16 July 2018

Corporate auditing is broken. Here’s how to fix it


Auditors are in the business of trust. But in the last year alone, PwC has been banned in India, Deloitte is being investigated in South Africa, several KPMG partners have been criminally charged in the US, and EY has been fined in the UK.

The ostensive watchdogs of market disclosure have become poster boys for corporate chicanery.

Earlier this month, we learnt that a US federal judge has awarded the largest ever liability settlement against an auditor, about $625 million, against PwC for its audit of Colonial Bank. Assessing fines that are proportionate to the scale of the perpetrators is one step to making auditors accountable.

Mega-fines notwithstanding, a good chunk of the dysfunction in auditing can be traced back to a simple idea – unchecked power.

If there’s something prosecutors and regulators fear more than the Big Four firms that dominate auditing today, it’s a world with only a Big Three. So, in an ironic reprieve to the incumbents, governments have been wary of pushing too hard against any one of them, particularly on criminal charges. This situation essentially means the Big Four are now “too few to fail,” enabling more misconduct in the profession.

We can bust this cartel if we pierce through the limited liability of individual audit-firm partners.

Currently, each of the Big Four firms operates as a collective, effectively insulating and insuring its individual partners of serious civil penalties through its deep pockets. If the partners are personally financially accountable for their actions, even if only partially, then we begin to address the power imbalance created by their collective might.

That collective might also manifests itself in standard-setting. The four dominant players in auditing represent the largest source of private funding for their top global rule-maker, the International Accounting Standard Board, and, as such, few major rules on accounting and auditing can come into effect without the blessing of the Big Four. The key accounting industry regulators in the US even run regular rotation programs for Big Four staff to spend time designing the rules to which they will be held accountable.

It’s as if four really powerful students in a school get to write the exams for themselves and everyone else.

Consider that one of PwC’s experts in the Colonial Bank case reportedly testified in 2015 that under audit rules auditors don’t have a responsibility to find and detect fraud. This expert, who had spent years at PwC, was at the time of his testimony a Professional Accounting Fellow at the Securities and Exchange Commission – one of those folks who rotate from regulated to regulator. In that SEC role, he was responsible for “oversight of the Public Company Accounting Oversight Board [the US audit regulator] on auditing policy related matters”. He is now back at PwC as partner.

Breaking up the Big Four will certainly help address the power imbalance in standard-setting. But the complex, cross-border legal structure of the audit firms may mean that any such effort could be tied up in international courts for years.

An intermediate solution is to require a figurative “gap year” before Big Four alumni are permitted to serve in accounting regulatory positions and vice versa. In general, the longer the gap between regulatory and commercial appointments, the slower the revolving door between government and business.

Intensifying the auditors’ power is the mismatch between those who make the auditor selection and those who rely on the audit report.

The corporation’s shareholders – key users of the audit report – nominally have the authority to choose auditors. But this authority is usually exercised upon the recommendation of the corporation’s board of directors, which customarily defers to senior management. Not doing so can be construed as a vote of no-confidence.

This practice has to change. While most managers are not actively conspiring to mislead shareholders, the purpose of the audit is to mitigate such possibility. The role of auditor is that of invigilator, and “getting along” with management is not an essential requirement: indeed, it may well be a hindrance to sustaining auditors’ professional scepticism of management practices.

The solution: amend the boardroom handbook to require that the decision to appoint auditors be made entirely independently of senior management. Managers should learn of the choice of auditor when this decision is first made public by the independent, non-executive members of the board.

To those comfortable with the genteel environs of corporate boardrooms, such a shift may seem extreme. But, given the current state of failures in auditing, boards are well served to act boldly to realign auditors to the reality that they serve shareholders.

Karthik Ramanna is Professor of Business and Public Policy at the University of Oxford’s Blavatnik School of Government.