Sixteen years after the Enron scandal, auditing firms are again in the news for their failure to detect accounting shenanigans — at UK contractor Carillion, at South African retailer Steinhoff, at Colonial BancGroup in the US. This has revived a recurring question: Are the firms’ other businesses, most notably consulting, clouding their judgment?
In the UK, lawmakers have gone so far as to suggest breaking up the big four auditing firms — Deloitte, Ernst & Young, KPMG and PwC. This may ultimately prove necessary, but existing rules should first be given a chance to work.
Auditors play a crucial role in the economy, one that comes with unique privileges and responsibilities. The law guarantees demand for their services by requiring public companies to produce audited financial statements. Those statements, in turn, provide valuable information to investors and to anyone interested in the condition of the business. This public-service function makes quality and independence particularly important.
The big auditing firms, though, also do other things — such as strategy consulting, information technology and tax advice. In this work, they answer to the company’s management, not to investors or the public. These other tasks might enhance auditors’ understanding of their clients’ businesses, but they can also create conflicts — particularly when they account for a large share of the auditing firms’ billings.
The dangers became abundantly clear during the US accounting scandals of the late 1990s and early 2000s. In case after case — Waste Management, Enron, WorldCom — non-audit accounted for most of the fees, and the auditors’ intimate relationships with management proved disastrous. Subsequent research suggests that the problem was common and, as an auditor might put it, material: The bigger the non-audit fees, the more likely a low-quality audit.
US legislators responded with the Sarbanes-Oxley Act of 2002, which (among other things) prohibited firms from providing some non-audit services to their audit clients and required public companies to disclose all fees paid to their auditors. More recently, the European Union adopted a similar approach, and also capped firms’ non-audit billings at 70% of audit fees for any given client — measures that are just beginning to come into force.
In the US, the rules have been a partial success. Companies have cut back on their auditors’ other services. As of 2016, such billings amounted to just 21% of audit-firm fees — down from more than half before Sarbanes-Oxley.
Nonetheless, the auditing firms have managed to get back into the consulting business — largely by providing services to companies whose finances they don’t audit. As of 2017, non-audit activities generated 70% of total revenue at the big four; that share fell to as little as 40% in the wake of Sarbanes-Oxley.
Is this resurgence a problem? It raises some troubling issues. For one, as consultants rise to top of the auditing firms, their focus on boosting revenue and pleasing company management could change the culture, undermining the public-service watchdog role of the auditing side. Another concern is that the firms will reinterpret or find ways around the existing prohibitions on non-audit services.
So far, it’s hard to know what’s happening. One US study, using data through 2013, found no relationship between the quality of firms’ audit work and their aggregate consulting billings — but did find such a link at the individual audit- client level. In 2017, the International Forum of Independent Audit Regulators reported deficiencies in 40% of the audits its members inspected, down from 47% in a 2014 report. But again, interpreting these numbers isn’t straightforward: They depend on what regulators choose to inspect and how tough they choose to be.
Anecdotal evidence suggests that auditors’ work still leaves much to be desired. Consider the Colonial Bancgroup case, in which nonexistent loans were counted as assets. The auditor, PwC, took management’s word that hundreds of millions of dollars in fake assets existed, without verifying a single loan document. At one point, the lead auditor said that audits were “not designed to detect fraud” — an assertion he later reversed. (Gaining a “high level of assurance” of the lack of fraud is a legal requirement.) If auditing firms had the right standards and processes in place, such incidents wouldn’t occur.
More study is needed as the auditing firms’ mix of business changes and the new European rules start to bite. Researchers should also watch another reform coming into effect in the US and Europe: a requirement that auditors “show their work” by describing any significant issues they brought up with management while parsing the financial statements. That could be valuable. The added transparency should encourage vigilance.
If these measures don’t spur auditors to be adequately skeptical, more radical prescriptions would be justified. These could include changing the way audit firms are paid, removing their legal mandate, and even limiting their business to audits or breaking up the big firms to promote competition and accountability.
Regulators have tolerated auditors’ conflicts of interests for years. If the firms fail to embrace the spirit of the new rules and acquit themselves better, it will be time for more drastic measures.