Reimagining audit quality using Wirecard and PCAOB examples

Here are ways to improve audit quality, address material financial statement fraud during audits, and prevent and deter more big frauds using Wirecard and PCAOB examples.

Wirecard

On Oct. 15, 2019, the Financial Times (FT) published an investigative article revealing internal documents pointing to accounting fraud involving inflated revenue and profits at Wirecard, the German financial services company. While the company’s stock plummeted and management continued to deny the allegations, the board of directors requested a special review, which the company awarded to KPMG. (See the Fraud Magazine cover article, Wirecard’s house tumbles, by Dick Carozza, CFE, and Wirecard’s suspect accounting practices revealed, by Dan McCrum, Oct. 15, 2019, the FT.)

The Wirecard scandal — the largest accounting fraud case in post-war Germany — shocked the European financial markets, losing an estimated US$13 billion in stock market value and becoming the first Frankfurt Stock Exchange blue chip company to file for bankruptcy protection. (See What the Wirecard scandal reveals about the state of German financial supervision, by Dustin Voss, Nov. 19, 2020, The London School of Economics and Political Science.)

KPMG’s April 27, 2020, final report stated that the review had been obstructed and that it was unable to verify the existence of the cash held in the escrow accounts and the existence of outsourced business.

In June 2020, EY delayed the year-end audit and the certification of the financial statements. Then-CEO Markus Braun resigned and was arrested on June 22, 2020. Then-COO Jan Marsalek disappeared and is now a fugitive.

While all details surrounding the scandal aren’t yet available (the FT reporter McCrum is writing a book), apparently Wirecard reported fictitious revenue from 2016 through 2018, and US$2.1 billion of cash held in escrow accounts never existed. The escrow accounts represented the share of revenue from markets where it didn’t have licenses to operate.

According to the FT, the elaborate fraud went on for years. Wirecard provided EY (the group auditor of record) and KPMG (the special auditor) falsified audit evidence and false representations during audits.

The FT reported that the Philippines bank employed actors impersonating bank employees to speak to the auditors during a video conference. Many now wonder why the auditor missed the accounting fraud despite many red flags, investigative reports and a whistleblower report in 2008. (See Wirecard: the frantic final months of a fraudulent operation, by Olaf Storbeck, Aug. 25, 2020, the FT.)

PCAOB inspections

The 2019 and 2020 U.S. Public Company Accounting Oversight Board (PCAOB) inspection reports of the top six audit firms for U.S. and international audits are another indicator of declining audit quality. The inspections revealed incorrect financial statement and/or internal control audit opinions, audits with deficiencies that relate to most audit areas, instances of noncompliance with PCAOB standards and rules, and improvement opportunities in the firms’ quality control systems.

On the financial statement audit side, auditors failed to (1) obtain sufficient evidence (2) perform sufficient testing (3) evaluate significant assumptions made by management or data provided by the client company.

On the internal control audit side, auditors failed to (1) identify and test controls (2) test controls over the accuracy and completeness of data or reports (3) perform sufficient testing of the design and/or operating effectiveness of controls.

An end to accounting self-regulation

In 2002, in response to several highly published accounting scandals (including Enron, WorldCom, Tyco and the collapse of Arthur Andersen), during which the accounting profession came under heavy criticism, the U.S. government enacted the Sarbanes-Oxley Act (SOX). The European Commission, the U.K., Canada, Japan, Mexico, China and many other jurisdictions passed similar legislations. (See An Interview with Sen. Paul S. Sarbanes: Sarbanes-Oxley Act Revisited, by Dick Carozza, CFE, Fraud Magazine, May/June 2007.)

SOX ended accounting self-regulation with the establishment of the PCAOB, which is responsible for overseeing audit firms, establishing standards and conducting inspections. The act provides rules that strengthen auditor independence, and enhances corporate governance and responsibility.

The implementation of SOX, and similar regulations around the world, has helped improve the quality and transparency of public company financial statements. However, accounting scandals and audit failures continue to occur. Notable cases include Lehman Brothers in 2010, Olympus in 2011, Petrobras and Tesco in 2014, Toshiba in 2015, Wells Fargo in 2017, and now, Wirecard and Luckin Coffee.

The accounting profession again finds itself facing heavy criticism because of accounting scandals and failed audits.

Factors contributing to poor audit quality

Firm consolidation

Based on publicly available data from Big Four websites, my estimates are that the Big Four firms shared about 70% of the global industry in fiscal 2020. The rest was divided up among mid- and small-tier firms. (Also see Global Auditing Services Industry, September 2020.) The U.K. KPMG chairman has said the audit industry is an oligopoly. Oligopolies are characterized by few companies commanding most of the market share, which limits competition and causes higher prices. High market share among the Big Four might affect audit quality.  (See KPMG chair calls Big Four an ‘oligopoly’ after Carillion collapse, by Lucy McNulty, Financial News, May 12, 2018.)

Last year, several countries announced efforts to break this oligopoly. In March 2020, Bloomberg reported that South African regulators are trying to break up the Big Four. (See S. Africa Seeks to Break Up Big Four Auditors After Scandals, by Rozanne Henderson, Bloomberg, March 11, 2020.)

The Guardian reported that the U.K. Financial Reporting Council (the audit regulator) asked the Big Four to separate their assurance business from the rest of their operations by 2024 in an attempt to break up their dominance. (See UK’s big accountancy firms told to split off audit arms by 2024, by Rob Davies, The Guardian, July 6, 2020.)

Auditor independence

Independence plays the most important role in rendering a quality audit. When conflicts of interest are present, auditors are inclined — and sometimes pressured — to accept client representations without challenge.

Recently, the FT criticized auditors for not challenging clients during audits because they’re afraid of losing business and fees. (See After Wirecard: is it time to audit the auditors? by Jonathan Ford and Tabby Kinder, July 3, 2020.)

In a February 2020 CPA Journal article, Lynn Turner [the former chief accountant of the U.S. Securities and Exchange Commission (SEC)] wrote that “auditors view management of the companies they audit as their clients, not the public,” and that “it is important to audit partners that they maintain ‘annuity’ income received from the audit fees, as losing the revenue stream can affect a partner’s career.” (See Reforming the Auditing Profession, by Lynn E. Turner, CPA, The CPA Journal, February 2020.)

Over the years, and most recently in 2019, the SEC charged several firms and audit partners with violations of the SEC’s auditor independence rules. (For example, see SEC Charges PwC LLP With Violating Auditor Independence Rules and Engaging in Improper Professional Conduct, SEC, Sept. 23, 2019.)

The Big Four firms are still growing their tax and advisory services revenue disproportionately versus audit revenue. Reporter Michael Rapoport in a 2018 article in The Wall Street Journal writes, “Since 2012, … combined global revenue from [the Big Four] consulting and other advisory work has risen 44%, compared with just 3% growth from auditing.” (See How Did the Big Four Auditors Get $17 Billion in Revenue Growth? Not From Auditing, The Wall Street Journal, April 7, 2018.)

Nearly 63% and 67% of the Big Four 2019 and 2020 revenue, respectively, came from advisory and tax, according to the Big Four websites. This disproportionate growth and contribution from non-audit services negatively impacts the audit quality as firms place emphasis and focus in advisory and tax services.

Housing tax, advisory, and assurance all under one roof — even if they’re segregated — can make it appear that an auditor lacks independence and can create conflicts of interest.

Sloppy auditing

Aggressive audit schedules, smaller audit budgets and inexperienced audit teams can lead to sloppy and lower audit quality.

The FT reported Wirecard’s auditor failed “for more than three years to request crucial account information from a Singapore bank where Wirecard claimed it had up to €1 billion in cash, a routine audit procedure that could have uncovered the vast fraud at the German payments group.” (See EY failed to check Wirecard bank statements for 3 years, by Olaf Storbeck, Tabby Kinder and Stefania Palma, the FT, June 26, 2020.)

In the 2003 Parmalat audit, auditors had relied for years on forged confirmation letters supporting a bank account worth 3.9 billion euros. (See the FT, “After Wirecard: is it time to audit the auditors?”)

Considering fraud during an audit

U.S. and international audit standards require auditors to consider fraud during financial statement audits and to apply audit procedures. Apparently, the Wirecard auditor didn’t apply effective fraud considerations and related audit procedures during its audits — the accounting scandal went on for several years and remained undetected despite several reports by journalists, internal investigations and whistleblower reports.

Possible solutions

Auditors have been learning from audit failures and continue to make adjustments to improve audit quality. But learning and making incremental changes isn’t enough. The auditing profession would do well to roll out an immediate response with powerful changes if it wishes to remain relevant, restore public trust and avoid further regulation.

• Auditors must embrace the responsibility to detect material misstatements and material fraud during a financial statement audit. Therefore, robust fraud audit procedures need to be included during audit engagements. During high-risk audit engagements, auditors should work side-by-side with specialists, such as Certified Fraud Examiners, to help them navigate through fraud risks.
• Audit firms need to assess whether aggressive audit schedules and small audit budgets play a role in sloppy auditing. If they do, complementing the audit process with new technology (especially artificial intelligence and robotic process automation), will help streamline and cut down administrative and low-value work to enable auditors to focus on critical higher value tasks.
• Providing robust fraud risk training to new auditors will also help. This is particularly important as the fourth industrial revolution is unfolding, the global economy is becoming digital and business models are becoming increasingly complex.
• Eliminating the client audit fee dependency will provide true independence. To accomplish that, the profession should work with global regulators to establish a global independent public company oversight agency (similar to the PCAOB) to oversee registered audit firms, harmonize audit standards, conduct inspections, and provide stakeholders audit quality data and recommendations to help firms cope with staffing, technology, audit quality systems and training needs.
• The agency should appoint registered firms to public company audits based on selection criteria determined by the agency (e.g., language needs, size and firm capability, technology, expertise, inspection quality indicators and others), and rotate auditors every three to five years. Finally, the agency should set and pay audit fees (including a healthy profit margin) based on fee criteria set by the agency (e.g., engagement risk profile, market cap, audit complexity, etc.).
• Many in the field have recommended that accounting firms (registered public company auditors) separate audit and assurance services and house them in separate independent companies. This action will help firms focus on audit and assurance services, eliminate the appearance of independence and free them from cross-selling services.
• An effective, independent, relevant and capable internal audit function can work alongside external auditors during financial audits. Internal auditors can share insightful knowledge — acquired from working on various engagements across the company — on financial risk and control, capabilities in technology, accounting and reporting, management style, fraud risks and more.
• The stock exchanges should require every listed company to have an effective and independent internal audit function. But to be truly effective and independent, the audit committee must hire and supervise the chief audit executive and set the function’s scope of work and budget.

Deter future frauds

More than 20 years have passed since the enactment of SOX. Recent big frauds and PCAOB inspection reports have shown us that the auditing would do well to hasten change to prevent and deter future frauds.

Chris Dogas, CFE, CPA, is principal at AudereSapere GRC Management Consultants LLC. Contact him at chrisdogas@asmgtc.com.