Today’s topic is “joint auditors for large companies” – continuing a series from September 25 through October 8 and October 16, on the issues involving Big Audit that confront the regulators and politicians in the United Kingdom who seem determined to impose disruptive change.
Along with cultivation of smaller firm participation, proposals reflected in papers issued by the Financial Reporting Council and the Competition & Markets Authority and political pronouncements from both parties include break-up of the Big Four, forced separation of their non-audit services, auditor appointment by government authority, and voluntary reduction of their 97% share of the FTSE 350 market.
The optimistic case that encouraging or requiring joint audits might beneficially affect audit quality or increase the competitive access and capability of smaller firms to perform large engagements is found, e.g., in the CMA’s paper, ¶¶ 4.18-.22. There are three challenges -- each distinct and sufficient: capacity, quality and risk tolerance.
Capacity
On the ability of the smaller firms to gain market share, to affect competition and auditor choice, look to the French market, where joint auditors are required. Companies in the CAC 40, France’s large-company index, primarily choose two Big Four firms. The only smaller firm with any index-level participation is Mazars – fifth ranked in France, ninth in the UK and 14th globally. Its 2017 global revenue of $ 1.68 billion is approximately seven percent of the average revenue of the Big Four.
At that size and scope, Mazars has little reasonable prospect of taking on a FTSE 350 engagement, much less one in the FTSE 100. However beneficial its experience in France, Mazars has not grown the capability to obtain and share a joint audit with any of its smaller brethren, whose limitations would if anything be more acute.
On the capacity issue, in short, the French market experience has spoken with eloquence.
Quality
The proposition that joint audit contributes positively to audit quality suffers the familiar challenge of a small sample size and a lack of empirical support. While a research project awaits the attention of a curious scholar, historical experience supports the opposite.
Most recently, in the years under scrutiny for the € 200 billion laundered without discovery or disclosure through the Estonian branch of Danske Bank, the bank’s annual reports show that its audit was done jointly by Grants and KPMG for 2007-2010 and PwC and KPMG for 2011, before one-firm takeover by KPMG for 2012 and 2103, EY for 2014 and finally Deloitte for 2015 onwards.
Five years of joint audits, in short, were no more effective by way of detection or prevention than performance by a single firm.
As a brief sidebar on a related subject, the rotation at Danske through five different audit delivery models over nine years does no favor to the “fresh eyes benefit” urged by the proponents of frequent and mandatory auditor replacement.
There is history. Back in 2003, Deloitte and Grants had shared the audit of Italian dairy conglomerate Parmalat. Disclosure of a € 20 billion hole in its accounts revealed the mechanism: bogus contracts housed in an account labeled the “buco nero” (“black hole”) – colorfully evocative although insufficient to entice preventive inquiry by either or both.
As a precursor, the great Ponzi scheme of the 1970s run at Los Angeles-based Equity Funding involved the separation of audit responsibility between Haskins & Sells, as it was then branded in the US, and a small firm recently joining the US operation of what is now BDO. At the heart of the criminal scheme was concealment from both firms of the creation of whole ledgers of non-existent holders of fictitious life insurance policies.
To summarize, division and sharing of audit responsibility with its challenges of communication and administration brings the risk of cracks through which problems and manipulations may fall undetected.
Risk Tolerance
To conclude, the professional auditing standards permit the division of work between two or more firms (see the PCAOB’s AS 1205 in the US, and ISA 600 as widely adopted elsewhere).
In practice, the principal auditor judges whether and how to make reference to the other auditor (ISA 600.11 and AS 1205.04-.09). Either way, while the choice has implications for the level of responsibility assumed by the other auditor, the principal auditor retains responsibility for the entire scope of its own work – including the adequacy of its reliance and delegated decision-making.
There is the bind, in jurisdictions such as the US where “joint and several” legal liability exposes auditors to 100% of the potentially devastating consequences of a breakdown or failure. Inadequate as the financial resources of a Big Four firm are to protect itself from a deathblow lawsuit, the ability of a smaller firm to assume a meaningful share, monetarily or by percentage, is immaterial.
That limitation assures that the risk-management evaluation of a Big Four firm as principal auditor, persuaded or obliged to share a large audit, will include the time and attention of a full-court press on the actual performance by the smaller firm – involving substantial duplication or overlap and negative consequences for the achievability of cost efficiencies or real sharing of experience or expertise.
Conclusion
There continues to be no sign of official awareness, that none of the proposed “solutions” to the perceived issues around Big Audit is feasible, achievable or capable of affecting audit quality or competition – a fact so far without impact on the public discourse.
Joint audit, among them, is another “non-starter.” Which reinforces the suggestion here that, sooner or later, the intrusion of reality into the discussion should become compelling.
Thanks for joining this dialog. Please share with friends and colleagues. Comments are invited and welcome, and subscription sign-up is easy and free, both on the Main page.
Let’s do away with all audits and see how corporate governance oversight and the management behave. Hold them personally accountable.
Posted by: Michael Corcoran | October 24, 2018 at 07:56 PM
Let’s do away with the external audit requirement. Let’s hold the Board of Directors and management accountable to adhere to all regulatory standards. "Inspecting in" does not work. The biggest failures have nothing to do with GAAP and GAAS that these firms opine on anyway. It happens way before with strategy, oversight, monitoring and ultimate performance failures. Let’s turn it upside down.
Posted by: Michael Corcoran | October 24, 2018 at 08:38 PM