Tuesday, February 10, 2009

Inside the secret world of auditing - SATYAM

PwC’s unqualified opinions of Satyam’s financial statements were materially false and misleading… as an accounting expert which consented to the use of its unqualified audit opinions, PwC is liable for the material misrepresentations or omissions…

Excerpt from a Class Action Complaint against Satyam, Ramalinga Raju, Rama Raju, Srinivas Vadlamani and PricewaterhouseCoopers filed in a US district court

After investment bankers, it’s the turn of auditors at the big four accounting firms to become the public’s favourite whipping boys, not just in India but all over the world. After PricewaterhouseCoopers’ (PwC) apparent peccadilloes in the Rs 7,000-crore Satyam fraud, the accounting firm whose brand has been present in India for over 100 years has come in for some serious pounding, globally. But even as a huge question mark hovers over the future of PwC in India, the Great Raju Robbery has succeeded inevitably in dragging the other three that make up the Big Four—Ernst & Young (EY), Deloitte and KPMG—into the mire.

Do you know

1. That two of the Big Four auditing firms entered India as management consultants

2.Indian laws don’t allow foreign auditing firms—directly

3.The Big Four’s audit work is done by local partners

4.Audit business for most is smaller than non-audit business

5.The global firms own no stakes in local units

6.Local firms can leave one umbrella and enter a rival one

To be sure, it didn’t need a fraud in India to provide an opportunity to take the accountants to the cleaners. Every accounting fraud—and there are plenty of them globally—is greeted with ridicule being heaped on this fraternity. And it’s not just restricted to the Big Four. The US arm of BDO International, the world’s #5 accounting firm (which in India has an -affiliation with Haribhakti & Co.), has to pony up damages of $521 million awarded against it for a negligent audit. A month ago, three of the Big Four—PwC, KPMG and EY—were dragged into Bernard Madoff’s alleged $50-billion fraud—they were all auditors of the feeder funds that channelled money into the accounts of Madoff’s New York brokerage. And let’s not forget Deloitte, which as the external auditor to GM in the US, was dragged into an accounting fraud allegedly perpetrated by the automobile giant. Deloitte stood accused of falsely certifying GM’s accounts—the Detroit major had apparently accelerated the booking of income between 2002 and 2006.

Along with such headline-grabbing instances of alleged misconduct, the accounting fraternity isn’t exactly adored because these pinstriped suits are perceived to live lives of extravagance—not too different from fat-cat investment bankers. What’s worse, at least from the public’s view point, is that nobody knows exactly how they make that money. Few, in fact, know about what accounting firms do, the precise role of auditors, how the Big Four function globally (they aren’t like any typical multinational operation), how they are regulated, and what else do they do besides auditing company books (plenty more, as it turns out). In the next few pages, Business Today attempts to lift the lid off the mystery that shrouds accounting firms—particularly the Big Four—and find out what makes them tick… and what makes them not tick.

Let’s start at the very beginning: How real is the global network of the Big Four? Do they function seamlessly as one firm?

The big four accounting firms are actually hundreds of firms held together with the glue of knowledge, economics and brand— or so we’re told. They operate under an umbrella brand and a global company that promotes the brand, and researches and coordinates between the member firms (as they are usually known). EY and PwC have their coordinating firm in the UK, while Deloitte and KPMG have their coordinating companies in Switzerland. There are no cross-holdings and ownership is always with the local seniors. These firms or companies—as the structure may be—are owned by partners who become co-owners or shareholders as they go on to become senior members of the organisation. These are largely unlimited liability partnerships and even if some of the firms are limited liability companies, the senior members who become shareholders are still designated as partners.

Globally, the Big Four clock almost $100 billion in revenues and employ close to 5.8 lakh people. In India they are minuscule—less than $1 billion (around Rs 3,500 crore) and employ around 21,000 people.

Other than access to methodologies, training and quality standards, as Jairaj Purandare, Executive Director, PwC, points out, the Indian affiliates get access to the firm’s global clients when they do business in India. However, the One Firm concept becomes a double-edged sword when a local affiliate is pulled up for accounting wrongdoings. For instance, PwC will have to face the heat in the US because of its Indian firm’s involvement in the Satyam fraud (that Satyam is listed on the New York Stock Exchange opens it to a string of Class Action Suits).

How does the Big four work in India?
The Indian rules, revised in the mid-1980S with an eye on the world Trade Organisation (WTO) negotiations on opening up of services, do not permit the Big Four—or any multinational audit or accounting firm—to be registered in India as auditors. So two of them—EY and KPMG—are actually registered in India as management consultants; PwC registered two firms as Price Waterhouse (PW) and Price Waterhouse & Co. back in the pre-Independence era and Deloitte had registered one firm under the name Deloitte Haskins & Sells in 1978 before these rules came into force. That may explain why the audit business of the Big Four is smaller than the rest of their operations—advisory, corporate finance and tax. Audit (assurance in accounting jargon) is conducted by local audit firms who are part of the respective networks of the Big Four (for example, S.R. Batliboi does it for EY, A.F. Ferguson and C.C. Choksi for Deloitte, BSR for KPMG and PW and Lovelock & Lewes for PwC). The chartered accountants and audit firms in India are regulated by the Institute of Chartered Accountants of India (ICAI) and, therefore, the Big Four must have as local members firms registered in the name of local chartered accountants. All the audit work is handled by the local firm, which supposedly follows global standards. The global brand is still not allowed to be used in the audit business. The ICAI, for its part, sees the MNCs’ entry into India as a backdoor one. “To go and seek auditing work as an international firm and then sign the balance sheet as an Indian firm can’t be tolerated,” says Ved Jain, the outgoing President of the ICAI. The PwC-Satyam saga is being used as a pressure point to negotiate in the WTO, a reciprocal access for Indian auditing firms to the US, the UK and to other countries in return for opening up India to the Big Four.

Audit firms in India were recently allowed to advertise their services, but they’re still prohibited from marketing their services. Audit in India is a smaller business for the Big Four. It brings in anywhere between 25 and 40 per cent of their Indian revenues. Also, these firms operate through multiple entities as the the Indian Partnership Act of 1932 doesn’t allow one body to have more than 20 partners. The new law on limited liability partnerships passed in December 2008 will ease this barrier on number of partners and clear the path for less-complicated structures.

So, what’s so special about the Big Four; Are they really superior to the others—local or global?
The big four are not as yet that big in India. However, they love to talk about their sophisticated methodologies, training systems and quality standards. And, they claim to be particularly choosy when picking clients. “Often, many clients themselves withdraw when they hear about our requirements and processes,” quips Sunil Chandiramani, Partner, EY. Adds Rajiv Memani, Country Managing Partner, EY: “There is an effective system of quality control, which includes policies, tools and procedures that are in place to support people in carrying out quality work.” But most importantly, it’s the globally recognised brand of the Big Four that Indian companies— especially those with global linkages—find more useful.

What are these practices that ensure quality in statutory audits?
Evidently, there are many. let’s begin with partner rotation: This entails that the same ‘lead engagement’ partner is not involved with the listed audit client for more than five years. With some clients, partners are rotated every three years. Then, there’s the independent partner review, whereby all audits of listed clients go through a review by a second partner; this could be followed by a ‘Hot Review’; before the audited accounts are submitted to the company’s board, many a time a quick desktop review is done by an independent technical team to check if all presentations and disclosures are appropriate. There’s also an ‘audit quality review’, or AQR, which firms like EY follow; this is a review of a large number of audits by visiting partners and senior managers from member firms worldwide, with local support.

Points out Roopen Roy, Managing Director of Deloitte’s consulting arm: “Deloitte Touche Tohmatsu’s rules, in most cases, are ahead of and exceed the standards set by the regulators.” 

From big eight to big four
A long time ago, they were the Big Eight...

1. Arthur Andersen

2. Arthur Young & Company

3. Coopers & Lybrand

4. Ernst & Whinney (until 1979,Ernst & Ernst in the US and Whinney Murray in the UK)

5. Deloitte Haskins & Sells (until 1978, Haskins & Sells in the US and Deloitte Plender Griffiths in the UK)

6. Peat Marwick Mitchell (later Peat Marwick)

7. Price Waterhouse

8. Touche Ross

… then there were six… In 1989, Ernst & Whinney merged with Arthur Young to form Ernst & Young; and Deloitte, Haskins & Sells merged with Touche Ross to form Deloitte & Touche

… which came down to five… In July 1998, Price Waterhouse merged with Coopers & Lybrand to form PricewaterhouseCoopers

….and now, they're the Big Four (So Far) In 2002, Arthur Andersen, auditors to Enron (which collapsed), was indicted for obstruction of justice (although the verdict was later overturned). This led to its country practices round the world being sold to the Big Four (mostly EY).

... who are #5 and #6? BDO and Grant Thornton are globally #5 and #6—often they switch positions. Grant Thornton is present in India through Walker Chandiok & Co. and BDO through BDO Haribhakti & Co.



So, why aren’t these practices good enough to ensure against fraud?
The favourite maxim of the accounting fraternity is: “We’re watchdogs, not bloodhounds.” ICAI’s Jain quips: “When we were young, we were taught that an auditor is someone who is groping in the dark for a cat that is not there.” Well, in the Satyam case, to paraphrase an excerpt of Raju’s confession, there wasn’t a cat but a marauding tiger at work. How did the auditors fail to catch a glimpse of it? Says Vishesh Chandiok, Managing Partner of Grand Thornton in India: “A collusive management fraud is extremely hard to detect and an audit is not planned or performed with that objective.” Agrees Tridibes Basu, Partner, S.R. Batliboi: “Fraud is particularly difficult to detect in cases where there is management override of set processes.” Jain acknowledges that the biggest challenge for the profession today is the huge gap between society’s expectation of what auditors must do and what auditors actually can do. That gap just got larger after the Satyam scandal.

So, does this mean that auditors are destined to remain toothless watchdogs?
Perhaps not, thanks to some new accounting standards and laws passed in the aftermath of colossal corporate frauds. There’s, for instance, SAS 99, a US accounting standard that came into existence after Enron went bust, and took Arthur Andersen down with it, even though the verdict eventually was that Andersen was not guilty. SAS 99 requires auditors—amongst other things—to gather information necessary to identify risks of material misstatement due to the fraud by a series of measures (like making surprise inventory checks). Along with the provisions of the US Act Sarbanes-Oxley (SOX) of 2002, SAS 99 will become more and more relevant in India, avers Vaibhav Manek, Partner, KNAV Advisors. Auditors at the Big Four reveal that they follow SOX norms when auditing the books of their global clients who’ve set up operations in India. Yet, the main criticism of SAS 99 is that many of the procedures are suggested rather than required—more watchdogish than bloodhoundish. Meantime, the ICAI has prescribed a revised standard on auditing which lists the responsibilities of auditors when it comes to fraud.

How It’s done globally
Global regulation of audits seems more stringent and independent than India’s.

US
The SEC regulates auditors in the US and appoints members of the Public Company Accounting Oversight Board under the Sarbanes-Oxley Act of 2002.

CEOs and CFOs have to certify financial statements they file with the SEC.
A company cannot have certain consulting contracts with its auditors.

The Auditing Standards Board of the American Institute of Certified Public Accountants, a representative body, issued a standard (SAS 99) in 2002 that has several requirements to help an auditor find frauds, not all of which are mandatory.

UK
The government-appointed Financial Reporting Council regulates auditors. One of its boards, the Accounting Standards Board, issues accounting standards.

Japan
The governmentappointed Accounting Standards Board regulates auditors. The Certified Public Accountants and Auditing Oversight Board is appointed by the Prime Minister with the consent of the Diet.

France
Joint audit is mandatory. So, companies have two auditors.

Belgium
If an auditor provides any permitted non-audit services to a company it audits, fees for such services cannot exceed audit fees.

India
Auditors regulate themselves through ICAI and there is no independent regulator.


How prevalent is self-regulation when there’s plenty of room for conflict of interest?
Unsurprisingly, businesses like mergers & acquisitions and valuations are the primary activities of the Big Four. Along with the taxation practice, this share of the pie is easily bigger than audit. Can these disparate businesses, which feed off the same client base, co-exist? Evidently not— not in the US, where three of the Big Four shed their consulting practice to ensure independence of the audit practice. In 2002, EY sold its consulting practice to Capgemini, PwC to IBM and KPMG to BearingPoint. Only Deloitte still holds on to its consulting arm globally. The other three have slowly re-built a consultancy business, which they claim follow strict guidelines to avoid conflict with audit. The lopsidedness of regulation in India notwithstanding, shouldn’t consulting and audit be under two different umbrellas? Such questions are greeted with plenty of clearing-of-thethroats, even as local partners at the Big Four insist that Chinese Walls separate audit from the rest. Audit clients can never be advisory clients, and vice versa. Also, there’s no law that prevents partners from becoming independent directors on boards of companies they are not auditing, although most Big Four firms say that’s a no-no. ICAI says an auditor can’t audit a company and be on its board at the same time. Ultimately, the best assurance of self regulation is the fear of reputional damage. This assurance becomes stronger as these firms expand their businesses beyond audit.

So why do many, including the ICAI, hate the big four?
It’s been a long time since the ICAI has had a big four president. there was Rahul Roy, the youngest-ever president of the Institute but he joined EY after he finished his term as ICAI president. Uttam Agarwal, the man who takes over as president of the ICAI on February 5, points out that the institute has taken action against Big Four representatives in the past. “But how much can we do? We can only impose a fine on the member— we cannot do anything about the firm since licences are given to individuals, not firms. However, now we have started mentioning the name of the firm when we impose a penalty on a member,” says Agarwal.

Agarwal is also head of the committee set up to look into the affairs of Satyam and the audit conducted by PwC. He says that during his tenure, strict action will be taken against errant members—be they from the Big Four or any other firm. PwC had two members sitting in the ICAI council when the Satyam saga broke. They voluntarily stepped out of the meeting of the ICAI Council that discussed the Satyam case. Later, Jain said he can’t bar them from the proceedings since they are elected representatives. Agarwal says: “There are certain measures that we want to introduce and one of those is rotation of auditors.” Perhaps that will go some way in making auditors less-reviled. But remember, even at its best, audits can only be an effective deterrent to fraud—never a guarantor of its absence.

No comments: