When I started AccMan, one of the things I wanted to write about was professional ethics. In the meantime, other voices have emerged that know far more about the topic than I will ever likely know. One of those is Francine McKenna with whom I’ve had a long, helpful and educating relationship. A couple of years ago we speculated whether and when one of the Big Four would fail. It hasn’t happened. Yet.
I wonder if that is about to change. Her analysis of problems among the Big Four represents a masterclass in all that seems wrong with the profession – or at least the Big Four. I’m speculating that in years to come, it will be a required text for audit students. Right at the top she makes the point:
There are so many hard working, earnest, intelligent audit professionals who try their gosh-darndest to do a good job. But in spite of these herculean efforts, fraud happens.
BTW: Dan Goelzer is now the Interim Chairman of the PCAOB.
I’m hard on the audit firms, in particular and specifically on their leadership, because they never learn. I believe that this perpetual ignorance is by design not default.
And therein lies the rub. Back in the day auditors took pride in what they did, were diligent to the point of mind numbingness and were genuinely thorough. Those of a certain vintage may even remember the days when auditors had their own special inks that were not available to anyone else and were locked away at lunchtimes. We can giggle at such apparent eccentricities but they served a purpose – keep management honest. I don’t recall an auditor EVER having to concern themselves with fraud detection. If there was something amiss, they found it. Yet fraud detection seems to be the direction in which the profession is being pushed. In a Tweet message Norman Marks suggests:
CPA firm policies and PCAOB standards are limited by the firms’ ability to execute – need experience and training in fraud detection
In another Tweet, Francine says:
RT @johnpneedham: I’m biased but I believe it when @retheauditors tells us a BIG cause of the fin’l meltdown was fraudlulent accounting.
I can look back and ask why? But then I guess I have to accept the world is a far more complex place than it was 20, 30, 40 years ago. Perhaps the time HAS come to radically reshape the industry. The problem is figuring out what it might look like and how it will be constituted. Right now we appear to be frozen, unable to move in any direction. It is surely a lamentable state of affairs when Francine can declare:
It’s easy to see how PW India may have short cut, by default, good audit practices. They claimed, for example, thatindependent confirmations were not required under Indian audit standards. Too bad for PwC this was a global client, a NYSE-listed client, an audit practice under PCAOB inspection jurisdiction and, therefore, bound not only by the global audit methodology that PwC International is supposed to be enforcing but by GAAS.
and…
For every PCAOB and SEC sanction and $1 million fine lodged – chump change, Starbucks money for their partners – there’s an example of Deloitte thumbing their nose at the regulators.
It’s frightening. Any responsible management reading those words must wonder what the heck is going on. Francine’s answer is simple:
The audit firms are loathe to be in an adversarial, challenging relationship with the management of their clients. They are bending over backward again to please them. The main reason why this happens is the way audits are bought and paid for – by the Audit Committee but directly by the company and driven largely by customer relationships with management instead of with the true client, the shareholders.
I think we’re beyond that. In an eco-aware age where governance, risk and compliance are way more than ticking off a balance sheet, we should be considering a wider group of stakeholders. If that’s agreed then the current audit is redundant. The Global Reporting Initiative aside, I’m not convinced we have seen enough by way of legislation to encourage making the jump. GRI is after all only ‘suggested,’ it’s not enforceable. On internal audit, Norman Marks references Larry Harrington:
- Move to a risk-based instead of transaction-based (or even controls-based) style of auditing.
- Allocate resources to address risks to the business, with more resources on higher areas, etc.
- Provide opinions, not just on individual audits, but overall opinions to your Board.
- Make smarter use of technology, including continuous auditing and data analytics.
- Understand GRC and help your organization improve its governance, risk management, and compliance processes.
- Integrate fraud prevention and detection into routine audit activities.
Good words. Again – without some sort of enforcing framework I have to wonder whether it will happen. In light of the economic meltdown and continuing concerns over the power that financial institutions wield, change is no longer optional. It is essential if we are to create a sustainable economic environment. It starts with us. So to my question at the top of the post. How much more can we tolerate…before whatever vestiges of trust are left simply evaporate?
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=db79ed93-96b0-4ccf-9002-26d7a182dd44)
