The PCAOB hasn't published pandemic period audit inspection results yet but PwC promises nearly zero defects

PwC was in the hot seat after results deteriorated for 2019. But overnight improvements in audit inspection results are not that easy to achieve.

In our teaching case, Corruption in the Auditor Inspection Process: The Case of KPMG and the PCAOB, we asked students to reflect on the dramatic improvement in KPMG’s Public Company Accounting Oversight Board inspection results from 2014 to 2015:

Did any other firm exhibit dramatic improvement in inspection results in a short period? Should the regulator have been suspicious of a sudden and dramatic improvement in KPMG’s PCAOB inspection deficiencies rates from 2014 to 2016? How might it be explained by some action other than cheating?

Source: Data from PCAOB Inspection report results via its website. From 2004 to 2009 the PCAOB did not disclose how many engagements were inspected for each firm so no percentages can be calculated. The figure for PwC for 2020 is the firm’s own prediction. The 2020 PCAOB reports have not yet been published.

The audit industry regulator selects a sample of the largest firms’ audits to inspect on an annual basis, based on confidential risk factors not a random sample. The PCAOB, and the SEC, are likely thrilled to see any of the firms’ improved deficiency rates after a period of “red zone” results, since it might imply the regulator’s actions and comments and suggestions and advice are helping the audit firms and, therefore, improving audit quality outcomes for issuers and, in the end, investors.

SEC officials and PCAOB board members meet with the firms frequently and met repeatedly with KPMG executives during the period the firm was under the most scrutiny. Wes Bricker, SEC Deputy Chief Accountant at the time and now PwC’s Vice Chairman of US and Mexico Audit, testified for the prosecution at the March 2019 trial of KPMG’s David Middendorf’s that senior officers from the SEC’s Office of Chief Accountant met — in the period leading up to the revelations regarding the KPMG-PCAOB scandal —at least three times with KPMG executives — without PCAOB officials present— to discuss problems arising from the PCAOB inspections of their audits with the purpose of emphasizing “the importance to them of increasing quality and addressing the inspection results.”

We [i.e. OCA] have meetings with CEOs of each of the major [audit] firms from time to time.

Former PCAOB Board member Jay Hanson testified at Middendorf’s trial that he believed the PCAOB inspections had a “gotcha” mentality, that is inspectors were interested in just finding problems not in improving audit quality of audits they inspected. That’s why he and another PCAOB Board member, Jeanette Franzel, met with KPMG separately more than once to help the firm get out of trouble with the PCAOB. Franzel at first denied she had participated in the meetings, then provided a statement to me when I reported that both Hanson and Middendorf had testified she had been present at Hanson’s side meetings with KPMG. My reporting was prompted by EY naming Franzel to its Independent Audit Quality Committee after her PCOAB tenure.

Wes Bricker testified at Middendorf’s trial that based on his meetings with KPMG as Chief Accountant he believed KPMG’s ALL issue was fixed by the end of 2016. Defense attorneys successfully used this statement and a statement by SEC Chairman Jay Clayton after the indictments were announced in 2018 to argue that the SEC believed the scandal had no impact on the SEC’s ability to protect investors. As a result, the PCAOB’s Jeffrey Wada and Middendorf were not convicted of the charge of defrauding the SEC.

Q. You were asked some questions about February 2017. I want to move you forward to January 2018, at the time the charges in this case were publicly announced. The Commissioner of the SEC issued a press release at that time, correct?

A. Chair Clayton issued a statement, yes.

Q. I want to direct your attention to Commissioner Clayton's statements about reliance on audit reports by KPMG. The third paragraph, starting on the second sentence, please. If you could read the rest of that paragraph, starting with "Based on."

A. "Based on discussions with the SEC staff, I do not believe that today's actions against these six individuals will adversely affect the ability of SEC registrants to continue to use audit reports issued by KPMG in filings with the Commission or for investors to rely upon those required reports."

…Q. Did there come a time where you resolved the issue as to how KPMG was auditing the allowance? A. So as I --

Q. That is just a yes or no. Did your office become aware that that issue was resolved with KPMG?

A. I became satisfied that SAB 102 didn't require amendment nor did the Commission's guidance require amendment.

Q. I think I wasn't clear in my question so let me try again. The discussions with KPMG about how it was auditing the allowance, those have been ongoing, correct?

A. Those have not continued.

Q. When was the last discussion you had about how KPMG was auditing the allowance with KPMG, if you recall?

A. I don't recall specifically. It was probably in 2017.

Q. OK. And so do you recall when in 2017?

A. I don't recall specifically.

Q. So as of 2016 -- A. Yes.

KPMG partners had learned in advance, via former PCAOB inspectors Brian Sweet and Cynthia Holder who had come over to work at KPMG in early 2015, which engagements would be inspected by the PCAOB. Senior partners in the firm’s National Office created a stealth process to take advantage of this information and actively review and alter audit workpapers to head off any criticisms from the PCAOB inspectors. KPMG saw an immediate improvement in their results after barely one year of using the stolen PCAOB inspection data. 

KPMG then had the nerve to ask for a pat on the back for improving the results, even though they knew the improvement was based on cheating. From the Middendorf cross-examination:

Q. Mr. Middendorf, the top of this document says "PCAOB meeting with KPMG representatives." Do you see that? A. Okay, yes.

Q. September 29, 2016. If I can direct your attention to the second bullet point there. Do you see your name listed there? A. Yes.

Q. So you attended a meeting with the PCAOB September 29, 2016, right? A. Yes, I do recall that.

Q. Tom Whittle attended too? A. Yes.

Q. Judge Holmes? A. Yes.

Q. Now if we could go to page 4 of this document. If we could zoom in to the second bullet point from the top. Mr. Middendorf, here it says, "One example of success is related to our auditing of allowance for loan losses. This was an area with the highest number of deficiencies. Can we utilize root cause analysis to identify significant remedial actions to improve auditor performance?" It then goes on to say, "This includes substantial training, implementation of an invasive risk-based monitoring and support program." That was the reason given in this meeting for an improvement in ALLL. Do you see that? A. Yes, I do.

Q. Below that it says, "And the results have been terrific. During the past two years we have seen a very significant reduction in the number of issuers in part 1, and in 2016 all ten issuer banks inspected participated in the monitoring program and received no comments in our historical areas of deficiencies in testing complex aspects of the allowance."

Q. These comments here, there is no reference to doing better in allowance for loan losses because you did reviews in 2016 based on confidential information, right? A. No, it does not say that.

Q. That is not something that was volunteered at this meeting, to your recollection, right? A. No, it was not.

Q. It didn't say you had gone back in the workpapers, edited them after you got advance notice? A. No, it does not say that.

Q. Instead, you're saying your internal programs is the reason you do well in these inspections, right? A. I certainly believed the internal programs we had put in place were having a positive impact on the results in the ALL program, or in the ALL audits.

Q. Mr. Middendorf, if you didn't think you did anything wrong in 2016, this was your opportunity to tell them, hey, I think we improved because we went back in after we got advance notice, right? A. No, we did not say that.

Q. You chose not to share that with the PCAOB, right? A. Correct.

Q. That was a conscious, deliberate decision, right? A. I don't think I made a conscious, deliberate decision in preparing for that meeting to not do that, but we did not do that.

Q. You did not want them to know, did you? A. No.

Should the PCAOB and SEC have been more skeptical of a dramatic improvement in performance in a short period of time, given the nature of audit processes and the time and effort it takes to change methodology and habits in a larger firm? Regulators maybe should become concerned if deficiency rates improve too quickly because it may suggest that inspection teams are missing things or being too lenient. In KPMG’s case it was because someone had advanced notice of the engagements selected for inspection and of the areas to be scrutinized.

Graduate accounting students were assigned the KPMG-PCAOB teaching case in a class I taught over the summer and some had a related question: How does Deloitte sustain such low deficiency results on its inspections from 2012-2019 compared to the other Big 4 firms? Are there lessons for the PCAOB and other firms to learn from the firm’s approach?

It wasn’t always this way for Deloitte. In October of 2011 the PCAOB published a private portion of the inspection report of Deloitte’s 2006 audits. I wrote, “Bankers, Beware of Auditors Who Blow Off Their Regulator,” for American Banker:

Deloitte has been playing an unprecedented game of chicken with its regulator. Until a few years ago, the largest audit firms typically responded to the annual PCAOB inspection reports, and the young agency’s “nitpicking,” with at most a polite “Thanks, but we disagree.” In the inspection report for its 2005 audits, issued in June 2007, Deloitte had simply disagreed with two findings and suggested some comments not be included in the final report.

In December of 2007, shortly after the fieldwork for the review of 2006 audits wrapped up, the PCAOB fined Deloitte $1 million for violation of PCAOB rules and auditing standards when reviewing the financials of Ligand Pharmaceuticals. The regulator also sanctioned the partner on the audit. The firm was ordered to improve its quality control policies and procedures. In spite of this sanction, the only one of its kind directed by the PCAOB at a Big Four auditing firm, Deloitte began to dispute the board’s inspection criticisms and protest the regulator’s “second-guessing.”

Under Sarbanes-Oxley, Deloitte had until May 19, 2009 to show a good faith effort to address concerns and fix the defects cited in the nonpublic portion of the final report for 2006. When presented with a draft of the PCAOB’s report on the firm’s 2006 audits, Deloitte bristled. “We believe that reasonable judgments should not be second-guessed and therefore disagree with a number of comments,” the firm told the regulator in April 2008.

The same specific criticisms of Deloitte’s conduct and judgments in 2006 show up in subsequent inspection reports for its 2007 and 2008 audits: misapplication of generally accepted accounting principles and auditing standards; failures to identify departures from GAAP and a material weakness in an issuer’s internal controls. Yet when responding to the PCAOB’s 2007 inspection report in March 2009 – little more than a month before the deadline to correct the 2006 audit deficiencies – Deloitte again refused to accept the regulator’s criticisms. This time the media caught wind of the disagreement. Deloitte not only repeated the “second-guessing” accusation, the firm even admonished the regulator for making some of the criticisms public. “We believe such observations should not be included in the final report,” Deloitte wrote.

The firm’s chief executive for the U.S. admitted in its 2010 report “Advancing Quality Through Transparency” that the PCAOB had again privately criticized similar quality-control shortcomings during inspections of 2007 and 2008 audits. In addition, internal Deloitte reports described more than 475 reprimands to staff and partners in 2009 for infractions such as not following policies on auditor independence.

The PCAOB’s decision to make the 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.

In November 2013 the PCAOB did publish Deloitte’s Part 2 quality criticisms pertaining to the PCAOB’s 2008, 2009 and 2010 inspections of the firm. However, between the PCAOB’s 2011 inspections and 2012 inspections Deloitte somehow got its act together, stopped publicly sparring with the PCAOB and improved its inspection discrepancy percentage from 42% to 25%. The firm has never gone over 30% since and is now below 20% for the last two years. What is Deloitte doing right?

Let’s step back a minute and talk about the incentives for the PCAOB as a new regulator at that time and as one under siege right now. The PCAOB is incentivized to report audit deficiencies to demonstrate its value to the capital markets, to “earn its keep.” That’s the “playing gotcha” accusation that former PCAOB board member Jay Hanson was talking about, and that some KPMG partners thought was true.  

However, the PCAOB is, at the same time, disincentivized to have any large firm or all the largest firms report serious deficiencies or ongoing deficiencies in a particular focus area over and over again. Why? That might suggest the regulator’s inspection process and its other regulatory initiatives such as standard-setting and enforcement are ineffective or have plateaued in their effectiveness.

In the first ten years or so of the PCAOB’s existence, the largest firms were cited over and over for a high percentage of deficiencies and serious audit deficiencies that consistently showed up in only a few key focus areas. The largest firms were constantly encouraged, and then admonished, to focus on improving their systems of audit quality control.

That effort should have included performing detailed and comprehensive root cause analyses for these chronic deficiencies. Root cause analyses of both audit deficiencies and of positive audit quality events was expected to improve the firms’ abilities to appropriately remediate systemic issues. However, implementing the appropriate processes for root cause analyses is always in development at the various firms due to unique cultures, huge costs, and high staff turnover.

As soon as KPMG’s cheating was exposed in 2017-2018, its improved inspection results went in the toilet again, hitting 50% again in 2017 once the cheating crutch was removed, then 37% in 2018, before hovering just below 30% for 2019. During the cheating years, KPMG was not focused on learning how to audit better but instead on simply improving PCAOB inspection scores. The indicted KPMG partners’ admitted goal was not to improve overall quality but to game the inspections and improve those results only. That was clear based on the final words of Thomas Whittle’s attorney Nola Heller at his sentencing:

And, you know, ironically perhaps it was Tom's commitment to success at his job that led him down the wrong path in this case. As the Court has noted in the other sentencings, the defendants here were not motivated by the desire to make money, but instead by the drive to do better on their PCAOB inspections.

Which brings us to today, as we anticipate the PCAOB reports for its 2020 Big 4 firm inspections. We’re anxious to see the impact of COVID-19 on the 2019 calendar year audits. That’s after the 2019 Big 4 inspection reports, made public by the PCAOB on December 17, 2020, delivered mixed results. Via Bloomberg on February 2, 2021:

Deloitte LLP maintained high marks on its annual regulatory inspections for the second year in a row, while the largest six audit firms as a group continued to show improvements in meeting U.S. audit standards. Just six of Deloitte’s 58 audits picked for inspection in 2019 contained violations, consistent with its results from 2018. Competitors KPMG LLP and Ernst & Young LLP each improved over their 2018 results while PwC LLP lost some ground, according to inspection results the Public Company Accounting Oversight Board released publicly on Tuesday.

Inspectors found deficiencies in 18 audits completed by PwC, also known as PricewaterhouseCoopers, or roughly 30% of the engagements reviewed—an increase from the 14 audits with violations the year before…PwC and KPMG each had clients that restated their financial reports as a result of inspection findings. The two firms, plus EY, also had to revise their opinions on the effectiveness of clients’ internal controls as a result of the inspections.

PwC’s US audit leader Wes Bricker gave an interview to Accounting Today in January, 2021 to respond to the firms poor 2019 results and then he predicted the firm’s performance on the 2020 inspections that were just wrapping up.

I’m thrilled with the progress that we’ve made, but I also know that the progress is not over.  Quality has been our first priority. That is reflected in the results. We’ve made significant progress on improving our inspection results.

The PCAOB inspection cycle having recently been completed, and our own internal inspection cycle also having been concluded, I feel really good about the progress we’ve made. Only one engagement of the 52 that were subject to inspection being included in part 1.A, that reflects a number of steps we’re taking to enhance our assurance work.

Industry critic wasn’t buying it totally.  

You can’t blame us for being skeptical about Wes’s prognostication given that PwC auditors did poorly on 18 of the 60 audits inspected in 2018, for a failure rate of 30% in its 2019 report

If that ends up being true, PwC will hold the record for the all-time lowest deficiency rate among the Big 4 at a measly 1.7% and possibly the only single-digit failure rate ever… But given that PwC has included in interviews, in print, and in videos this new high bar in audit quality, we have no reason to believe Bricker and PwC are pulling these numbers out of thin air. Bricker has too good of a reputation in accounting circles to be lying about it.

PwC then released its “2021 Audit Quality Report,” in August and went even further to respond to the criticism and double down on its prediction for the 2020 report results. The report explains its efforts and expected results and why the PCAOB’s results can be taken with a grain of salt.

As the PCAOB has stated publicly, the audits they select and the portions of those audits they review are not done to identify a representative sample statistic that can be extrapolated accurately to a portfolio of audits. As a result, the findings cannot be used to draw conclusions about the frequency of deficiencies throughout the portfolio. The PCAOB’s approach is designed to be weighted towards targeting items of interest to their regulatory purposes, such as audit areas relating to recently issued standards. There are inherent differences in the purpose and methods used by the PCAOB to select audits for inspection compared to that used for our internal inspections.

PwC’s report did include a caveat to go with its prediction. It says PwC was talking about the results since January even though it was August and it had not yet received a draft version of the 2020 report.

I will admit I missed all this earlier this year. My interest in Bricker’s prediction was piqued when I heard him make make it on September 9, 2021, in a written statement for the SEC’s Investor Advisory Committee meeting.

As one measure of outcomes, we anticipate only one of the 58 PwC audit engagements that were subject to inspection in 2020 being included in Part 1.A of the PCAOB’s inspection report.4 Audit quality is an ongoing journey and requires our commitment to continuous improvement. This anticipated achievement also demonstrates that investments we have made in quality have positively impacted the results of the 2020 inspection of 2019 year-end audits.

Then Bricker explains that there is no one definition of audit quality.

The first lesson over time relates to how one defines audit quality. PwC provides a definition in our audit quality reports. Our firm’s definition is among several that are available. There are different definitions available in academic literature. The U.S. Government Accountability Office has a definition.5 The PCAOB’s former Standing Advisory Group developed a definition.6 None of these definitions are mutually exclusive, but their focuses on audit quality are different. The statement made by the U.K. Financial Reporting Council in 2006 still holds true today: “There is no single agreed definition of audit quality that can be used as a ‘standard’ against which actual performance can be assessed.”7

I asked Daniel Goelzer, a retired partner at law firm Baker McKenzie and former interim chairman of the PCAOB, if he had ever heard of a firm making such a pre-emptive announcement about regulatory findings.

I am not aware of any firm previously making a public statement about its inspection results before the PCAOB made the report public. I thought it was a bit risky to make a public statements in January. Aside from the risk of something changing and the statement turning out not to be correct, the PCAOB may feel that it is the Board's prerogative to announce inspection results through the release of the report and the Board members probably had not yet reviewed or approved the 2020 report last January. Saying it again now, nearly nine months later in September may mean PwC got no pushback earlier and is confident the result won’t change.  

Dr. Colleen Honigsberg, an Associate Professor of Law at Stanford Law School who also has a PhD in Accounting, was a panelist with Bricker at the SEC IAC meeting. She told me:

I've never seen a pre-announcement like that before, but I can't say it surprises me. Given how delayed those 2020 results are, I assumed the results were completed some time ago but haven't been released yet---leaving those of us on the outside to speculate as to what's going on internally at the PCAOB.

Former SEC Chief Accountant Lynn Turner, also a panelist at the IAC meeting, had a suggestion for the PCAOB given PwC’s announcement:

When the PCAOB releases inspection results confidentially to a firm, and the firm publicly announces them, the PCAOB should be required to immediately publish the inspection report and provide it to investors. To do otherwise, clearly indicates the PCAOB is working for auditors, not investors.

I was interested in the substance of Bricker’s announcement given our prior experience with sudden dramatic improvements or deterioration of Big 4 firms’ inspection results. Professor Honigsberg agrees it is unusual.

I was very surprised when Wes Bricker said PwC would only have one discrepancy noted in Part I. I've never seen a drop like that in one year for a Big 4 firm, nor did I expect to.

Lynn Turner is doubtful about the reasons for a drop but, as always, tries to be optimistic.

Given the PCAOB’s total lack of transparency with its inspections and reports in the past, a dramatic drop in deficiencies found likely is either the result of a firm’s audit quality improving or the inspection process going “soft.”  Given the recent removal of PCAOB board members and chair, one might lean to the latter conclusion while hoping otherwise.

A significant improvement by PwC may be an unexpected result for one firm but a significant improvement for all firms, if that is what the official reports say, would signal a very unusual result for the PCAOB inspection process overall. Either way, a root cause analysis of the phenomenon is required.

One possibility is that the PCAOB, and SEC, may give all the firms a break on their 2020 and 2021 inspections because of the challenges of financial reporting and auditing during the pandemic. The SEC and PCAOB have not been clear on what adjustments were being made by issuers and audit firms to accommodate fully remote audits and subsequent remote PCAOB inspections.

During a period where public companies have been highly vulnerable to material misstatement and fraud, could the SEC, and a broken PCAOB, have decided to give public companies and the auditors a pass for two years? I hope not.

Finally, there is the question of when we’ll know the official 2020 inspection results. Wes Bricker himself explained what’s normal, when he testified in the trial of KPMG partner David Middendorf:

So, technically the reports are not yet late. There is no firm schedule and there have been periods where the publication schedule was erratic, such as after the KPMG-PCAOB scandal. These are extraordinary times for many reasons. Dan Goelzer reminds us:

If the reports aren’t published by October 1, less than 10 days from now, there will be only one serving board member remaining. That board member could authorize issuance of an inspection report, although it seems problematic to me.

I am not aware that the issue has ever been addressed but I think there is a concept of the "rule of necessity" which, in some circumstances, permits agencies to act even if their membership has fallen below the normal quorum level. However, I think it would be hard to stretch that idea to a one member Board.

SEC Chairman Gary Gensler announced he would seek to replace all the PCAOB board members and then fired Chairman Bill Duhnke in June. That left the PCAOB with an interim chairman and two more active members who resigned recently, effective October 1. It’s not clear when the new Board members will be selected or installed.  Lynn Turner and Jane Adams, a former Acting SEC Chief Accountant, wrote to Gensler Sept. 17:

We are concerned about the PCAOB. The politicization of the selection process for Board members raises serious concerns about the role and ability of the PCAOB to assure high quality, professional, independent audits. Consequently, the risks to the financial system are increased and investor protection is undermined.

I asked the SEC for comment about Bricker’s comments and how the latest reports would be approved. A spokeswoman responded, “The PCAOB is the appropriate contact for your inquiry.” I asked the PCAOB for comment about Bricker’s comments and the timing and process for approval of the 2020 reports. A PCAOB spokeswoman declined to comment.

I asked PwC for comment about Bricker’s comments and about how PwC did it, assuming that the result turns out to be as he predicted in January and last week. PwC’s statement is provided here:

As evidenced by publicly available webcasts on the SEC website, our publicly available 2021 Audit Quality Report and published media articles, PwC has been consistent with all communications regarding our most recent PCAOB inspection report results:  PwC anticipates only one of the 58 2019 PwC audit engagements that were subject to inspection being included in Part 1.A of the 2020 PCAOB inspection report.

PwC’s understanding of the final result is consistent with the PCAOB’s inspection and reporting process. PCAOB inspections are an open process, between the Board and the respective firm, that gives us visibility into the various steps in the process. We have the same access to our inspection process as all other firms being inspected do. 

We’re proud of our audit quality journey, and we feel it’s important for us to discuss where we are in that journey today. The investments we’ve made in quality have had a positive impact on the 2020 inspection results of 2019 audits, and we continue to discuss these improvements to provide stakeholders with a transparent, up-to-date account of this data point given its relevance to audit quality. We are proud of our teams’ continuous commitment to improvement and are excited to share the preliminary results of those efforts.

© Francine McKenna, The Digging Company LLC, 2021