Print this article | Return to Article | Return to CFO.com
Critics say the PCAOB's latest round of inspection reports are too vague and released one year too late to tell the public what kind of job the large audit firms are doing.
Sarah Johnson, CFO.com | US
January 26, 2007
For the second round of official inspection reports on the Big Four audit firms, the Public Company Accounting Oversight Board's findings led to a handful of negative headlines: "Audit Watchdog Report Raps Ernst, KPMG," "Deloitte Criticized by Board," and "Failing Grades for E&Y, KPMG." According to critics of the way the PCAOB has shared information about its inspections process, those descriptions don't paint a clear picture about what the auditor overseer was probably trying to say in its reports. In addition, they say, the reports came out too late to truly tell how the audit firms are currently performing.
To be sure, the PCAOB's critiques of the Big Four's 2004 audits list several mistakes for each firm — specifically, the board found deficiencies in the audits of 9 PricewaterhouseCoopers clients, 10 Ernst & Young clients, 11 KPMG clients, and 17 Deloitte & Touche clients. Except for PwC, each firm had at least one error that appeared "likely to be material to the issuer's financial statements."
Using the terms "failed" and "failure" numerous times, the PCAOB cited the firms for basic accounting issues, some of which relate to lease and tax accounting, revenue recognition, and goodwill-impairment testing. All four of the reports, and the PCAOB's previous evaluations of the Big Four's work, noted that in some instances the firms did not "identify or appropriately address errors in the issuer's application of GAAP." The inspections led to restatements for one client of each auditor (two, in KPMG's case). The bulk of the board's criticisms were related to the auditors not properly documenting their work.
Despite an emphasis on "criticism of a firm's policies, practices, and audit performance" and staying away from reporting on a firm's strengths, the reports are intended to be solely a "dialogue" between the PCAOB and the firm, the 2003 inspection documents said. Much of this dialogue, however, is available on the PCAOB Website for anyone to review. And while releasing the information publicly is part of the mandate of keeping investors better informed under the Sarbanes-Oxley Act, the reports may, at first glance, skew public perception. The PCAOB rolled out the 2005 public reports starting in late November; the last two were released on January 11.
In fact, the reports' negative tone is missing context, according to accounting experts who spoke to CFO.com about the PCAOB's findings. Part of this ambiguous perspective arises out of the fact that the board won't say how many inspections it conducts on each firm. "It's unclear how to interpret the reports without knowing the number of audits they looked at," says James Bierstaker, an associate professor in Villanova University's accountancy department.
Keeping that figure private doesn't protect the audit firms, says Susan Lister, national director of audit policy at BDO Seidman. But including it could encourage investors and potential audit clients to draw the wrong conclusions since the reports are missing so many other facts necessary for forming an opinion. For example, the PCAOB keeps the identities of the audited companies confidential because of Sarbox requirements and doesn't even include basic descriptions of the issuers, such as revenue size. The PCAOB's "comments are really generic, so it's hard [for the public] to put them into perspective at all," Lister told CFO.com.
"I think the process is well intended, and it is helpful and constructive, but right now it is not producing the kind of results that it should for people who are using the results and trying to understand what this means," says J. Michael Cook, the former CEO of Deloitte, who chairs four audit committees, including Dow Chemical's.
Regarding the 2004 inspection reports, which the PCAOB released publicly in the fall of 2005, newspapers widely reported that inspectors had found 19 audit deficiencies out of 76 audit engagements at KPMG. For the 2003 evaluations, which the PCAOB termed "limited inspections," the regulator looked at "portions of 16 audit engagements" for each firm.
The 2005 Big Four reports are missing those types of facts, which are irrelevant, according to Charles Niemeier, a member of the PCAOB. "In some respects, [the number of engagements] could encourage misleading, superficial comparisons between firms," he said in written responses to questions submitted by CFO.com. While planning inspections, the PCAOB does not decide beforehand how many audits it will review, and it doesn't look at any one audit in its entirety, he added.
The board's 2005 reports did reveal that it reviewed portions of more than 365 audits performed by the nine largest firms. But given the gulf between the Big Four and the next five audit firms, that number leaves observers guessing about the percent of audits reviewed. Ernst & Young, for example, audits more than 2,300 U.S. public companies, while Grant Thornton, considered by some measures to be the sixth-largest audit firm, audits approximately 372.
Furthermore, the PCAOB cautions readers of its reports not to draw any conclusions on a firm's merits based on the number of reported deficiencies in any given year. The total number of audits performed is a "small portion" of the total number a firm conducts, the PCAOB notes.
The list of audit deficiencies could also throw off the perceived percentage of problems at the Big Four because of how the PCAOB conducts its inspections: rather than randomly selecting a few issuer audits to examine, the PCAOB auditors take a risk-based approach. "They select audits in high-risk industries and look at pieces of an audit that are in the most high-risk areas, like derivatives or revenue recognition or leases, so the target areas are where they're more likely to find things," says Bierstaker. The PCAOB chooses which audits to review based on its "assessment of the risk of material misstatements or significant auditing deficiencies, as well as firm-specific risks," according to its 2005 annual report.
Concentrating on the high-risk areas of individual audits means the PCAOB is more likely able to identify places the auditors should focus on to maintain or improve audit quality, says Niemeier. The board, for example, may decide to look at an audit of an issuer that had several restatements in the previous year.
As a member of the PCAOB's Advisory Council, Cook has suggested that the board bring back language from the very first reports on the Big Four, which noted that the reports are not intended to be viewed as balanced report cards or even marketing tools. Niemeier says that idea is worth considering.
Another hole in the reports is the PCAOB's take on each audit firm's quality-control systems. Although it reviews those systems, the PCAOB redacts its findings from the public versions of its inspection reports and gives audit firms one year to make any fixes. If defects are not corrected within that time frame, the board will make those findings public.
The Issue of Timeliness
The delay in posting inspection reports to the PCAOB Website also gives accounting experts little leeway in being able to gauge the performance of an audit firm. "Due to the cyclical nature of the inspection process, many of these enhancements were made over the past year and a half and therefore are not reflected in the results of the 2005 inspections," PwC wrote in its response to the PCAOB's findings in the 2005 report. The firm did not respond to CFO.com's requests for further comment.
Considering that the inspections are meant to be a learning tool for the auditors, "I wonder about the effectiveness of this process if the 2005 reports are just getting posted in January 2007," says Bierstaker.
Niemeier says timeliness hasn't been an issue, as the PCAOB and the firms discuss issues continually. He believes the turnaround will be quicker for future reports now that the board is no longer creating reports from scratch. Its auditors will primarily look at the Big Four's 2006 audits starting this spring. (The PCAOB is required to annually inspect firms that audit more than 100 public companies; those with fewer than 100 issuers are inspected every three years.)
For existing corporate clients, the timing of inspection reports on their auditors may not be a concern. Craig Omtvedt, CFO of Fortune Brands and member of the PCAOB's Standing Advisory Group, says most finance executives already have a solid handle on whether their audit firms' work is up to snuff. In fact, he thinks the deficiencies noted for the 2004 audits of his firm, PwC, were "not terribly surprising," considering that the PCAOB is still fairly new, he told CFO.com. Still, he says, he did find it necessary to look over the report and share the findings with his audit committee.
What the Reports Do Say
Charles Mulford, a professor of accounting at Georgia Institute of Technology, notes that the reports on KPMG and E&Y, for example, show their clients are "getting their money's worth." The PCAOB does not report any major errors at either firm.
For "Issuer A" in the E&Y report, the firm "failed to address appropriately a departure from GAAP before issuing its audit report." The issuer revised its inventory standard costs "to include certain indirect costs that it had previously expensed when incurred." Instead of recognizing the effect of the accounting change, the company amortized "the effect of the accounting change into net income on a straight-line basis over a six-year period."
"On first examination, this would appear to make the financial statements incorrect," Mulford says. But in its response letter to the PCAOB, E&Y said its auditors had noticed the mistake and had accounted for it on their "summary for audit differences" before completing their audit opinion. The firm acknowledged that it should have documented this fix better.
In its letter, E&Y also said it had conducted additional procedures in light of the PCAOB's findings but did not redo any of its audit opinions. "The inspection process provides us insights as to how to make our audit work even better," the firm said in a prepared statement sent to CFO.com. "We constantly reexamine and improve our audit policies and processes, and we will continue to work closely with the PCAOB to use its findings to refine and further improve our audits."
Similarly, documentation was an issue noted by the PCAOB in its reports of Deloitte's 2004 audits. The 11 instances in which the board's inspectors noted the firm failed to provide "sufficient competent evidential matter to support its opinion" were deemed sufficient based on the firm's understanding of the PCAOB's stance, the firm noted: "The board's standards provide that the nature and extent of documentation are determined using the auditor's judgment." Still, Deloitte supplemented its working papers for seven of the issuer audits after reading the inspection report. In response to the PCAOB's previous year's report on the firm, Deloitte noted: "It is important that the emphasis on documentation does not come at the expense of improvement in the substance of the audit process." Deloitte did not return CFO.com's requests for comment.
At first glance, the PCAOB's demands for documentation might seem ironic, given the heavy criticism that companies have leveled at auditors for indiscriminately demanding documentation for internal-control audits. That problem, blamed in large part on the PCAOB's Auditing Standard No. 2, became so controversial that the board announced plans to replace AS2 with a less-prescriptive standard. To be fair, however, observers note that there's a big difference between an audit and an audit inspection. "If it's not documented, how does the PCAOB know it was done?" asks Mulford.
The recent batch of Big Four reports raises another question as well: Are they worth the trouble? "Is this process really helping to improve the quality of the audit?" asks H. David Sherman, an accounting professor at Northeastern University and a former accounting fellow in the Securities and Exchange Commission's corporate finance division. "So many of the things they find are really kind of marginal."
The onus is on the PCAOB to find some type of error, says Mulford. Adds Cook, "I'd be very troubled if they put out a report saying they had gone to all these offices and looked at all these engagements and said, 'We didn't find anything that they didn't do right.'"
The PCAOB has reported in a number of cases that its inspections did not turn up any errors, says Niemeier. But that's an unlikely result for the Big Four. "It would be unrealistic to expect a day when neither the PCAOB nor the firms themselves find audit risks that merit attention on a going-forward basis," he says.