Investors get a radical change to audit transparency
After a surprise move to make reports more transparent in the US, investors will finally have the chance to scrutinize some auditors’ decisions
With deregulation on the lips of senior corporate executives across the US since Donald Trump took office in January, not many thought proposed new rules increasing the transparency of audit reports stood much of a chance of getting approved. Not least since the Securities and Exchange Commission is now short two commissioners. Two of the current three are Republicans and one of those, the new chairman Jay Clayton, was chosen by Trump himself.
Shortly after he was appointed, Clayton confirmed his expected direction by telling lawmakers of the need to deregulate to induce more companies to go public. He also expressed scepticism that large fines help keep public companies in line.
A week after his senate confirmation, the SEC controversially approved a set of exchange-traded funds (ETFs) with four-times leverage, despite a proposed SEC rule in 2015 that would have limited the use of derivatives to gain leverage in ETFs – a move that seemed to signal that Clayton would be heading a very different kind of SEC.
Clayton’s own career history was seen by many as another indicator that the audit transparency proposal was unlikely to be approved. He was a corporate lawyer for a firm that has regularly represented Wall Street in everything from IPOs to settlements to advising Bear Stearns on its 2007 fire sale to JPMorgan.
The firm, Sullivan & Cromwell, helped take Alibaba public in 2014 – a company often criticized for its lack of accounting transparency. Indeed, S&C was among those to urge the SEC not to adopt the rule.
Yet in late October, the SEC approved the proposal by the Public Company Accounting Oversight Board (PCAOB) to the applause of investors and chagrin of many corporate executives and the US Chamber of Commerce, which feared the proposal could damage competitiveness.
“We had doubts about the proposal getting approved,” says Parveen Gupta, a professor of accounting at Lehigh University in Pennsylvania and a member of the PCAOB’s investor advisory board. “It was a pleasant surprise that it went through.”
|Parveen Gupta, Lehigh University|
And while investors and investor advocates are pleased at the prospect of more information about corporate audits, there are fears its value to them will ultimately be undermined by the US’s fierce culture of litigation.
The most important and controversial aspect of the proposal is the requirement that auditors of public companies include descriptions of “critical audit matters” (CAMs) – entries that describe the most “challenging, subjective, or complex auditor judgements” regarding accounts or disclosures materially relevant to an auditee’s financial statements.
Auditing the auditors
Auditors have long been suspected of having too-cosy relationships with the companies they audit, something the UK and EU have already tried to rectify by forcing public companies to change their external auditor every 10 years.
But in the US, no such steps had been taken, despite investor uproar after the financial crisis when numerous banks passed their audits and then failed in real life, or when auditors fail to catch or report fraud, as was the case with Wells Fargo last year.
In the US, average auditor tenure for Russell 1000 companies is 23 years, according to Audit Analytics. Two-thirds have retained the same auditors for 10 consecutive years.
The adopted proposal requires that companies disclose auditor tenure, as not all currently do. But more important to investors are the CAMs, which they argue will help give insight into auditor conclusions about risks of misstatement in financial statements, where management applies a judgement or estimation in measurements and even the timing and nature of some unusual transactions.
The very breadth of many banks’ businesses – from consumer loans to trading obscure securities – sets them apart from most public corporates. So too does the ocean of complicated post-crisis regulations they face and the complexity of some of their business lines.
Add to that the intricacies of accounting – loan-loss provisions, deferred tax assets, risk weights and capital positions – and it is easy to see why bank investors and the public would want to have greater insight into an audit than the traditional pass-or-fail boilerplate report. Investors are reliant on auditors to confirm that banks’ complicated financial statements are accurate and thus meaningful.
This is why the disclosure of CAMs is intentionally not standardized. Boilerplate pass/fail audit reports became a particular concern for investors after the financial crisis, when banks that would later fail or face lawsuits over fraud got the all-clear from external auditors.
|Dan Goelzer, Baker & McKenzie|
The pass/fail standard is retained in the new rules but will be supplemented with CAMs, hopefully giving investors a clearer view into whether or not auditors have relied too much on the say-so of corporate management, who are incentivized to produce the most flattering numbers in their financial statements. “The thought was that auditors were aware of risks that they didn’t disclose,” says Dan Goelzer, senior counsel at Baker & McKenzie in Washington, DC.
Goelzer says the new rules do not really resolve that concern, since CAMs only address what is challenging about an audit, not necessarily that anything wrong or fraudulent is happening.
In a letter to the SEC, the CFA Institute argued investors should be given more information and that since CAMs can only relate to matters already disclosed to a corporation’s audit committee, “audit reforms should be primarily focused on improving the reliability of reported information and should not be about protecting the audit firms.”
Increased litigation risk was cited as a concern by, among others, EY.
KPMG is being investigated by Congress over its role as Wells Fargo’s auditor before the revelation that bank employees, under pressure to hit targets, had set up more than a million fake accounts over several years.
KPMG admitted that it had indeed detected misconduct at the bank as far back as 2012, but that “from a financial reporting perspective, the improper sales practices did not involve key controls over financial reporting.
“From the financial statement perspective,” KPMG said in a letter to four members of Congress, “its effects were not financially significant.”
At the time, that was true. Overall fees improperly charged by Wells employees amounted to $2.5 million, according to the Consumer Financial Protection Bureau. Wells had $23 billion in net income in 2015, so setting aside $5 million for affected customers was genuinely not financially significant: it is a little over 0.002% of net revenues.
But those figures do not include what would become $185 million in fines for its sales practices and potentially another $142 million that litigants are seeking for compensation related to fake accounts dating back to 2002.
If those numbers are included, the impact is closer to 1.5% of 2015’s net revenues.
And while Wells said in August it does not expect further compensation claims to hit the bottom line, it also said its litigation charges for other alleged offences, including mis-sold car insurance, could be as much as $3.3 billion higher than reserves.
Wells’s stock price is down about 3.5% so far this year, compared with an over 8% gain for the Dow Jones US Banks Index.
With that in mind, KPMG’s nondisclosure of the fraud to investors might seem, in retrospect, a big failure in its role as a protector of investor interests.
Curiously, the PCAOB clarified that the discovery of potentially illegal acts “if an appropriate determination had been made that no disclosure of it was required in the financial statements”, would not qualify as a CAM. Nor is a potential contingent liability loss that has been communicated to the audit committee, “but that was determined to be remote and was not recorded in the financial statements or otherwise disclosed under the applicable financial reporting framework.” And CAMs do not include determinations that big deficiencies in internal controls over financial reporting exist.
These caveats would appear to exonerate KMPG, which claimed it was aware of potential misdoings, but had communicated these to management and believed they were being dealt with.
“It is often difficult for auditors (and management, for that matter) to determine at the outset whether a particular illegal act is material or likely to ultimately have consequences that are material to the financial statements,” says Baker & McKenzie’s Goelzer. “I am familiar with situations in which a conclusion was reached that an illegal act was not material and, in fact, there was never any material financial statement impact. Obviously, however, the opposite can occur as well.”
Nonetheless, the example of Wells Fargo, like so many others in banking since the financial crisis, calls into question whether or not auditors, as quasi-regulators whose primary role is to look out for investors’ best interests, are fit for purpose.
To that end, the inclusion of CAMs in audit reports beginning in mid 2019 (for many larger firms), represents a “radical change”, says Goelzer, to the nature of audit reports and potentially the role of the auditor.
"It is often difficult for auditors ... to determine at the outset whether a particular illegal act is material" - Dan Goelzer, Baker & McKenzie
While some are worried that the implementation monitoring period may result in a watering down of the proposal in the longer term, the biggest concern among proponents of the rules, including Goelzer and Gupta, is that CAMs will become exactly the boilerplate disclosures they are intended not to be because of litigation – something the SEC’s Clayton also warned against.
“I would be disappointed if the new audit reporting standard, which has the potential to provide investors with meaningful incremental information, instead resulted in frivolous litigation costs, defensive, lawyer-driven auditor communications, or antagonistic auditor-audit committee relationships – with Main Street investors ending up in a worse position than they were before,” Clayton said in October.
Gupta says: “Three, four years after the initial implementation, you will see a lot of value-added information. But given the litigation environment in the US, there is a possibility that an extended auditor report could become a boilerplate disclosure over time.”
Goelzer agrees: “The litigation environment puts a lot of pressure on the firms to be careful about what they say.”
Time will tell. But in the meantime it looks like the role of the auditor is set to change, perhaps quite dramatically, and the pressure on audit firms to demonstrate their professional scepticism is finally set to increase.