September 14, 2009

Audits V: Why did this happen to us ;-(

To summarise previous posts, what do we know? We know so far that the hallowed financial Audit doesn't seem to pick up impending financial disaster, on either a micro-level like Madoff (I) or a macro-level like the financial crisis (II). We also know we don't know anything about it (III), trying harder didn't work (II), and in all probability the problem with Audit is systemic (IV). That is, likely all of them, the system of Audits, not any particular one. The financial crisis tells us that.

Notwithstanding its great brand, Audit does not deliver. How could this happen? Why did our glowing vision of Audit turn out to be our worst nightmare? Global financial collapse, trillions lost, entire economies wallowing in the mud and slime of bankruptcy shame?

Let me establish the answer to this by means of several claims.

First, complexity . Consider what audit firm Ernst & Young told us a while back:

The economic crisis has exposed inherent weaknesses in the risk management practices of banks, but few have a well-defined vision of how to tackle the problems, according to a study by Ernst & Young.

Of 48 senior executives from 36 major banks around the world questioned by Ernst & Young, just 14% say they have a consolidated view of risk across their organisation. Organisational silos, decentralisation of resources and decision-making, inadequate forecasting, and lack of transparent reporting were all cited as major barriers to effective enterprise-wide risk management.

The point highlighted above is this: This situation is complex! In essence, the process is too complex for anyone to appreciate from the outside. I don't think this point is so controversial, but the next are.

My second claim is that in any situation, stakeholders work to improve their own position . To see this, think about the stakeholders you work with. Examine every decision that they take. In general, every decision that reduces the benefit to them will be fiercely resisted, and any decision that increases the benefit to them will be fiercely supported. Consider what competing audit firm KPMG says:

A new study put out by KPMG, an audit, tax and advisory firm said that pressure to do "whatever it takes" to achieve business goals continues as the primary driver behind corporate fraud and misconduct.

Of more than 5,000 U.S. workers polled this summer, 74 percent said they had personally observed misconduct within their organizations during the prior 12 months, unchanged from the level reported by KPMG survey respondents in 2005. Roughly half (46 percent) of respondents reported that what they observed "could cause a significant loss of public trust if discovered," a figure that rises to 60 percent among employees working in the banking and finance industry.

This is human nature, right? It happens, and it happens more than we like to admit. I suggest it is the core and prime influence, and won't bother to argue it further, although if you are unsatisfied at this claim, I suggest you read Lewis on The End (warning it's long).

As we are dealing with complexity, even insiders will not find it easy to identify the nominal, original benefit to end-users. And, if the insiders can't identify the benefit, they can't put it above their own benefit. Claims one and two, added together, give us claim three: over time, all the benefit will be transferred from the end-users to the insiders . Inevitably. And, it is done naturally, subconciously and legally.

What does this mean to Audits? Well, Auditors cannot change this situation. If anything, they might make it worse. Consider these issues:

  • the Auditor is retained by the company,
  • to investigate a company secret,
  • the examination, the notes, the results and concerns are all secret,
  • the process and the learning of audit work is surrounded by mystique and control in classical guild fashion,
  • the Auditor bills-per-hour,
  • the Auditor knows what the problems are,
  • and has integral consulting resources attached,
  • who can be introduced to solve the problems,
  • and bill-per-hour.

As against all that complexity and all that secrecy, there is a single Auditor, delivering a single report. To you. A rather single very small report, as against a rather frequent and in sum, huge series of bills.

So in all this complexity, although the Audit might suggest that they can reduce the complexity by means of compressing it all into one single "opinion", the complexity actually works to the ultimate benefit of the Auditor. Not to your benefit. It is to the Auditor's advantage to increase the complexity, and because it is all secret and you don't understand it anyway, any negative benefit to you is not observable. Given our second claim, this is indeed what they do.

Say hello to SOX, a doubling of the complexity, and a doubling of your auditor's invoice.

Say thank you, Congressmen Sarbanes and Oxley, and we hope your pension survives!

Claim Number 4: The Auditor has become the insider. Although he is the one you perceive to be an outsider, protecting your interests, in reality, the Auditor is only a nominal, pretend outsider. He is in reality a stakeholder who was given the keys to become an insider a long time ago. Is there any surprise that, with the passage of time, the profession has moved to secure its role? As stakeholder? As insider? To secure the benefit to itself?

Over time, the noble profession of Auditing has moved against your interests. Once, it was a mighty independent observer, a white knight riding forth to save your honour, your interest, your very patrimony. Audits were penetrating and meticulous!

Now, the auditor is just another incumbent stakeholder, another mercenary for hire. Test this: did any audit firm fight the rise of Sarbanes-Oxley as being unnecessary, overly costly and not delivering value for money to clients? Does any audit firm promote a product that halves the price? Halves the complexity? Has any audit firm investigated the relationship between the failed banks and the failed audits over those banks? Did any audit firm suggest that reserves weren't up to a downturn? Has any audit firm complained that mark-to-market depends on a market? Did any auditor insist on stress testing? Has ... oh never mind.

I'm honestly interested in this question. If you know the answer: posted it in comments! With luck, we can change the flow of this entire research, which awaits ... the NEXT post.

Posted by iang at September 14, 2009 03:42 PM | TrackBack

misc. past posts referencing bank modernization act repealing Glass-Steagall ... which contributed significantly to the current problem. is it possible that ALL banks will be nationalized? I need insight on the Stock Market Bernard Madoff Is Jailed After Pleading Guilty -- are there more "Madoff's" out there? Should Glass-Steagall be reinstated? 64 Cores -- IBM is showing a prototype already 64 Cores -- IBM is showing a prototype already Financial Regulatory Reform - elimination of loophole allowing special purpose institutions outside Bank Holding Company (BHC) oversigh Internal fraud isn't new, but it's news

and when there was talk about oversite of unregulated over-the-counter commodities, the same person (and his wife) were involved in the commodities modernization act ... precluding any oversight ... which resulted in Enron. In the wake of Enron, SOX was passed w/o actually addressing the underlying problem, resulting in AIG.

In earlier part of this decade, I was at conference of european financial executives and pontificated about SOX not being able to do anything about serious fraud activity (and it being the auditor full employment act).

In part what was needed were business processes that would preclude types of things that SOX was trying to catch after the fact.

One of the issues with audit was having independent sources of information and being able to compare for inconsistencies ... say looking at the books of a large number of different entities and verifying that entries for various kinds of transactions on one set of books ... matched entries for the same transactions in other books.

I liked the early ISO 9000 audits ... people were asked if what they were doing was documented and whether or not they had read and understood those documents.

Part of the current circumstances also involved entities being able to carry significant percentage "off-books". There currently is lots of hand-wringing about audit rule changes regarding having to bring all those entries back onto the books ... and the possibility that many current financial entities would then have to be declared insolvent.

Posted by: Lynn Wheeler at September 13, 2009 10:41 AM

Well. My response in the next post!

Posted by: TOdd (ontology v2) at September 17, 2009 10:12 AM

The Big Four auditors may not be catching errors and frauds at financial companies because they'd like to keep the business. Those firms Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers are too busy trying to maintain longstanding relationships and selling consulting services to raise their hands about accounting manipulation and illegal activities.

Even a retired Ernst & Young Global Vice Chairman is worried the auditors are losing focus. "I am personally worried about audit firms trying to get you to spend money with them on consulting," Roger Dunbar, now chairman of Silicon Valley Bank, told the audit profession regulator, the Public Company Accounting Oversight Board, at a recent forum on auditor rotation. "It's a risk."

Only two firms audit the four largest U.S. banks. The 20 banking and financial services institutions that pay the highest audit fees, according to Audit Analytics, spent nearly $1 billion with those vendors in 2011. Wells Fargo has worked with KPMG for more than eighty-one years. Citigroup and KPMG have been together since 1969. PwC audits Bank of America and JP Morgan, as well as Goldman Sachs, MF Global, Barclays and PNC. These five engagements accounted for more than $300 million in fees in 2011 not including additional audits of non-consolidated subsidiaries and funds, which double that number.

Posted by: Auditors Are Asleep at the Switch on Banks Risk Controls at September 25, 2016 03:30 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.