The Public Company Accounting Oversight Board (PCAOB) has released (May 4, 2010) its 2009 inspection report for Deloitte & Touche, LLP, and Deloitte’s response. The PCAOB is charged, under the Sarbanes-Oxley Act of 2002, with inspecting each of the largest audit firms each year, as well as smaller audit firms (with public company clients) once every three years (see Note A).
As a basis for this report, the PCAOB inspected aspects of 73 Deloitte audits, and finds 15 significant deficiences, for an apparent error rate of 21% (later on I’ll show that this is not a true error rate). In sharp contrast to its reaction to previous inspection reports, Deloitte says only, “We have evaluated the matters identified by the Board’s inspection team for each of the Issuer audits described in Part I of the Draft Report and have taken actions as appropriate in accordance with D&T’s policies and PCAOB standards.”
What of the 21% error rate? The Big 4 Alumni blog opines, ” a 20% error rate … we would think is quite high. Imagine that one of every five audits randomly selected and signed off by one of the largest accounting firms on the planet has purported errors.”
Does this mean that 21% of Deloitte’s audits are materially defective? No. I contend the error rate is closer to 30%, but there is no evidence to support this contention. [For comparison purposes, Arthur Andersen's error rate in 2000-2001 was waaaaaaaay over 50%, in my opinion.] The purpose of PCAOB audit firm inspections is to improve auditor quality (formative feedback) and not to evaluate the worthiness of that quality (summative feedback).
CFO reporter Sarah Johnson interviewed esteemed Charles Niemeier (PCAOB member) in 2007. A portion of the interview is relevant, because at the time the PCAOB did not reveal the sample size.
Johnson: What is the logic in not revealing how many issuers are looked at for each Big Four firm?
Niemeier: In my view, it’s not a relevant figure and in some respects could encourage misleading, superficial comparisons between firms. The PCAOB does not use a predetermined number of audits to review in planning for its inspections. Nor do inspections look at any individual audits in their entirety. Rather, inspections cover targeted sections of audits based on the PCAOB’s assessment of audit risks at each firm.
Niemeier specifically says that the inspection reports should not be used to rate audit forms on quality:
Johnson: What is the true intention of releasing the reports publicly (besides it being a requirement)? It seems natural that people want to read them to grab a takeaway about their firms’ performance. Should they not use the reports that way? Why not?
Niemeier: The point of releasing reports publicly is to comply with the Sarbanes-Oxley Act’s instruction that the board release portions of its reports “in appropriate detail,” subject to a number of confidentiality restrictions. One of those restrictions prohibits the board from disclosing quality-control defects or criticisms unless the firm fails to remediate those defects or criticisms within one year. This is a powerful incentive for firms to remediate, and reflects a legislative judgment that reports should be used as a tool to drive quality improvements inside firms as opposed to a ratings system for public use.
The take away: it is conceivable that undiscovered and/or unreported errors exist in the 73 audits inspected. Moreover, the 21% is not generalizable because it is a relatively small sample. Deloitte’s problem audits most likely were not inspected, because the PCAOB does not want to be perceived as a cop.
Most importantly, the PCAOB does not intend to second guess any of Deloitte’s audit opinions. For its part, Deloitte says that these did not produce any erroneous audit opinions (but then, what do you expect them to say).
So, is this report good news for Deloitte? I think so. The errors cited are not alarming for the most part. Also, we are given no indication as to how frequently these errors occur. Near the end, three catch my eye and would concern me if they routinely occur in Deloitte audits:
Issuer M The Firm failed to perform adequate audit procedures to test the fair value of an embedded derivative liability at year end.
Issuer N The Firm failed to sufficiently test revenue and cost of goods sold.
Issuer O The Firm failed to identify a departure from GAAP that it should have identified and addressed before issuing its audit report.
But, we have no way of knowing how frequently these errors occur.
This is a major deficiency of the enabling legislation, the Sarbanes-Oxley Act of 2002. It does not call for the type of inspections that could do financial statement users any good (a big reason why Congress should not write financial or regulatory legislation). The focus on is improving audit firms and their opinions, and not on helping investors to assess the relative effectiveness of those audits. For that we must rely on an evaluation of audit firm litigation. Unfortunately, there are so many confounding variables that assessing audit quality through litigation is very problematic.
Note A: Specifically, if an audit firm has 100 clients classified as SEC reporting companies, it must be inspected annually. For 2009, ten audit firms were so designated: BDO Seidman, LLP; Crowe Horwath LLP; Deloitte & Touche LLP; Ernst & Young LLP; Grant Thornton LLP; KPMG LLP; Malone & Bailey, PC; McGladrey & Pullen, LLP; PricewaterhouseCoopers LLP; Tait, Weller & Baker, LLP.
Debit and credit – - David Albrecht