A brazen disregard for public duty: PwC's latest auditor independence mess
Not hard to figure out who the complicit audit client, now business partner, is. But the PCAOB, and SEC, can't be shocked by this virtual insanity. Regulators keep treating it like spilled coffee.
Back in August of 2007, less than a year after I left PwC in October 2006, I wrote in my legacy blog, re: The Auditors, about the Big 4 and business alliances:
When I was with PwC, I was on a team called “PwC the Client” that performed internal audits of the Firm itself. Far from being “your father’s internal audit” team, one that did reviews of only travel and entertainment expenses, we actually attempted to do real operational and compliance audits.
Unfortunately, without saying too much out of respect for my former colleagues and the requirements of confidentiality, I have to say we didn’t go as far as I had hoped we would. It’s tough to establish a real internal audit process (one like we recommend to our clients) in a Big 4 firm, a partnership, since the targets are other auditors. In particular, it’s tough to have Big 4 partners as your “Client,” guys who often have a sense of insularity, entitlement, and lack of perspective that causes them reject criticism, especially from anyone who isn’t a “lifer”.
One area that requires greater scrutiny by all of the Firms’ internal audit and compliance functions is business alliances. This issue is a landmine for any of the audit firms. E&Y lost the privilege of taking on new clients for six months because of their lack of care over who and how they aligned with PeopleSoft, were cited for a foreign affiliate that was too close to BAAN, and lost an important client in American Express related to this issue.
The bottom line is that, in my opinion, the Big 4 develop alliances, an otherwise powerful marketing and service delivery tool for consultants, like a bunch of…
How should I phrase it???
Like a bunch of accountants.
PwC has gotten much better at it in the last 20 years.
In 2008 and prior, the PCAOB explicitly told the firms it would review its independence policies when it looked at the "eight functional areas" to identify "possible defects in the Firm's system of quality control and, where applicable, to update the Board's knowledge of the Firm's policies and procedures in the functional areas."
Included was review of information concerning "the Firm's existing business ventures, alliances, and arrangements, as well as the Firm's process for establishing such enterprises."
b. Review of Independence Policies
The objective of the inspection procedures in this area was to evaluate the Firm's policies and procedures for compliance with the independence requirements applicable to its audits of issuers. To accomplish this objective, the inspection team reviewed the Firm's policies, procedures, and guidance; reviewed the Firm's monitoring of compliance with its policies and procedures; reviewed information concerning the Firm's existing business ventures, alliances, and arrangements, as well as the Firm's process for establishing such enterprises; interviewed certain National Office personnel regarding the Firm's independence policies, practices, and procedures; and, for a sample of the audits reviewed, tested compliance with the Firm's policies and applicable independence requirements.
This paragraph no longer exists by 2009 and then afterward. The PCAOB substituted a very brief mention of independence policies within a general quality control description. Then this past year it established a separate section devoted to the both PCAOB identified and firm self-identified "instances of potential non-compliance with SEC rules or instances of non—compliance with PCAOB rules related to maintaining independence."
Not surprisingly this deemphasis has led to complacency, plausible deniability, and multiple new instances of egregious violations of auditor independence across the board, by Big 4 firms, next-tier firms, smaller firms, and auditors of broker-dealers (who seem to have still not gotten the message they are required to comply with SEC independence rules not AICPA more lax ones).
At PwC alone we have a guy who managed to break the rules 19 times in 15 clients in just five years and, also at PwC, the case of audit client Mattel, which called out the engagement partner for independence violations when it announced a delayed restatement. The SEC settled an enforcement action against Mattel but the SEC administrative action against Joshua Abrahams, who did leave PwC finally, is currently stayed but for discovery pending the Supreme Court review of Jarkesy. Neither the SEC nor the PCAOB came after PwC for the Mattel independence violations.
Not surprisingly, too, the introduction of PART I.C: INDEPENDENCE in the most recent PCAOB inspection reports was pooh-poohed by the largest firms, which claimed that independence issues were no more than "foot faults" and documentation issues.
Stephen Foley at the Financial Times:
PwC, Deloitte and EY all said that they had looked into each violation and concluded there were no cases in which the independence of an audit was actually compromised. A person familiar with the situation at PwC said one example was the spouse of a staffer holding a cash balance on payments app Venmo while PwC was auditing Venmo’s parent company PayPal.
Deloitte said the most common instances of non-compliance were “related to financial relationships and employment relationships of approximately 145,000 professionals monitored”.
“I would characterise them as technical violations,” said Dennis McGowan, vice-president of the Center for Audit Quality, which represents large US accounting firms. “These firms are big, with a lot of people in them, and they have put in the controls and systems to track people’s compliance, which is why these are almost always self-reported items.”
And yet in its inspection report published on December 17, 2020, the PCAOB was forced to make public PwC's audit quality control weaknesses related to independence that the firm had not remediated in a year. That is, more than 12 months prior to the publication of the report, the PCAOB had brought these issues to the firm's attention but PwC had not yet fixed them as of December 17, 2020:
Policies for Financial Holdings Disclosures
The inspection results indicate that the firm’s system of quality control does not provide reasonable assurance that the firm and its personnel will comply with the firm’s policies and procedures with respect to independence-related regulatory requirements. (QC 20.04, .09, and .10)
The firm conducts periodic audits of a sample of its personnel to monitor compliance with certain of its independence policies. In the audits conducted during the twelve-month period ended June 30, 2019, the firm identified that 24 percent of the managers who were audited had not reported financial relationships that were required to be reported in accordance with the firm’s policies. This high rate of non-compliance with the firm’s policies, which are designed to provide compliance with applicable independence regulatory requirements, provides cause for concern, especially considering that these individuals are required to certify on an annual basis that they have complied with the firm’s independence policies and procedures.
It turns out that during approximately this same period —the twelve-month period ended June 30, 2019 — PwC was committing another even more serious auditor independence violation that exploited its deficient "quality control policies and procedures".
From the PCAOB's press release dated March 28, 2024:
The PCAOB found that PwC’s quality control policies and procedures were deficient because they did not provide reasonable assurance that the firm’s personnel would timely consult with qualified individuals or refer to authoritative literature or other sources when dealing with certain complex, unusual, or unfamiliar independence issues.
These deficiencies came to light in 2018, when numerous PwC leaders and partners failed to consult with PwC’s Independence Office or conduct other appropriate independence analysis as PwC explored the possibility of terminating its audit relationship with an issuer client to allow for a joint business relationship (JBR) with the client.
PwC did not raise the JBR‑related discussions to its Independence Office – or perform an appropriate analysis of PwC’s independence in light of those discussions – until PCAOB investigators raised questions about PwC’s independence from the issuer.
This case is very close to my heart, since it is exactly the kind of risk I tried to warn PwC it was exposed to if it did not get a handle on rogue partners in Tax, and what was left of Advisory after selling most of it to IBM in 2002. These assertive partners were setting up business alliances without checking with National Office. Even then, nearly 20 years ago, there was a team that was trying to keep track of business alliances in a database, and there was a process that partners knew they were supposed to follow. That's because the business alliance independence rules were not new, but there were additional services you could not provide if you were the auditor post-SOX.
That is what I was checking compliance with at PwC in 2005-2006 — both the compliance with the process and the process itself. Tax partners were the most aggressive even then!
Keep reading with a 7-day free trial
Subscribe to The Dig to keep reading this post and get 7 days of free access to the full post archives.