This article was first published in the April 2018 UK edition of Accounting and Business magazine.

The FBI, billions of dollars, a raid, contradictory testimony, custodial sentences and a bench verdict that cuts to the heart of the audit profession. It sounds more like a thriller than real life. 

But in fact this is about a legal case, concerning one of the ‘largest and long-lasting bank frauds in American banking history’, and auditor PwC’s failure to spot, among other things, a bunch of fake (or, more precisely, real but valueless) mortgages at the now-defunct US financial institutions Colonial Bank and Taylor, Bean & Whitaker. 

The details of the case of FDIC v PriceWaterhouseCoopers LLP are complex. The Alabama Federal judge dismissed five claims but found against PwC on a sixth, holding that it had failed to design the audit to detect fraud and that this amounted to professional negligence, despite the auditors having been misled. It is currently unclear if PwC will appeal, but the issue that has been discussed many times in the past arises once more: should auditors be responsible for detecting fraud?

For some vocal investors, the ruling is good news – at last, an indication that someone in the establishment supports the active protection of shareholders. Stephen Thomas, lawyer for the plaintiff, took it further, emphasising that auditors’ duty to the ‘investing public’ was becoming ‘more and more clear’. 

Defenders of the profession have responded that the verdict is an inappropriate overreach that will have many negative consequences – not least an expansion of professional liability that could mean that audit firms are the financial backstop for the fraudulent misdemeanours of clients. A US$1m job could mean a US$10m fine. 

The case has thrown into urgent relief the gulf between auditors who want to limit liability and investors who want to know that a ‘clean’ company isn’t about to go bust. But what to do?

It’s certainly possible to argue that there may be middle ground between clean audit opinions and absolute certainty that there has been no corporate foul play. The audit profession, which has been implementing changes intended to improve audit quality, says more legislation isn’t the answer, citing complexity, increased costs and slower turnarounds. This puts the spotlight on discussions between auditors, regulators and shareholders in their efforts to find something that works better for users since, as former head of audit at KPMG, Scott Marcello, says, ‘it’s not that much of a leap to say that other organisations will figure out how to provide assurance’.

Indeed, many large audit firms have responded by developing or buying technology that allows them more time to test the riskiest areas in more detail. One challenge is that efforts like these can go unnoticed by users of accounts. The firms been talking about top tech for a few years, and they’ve been talking about rebuilding public trust for over a decade, but it is a difficult case to prove.

But does the bar need raising? Andrew Gambier, head of audit and assurance at ACCA, says the profession is looking hard at how to meet public expectation. ‘The vast majority of organisations don’t have material frauds, and it would add significantly to the time required to undertake the audit – and therefore to the cost of undertaking the audit – to require auditors to search exhaustively for fraud on every engagement,’ says Gambier. ‘For most of those audits, that would be a wasted cost.’

‘Some critics of audit, with the benefit of hindsight, say they wish auditors had picked up on fraud. But they do not yet seem prepared to increase the cost of every audit and to delay every set of financial statements to find fraud prospectively.’

The cost of bridging the gap

In addition to ACCA research into audit quality (see page 36), Gambier points to the report Banishing Bias, in which ACCA identifies that the concept of ‘professional scepticism’ exists within auditing standards to encourage auditors to operationalise objectivity. ‘However, cognitive biases affect all of us because we’re human,’ says Gambier. 

‘Some complaints that auditors are insufficiently sceptical may be motivated by bias. So it won’t always be possible to bridge the expectation gap, or at least not without significant cost. Are investors prepared to bear that cost?’

Perhaps, then, the bar is high enough, and the in pari delicto dismissal of many of the claims brought against PwC reflects this. One specific claim suggests that the bar was indeed high enough but PwC just fell short on a number of counts. In fact, testimony from the trial stated that if PwC had asked to see even 10 of the files containing the underlying loan documents, ‘the jig would [have been] up’. In the words of Sridhar Ramamoorti, a member the PCAOB’s Standing Advisory Group, the problem is not an ‘information scarcity’ but an ‘attention scarcity’.

One thing is for certain: the Big Four know how to effect change. Areas for exploration on raising the bar could include doing that just for bank audits. The firms could also up the pace of technological change or innovations in people and project management on engagements.

If the focus also turned to what drives fraud – the behaviours, environments and patterns that make it likely – auditors might be less likely to miss ‘multi-year, multi-faceted and multi-billion’ frauds. Unless, as they seem to say, the bad guys will always be three steps ahead.

Ann Maudsley, journalist