On September 24, 2009 the Public Company Accounting Oversight Board issued a report on the first year of implementation of Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements (AS No. 5).

The report is based on PCAOB inspections that examined portions of approximately 250 audits of internal control over financial reporting (ICFR) by the eight largest domestic registered audit firms in 2007 and 2008. In the Spring of 2008, the SEC sent their dog, the PCAOB, to hunt firms who were not implementing Auditing Standard 5 in their clients.

Some regulatory background is necessary to understand the tangle of standards auditors must address in the age of the PCAOB. Although I’m typically hard on the firms, I do sympathize with the sheer volume (and lack of timely, definitive effective dates) of pronouncements, drafts, practice alerts, special projects, and requests for comment that auditors of public companies must contend with. It’s one of the reasons why I wince every time I see the long list of firms registered with the PCAOB. Most of them are not auditing more than 100 public companies, get inspected by the PCAOB only every three years, and undoubtedly have a hell of a time maintaining the necessary technical expertise, experience, and research capabilities necessary to audit one public company let alone a few or any that are reasonably complex.

In March 2006, the Accounting Standards Board (part of the AICPA) issued a suite of eight risk assessment standards as part of a joint project with the International Audit and Assurance Standards Board (IAASB) to update and align their risk assessment requirements. The PCAOB’s interim auditing standards consist of generally accepted auditing standards, as described in the ASB’s Statement of Auditing Standards No. 95, as in existence on April 16, 2003, to the extent not superseded or amended by the Board. As a result, the ASB’s 2006 risk assessment standards are not included in the PCAOB’s interim standards.

I know. Makes me dizzy.

On October 21, 2008, the PCAOB proposed changing its auditing standards related to the auditor’s assessment of, and response to, risk. In general, the PCAOB’s proposed standards are consistent with the ASB’s proposed standards. Auditing Standard 5, implemented on June 12, 2007, was intended to improve implementation of the provisions of the Sarbanes-Oxley Act of 2002 relating to audits of internal control over financial reporting (ICFR).

This month’s PCAOB report on Auditing Standard 5 says:

“Risk assessment underlies the entire AS No. 5 audit process, including the identification of significant accounts and disclosures and relevant assertions, the selection of controls to test, and the determination of the audit evidence necessary for a given control…the inspectors’ review of the firms’ implementation of AS No. 5 focused on the following areas:

• Risk Assessment,

• Risk of Fraud,

• Using the Work of Others,

• Entity-Level Controls,

• Nature, Timing, and Extent of Controls Testing, and

• Evaluating and Communicating Deficiencies.”

I’m going to summarize the findings of the PCAOB report and highlight a few areas that impact the business of the firms. Get a cup of coffee and make yourself comfortable. We’ll be here a while.

In general, the report tries to balance each mention of areas for improvement or deficiencies with a pat on the back and a reassuring hug first. The PCAOB tries to convince us that most of the auditors performed as expected. However, we’ve come to expect the soft touch from a regulatory body made up of former audit firm professionals. The PCAOB is also currently missing quite a few leaders. More importantly, given the range of firms and the number of audits inspected, there’s something negative to say about each of the components reviewed.

Some findings are particularly interesting in light of the financial crisis and the failures of the audit firms to prevent, mitigate, or warn shareholders and other stakeholders of the risks these companies were facing and the catastrophic result of ignoring or hiding them either through negligence or fraud.

Risk Assessment

Probably the most important area for review was the auditors’ success at risk assessment. The PCAOB inspectors found instances where the auditors failed to adequately assess risk for certain relevant aspects of the audit.

“The auditors failed to identify certain components of an account or certain locations in a multi-location environment that presented different risks of material misstatement of the financial statements than other components of the same account or other locations, respectively. They also failed to evaluate both the qualitative and quantitative factors when determining whether to perform tests of controls at a location…”

Why? There’s an unhealthy emphasis on numbers in the auditing process – strict materiality guidelines, sample sizes, and rigid formulas applied to every aspect of the methodology and audit approach. Less emphasis is placed on qualitative factors or judgment. It’s not easy to apply judgment or use experience and industry, global or general economic knowledge when you’re a 24-year-old second-year associate and you’ve never met the engagement partner or any subject matter expert.

Qualitative factors are so much harder to document as evidence, too. How do you scan and tickmark 20 years of experience and many times over seeing the same tricks pulled by management? Longer, more detailed analyses of strange data, reports detailing the history of a foreign location and higher fraud risk, doubts about a new system implementation, uncertainty and tension due to multiple management changes, repeated previous internal audit deficiencies are boring and suck up precious budget hours. No time. No inclination.

The PCAOB inspectors also report that auditors are having a hard time identifying all of management’s relevant assertions when developing their risk assessment. Relevant financial statement assertions are those having meaningful bearing on transactions, accounts, and disclosures. Why is it important that an auditor gets them right? They are the fundamental basis for defining scope of activities (and budget).

An auditor should perform substantive procedures (tests) for all relevant assertions related to each material class of transactions, account balances, and disclosures. That means not neglecting to test the most important assertions even if controls appear strong. Even seemingly effective controls can be compromised due to the constant threat of management override and the inherent limitations of internal controls. In the end, the auditor’s assessment of risk is judgmental. It can never be sufficiently precise to identify all material risks of misstatement so more important assertions with larger risk of misstatement must be tested, and that takes time and money as well as competence and objectivity.

The PCAOB also mentions that there is a general lack of focus on IT throughout the risk assessment process. They later raise additional issues related to IT risk and controls when using the work of others and when determining the timing, nature and extent of testing.

I’ve written about the IT audit issue for the Big 4 many times before:

• Lack of sufficient technical staff at clients as well as on audit teams,
• Pressure on fees,
• Dominance of the financial audit practice in engagement leadership,
• Organizational challenges for the IT audit and risk teams within the audit firms,
• Lack of involvement of most CIOs in Sarbanes-Oxley work and the external audit except by default, and
• Tendency to use inquiry and observation rather than substantive procedures for IT testing.

All of these issues contribute to the failure of audit teams to consider the effects of deficiencies in pervasive controls such as information technology general controls on the risk assessment. Therefore, the scope of tests that are conducted is limited for all the wrong reasons.

Risk of fraud

Fraud is one of the most contentious issues I write about. It’s happening more and more and in bigger and bigger ways and, yet, the audit firms standard public relations position (and legal defense) is, “We are not responsible for finding fraud.” The “We were duped” defense is probably the most professionally embarassing, irresponsible, and self-serving excuse the auditors use for abdicating responsibility for their public duty to shareholders. I’ll keep pushing it because it is their duty to both identify risk of fraud and adjust their audit scope and methodology accordingly in order to mitigate this risk and uncover fraud whenever possible.

The PCAOB, SEC and AICPA support this contention, even if the firms use their lawyers to avoid their responsibility whenever possible. In this report, the PCAOB again tells us that the nature, timing, and extent of auditors’ tests of controls were, in some cases, “not sufficiently responsive to an identified fraud risk because auditors either failed to alter the extent of testing in areas of greater risk, or they failed to identify and test compensating controls when the controls identified and tested did not completely address the identified risk.

“The inspectors also observed instances where auditors either did not evaluate all the relevant processes of the company’s period-end financial reporting process or did not appropriately test the design or operating effectiveness of controls to address the risk of management override.”

Using the Work of Others

When it was originally adopted, Auditing Standard 5 was intended, in the PCAOB’s own words, to focus the auditor on the matters “most important” to internal control, eliminate “unnecessary procedures”, simplify and shorten the standard by “reducing detail and specificity”, and make the audit more scalable for smaller and less complex companies.

“Considering and Using the Work of Others” superseded AU sec. 322 and the direction currently contained in AS No. 2 regarding using the work of others.

High auditor (and other fees) required to meet Sarbanes-Oxley requirements was the major complaint of the business community. Most fees paid to audit firms increased substantially after Sarbanes-Oxley, with the justification by the audit firms being the additional work required by AS No. 2. AS No. 5 was intended to reduce the extra work and therefore the higher fees of the Big 4 audit firms attributed to Sarbanes-Oxley.

I predicted that the audit firms would use this new provision to take on more work themselves, skirting the independence rules in order to put more of the Sarbanes-Oxley work into the internal control review bucket under the external audit. A lot of companies spent a lot of time and money trying to get the work done internally and expecting the Big 4 firms to eventually accept it and mitigate their effort and fees. But, until recently, the firms just wouldn’t do it.

Under AS No. 2 the audit firms interpreted the standards very strictly. They continued to do so for as long as possible under AS No 5. This was partly due to their desire to do as much work and reap as much of the fee as legally possible, the “share of the wallet” concept. This was also due to concerns about liability. Finally, in early 2008, their clients, pressured themselves by the economic downturn, took the upper hand. The auditors’ ability to fight the scope reduction demands was limited by economic reality and losses of clients due to failures, takeovers, and the bailouts. They started to cut their overbloated rolls and then were hard pressed to push for more given staffing constraints, especially in the IT audit arena.

As a result, this report describes several instances where PCAOB inspectors saw further opportunities for the auditors to use the work of others when the assessed level of risk was lower, including when testing certain system reports and application controls. These audit firms were probably trying to hold on to as much as they could.

In other instances, probably in larger issuers, the inspectors observed instances “where the extent of the auditor’s use of the work of others to reduce the auditor’s own work was greater than was appropriate under AS No. 5 considering the level of risk associated with the control being tested (e.g., in the area of controls over journal entries, which generally would be considered higher risk because of the risk of management override or other risk of fraud).”

Given the presence of other Big 4 firms as internal audit co-sourcers and pressure from clients to use the work of their finance and internal auditors to cut costs, I expect the auditors became reluctant to question qualifications of internal staff or professionals from another Big 4 firm. Inspectors observed certain instances where auditors, “performed few or no procedures to assess the competence of the others relative to the task being performed, or they did not adequately assess the objectivity of the others, particularly where the work was performed by company personnel other than internal auditors.”

Finally, “get it done and get it over with” type pressures probably resulted in limited discernment of who or what to retest and how much. The inspectors also “observed numerous instances where the extent of the auditors’ retesting of the work of others was seemingly unrelated to the risks involved (e.g., a uniform approach to retesting of 20 percent of the controls tested). “

Entity-Level Controls

The control environment sets the tone of an organization and has a huge influence on the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure to all activities.

“In evaluating the design of the entity’s control environment, the auditor should consider the following elements and how they have been incorporated into the entity’s processes:

a. Communication and enforcement of integrity and ethical values.

b. Commitment to competence.

c. Participation of those charged with governance.

d. Management’s philosophy and operating style.

e. Organizational structure.

f. Assignment of authority and responsibility.

g. Human resource policies and practices.

For example, management’s response to internal control deficiencies communicated in prior periods may relate to one or more of the aforementioned elements, such as commitment to competence or management’s philosophy and operating style…The auditor should obtain sufficient knowledge of the control environment to understand the attitudes, awareness, and actions of those charged with governance concerning the entity’s internal control and its importance in achieving reliable financial reporting. In understanding the control environment, the auditor should concentrate on the implementation of controls because controls may be established but not acted upon. “

Unfortunately, the PCAOB inspectors found that in some instances:

“…auditors did not evaluate entity-level controls beyond those associated with the control environment and the period-end financial reporting process. (Inspectors were told in certain cases that the auditors did not evaluate other entity-level controls because the issuer had not done so.)

Some auditors identified entity-level controls that appeared to be designed to operate with a high degree of precision, but failed to obtain sufficient audit evidence of their operating effectiveness. There also were instances where the auditors identified and tested entity-level controls and found them to be designed and operating with a high degree of precision, but did not alter their tests of process-level controls in response to that assessment.

There also were situations where auditors inappropriately reduced their testing of process-level controls based on reliance on entity-level controls. In certain of these instances, the auditors failed to consider the precision with which the entity-level control addressed a relevant financial statement assertion. In other instances, the auditors determined that the entity-level control was not operating at a level of precision sufficient to address the risk related to a relevant financial statement assertion, yet they nonetheless reduced the testing of the process-level controls for the relevant assertion.”

It looks like there was generally a “precision” problem. Control precision describes the alignment or correlation between a particular control procedure and a given control objective or risk. A control with direct impact on the achievement of an objective (or mitigation of a risk) is said to be more precise than one with indirect impact on the objective or risk. The inability to discern level of precision and the impact on testing seems to be a training issue and, perhaps, a direct result of the level of professional assigned to perform these high level, critical assessments. The subtlety of the “precision” component is lost on too junior or inexperienced professionals.

Nature, Timing, and Extent of Controls Testing

After completion of the risk, fraud, and controls assessment activities, including identifying relevant assertions and determinations of the precision with which entity-level controls are operating, it’s time to test. Unfortunately, as I have seen in engagements I have been involved in, the actual testing often doesn’t correlate well with the voluminous spreadsheets and matrices developed in the earlier phases intended to tell professionals what to test, how to test, and to what extent to test certain controls.

How does this happen? Inadequate engagement management, inadequate supervision and review of work, changes in personnel, poor team communication especially when changes occur, fatigue, and rushing at the end which forces professionals to ignore all instructions, do what they have time/energy/inclination to do, and then retro-justify the decision by fudging the documentation.

The result is PCAOB inspectors noting that “in certain cases, the auditors did not consider the assessed level of risk when selecting controls to be tested, or the controls selected were not designed to address the risk of misstatement to the relevant assertion(s).

In particular for IT general controls, segregation of duties controls, and application controls over authorization, disconnects between what auditors intended to do and what and how the tests actually get done occur quite frequently, in my experience. The PCAOB inspectors observed situations where auditors “failed to test a relevant control appropriately or, in some cases, at all. For example, inspectors observed instances where the auditors’ testing of controls over financially significant applications was dependent on appropriate segregation of duties, but the auditors did not test to determine whether appropriate segregation of duties existed.”

Similarly, in some instances:

“…the auditors tested certain controls without testing the system-generated data on which the tested controls depended; the auditors did not test controls over applications that processed financially significant transactions, including important manual spreadsheets; or the auditors observed evidence of review and approval controls (e.g. management signoff evidencing review and approval) without testing the design or operating effectiveness of management’s controls.”

“In some instances, the auditors did not obtain service auditors’ reports (SAS 70) related to controls at outside service organizations, or the auditors failed to perform procedures related to the necessary user controls identified in the service auditors’ reports.”

I have written before about the SAS 70 issue and the fact that it has been neglected in most Sarbanes-Oxley initiatives given the number of companies that have little or no centralized control over this process. It’s one of those things, like disaster recovery and business continuity, that hardly anyone does well, an “elephant in the room” type vulnerability for most companies.

“Inspectors also observed instances where the evidence gathered by the auditor was insufficient to support a conclusion that the controls were operating effectively, yet the audit team relied on the supposed effectiveness of those controls to reduce the scope of other audit procedures. For example, inspectors noted instances where the operating effectiveness of higher-risk controls was tested solely through inquiry and observation, which are tests that ordinarily produce less audit evidence than other tests, such as inspection of relevant documentation or re-performance of a control. In other instances, auditors did not test the completeness of the population from which items were selected for testing. Inspectors also observed instances where the extent of audit procedures was similar for both lower- and higher-risk controls.”

Evaluation of Deficiencies

Finally, when all the work is done, the auditors count up the various deficiencies, categorize them, group them, and combine them to determine if one or several become significant deficiencies or material weaknesess. The categorization of a control deficiency depends on whether there is a reasonable possibility that a company’s controls will fail to prevent or detect a misstatement and the magnitude of the potential misstatement. This exercise is the source of much discussion, first within an issuer’s own Sarbanes-Oxley team, separately within the external auditors team based on their work, then in joint meetings where the two compare their lists, discuss discrepancies, and resolve disagreements via negotiation and horse-trading to come up with the agreed upon list of deficiencies and their severity.

Inspectors observed some instances, that auditors, “inappropriately based their conclusions about the severity of control deficiencies solely on the materiality of the identified errors in the financial statements. Also, some auditors failed to consider relevant risk factors when evaluating the severity of identified control deficiencies. In addition, there were instances where the auditors did not consider whether certain control deficiencies identified through using the work of others, in combination with other identified control deficiencies, constituted a material weakness in controls.”

In some instances, “the compensating controls that the auditors identified and tested were not sufficiently precise or did not operate effectively to mitigate the risks associated with the identified deficiencies. In addition, the inspectors observed that “certain auditors’ required communications of identified control deficiencies to management or the audit committee were incomplete.”

When push comes to shove, the auditors are always in a position of deference to the Audit Committee and/or client management. If their incompetence, inexperience, and unwillingness to challenge technical and industry practices doesn’t do them in, their lack of objectivity and close relationship with management in service to keeping their big fees does. Granted, in rare instances, auditors do resign or let themselves be fired because of standing their ground. But by that time the situation is so bad, their potential liability so great, it scares the hell out of both sides and bodes ill for the shareholder. Ironically, it’s the next auditor, and there’s always one willing to step in even in the messiest of situations, that typically forces the client to do what the other may have been trying to do for a while.

Is audit firm rotation, like auditor signatures on reports and greater transparency of audit firm financials the way to force more much needed audit firm and auditor accountability right now?

Photo Source

I joined several of the leading bloggers in the securities litigation and SEC enforcement world — including Kevin LaCroix (The D&O Diary); Tom Gorman (SEC Actions); and Lyle Roberts (The 10b-5 Daily) — hosted by Securities Docket’s Bruce Carton for what promises to be lively and entertaining event.

My slides are here.
Bruce Carton has his summary here.

Here’s a replay of the webcast:

I got an email from Jim Peterson of Re: Balance yesterday afternoon. He poked at my comments about auditors and subprime lawsuits. He’s concerned about my use of the word “immunized” which, I guess, has special meaning for lawyers.

• Auditors immunizing from most subprime suits by claiming, “assertions of fraud are unjustified against those who were doing their best under circumstances that were exceedingly difficult…” The Michael Young defense.

“The notion of auditors being “immunized” from suit trips all over the practical fact that once a complaint survives motions to dismiss (which as Kevin noted, is going in plaintiffs’ direction lately), the likelihood of eventual settlement is overwhelming, and cases do not go to trial. The count since the 1995 “reform” act (big joke) is I think fewer than 10 in all — only a couple involving auditors…”

We spoke this morning and he is preparing a post for tomorrow that responds to the webcast.   I clarified my “immunized” comment this way:

“I was talking about the “so far” effectiveness of shills like Michael Young of Wilkie Farr and other proxies for the audit firms and their interests like the Center for Audit Quality. They use their advisory panel memberships, conference speaking gigs, and the mostly naive mainstream media to put forth the theory that the auditors do not, can not, should not question their clients business strategy and therefore cannot be held responsible also for the spectacular failures that have occurred.  

So far, and that’s a big “so far,” legislators, regulators, the press, and most of the plaintiff’s bar (with the exception of Steven Thomas, Stuart Grant, and a limited number of others) are  unwilling to kick the tires hard on the “We tried hard,” and the “We were duped,” and “We are separate and equal member firms who have no control over each other…” defenses. Their reluctance is sometimes borne of laziness to dig into the details and try to understand complex topics and other times due to entrenched, traditional loyalties. Steven Thomas, for example, is on his own because according to the interview in American Lawyer, his former firm, Sullivan Cromwell, did not want to go up against audit firms even though he proved it could be done very well.”

Still coming is my exclusive interview with Steven Thomas post-BDO verdict.  I alluded to a few of his comments in the webcast. Stay tuned for the full text next week.

In the meantime, if you’re interested in auditor related trials, there’s an interesting one going on again in Florida that’s being webcast in its entirety (gavel to gavel) by Courtroom View Network. It’s available for live and on demand on line viewing. Alan Schein contends in a suit filed in Broward Circuit Court that he relied on the E&Y audits that gave Illinois-based Superior Bank a clean bill of health for more than a decade in deciding to merge his mortgage marketing company with the bank in 1998.

If you’ve been reading me for a while, you know that I pretty much stick to discussing the largest 4 audit/accounting firms.  This is for practical reasons – keeping my sanity in dealing with so much information –  and to be realistic. Put the three next tier firms in the US together and they don’t equal either the critical mass in terms of experience and infrastructure nor the client/revenue base of any one of the Big 4.  They will never, either individually or collectively, be able to step up and absorb the detritus from another Big 4 firm failure, either in the US or out.  

That doesn’t mean the next tier don’t serve the clients they have well.  Mostly.  Just means that the next tier are not ready to play in the same pitch as Cristiano Ronaldo. (Front page photo/Portuguese.)

Or even Ronaldinho. (Brazilian)  (Pictured here with Ronaldo the Brazilian)

And this conclusion is drawn before you consider the considerable litigation threats each one faces.  RSM and Grant Thornton both have Madoff exposure and Grant Thornton also has Refco.   And BDO, well, in addition to Madoff exposure, there’s the BDO International litigation and the judgement against BDO Seidman US for Banco Espirito Santo.  You’ve heard of zombie banks?  Well, BDO in the US, at least, and potentially overall if the case against BDO International is also won, is a zombie audit firm.

So I’m constantly amazed to find Grant Thornton’s CEO Ed Nusbaum acting as the designated spokesboy for the accounting industry. He probably drew the short straw at the last Center For Audit Quality back room with cigars and cognac pow-wow.  And I’m incredulous to see Jeremy Newman of BDO International still huffing and puffing a seemingly progressive and transparent patter with whomever will interview him.

Now, that’s no slight to my friend Dennis Howlett.  I was genuinely chuffed to see Newman post a comment to Dennis’ blog. Dennis blogged about Newman’s “candid” admissions in his Huffington Post blog post regarding the auditors and mark-to-market accounting. 

“It is easy to look at the details of the accounts with hindsight and see how banks results were boosted by certain transactions. The transparency required by current accounting standards ensures we can see how banks were affected by increases in the market values of financial assets. However, it seems no-one realized the fragility of the markets in such securities. When problems first emerged in the sub-prime debt market, no-one was prepared to recognize the scale of the impact. In reality, we all looked for reasons why the problem would not be contagious.

Should accountants and auditors have identified these issues? Should regulators have realized the vulnerability of banks’ capital and reserves? Should governments have recognized that a problem in one bank would affect others? The answer to all these questions is “probably.” We believed that real value was being created by these new financial instruments and wanted to believe that the “good times” were here to stay…”

My comment in Dennis’ original post responds to this Pollyanna-ish pronouncement.

“Unfortunately, I don’t agree that any of the Big 6 firms are “recovering” from the intoxication with good times at all. All you have to do is observe closely, which I am, all the reductions in force and other cost cutting moves they’re making because of the way they say they indulged themselves with too many resources and overhead during the good times.

Although I value the candour exhibited by that emphatic “probably,” I’m less ecstatic about the firms’ complicity in the creative accounting we are seeing at Citigroup, for example…

Inspired by Mr. Newman’s seeming desire for a conversation, Dennis grabbed the bull by the horns, or the CA by the short-hairs, and asked for a meeting.  And he got it.

I helped him draw up some questions and was excited for him.

On May 15th Dennis interviewed Mr. Newman in London and tells us he spent two hours shooting the bull with Newman, a man he already admired for his candor. His post, Jeremy Newman, The Cautious Maverick, begins with some flattery. 

“I also had the sense I’d be meeting a person willing to speak with passion for a profession that I and others believe needs to change. It is perhaps a reflection of the liveliness of our discussion that what was meant to be a one hour meeting turned into nearly two hours of debate that only ended because we each had other things to conclude that day…”

To Dennis’ credit, his first question is the toughest one:  What of the BDO franchise?

In light of the crippling Banco Espirito Santo judgement against their US firm and the impending trial for BDO International to determine their culpability in this case, I’ve said BDO US is already dead.

“He was unequivocal: “It will be dealt with and we’ll move on. And no, we’re not at any risk.” I have no reason to disbelieve him…”

Well,  I have 521 million reasons to disbelieve him.  That’s the number of millions BDO has to pay. It’s already been adjudicated in the BDO Seidman vs. Banco Espirito Santo case.  They lost.  They’re hanging on by the thread of a desperate appeal. At the time of the judgement in August of 2007, a mere two years ago, mandatory discovery revealed that they could not pay it.  It would break them.

Jury Awards Rise Against BDO Seidman 
“A jury on Tuesday ordered the accounting firm BDO Seidman to pay more than $351 million in punitive damages in a negligence case, bringing BDO’s potential liability in the case to roughly $521 million, an amount the chief executive said threatens its operations.
The Florida jury had found BDO negligent for failing to find extensive fraud in its audits of a financial services company backed by a Portuguese bank. The amount will be added to the same jury’s award of $170 million in compensation to the bank, Banco Espírito Santo.”

`Big Problem’

““The big problem is a single case can bring down a big firm,” University of Georgia Professor Dennis Beresford said. Firms such as BDO Seidman typically distribute most of their profit to partners each year, leaving little in reserve for large legal judgments, said Beresford, a former chairman of the Financial Accounting Standards Board. ”

So what’s changed in two years?  Has BDO, in this period of pre-recession and recession, sold enough profitable services, asked partners for more capital, and begged, borrowed, or worse enough to cover the judgement if they lose on appeal?  Given the lack of transparency of all the audit firms with regard to actual profits and reserves for such contingencies, it’s hard to know for sure.  

In the year ending June 30, 2008, BDO’s US firm had revenues of $659 million and claims 81 percent cumulative growth over the past three years (2005-2008). But how much profit?  The profit margin for the year ended 2007 was 30%. If the numbers are accurate, how much could they have set aside since?  Would you lend money to an accounting firm to pay a judgement? 

“Jurors were given financial statements indicating Chicago-based BDO made a $176 million profit last year after collecting $526 million in revenue, up 25 percent over the previous year.

BDO chief executive officer Jack Weisbaum testified the firm has about 2,800 employees and its 250 partners made $131 million in total compensation last year.

“The company couldn’t pay punitive damages. We certainly wouldn’t look the way we do now,” he said. 

Back in February, after being granted the umpteenth BDO International requested delay in the case which is due to start May 26th in Miami, Mr. Newman was much less effusive:

BDO International’s defence has always centred on the fact that the umbrella body only has 10 employees and the audits conducted by member firms are done independently. BDO International has said it has no control over its audits and should therefore not be held responsible.

Jeremy Newman the CEO of BDO International would not comment on the issue.

Mr. Newman: I dare say, you’re bluffing.

Photo credits here and here.

Jeremy Newman the CEO of BDO International would not comment on the issue.

Deloitte Is Protected in “Insolvency” Ruling
A Pennsylvania judge says that a firm that improperly keeps a company out of bankruptcy may not be liable, unless it is negligent in other ways, too.

A recent Pennsylvania Court ruling favoring Deloitte & Touche seems to restrict a company’s ability to win a case against an accountantcy for actions that lead to the company’s “deepening insolvency,” unless the accountant is negligent in other ways as well.

The issue arose in a lawsuit that Reliance Insurance Co. filed in the state’s Commonwealth Court against Deloitte & Touche, over allegations that the accountancy improperly certified that the insurer’s loss reserves in 1999 was reasonable. That caused Reliance to take underwriting losses on payments that it could not really make, to avoid the wrath of regulators, and to go deeper into debt when it should have declared bankruptcy, according to The Legal Intelligencer newspaper.

EY Partners Overwhelmingly Approve the Creation of EMEIA

LONDON–(BUSINESS WIRE)–Ernst & Young today announces that its partners across Western and Eastern Europe, the Middle East, India and Africa have overwhelmingly approved the proposed integration of its country practices into a single EMEIA Area.

The new Area will be a US$11 billion organization with more than 60,000 people and 3,300 partners. It will operate as a single unit, led by Mark Otty as Area Managing Partner, and a single executive team. EMEIA will be effective from 1 July 2008.

Chairman and CEO Jim Turley said, “I am of course delighted by the tremendous response from our partners in favor of this significant step change in the globalization of our business. I have also been greatly encouraged by the level of feedback I have received from many of our clients across the globe, our young people and our regulators. The feedback is that this is a groundbreaking and positive step both for our own organization, and the profession as a whole.”

“Our clients tell me this move is important because it is going to enable us to better meet their needs to deliver seamless, consistent high-quality service, not just across EMEIA, but right across the world. Our people want to be in an organization where their opportunities are without boundaries. They want and expect mobility, challenging international assignments and a diverse and teaming culture on a truly global scale,” Turley said.

And here I thought I had to post at 11:00 pm on a Sunday night to beat the US business media to the story.

I guess not. This isn’t the first time the US-centered media was  a “day late and a dollar short” on a story that takes a little more than scandal or self-interest to sell.