Contrary to popular belief, audits are not designed to be thorough enough to catch most fraud. And even with that low bar, the so-called "best" accounting firms (the "Big 4") have been repeatedly penalized for inadequate care and misconduct. How can investors protect themselves?
(Usual disclaimer: I'm just an investor expressing my personal opinion and not a financial advisor, attorney or accountant. Consult your own financial professionals before making any financial decisions. Code of Ethics: We do not accept any money from any sponsor or platform for anything, including postings, reviews, referring investors, affiliate leads or advertising. Nor do we negotiate special terms for ourselves in the club above what we negotiate for the benefit of members.).
Recently, I was talking with a fellow investor about a fund that seemed to have numerous potential yellow flags for fraud (like misleading marketing and the sponsor refusing to release common financial information to investors).
He said to me, "I don't have to worry about fraud. They're audited by " (a Big 4 accounting firm that I won't name). "That proves they're on the up-and-up!"
That's a very common way of thinking. And unfortunately, there are two major flaws with it.
"Oh, ha ha. Were you expecting me to look for *fraud* with that audit?"
Almost every person in the general public will tell you that an audit's main purpose is to find fraud. Unfortunately, this just *isn't true*. As The Economist describes, auditors "simply...set themselves...[a]...low bar ...which is a pass or fail 'opinion' on whether financial statements obey accounting rules."
While there is a little bit of checking for fraud, it isn't done in a comprehensive way. Instead, the auditor merely checks a small sample of the transactions, and bases the audit "opinion" on that.
As a result, the standard auditing statement does not even mention the word fraud. And if and when the audited company is later found to have committed fraud (which happens often, as we'll look at next), the accounting firm will always argue that it should not be on the hook for it...even if it made a material difference.
An accounting-industry promotional group called "Center for Audit Quality" says, "because auditors do not examine every transaction and event, there is no guarantee that all material misstatements, whether caused by error or fraud, will be detected." Vernon Soare, the COO of The Institute of Chartered Accountants is even more blunt. An audit "is not there primarily to find fraud. It is defined in company law that the auditors [only] give a true and fair opinion of the company's accounts."
"So exactly *why* did we pay for that audit?"
Andrew Bailey, University of Illinois Accountancy Professor Emeritus, has a scathing response to this type of indifference by the accounting industry. Bailey says:
"If the discovery of material errors and fraud is not a major part of what the audit is about, it is not clear what value-added service the auditor offers the investor and capital markets,"
This is a very polite way of saying, "why in the world are we paying you"?And yet, so far, the industry has resisted change.
And unfortunately the problems go even deeper with structural conflicts-of-interest. Auditing firms are not paid by investors, but by the companies they are supposed to be overseeing. And a firm that produces a positive audit can expect to keep an auditing job for decades (85% of the S&P 500 companies have been audited by the same firm for over 10 years). It's no wonder the watch-dogs have no teeth (as we'll talk about in a second). But, the current trend will probably be to deregulate and require less of the accounting firms, rather than more. So the situation isn't likely to change anytime soon and investors have to look out for themselves.
"But certainly the Big 4 is different. Right?!"
Many people who may have heard of some of the limitations of audits, still believe that the larger accounting firms are immune to these problems. And definitely there have been smaller firms that have been caught up in accounting scandals.
But at the same time, the Big 4 has had plenty of scandals too. Every one of them has recently signed off on multiple audits where the company was later discovered to have committed significant, material investor fraud. And many times, the Big 4 didn't even meet the low-bar requirements of the current fraud-sampling rules, and they themselves were fined or reprimanded. In one case (KPMG) multiple principals have actually been indicted for trying to game the way that regulators double-check their audits.
"Thanks for the audit. But who's auditing you?"
Below is just a sampling:
EY (Ernst & Young):
Weatherford International scandal: Ernst & Young was fined $11.8 million in 2016 by the Securities and Exchange Commission (SEC) over its audit of the company where they "failed to detect the company fraud ... more than four years ongoing". They found that EY made fundamental mistakes like "relied on Weatherford’s unsubstantiated explanations instead of performing the required audit procedures to scrutinize the company’s accounting....did not take effective measures to minimize known recurring problems its audit teams experienced when auditing tax accounting." Weatherford international itself was fined $140 million.
Reprimanded: In June 2017, Deloitte was reprimanded by the UK accounting watchdog to have produced audits that needed "significant improvement" and "lagging behind their professional services peers in terms of the quality"
Rolls-Royce scandal: KPMG was the auditor for Rolls-Royce who ended up paying over $862.8 million in penalties in January 2017 to the US Department of Justice (as well as UK and Brazil accounting fraud agencies). Rolls-Royce was charged with a decades-long bribery scandal and accounting cover-up (during which time KPMG was auditor and did not detect it).
Reprimanded: In June 2017, KPMG was reprimanded by the UK accounting watchdog to have produced audits that needed "significant improvement" and "lagging behind their professional services peers in terms of the quality".
Indicted: In January 2018, 5 KPMG principlals were indicted on charges of conspiracy by the SEC (Securities and Exchange Commission) and trying to game the government reviews of their audits. In June 2019, the SED fined KPMG $50 Million for (in it's words) “Astounding” Misconduct.
Aero scandal: Deloitte was fined in November 2017 for £4m for its audits of Aim-listed Aero.
Reprimanded: In June 2017, Deloitte was reprimanded by the UK accounting watchdog to have produced audits that needed "significant improvement" and "lagging behind their professional services peers in terms of the quality".
PwC (Price Waterhouse Coopers)
Connaught scandal: Price Waterhouse Coopers was fined a record £5m for "misconduct" relating to its audit of social housing group Connaught.
Colonial Bank scandal: court found that PwC was negligent in detecting the fraud that brought down the bank.
So that's how the supposed, most-reputable, "cream-of-the-crop" firms have been doing with audit quality. In my opinion, the industry has a severe problem.
So is an audit useless?
With all this fraud, it might seem like an audit is a waste of time and money. Certainly some people argue that.
In my opinion they still aren't useless. Even though an auditor only looks at a small sampling, I would argue that at least it's better than nothing. And sometimes auditors do discover fraud, in which case it's extremely helpful.
But at the same time, I don't personally rely on an audit for fraud protection. I believe it's still important to do all the other fraud checks: personal background checks on principals, reference checks from customers and suppliers, extensive "Death by Google" checks, etc. (See here for how I personally do due diligence on a deal).
Sometimes I find a red flag and then it's an easy pass on the deal. Other times, there may just be a suspicious pattern of many yellow flags. Usually in that case, I still pass. Maybe there are extenuating circumstances (and everyone will always offer an explanation). But I also have hundreds of deals to choose from each month I don't have any fraud flags. So why take a chance on someone that might be questionable? I simply move on to the next deal.