Bright Light Shines on Massive Failures of External Auditors with “Painful” Consequencesin Blog Article by Jeff Hare
The lack of maturity of external auditing procedures is finally attracting more of the attention it deserves. The US’s Public Company Accounting Oversight Board (PCAOB) and the UK’s Financial Reporting Council (FRC) are publicly challenging external auditors to improve their processes.
Two Causes for Concern Emerge in One Month
In October 2023, two articles emerged revealing significant gaps in the quality reviews being performed by external auditors. Let’s dive in a little deeper to these two cases.
Case 1: Stark Inadequacies Cause the PCAOB to Investigate and Monitor Engagement Quality Reviews
Due to a myriad of identified failures related to engagement quality reviews (EQRs) between 2020 and 2022, the PCAOB released a guide called “Inspection Observations Related to Engagement Quality Reviews”. The PCAOB first highlighted the significance of the EQR, stating, “When an engagement quality review (EQR) is required, a well-performed EQR serves as an important safeguard against erroneous or insufficiently supported audit opinions and as a meaningful check on the work performed by engagement teams. The objective of the EQR reviewer is to perform an evaluation of the significant judgments made by the engagement team and the related conclusions reached in forming the overall conclusion on the engagement.”
The PCAOB went on to expose the severity and extent of their identified failures (listed below):
- Failing to identify certain engagement level performance deficiencies in the audit
- Failing to provide a competent, knowledgeable EQR reviewer / review team
- Failing to properly document the EQR
- Failing to provide concurring approval
- Failing to provide an EQR altogether
Case 2: the UK’s Financial Reporting Council (FRC) Enforces Fines and Updates Regulations Due to “Exceptional Failure” of KPMG
Our second case involved the UK-based KPMG organization, which received a massive fine for “exceptional failures in its accounting work for Carillion, the construction giant which collapsed in 2018” (https://www.bbc.com/news/uk-67087757). Carillion was responsible for hundreds of major projects ranging from Liverpool’s Royal Hospital to projects for prisons and the army. Due to KPMG’s extensive errors and incompetencies, Carillion was forced to abandon these 450+ projects and leave 10,000+ employees jobless. Carillion was left with an unimaginable debt of £1.5 billion ($1.6 billion), and KPMG assumed a fine of £21 million ($22 million).
The FRC found that these are the results of extreme apathy and irresponsible decision-making. KPMG’s previous partners admitted that their teams both “occasionally signed off audit reports before completing all of the work involved” and “occasionally made intentional, deliberate or reckless mistakes.” The FRC concluded that, “the collapse of Carillion had a significant and painful impact on employees, pensioners, investors, critical infrastructure projects, local communities and taxpayers”.
How Should the External Auditing World Move Forward?
Could there still be massive gaps in the methodology and oversight of external auditors in 2023 and beyond? Yes. We regularly chronicle and discuss the frauds committed by management in our Fraud in the Office podcast. FTX, Theranos, and Wirecard are just a few of the more recent cases where external auditors arguably failed to protect the investor’s interests.
In the last year, we recently uncovered what we believe is a massive gap in the methodology of some, if not most, external auditors in their 404b audits. In response we released our article, “Lack of Control Performer Independence Testing is Systemic and This is Why it Matters”. (Please read for more supporting information.) In this article we identified that most external auditors probably aren’t testing for the independence of the control performer, and likely isn’t being evaluated in external auditors’ quality reviews. Due to these findings, and in light of ever-increasing audit failures like those we explored today, we assert that the FRC (UK) and PCAOB (US) need to increase their emphasis on ensuring the independence of control performers in their inspections.