Skip to navigationSkip to content
STATE OF PLAY

The way audits work is about to change

Sonya Korshenboym for Quartz
Published Last updated This article is more than 2 years old.

When WeWork filed to go public in August, lots of people quickly flagged problems at the company. But the firm that’s supposed to watchdog WeWork’s finances wasn’t one of them.

Investors raised questions about WeWork’s losses, its shaky business model, the founder’s self-dealing, and other issues at the highly touted office-space-sharing company, but Ernst & Young, WeWork’s outside auditor, gave WeWork a clean bill of health before the filing. Auditors must tell investors if they harbor “substantial doubt” about a company’s near-term viability, but EY didn’t express any such concern, even though WeWork later had to withdraw its IPO and needed a big bailout.

EY’s oversight failure is far from isolated. All of the Big Four accounting firms have failed to catch problems at big clients whose finances they audit. KPMG didn’t flag problems at General Electric or Wells Fargo. PricewaterhouseCoopers was involved in problems at Mattel and didn’t catch revenue-booking issues at Under Armour. Deloitte has come under scrutiny over its role in auditing Malaysia’s 1MDB fund.

Those high-profile audit failures have helped put the Big Four under more scrutiny than at any time since the Enron scandal led to a major overhaul of the industry in the early 2000s. Nearly a third of Big Four audits inspected by the industry’s US regulator have deficiencies. (The regulator selects particularly risky audits to inspect, so these rates do not necessarily indicate that a third of all the firms’ audits have problems.) In the UK, the accounting industry’s problems are so glaring that officials there are considering dramatic steps like breaking up the firms.

The Big Four say they’re trying to make their audits better. They’re going through big changes that could enhance the quality of their work—or jeopardize it. They are plowing billions of dollars into advanced technology, like artificial intelligence and data analytics, that promises to help strengthen and reshape the audit. The mix of their businesses is tilting more heavily toward consulting services that shape big companies’ strategies and decisions, and they say that additional expertise helps them improve audits.

But critics contend the current problems in auditing stem from deep-seated, wrongheaded incentives in the system that new technology and pledges to do better can’t fix. They argue the shift toward consulting could make the firms lose focus on their core audit business, and entangle them in conflicts of interest that make it harder to perform tough, skeptical audits.

One thing is clear: the status quo is unlikely to hold. The auditing business is already being transformed, and the stakes are high. If investors can’t rely on sound, rigorous audits to assure that a company’s numbers are accurate, bad things happen: Errors and fraud fester, investors are misled about how healthy and well-performing a company really is, and stock prices fall when the problems ultimately come to light. Investor confidence and trust in the market dissipates. Companies find it harder and more expensive to raise money.

“We have accounting because we need some independent judgment about whether management is telling us the truth,” said Nell Minow, vice chair of ValueEdge Advisors, a corporate-governance consulting firm. Take away the reassurance that that’s the case, and “if we don’t have confidence in our financial system, it’s going to collapse.”

The Big Four insist their audit work is strong and improving. “We have, I would call it, a relentless pursuit of audit quality,” said Christine Davine, Deloitte’s national managing partner for quality, risk, and regulatory.

Table of contents

What’s broken, exactly? | Who could fix it? | Regulators fall short | The future of the audit will be steeped in tech

What’s broken, exactly?

In some ways things are better now than they were before the scandals at Enron and other companies that laid bare major financial-reporting problems and led to the demise of Arthur Andersen, Enron’s auditor. Fewer companies have inaccurate numbers now, thanks in part to new rules adopted in response to Enron as part of the Sarbanes-Oxley financial-overhaul law. Financial restatements are at an 18-year low, according to consulting firm Audit Analytics.

But accounting and auditing problems never really went away. During the 2008 financial crisis, each of the Big Four had major audit clients who collapsed or required huge government bailouts, without any warnings from the auditors that anything was amiss.

Problems are mushrooming again. At WeWork, even though Ernst & Young didn’t indicate any concerns, it soon became clear the company faced a financial crunch, and WeWork has since reported huge losses and laid off nearly 20% of its workforce. (EY hasn’t commented on WeWork.)

Under Armour is under investigation over whether it improperly shifted sales forward in time from future quarters to make its results look better—an investigation that went on undisclosed for more than two years as its auditor PwC continued to sign off on the company’s finances. Under Armour says its accounting practices and disclosures have been appropriate.

Mattel acknowledged errors in reporting its tax expenses that affected its earnings, and blamed the errors in part on the PwC partner heading its audit, who Mattel said had also violated SEC rules aimed at making sure an auditor stays independent from its clients. (PwC says it “took immediate action” upon learning of the matter, and that the partner is no longer with the firm.)

Beyond the high-profile blowups, lots of other audits have problems. The Public Company Accounting Oversight Board (PCAOB), which regulates the industry in the US, found deficiencies in 31% of the Big Four audits they inspected in 2017, the most recent year for which data are available, up from 28% the previous year.

Investors have felt the impact. GE’s stock, for instance, has lost about half its value in a little over two years since its accounting problems began coming to light, costing investors around $100 billion.

And then there’s the KPMG cheating scandal. Some KPMG partners obtained secret advance information about which of its audits the PCAOB planned to inspect, to give KPMG a leg up in preparing for the inspections, on which it had been doing poorly. In addition, some KPMG employees cheated on the firm’s internal continuing-education exams, by sharing answers with each other. Six people, including three former senior partners, pleaded guilty to or were convicted on criminal charges, and the firm paid a $50 million settlement to the SEC.

Why do these problems keep happening, despite all the efforts to prevent them?

For one thing, the industry’s critics say there’s a baked-in conflict of interest at the heart of the current auditing setup: The audit firm is hired and paid to perform the audit by the very company whose books it’s supposed to review and challenge if necessary. That discourages the professional skepticism and distance from the client that an auditor needs, they contend. You don’t bite the hand that’s feeding you millions of dollars in fees.

The big auditors’ strong push into consulting could exacerbate the problem. About 44% of the Big Four’s combined 2019 revenue came from consulting and other nontax advisory services, versus about 33% from auditing—a mix that’s been steadily tilting more toward consulting over the past several years. They see consulting as more lucrative and offering stronger growth than auditing, and some fear their eagerness to win consulting contracts could lead them to soft-pedal any criticism they might have of a company’s financial reporting.

Sarbanes-Oxley bars audit firms from providing many types of consulting to their audit clients, to prevent such conflicts from arising. But they still happen. In September, PwC settled SEC allegations that it improperly provided non-audit services to audit clients. And even with those restrictions, the potential for conflicts still exists: In the back of their minds, the firms know today’s audit client could become a future consulting client.

“All of the incentives are for turning a blind eye,” said Barbara Roper, director of investor protection for the Consumer Federation of America. “They’re paid to go easy on management.”

Nor does competition put any real pressure on the firms to change and improve. Only the Big Four have the global scope and resources to handle the audits of major multinational companies, so if a company wants to switch auditors, it has only three other firms it can go to. If one or more of those three are consulting for the company and thus are barred from taking on the audit, the choice may be limited even further.

For their part, auditors contend there’s an “expectations gap,” that investors have a mistaken impression about what auditors are actually responsible for.

Investors think auditors’ job is to find and prevent fraud, but it isn’t that simple. Auditors’ basic job is not to root out fraud but to assess whether a company’s financial statements are accurate, and auditing rules require only that auditors look for big frauds with a direct, material impact on a company’s finances. The auditors don’t have a proactive duty to look for smaller frauds or those that don’t affect the financial statements, though they must keep an eye out and flag any such frauds they happen upon.

But at least one key court ruling has suggested that auditors do have a greater responsibility. In 2017, US District Judge Barbara Jacobs Rothstein ruled that PwC had been negligent in the failure of Alabama’s Colonial Bank, one of the biggest bank failures of the financial crisis. The judge said PwC had failed to design its audits to detect fraud, and that it would have uncovered the fraud if it had simply inspected some of the documents it should have. She ordered the firm to pay $625.3 million in damages; PwC ultimately settled the case for $335 million.

“That’s their job,” Minow said. “They claim it’s not, but it actually is.”

Who could fix it?

The changes coming to auditing are being driven by a mix of regulators, politicians, executives, and technologists. Here are some of the figures who will determine the industry’s future.

Jay Clayton, chairman, Securities and Exchange Commission

REUTERS/Shannon Stapleton

While Clayton’s focus as SEC chair has been on fostering capital formation for companies, auditing is on his radar too, and audit firms and companies could have more latitude in the future as a result. In December, the SEC proposed changes that would allow audit firms to have some types of relationships with companies that are currently barred because of conflict-of-interest concerns.

Under Clayton, the SEC has also proposed exempting smaller companies from a key requirement that auditors evaluate their internal safeguards against financial errors and fraud. The move is aimed at giving small companies some relief from the burden of regulation, but critics contend audits of internal controls are needed to sniff out cases where fraud or inaccuracies might distort a company’s numbers.

William Duhnke, chairman, Public Company Accounting Oversight Board

PCAOB.org

The PCAOB, which shares responsibility with the SEC for regulating US audit firms, has been overhauling a lot of what it does under Duhnke’s direction, since he took office in 2018. The board’s yearly inspections of the big firms’ performance will soon look different. Among other things, Duhnke has said he wants the inspections to highlight what the firms are doing right on audits as well as what they’re doing wrong. Duhnke’s board is also planning to toughen the requirements for audit firms’ quality controls, and implement a long-planned permanent program to inspect audit firms’ audits of broker-dealers.

But some critics say the PCAOB hasn’t been active enough in disciplining audit firms, and that it is becoming politicized under Duhnke, a former senior Senate staff member under Republican Sen. Richard Shelby.

Lynne Doughtie, US chairman and CEO, KPMG

KPMG

Doughtie, who has chaired KPMG’s US firm since 2015, has been trying to help KPMG recover from a damaging scandal and other problems that have plagued the firm over the past few years. (At least she’s trying for the time being; she’s decided not to seek another five-year-term heading the firm and will step down at the end of June.) KPMG paid a $50 million settlement to the SEC and three former senior partners pleaded guilty to or were convicted on criminal charges in connection with a scheme to illicitly obtain secret regulatory information to help the firm prepare for its inspections. KPMG has also come under fire during Doughtie’s tenure over failing to flag problems at its audit clients General Electric and Wells Fargo.

Rachel Reeves, member of the UK’s House of Commons

REUTERS/Henry Nicholls

Reeves, an economist and a Labour Party member of Parliament from the city of Leeds for the past decade, has become one of the UK audit firms’ most prominent critics as pressure grows for a fundamental overhaul of the industry. She has chaired the House of Commons’ Business, Energy and Industrial Strategy Select Committee as it has investigated a string of accounting failures at UK companies, and in October she blasted representatives of the Big Four firms, saying they were “complicit” in those failures. “We need tougher regulation because your industry is not willing to make the changes needed,” Reeves said.

Tim Ryan, US chairman and senior partner, PricewaterhouseCoopers

pwc.com

Ryan, who has led PwC’s US firm since 2016, is trying to navigate PwC through a challenging period. In September, the firm settled SEC allegations that it violated auditor conflict-of-interest rules. Mattel has also recently cited the PwC partner who headed its audit as partly to blame for accounting errors at the toy company, and the firm failed to flag accounting questions at its client Under Armour that have had the sports-apparel maker under SEC investigation for more than two years. Ryan has also had a big influence in another way; he’s been a leader in trying to improve diversity and inclusion both at PwC and in the broader business community. (The accounting industry could use some more diversity. Though 51% of full-time employees at US accounting and consulting firms are women, only 24% of partners and principals are women, and 80% of staff at those firms are white, according to data from the Accounting MOVE Project, a coalition which tracks diversity in the accounting profession.)

The audit-firm partners and executives leading the way on advanced technology

Technology may reshape the traditional audit in the coming years, which makes people like Jon Raphael, Sherri Guidone, Hermann Sidhu, and Harry Argires especially important to the industry’s future. Raphael is national managing partner for digital transformation and innovation at Deloitte; Guidone is PricewaterhouseCoopers’ US assurance technology leader; Sidhu is Ernst & Young’s global assurance digital leader; and Argires is KPMG’s national managing partner for audit operations. All are spearheading their respective firms’ efforts to develop ways in which auditors can use technologies like artificial intelligence, data analytics, and machine learning. If all goes as planned, the technology will be able to handle much of the rote data-gathering work that auditors spend a lot of time on now, and allow for an audit to be more comprehensive by surveying all of a company’s transactions, not just a sample.

Regulators fall short

The problems with auditing aren’t all at the firms, critics say. The Project on Government Oversight, a nonpartisan independent watchdog, said in September that the PCAOB has “been doing a feeble job” in regulating audit firms, filing only a tiny number of enforcement cases against the Big Four and imposing only a tiny fraction of the penalties that it could or should have.

Some also charge that the board is becoming politicized. This fall, the SEC, which appoints the PCAOB’s members, replaced one member with a White House economic-policy aide, and put an SEC commissioner critical of financial regulation in charge of the SEC’s coordination efforts with the PCAOB. That led former SEC Chairman Arthur Levitt to publicly accuse Jay Clayton, the current chairman, of weakening the PCAOB’s independence and credibility.

Meanwhile, a whistleblower letter written by a group of current and former PCAOB employees said William Duhnke, the board’s chairman, had created a “sense of fear” at the board, according to the Wall Street Journal, with infighting and staff departures slowing the board’s work.

The PCAOB has “never been as tough as we would like it to be,” Roper said. “Now it’s being intentionally gutted.”

Duhnke defends the PCAOB’s enforcement efforts, saying the board “has placed a renewed emphasis on investigating significant audit failures.” He declined to comment on the SEC’s appointment process or Levitt’s criticism.

Regarding the whistleblower letter, he said, “The PCAOB is changing, and we recognize that there are some who are not on board with the change.” But the board “remains collectively committed to our strategic goals,” and he said he gets feedback internally to “stay the course.”

In addition, some investor advocates are concerned that the SEC may scale back a key audit protection for investors. In May, the commission proposed exempting many small companies from a Sarbanes-Oxley provision requiring that auditors weigh in on their internal safeguards—their policies and procedures aimed at preventing financial errors and fraud. That requirement has led a lot of companies to find and fix flaws that otherwise could have led them to put out inaccurate numbers.

Advocates of the change say it will relieve a burden on small companies and encourage more companies to go public. But Robert Jackson Jr., an SEC commissioner who voted against the move, said his office’s analysis showed that the companies that would be exempted were precisely those where the requirement was most crucial—where investors relied most on outside audits to assess the company.

The result of all these factors in and outside the firms, critics say, is a continued stream of flawed and failed audits and ethical lapses because there are few incentives for it to be otherwise.

“They make more money by trying less,” said Steven W. Thomas, a plaintiffs’ attorney who specializes in lawsuits against accounting firms. “The consequences of them screwing up are so that they don’t have any incentive to do a good job.”

The future of the audit will be steeped in tech

So in the face of these problems, how can audit quality be improved and investors be better protected?

For a field so focused on numbers, it’s appropriate the answer may lie partly in the realm of ones and zeroes. The Big Four are investing heavily in artificial intelligence, data analytics, and other technologies that hold the potential not just to improve audits, but to change the nature of auditing itself. KPMG, for instance, expects to spend $5 billion in the next five years on new technology and training its people to use it.

“These investments are going to help with quality,” said Jon Raphael, Deloitte’s national managing partner for digital transformation and innovation. ”We have access to just massive quantities of information that the human eye just couldn’t process.”

Technology is “one of the areas I’m amazed and excited about. I actually think it’s revolutionary,” said Julie Bell Lindsay, executive director of the Center for Audit Quality, which represents public-company auditors.

For instance, the new technologies will automate and speed up a lot of the dreary but necessary rote work of an audit. Drones can count a company’s inventory; a legion of auditors won’t be needed to do it. Machine learning can scan thousands of pages of lease documents or software contracts where the information an auditor needs is “unstructured”—not organized in a standardized way, but strewn throughout text or images or videos—and strip it out in a fraction of the time a human being would take.

EY says a pilot project using AI and natural language processing to analyze documents and contracts reduced processing time up to 90% and increased accuracy by up to 25%. The firm says the technology is now being rolled out on a wider scale. That can free up auditors to spend more of their time on challenging issues that require human evaluation and judgment, rather than on routine labor, and in theory thus make the validation of a company’s numbers that much more reliable.

The speed also allows an audit firm to look more comprehensively at a company than it ever could before. Audits are typically performed by checking just a sampling of a company’s transactions; a big company might have billions of transactions, so auditors couldn’t possibly review them all. But a computer can, and so it has the capability to unearth errors or other problems in transactions that otherwise no reviewer might have looked at.

AI can see patterns in data that a human auditor might miss. Did the company book an unusually high volume of sales just before a fiscal quarter ends, which could inflate its results? Was a transaction approved by an unexpected person, or entered into the system at an odd time, which might suggest fraud? AI can flag situations like that for an auditor to take a closer look.

The firms are using predictive analytics to estimate what a company’s numbers should look like in theory. Then, if the actual numbers are too far from that, it might be flagged for further scrutiny. Auditors now can also “scrape” publicly available data off the internet that can bear on how a company is perceived, and use that to assess its potential future prospects and risks.

On one occasion, Deloitte used software trained to assess online sentiment to detect trends pointing to negative sentiment about a client’s products in some social-media activity it had scraped. That enabled Deloitte to have a discussion with the company about potential product returns and reserves.

The technology is changing how students learn to be accountants, too. “We are changing our curriculum as fast as we can to stay ahead,” said Michael Shaub, an accounting professor at Texas A&M University. His program’s class in financial statement analysis is now built around analytics. Students are “learning to scrape data, they’re learning how to write code.”

The changes could go beyond simply making audits better. In theory, blockchain technology holds the potential to dramatically change the audit altogether, because it aims to validate a company’s transactions and ensure they haven’t been tampered with, the same way an auditor does. The audit won’t go away, but by making information more reliable, blockchain could take over some of the more basic audit work. Auditors may shift toward real-time monitoring, and attesting to and verifying a client’s use of blockchain itself.

Because of advanced technology, “I wouldn’t be surprised if five years, 10 years from now at the most, auditing is going to be a different activity,” said Daniel Goelzer, a former PCAOB member and interim chairman.

But no one expects technology to be a cure-all, or to push the human element out of auditing entirely. “The core skill set and value of the auditor, it’s critical thinking, it’s subjective judgment, it’s the ability to be skeptical,” Lindsay said. “Those qualities can’t be replaced.”

Beyond technology, the PCAOB has taken some modest steps to require auditors to tell investors more about what they find during audits. A new rule now requires auditors in the US to tell investors about “critical audit matters” or CAMs: the “things that keep them up at night” about a company’s finances which are especially challenging or complex. At both Apple and Microsoft, for instance, auditors have indicated that complex tax issues not fully resolved with regulators were CAMs. (A similar requirement is already in effect in many other countries.)

Observers have a multitude of other ideas for improving auditing. Some believe auditors should be evaluating matters beyond the financial statements, like a company’s tailored, customized measures of earnings, or its environmental, sustainability, and governance practices. In a December white paper, the Center for Audit Quality said investors increasingly rely on such information, and auditors are “well positioned” to weigh in and assist them.

John Coffee, a securities-law professor at Columbia University, thinks shareholders should take a bigger role in choosing a company’s auditor, instead of simply ratifying the choice of the company’s audit committee as they do now. “I think there are many firms that would need a closer look.”

Then there are the blow-it-all-up-and-start-over ideas that would change the process or system itself. The UK is considering splitting up a firm’s auditing and consulting businesses, to reduce the potential for conflicts and spur competition.

In the end, both technology and institutional reforms may have to play a part to fix the audit. “Tech in and of itself isn’t a cure for anything unless you know how to use it and want to use it,” said Jack Ciesielski of R.G. Associates, an accounting-research firm. “Just because it exists doesn’t solve the problem.”

“We tried the traditional approach and it didn’t work,” Roper said. “We need to be thinking much more fundamentally about how you change the incentives.”