Auditors face biggest test since financial crash as Covid-19 and Wirecard rattle
Implosion of Germany’s Wirecard may prompt another attempt at audit reforms, experts say
Grafton Street in Dublin recently: Insolvent liquidations are set to spike in the coming months, particularly in the retail, hospitality and tourism sectors. Photograph: Dara Mac Dónaill
As the economy continues to emerge gingerly from a coronavirus-induced coma and companies survey the damage, many are running out of time, putting off the evil day of a dreaded exchange – with their external auditors.
Private companies whose financial year ended in December must file annual accounts with the Companies Registration Office by the end of September. But those whose reporting periods ended after Covid-19 ripped through the Republic in March face bigger issues.
Accounting bodies have warned that many companies hit by Covid-19 face the prospect of auditors issuing qualified opinions on accounts as well as challenges for directors in valuing assets and judging whether their companies can remain in business as a going concern for at least 12 months.
Many won’t make the cut. Insolvent liquidations are set to spike in the coming months, particularly in the retail, hospitality and tourism sectors, even with the State supports in place, such as the multibillion-euro stimulus package unveiled this week, according to experts such as Neil Hughes, managing partner of Baker Tilly Chartered Accountants in Ireland.
Even healthy companies will be required to provide a lot more detail in their accounts on risks, estimates and assumptions as they navigate the crisis.
“All the regulators and main network firms have issued guidance to audit firms on the additional work we need to do in our going-concern reviews and assessments. It’s coming down to much more detailed reviews of cash flow forecasts, much more questioning of management on their assumptions,” said Sinéad Donovan, financial accounting and advisory services partner at Grant Thornton Ireland.
“It’s essentially going to mean that users of financial statements are going to have to work a lot harder in interpreting financial statements and key judgments over the next few months. I’m talking about any stakeholders, be it management, employees, who will obviously see them once they’re finalised, banks, customers, and suppliers.”
The task facing auditors, the subjects of a wave of fresh rules and supervision globally in the past decade, has been made all the more difficult in the world of remote working that has thrown up issues ranging from overseeing clients’ stocktakes to having to hold difficult conversations with company directors over Zoom rather than in person.
Meanwhile, the spectacular implosion of German electronic payments group Wirecard – dubbed Europe’s Enron – last month may prompt further overhauls in Europe, according to Aidan Lambe, director of professional standards at Chartered Accountants Ireland. The scandal has put Wirecard’s auditor EY under the spotlight for failing to spot a multi-billion euro fraud earlier.
But even as the profession grapples with current problems, the ghosts of financial crisis past still haunt the Republic. Legal and professional conduct cases taken against Anglo Irish Bank’s former auditor EY and a lawsuit against Quinn Insurer’s one-time auditor PwC have yet to be heard more than a decade after the two Celtic Tiger poster kids collapsed.
“In the immediate aftermath of the 2008 financial crisis, the auditing profession appeared to avoid blame, with most of the criticism and blame directed at banking institutions, their remuneration structures and incentive cultures, financial regulators and credit rating agencies,” said Mary Canning, a former associate professor in accounting at University College Dublin, who has carried out extensive research into the ethical codes and disciplinary practices of the profession.
But as inquiries into the crisis got underway, the “role and relevance of the contemporary audit function and the level of trust that can be placed upon it began to be questioned”, she says.
In his report on the banking crisis in early 2011, Finnish academic Peter Nyberg labelled auditors “the silent observers” who failed to call out excessive property lending to regulators, as he also pointed out how bankers, politicians, regulators and the media fuelled the bubble.
KPMG, EY and PwC delivered unqualified audit reports on the 2008 accounts for the State’s six main domestic lenders and Deloitte did similar for UK-owned Ulster Bank. Yet, within months, all seven required bailouts, the Oireachtas banking inquiry report noted in 2016. The bill ultimately for taxpayers and Ulster’s parent (Royal Bank of Scotland) topped €80 billion.
Among figures to target auditors in the wake of the crash was Michel Barnier, during his five-year stint following the financial crisis as European Commissioner for Internal Markets and Services before he became the EU’s chief Brexit negotiator.
The French politician was clear from the outset that he wanted to achieve two things in reforming the audits of public-interest entities like banks, insurers and listed companies: break-up the cosy relationship between the so-called Big Four accounting firms and large companies that, he felt, contributed to the crash, and; increase competition, as businesses rarely re-tendered for audit services.
His proposals, issued in late 2011, envisaged a split between the audit business of large accountancy firms and their lucrative advisory arms, which offer consultancy services and work on large corporate deals. They also called for companies to change auditor every six years.
By the time the rules made it through the council of EU leaders and the European parliament in 2014 – and took effect two years’ later – they were heavily diluted following fierce lobbying from audit firms and large corporations. Still, Barnier would conclude that they were at least “a first step”.
His preferred option of separating audit from other functions in firms was abandoned. It was replaced with restrictions on what other services can be offered to audit clients – and a cap on non-audit income, to 70 per cent of audit fees.
While the EU audit reform rules state that public interest entities must put audit services out to tender every 10 years – compared to original proposal of six – a firm can serve out a further 10 years if reappointed.
The Republic did not avail of the option for a 10-year extension. Still, the Irish Auditing & Accounting Supervisory Authority (Iaasa) can approve an extension for a maximum of two years under exceptional circumstances.
The EU overhauls also resulted in Iaasa, previously the supervisory of accountancy bodies, taking on the direct oversight of firms that audit public interest entities.
Iaasa began to review and grade the work of these firms in 2016 and, after a few years of back-and-forth with firms, published the findings of its latest set of inspections in March. It plans to publish reports on an annual basis, making it among the more transparent reviews in Europe.
Iaasa found that 71 per cent of audits sampled across the State’s eight public interest entity audit firms in 2018 were of grade one or two, indicating audit quality of a good standard. However, 13 per cent were given a grade of four, requiring significant improvement.
EY received the lowest overall scores among the Big Four, with one of its three inspected audits scoring a grade three and others a grade two. Mid-tier firm EisnerAmper Audit, which focuses mainly on auditing special purpose vehicles that list debt on the stock exchange, fared the worst, receiving three grade fours and one grade three.
A spokesman for EisnerAmper said that, while the firm pulled out of the Irish public interest entity market last year as it could no longer justify “the scale of resources required” for the audit of such entities, Iaasa did not say that any set of audited accounts needed to be restated or audit opinions changed.
Nevertheless, the firm’s audit team is implementing Iaasa’s recommendations, he says.
Iaasa states in its 2019 annual report that it was carrying out two enforcement investigations into accountancy firms for potential breaches of the standards of their accounting bodies. The watchdog, which has the power to impose fines of up to €100,000 against an individual or as much as €100,000 per partner in a firm, declined to comment on the firms involved.
“International auditing standards have been extensively revised since 2008,” says Fergal O’Briain, head of finance and administration at Iaasa. “The changes have been pervasive, affecting every part of an audit, the governance of audit firms and the wider regulatory systems.”
O’Briain highlighted, however, that there is some evidence that companies do not appreciate the mounting requirements on auditors and that fees are being reduced as audit firms rotate.
Meanwhile, the decades-old gap between what auditors see as their role and what’s expected by the public, politicians and media remains as wide as ever.
“I think that the public want the auditing profession to be something that it’s just not. We’re not the police. We’re are just trying to ensure that management manage the financial business of companies in an appropriate manner. It is more of an oversight role, rather than a policing role,” says Grant Thornton’s Donovan.
“The auditor needs to ensure that the control environment that companies put in place is robust enough to enable management to do their job. If that’s not there, that’s where we need to call it out for the stakeholders.”
Donovan adds: “People want to be able to pick up a set of financial statements and see very clearly, yes or no, if this business is 100 per cent correct and going to last forever. And an audit is not going to be able to do that – especially in the current environment.”
The auditor’s role is to challenge the judgements being made by the directors and to make sure they are robust, says a spokeswoman for PwC. “It is particularly important that the directors clearly and succinctly explain the judgements being taken,” she adds.
For many, however, mounting regulation threatens to reduce the role of auditors to a meaningless “box-ticking” exercise, manned by technicians, and devoid of judgment.
The new management team parachuted into Dublin-based retail software provider Datalex last year, after it became the subject of an accounting scandal, found the audit process less then helpful as they tried to sort out the mess.
EY, the company’s then auditors, refused to offer an audit opinion on the 2018 accounts, citing a breakdown in controls that the company had spotted itself and disclosed.
“The audit itself is not a surefire way of detecting issues in the financial statements – but when something goes wrong, a complex audit becomes a very significant additional burden for a company that is trying to recover,” says Datalex chief financial officer Niall O’Sullivan.
“Rather than the auditors concluding by saying, ‘This is what we know and this is what we don’t know’, EY did all the audit work, at significant cost [to Datalex], and then effectively decided that they couldn’t give an opinion on anything at all.”
More generally, the wording of audit opinions have now become so complex and laden with information that “they have actually made it more difficult for a normal reader of the accounts to understand what the opinion is saying”, says O’Sullivan.
Against the backdrop of a series of high-profile collapses in recent years of UK government contractor Carillion, and retail group BHS, and the perceived shortcomings of their auditors, the Financial Reporting Council (FRC) in London has now told the UK’s Big Four accounting firms to separate their audit practices from the rest of their businesses by 2024.
“Regulators globally are aware of the FRC views on this matter and will be monitoring the changes and the impact of those changes,” says Iaasa’s O’Briain. “To date, in Ireland, this is not an area which has been identified as a change required to improve audit impact.”
The argument from accountancy firms is that such a separation would make it more difficult for the industry to attract and retain talent – and leave them unable to draw on the expertise of industry specialists in advisory when carrying out audits.
Meanwhile, the lack of competition in the public interest entity market remains a concern for many. In the Republic, the Big Four received over 94 per cent of fees from audits from more than 700 such companies last year, according to Iaasa. Smaller firms highlight the costs of being a public interest entity audit firm and tendering for big contracts that rarely come their way as barriers to taking on the major players.
“There is some evidence, globally, of reluctance on the part of companies to appoint auditors outside of the large networks,” O’Briain says, adding that Iaasa is increasing engagement with audit committees to highlight how the 2016 EU rules encourage increased completion. “Notwithstanding all of this, Iaasa’s primary focus is on ensuring that audits that are carried out are of high quality.”