A Wake-up Call for Audit Committees
Norman Marks, CRMA, CPA, is a vice president for SAP and has been a chief audit executive and chief risk officer at major global corporations for more than 20 years.
An article in Compliance Week, PwC Takes Hit in Latest Inspection, Asks PCAOB to Act, should be mandatory reading for every audit committee, whether they have PwC as their auditor or not.
This excerpt from the piece should sound an alarm:
The 2011 inspection of PwC took a close look at 60 audits, plus three additional audits where the firm played a critical role but didn't issue the final audit report. Inspectors found fault with 26 audits, or 41 percent, including three cases where issuers restated their financial results or announced their intention to do so after the inspection, according to the report. Last year (PDF), PwC saw 37 percent of its audits called out for problems by PCAOB inspectors.”
While PwC can try to transfer the blame to the PCAOB and ask for better standards, presumably so they have better rules and have to rely less on judgment, it is clear that too many audits lack quality.
This, the risk of a poor audit, is something that audit committees should be very concerned about. After all, they are responsible for oversight of the external auditor.
What should they do? The first step is to recognize that this is a potential problem and the audit committee cannot assume that because the lead audit partner demonstrates confidence, even arrogance on occasion, that his team will perform a quality audit.
The members should probe the quality and experience of the audit team, especially whether the PCAOB has inspected any of their clients. I would insist that they report on whether any of the clients of the audit partners or managers had been inspected in the last three years, what the results were, and what actions were taken in response. I would go further and insist on information about the firm’s own quality inspections of their clients.
I believe that audit committees should now consider themselves on notice that bad audits happen and they have a responsibility to address that risk at their company.
Some years ago, at one of my first audit committee meetings at Tosco (where I led internal audit), the audit committee asked the audit partner about reports of significant legal settlements and the firm’s continued ability to serve as the company’s auditor. The audit partner said that she had spoken to her firm’s leadership: she could assure the committee that the firm had sufficient capital and its continued viability was not in question. The CEO (Tom O’Malley, one of the sharpest people I have had the privilege of working with) turned to her and observed that she was asking the company to trust her. He asked “would you accept a response like that from your client?” Let’s just say that at the next meeting, a very senior firm partner attended and provided the details and assurance the audit committee and the CEO needed.
The audit committee should demonstrate similar skepticism about the skills, experience, and quality of the audit team. They should ask penetrating questions and probe the results of inspections and quality reviews — until they are satisfied that they have a team they can trust to perform.
I welcome your views and comments.
Other reference material:
Deloitte (US) inspection report (December 2011) (PDF)
Ernst & Young (US) inspection report (November 2011) (PDF)
KPMG (US) inspection report (August 2012) (PDF)
PwC (US) inspection report (September 2012) (PDF)
Posted on Nov 14, 2012 by Norman Marks
Share This Article: