When bosses at the top four audit firms were asked by Parliament last week whether they were happy with the quality of the audits they were performing, only one could bring himself to say yes.
And his firm, PwC, was fined a record amount last year for how badly it reviewed now-defunct department store BHS’s books.
It’s a stark assessment of one of the least glamorous but most important roles in finance.
If you are a UK company with more than £10.2m of sales or £5.1m of assets, you usually have to have an auditor. If you don’t, the government can force one upon you.
There are about 5,600 smaller registered auditors in the UK, but auditing of large businesses is dominated by the so-called big four firms: Deloitte, EY, PwC and KPMG.
And these big four have come in for criticism over their failure to spot warning signs at collapsed businesses such as construction firm Carillion (audited by KPMG) and BHS (PwC).
This has resulted in the Competition and Markets Authority proposing a major shake-up of the industry, as well as the big four bosses’ appearance in front of MPs on the Business, Energy and Industrial Strategy (BEIS) Committee.
An audit is effectively a test of a company’s accounts on a sample basis, says Simon Mott-Cowan of H W Fisher, a smaller auditing firm.
For a smaller business, a few auditors will spend a few weeks on site at the client firm, plus a few weeks of planning, reviewing and writing up their final assessment. Exact timings depend on how complicated the business is.
Auditors can demand access to anything and everything they need, which may involve an entire backup of a company’s accounting system, says Mr Mott-Cowan.
These numbers are tested by sampling transactions. How much you sample depends on how complicated the business is, he says, and judgement must be used.
Since accounts cover a year, and some things companies do last more than a year – like building projects, or being sued – sometimes estimates must be made. This is another area for judgement and one where an auditor and a company boss may clash.
An audit goes through several stages, from planning, to gathering the necessary information, testing and then a number of layers of review.
The best information can often come from outside the firm, says Mr Mott-Cowan. A bank letter tells you “interesting things” including all loan and deposit balances, but you have to know which bank to go to, he says.
Another big area, and the thing most investors will at least glance at in their report, is whether the auditor sees any reason why the company wouldn’t survive the next year.
“When I sign off that audit report as part of the process, I’m actually signing off to say that I think there is no issue with that entity continuing to trade for the next 12 months,” says Mr Mott-Cowan. “If I’m not confident of that we would mention it in the audit report.”
These concerns are more and more common. Partly that’s down to the economy, he says, but also because regulators have become more interested in this area. “Over the years there’s been more emphasis on [whether a business is a] going concern.”
So where has it all gone wrong?
Last year, PwC was fined a record £6.5m for its failed audit of BHS. It signed off on the health of the retailer days before it was sold for £1.
In 2017, it was fined £5.1m for its poor audit of fellow auditor RSM Tenon and £5m for its audit of collapsed property services group Connaught.
KPMG, EY and Deloitte bosses all agreed they were unhappy with their firms’ performances when asked in Parliament last week, while Kevin Ellis, chairman of PwC UK, would only say “we can always improve”.
‘Did you just forget?’
A bone that two MPs on the select committee were keen to pick was with the auditors’ alleged failure to follow rules on rubberstamping dividends. Money paid out of a company must be very carefully accounted for and auditors must say if firms have been following the law.
Firms including Domino’s Pizza and Carillion were among those that had admitted to or were found to have paid dividends when they shouldn’t have, said Labour MP Peter Kyle.
“When we look at the example of Domino’s Pizza, £85m of unlawful payments were made in a 16-year period,” he said.
“Did you just forget the capital payments rules or did you ignore them?” he asked EY UK chairman Steve Varley. “It can only be one of the two.”
‘Complicit in fraud?’
“We are and have been” complying with the law, Mr Varley said, but added: “We are not lawyers.” He declined to talk further about Domino’s, saying it wouldn’t be appropriate.
Conservative MP Antoinette Sandbach went further: “Where’s the challenge to the audit committee to check that the company has been complying with the law? And if you are not exposing that, then you are complicit in fraud, aren’t you? On the shareholders?”
The accounting chiefs who spoke up in the hearing insisted they were compliant with the law.
What disappoints Tim Bush, head of governance at the shareholder lobby group Pirc, is the sweeping power auditors have and don’t appear to be exercising.
According to the law, an auditor can request any information needed from any employee. If information given is knowingly or recklessly false or deceptive in something important, that can land you in prison for up to two years and with a fine.
But with so many substandard audits, why has nobody been jailed? “The reason they don’t invoke this power is it’s confrontational,” says Mr Bush.
‘You have a duty’
In practice, if things are this bad, a relationship will already have broken down far beyond repair, says Mr Mott-Cowan.
Although that’s not to say other things won’t go wrong.
“You’ve seen what happened recently where people have said the auditor is at fault for various things. You have to make sure you have the backup of your audit files to substantiate the opinion you have arrived at.
“You have a duty if you spot something to take it forward, absolutely. But you aren’t going to find everything.”
The BEIS Committee will hold further hearings this week on the future of audit.