficial, voluntary peer reviews by other audit firms. The Journal reports that 91% of the reviewed firms in a U.S. Department of Labor (“DOL”) study received the “highest ‘pass’ grade, while only 4% the “worst ‘fail’ score.” One suspects that this much variance from normal human experience suggests strongly that this peer-reviewing is a “paper-tiger.” And there is strong corroboration for this suspicion from the actual review of audits of pension benefit plans, where some 40% of the audits reviewed were found significantly deficient. The Journal article suggests that the creation of the PCAOB, with its focus on auditors of public companies, may have inadvertently led the remainder of the profession to allow laxity to grow. This essentially echoes a February 2021 article in The CPA Journal that asks, “Is Peer Review Having a Mid-Life Crisis?” That article reports that peer review is beginning to be taken for granted, especially at smaller firms, since the creation of PCAOB with its focus on public company audits.
“Audit” comes from the Latin “audire,” to hear. Its ancient origins date from when it spoke particularly to the desire of rulers to understand how their resources had been employed and how their governments were functioning. There are signs of auditing in the ancient cultures of Mesopotamia, Greece, Egypt, Rome, and India. By medieval times, especially the end of the 15th century, it was used to double-check the newly-developed capacity of double-entry bookkeeping to document the income and outgo of funds and to confirm that the relevant personnel were neither negligent nor fraudulent. It was in the 18th century when the Industrial Revolution resulted in large-scale production that auditing came into its own. The significant expansion in the volume of trading transactions and the increased reliance on money as the mechanism for settling accounts made accurate record-keeping critical. In addition, stockholders in British companies realized that independent audits could protect their interests. The Institute of Chartered Accountants in England and Wales was founded by the Royal Charter on May 11, 1880. In the United States, the American Institute of Certified Public Accountants (“AICPA”) was established in 1887.
In the 20th century in the U.S., the same evolution of the capital markets in the face of systemic duress, which led to the passage of the Securities Act of 1933 and the Securities Exchange Act of 1934, also substantially elevated the importance of the accounting profession, and especially the audit function. That importance was underscored, in the wake of the collapse of Enron and of Arthur Andersen & Co., with the passage of Sarbanes Oxley and the resulting creation of PCAOB. But the audit function for non-public entities remained, and remains, unaddressed beyond the laws and regulations in the several states that license accountants and the AICPA.
A 2002 article in the Harvard Business Review asks “Why Good Accountants Do Bad Audits?” (authored by Max H. Bazerman, George Loewenstein, and Don A. Moore) and suggests that it is biased in favor of a client. As noted above, these shortcomings in audits have resulted in the situation highlighted in both The Wall Street Journal and The CPA Journal articles. Fundamentally the “Watchmen” are NOT watching, at least not carefully enough.
DOL Audit Study
In 2015 the U.S. Department of Labor (“DOL”) undertook a relatively in-depth study of the audits filed in connection with annual filings for employee benefit plans. That study was conducted by the Office of the Chief Accountant in the Employee Benefits Security Administration of the DOL. The Chief Accountant’s Office reviewed 400 filings of the 81,162 total for the year 2011. Those 81,162 filings were done by 7,330 different audit firms ranging in size from very small to quite large. Some firms had only a few filings; others had a multitude of plan audit clients.
As a result of finding that 39% of the filings had audits with serious deficiencies, which imperiled some $653 billion in plans, the DOL made findings and recommendations. Among the most significant of those was the finding that the Peer Review process of the AICPA and the several State Societies of Accountants “does not appear to be an effective tool in identifying deficient plan audit work and ensuring compliance with professional standards.”
The DOL study found that larger audit firms with a number of plan audit clients were substantially less likely to perform deficient audit work. Another positive factor was when audit firms were active members of the AICPA Employee Benefit Plan Audit Quality Center.
Push for Change
Over and over, the report stressed the importance of training and experience, which strongly suggests that small audit firms should not take on benefit plan audit work on their own but should either refer the work to more experienced firms or partner with them. The report also urged the passage of legislation that would empower the DOL to set professional standards for benefit plan audit work, and much as the SEC does under its Rule 2(e), authorize the DOL to impose sanctions on firms that fail to meet those standards. Further, the report calls for greater cooperation with the National Association of State Boards of Accountancy “to improve the investigation and sanctioning” of accounting firms that fall short.
Calls like these, for enhanced training and regulations, flow from information like that in The Wall Street Journal article and the confirmation of the issues raised by the DOL Report and The CPA Journal. When the audit function is not necessarily reliable, then all of those who rely on the work of the auditors to report on the financial condition of private entities: businesses, charities, employee benefit plans must be concerned that those reports may be suspect. One may expect legislative and regulatory initiatives to correct these shortcomings.
Peter D. Hutcheon