43 comments

[ 4.8 ms ] story [ 92.4 ms ] thread
Pay-walled article. Mirror anyone?
Nothing will change so long as you have the current agency derived audit model.
After watching a documentary on Enron, and the collapse of Arthur Anderson, I thought we were past this. But I am now wondering what the future looks like for auditors, and particularly the auditors involved at Wirecard. I’m looking forward to watching a documentary on this too, in 5-10 years but I feel bad for the honest employees there
Wirecard+Ernst&Young is a sequel to the Enron+ArthurAndersen documentary

> "60% of the total Andersen practices globally merged into Ernst & Young,"

https://en.wikipedia.org/wiki/Arthur_Andersen

And the rest rebranded to... Accenture. Interesting legacy
Accenture used to be Andersen Consulting, and was spun off long before the Enron scandal. Arthur Andersen accounting would have been absorbed by E&Y's accounting branch.

Accounting firms have huge conflicts of interest because companies are allowed to choose their own auditors, but when they also offer consulting services, the conflict becomes even more egregious.

Right. And IIRC Arthur Andersen and Accenture had been kinda hostile to each other for a long time. It was funny because they seemed pretty much like brother companies from outside eyes.

The trouble was that AA kept trying to invade the turf (= juicy consulting gigs) and it made partners of Accenture mad.

EY is responsible for Luckin Coffee too I believe
Also responsible for the WoSign CA distrust
Auditing big firms is hard and to be honest, there's little general audits can do to detect fraud (nor is it even the main goal, forensic auditing is a different beast) and if management is intent to commit fraud, it will happen. But in this case the fraud didn't involve very complex and very opaque structures à la Enron where normal checks wouldn't have been sufficient. The crazy part here is that EY did not verify directly with the banks if the account statements were real, which is very basic and very easy to audit. They just took what Wirecard gave them to confirm what Wirecard told them for something as important as accounts that were supposed to hold almost all the cash the company had. Absolutely insane.

But the thing is EY , like all the big 4, have totally seperate entities for every country they operate in. Now that could mean EY Germany is an isolated case of incompetence and (criminal?) neglect, which would be very surprising considering that EY seems to be involved in a lot of the recent big financial scandals. But it also means that they can't really be "taken down" and are basically immune from existential threats that could actually hurt them.

Yes, there's a partnership structure meaning people at the top of let's say EY Germany have the incentive to keep their credibility and avoid liabilities since they have a direct stake in the business. But considering how many perverse incentives there are ( one of these are low margins and high competition that can encourage having a cozy relationship with who you are auditing to keep the contract) in the auditing world, this opaque structure where EY itself can't lose much more than what it gained... You start understanding why this happen.

But even then EY still really stand out since the rest of the big firms have similar structures yet manage to be a lot more competent.

>Auditing big firms is hard and to be honest, there's little general audits can do to detect fraud

E&Y didn't verify cash balances at Wirecard for years, despite the fact there were whispers of fraud for years. Some fraud is hard; this kind is not "hard".

https://www.ft.com/content/a9deb987-df70-4a72-bd41-47ed8942e...

Yes I completely agree... and I mentioned it in my comment! ;) When I said that auditing is hard, i meant that it's a painstaking process with a high employee turnover, isn't gratifying, at all and that doesn't and can't catch everything.

In some cases, I truly don't blame auditors when very sophisticated fraudulent schemes fall apart since a part from the basic checks auditors are mostly there to verify the reported numbers match the internal numbers. If those internal numbers are fudged then there's little that can be done expect to some small degree with simple cross checks, of which even the simplest has not been done in this case. It takes minutes to ask for a bank to confirm statements. I literally can't see how this doesn't involve colluding with EY to cook the books.

Unfortunately, it actually takes _months_ to send bank confirmations and receive all the replies. Mad, I know but that’s the way it worked when I used to do it. The process involves sending snail mail to the banks who take ages to respond with the confirm response. Especially so because all auditors are sending them at the same time because it’s year end.

There are some web platforms to help speed things up but most were and maybe still are rubbish.

But it's not months of work, it's months of doing other things and going through the checklist every few weeks to see what's missing and then calling them again or writing another letter.
> They just took what Wirecard gave them to confirm what Wirecard told them for something as important as accounts that were supposed to hold almost all the cash the company had

The same thing killed Barings Bank in the 90s, only on that occasion it was an internal audit

Madoff was the same as well. SEC "investigators" accepted falsified documents and failed to verify transactions with third parties. Particularly with options trades.
But he didn’t exactly fool his auditor...

https://www.sec.gov/news/press/2009/2009-60.htm

He fooled them for many many years, over 16 years according to Wikipedia. If the financial crisis didn't happen, it would probably still be going on.
I meant he and his auditor fooled the SEC.
Okay. That's what I meant, too. He fooled the SEC for over 16 years.
Audit can only spot certain types of problems. But the trouble with the Big Four is that their record on spotting those problems is terrible. If they made breakfast cereal you'd be reading a story every week about severed fingers found in a kid's breakfast or somehow a factory making choco-puffs exploded killing a thousand people.

Of course the reason is that being terrible at their jobs is profitable, whereas factory explosions generally cost the manufacturer money even if they aren't held liable for killing all those people.

I think company audit needs a regime like the Paris MOU port state inspection regime. Government employed auditors would re-audit a sample of companies proportional to a current estimate of how bad their existing auditor is at finding problems. This would inform subsequent rounds of re-auditing, while also detecting non-compliances at companies whose auditor is bad in the process. I'm confident that such a scheme could effectively pay for itself in reduced economic damage from surprise corporate failures and improved tax revenue as re-audits find money that was "accidentally" not revealed in the official audit.

The Paris MOU scheme drastically improved safety, not just because now governments that cared were doing inspections but because governments that don't directly care were incentivised to hire competent inspectors. "Let's just do a bad job and keep the money" ceased to make sense and scarcely any countries offer that now.

(The US is currently greylisted in the Paris MOU by a narrow margin, under a different executive I assume there'd be focus on improving US oversight to get back onto the white list but today who knows, maybe the Marines will be instructed to attack Zeebrugge to "free" American cargo ships or something)

> Now that could mean EY Germany is an isolated case of incompetence and (criminal?) neglect

E&Y Germany was bought from Andersen. That should be answer enough.

Companies hire their own auditors. No audit partner wants to have to go find new clients, so they bend over backwards to appease the existing one. The partners do the math of “I’d rather have a 1% chance of my client blowing up than a 50% chance of having to find replacement revenue is a zero sum game”

Unfortunately, what’s rational for individual audit partners isn’t rational for the firm as a whole. And this is why Enron/Anderson happened. And Wirecard.

Aren't they supposed to change every couple of years, under SOX, exactly to prevent auditors and clients becoming to intimate? Mind you, Wirecard was a German company, so SOX didn't apply.

Also, government oversight was kind of limited, it only applied to the German banking activities.

While SOX can be a pain, there are very valid reasons for it. Hopefully Germany learns its lesson and implements something similar after Wirecard.

Just found an article in the FAZ claiming that since early 2019 BAFIN was investigating accounting issues. The assignment was handed over to one guy...
You change partners, but that usually means it's the same partner working in the same group and so all know each other really well. Also, that doesn't mean anything since the team can stay the same. Partners would question the work and can look at it, but rarely any partner would bother to go into the bank statement and make sure the work is tied out. They are too "above" that. That responsibility falls onto the senior and managers, and in many instances incompetence or laziness from those staff will let things go through. It's very tedious work, and it's annoying to do the same thing for 8+ hours a day for a month or two. In the end, the team just want things to tie out, and make whatever documentation is necessary to make sense of things. No need to upset the client or partner and lose the potential business.
>The crazy part here is that EY did not verify directly with the banks if the account statements were real, which is very basic and very easy to audit. They just took what Wirecard gave them to confirm what Wirecard told them for something as important as accounts that were supposed to hold almost all the cash the company had. Absolutely insane.

Not insane at all, and you went on to explain why it's not insane:

>But the thing is EY , like all the big 4, have totally seperate entities for every country they operate in. Now that could mean EY Germany is an isolated case of incompetence and (criminal?) neglect

People believe that these firms are strict in auditing, which can be useful to some companies to have as a seal of approval. Case in point, Deloitte and the reverse mergers of Chinese companies with an estimated loss of $500 billions.

https://en.wikipedia.org/wiki/Early_21st-century_Chinese_rev...

But even for the "regular" scandals this is pretty ridiculous, which is the insane part. Usually there's at least plausible deniability or some sort of excuse. In this case they literally have not done the most straightforward thing in auditing and then signed that they did... For years. They are exposing themselves to criminal charges at this point. There's a difference between "accidentally" missing something/blaming hidden processes in the accounting and literally just not doing it and then legally signing off to it.

There was a wild west in the early 2000s with sino forest et al, but since it was in china and the government was gaining from those fraudulent schemes, they had almost no risks to actually get punished and that's the difference. There was also the excuse that it was new, half licensed agencies in a new market. Rule of law makes it much more dangerous to do it so blatantly in germany

It's very weird and makes me believe there is something more to the story. Like a very fat check, not just the regular incentives or even plain old kickbacks.

>It's very weird and makes me believe there is something more to the story. Like a very fat check, not just the regular incentives or even plain old kickbacks.

It could be, though whenever I get interested in a case like that after the facts, it ends up in a version of someone in a company noticing something is fishy, and someone else pulling rank on them telling them to back down not to upset a very lucrative client. Just be quiet because I'm getting calls from the fishy company's boss threatening to take their business to another firm. Don't be rude, we're making a good buck with them.

It's also their model of independent entities sharing a name, with varying degrees of scrutiny and diligence.

It's interesting how incentive structure and checks have to be dialed in the bigger, more distributed an actor gets.

I used to work at EY in banking & capital markets audit - before I went into engineering - and everyone learns that if there is one thing, ONE THING!!! that the auditor should always do, it is to send bank confirmation letters. You get a list of all the banks where accounts are held and send them a letter asking for confirmation of the balance. This proves existence of the balances and helps with completeness as sometimes they send back balances you didn’t know about from the accounts! If the letters don’t come back, you chase them because, in my experience, the partner would not sign off unless all cash was accounted for. There was always a significant risk associated with cash so providing a clear audit opinion in the absence of cash confirms is not a very smart move. Other procedures include checking reconciliations and “cut off” to make sure cash swept from one account to another is counted and / or not double counted. We would also get literally all the bank statements too and some poor graduate would have to “substantively audit” them. So yes... We used to do a lot of work in this area.

What happened with Wirecard? Who knows?! Seems like the team didn’t do their job properly because in my experience, it’s fairly easy to spot missing cash. And 1.9 billion of it...! The article states that EY didn’t “verify cash balances”... I’m not sure what that means - “verify” is a dirty word in audit because it’s not specific enough. I find it hard to believe they didn’t send bank confirms but if they didn’t then that’s an unforgivable mistake.

It’s also worth noting that auditors are not responsible for detecting fraud but clearly if something odd is going on and they find it, then it will be raised. In my experience most wrong things that we asked our clients to adjust were due to incompetence or over valuing illiquid securities.

TFA says

>company’s cash was held in bank accounts it didn’t control

I suspect that the accounts existed and had the cash, but the company wasn't the owner (or the sole owner) of the account.

Their excuse was that it was an escrow account for them and their payment "partners" which were basically subsidiaries that turned out to be shell companies. So I can't believe they wouldn't have had access to the accounts to just check if the fake statements were real.

Also, keep in mind that this whole thing exploded when they finally tried to verify them after the KPMG audit, so they had the option to do it they just didn't. IIRC it turned out the accounts weren't even real.

Not sure why you're being downvoted. This is common for payments companies where you have to fund another company's bank account or digital wallet or whatever they call it. Otherwise you have to open a bank account and that can be a painful process depending on the country. It's definitely more risky because the funds aren't in your name, but usually you protect yourself by only funding the minimal amount to fund operations for a few days at a time. Still not seeing how Wirecard could have lost the amount they did without some form of scam going on for a longer period of time or they were stealing customer funds to pay for corp expenses and they finally hit the point where they couldn't keep it going any longer.
This is normal and doesn’t shed any light on the matter. Companies/individuals routinely hold cash in accounts they don’t control. For example; Client money accounts and collateral/margin accounts. Either way, the auditors would have known what the arrangements were and factored it into their opinion. Even the credit risk of the bank holding the nostro accounts is taken into consideration.

Seems to me like Wirecard were running a large scale accounting fraud and EY were not “professionally sceptical” enough to see it.

What’s not clear to me is whether any of the missing cash is client money or not. If it is then that’s a bit of a disaster.

Could they perhaps have sent negative confirmations to the banks with the balances? IIRC that’s an acceptable process for verifying balances - though it’s typically used to confirm much smaller account balances. I’ve really only seen it used in bank audits where it’s sent to a sample of retail customers.

But a negative confirm would be a way to “verify” for audit purposes without actually verifying.

I’m not sure what would be worse though, using a negative confirmation for billions of dollars or sending no confirmations at all.

> The article states that EY didn’t “verify cash balances”... I’m not sure what that means - “verify” is a dirty word in audit because it’s not specific enough.

In a German-speaking newspaper (I'm sorry, I don't recall which one), it was claimed that EY did not ask for confirmation letters for the past three years.

If this is true given the immense amount of cash involved (representing a quarter of the balance sheet!), than I see this is a genuine Arthur Andersen moment.

> What happened with Wirecard? Who knows?!

Wirecard poured enough money in E&Y that the verification step was no longer deemed necessary.

All the auditors are a joke and the entire culture around the Big 4 auditors and the way its seen as a path to groom finance leaders is gross and shockingly wasteful. I've never worked with an auditor or consultant at a Big 4 that didn't seem like they were either being massively overpaid, didn't know what they were talking about, taking shortcuts, or just going through the motions of whatever was done in a previous audit. I don't think they are worth their salt. They have no investment to what they are doing because worst case scenario they screw things up and they get shuffled to another another client. I would rather do the work by myself or with a contractor. I've also seen execs at tech companies hiring consultants/auditors from companies where their spouse works or even oversees the practice, it just seems like a lot of companies don't question spending on consultants, but I've seen multiple times where we were billed for work we did ourselves and they tried to take credit or were just running down the clock on a contract and expecting their hours to be extended at the end of the contract period.
How can financial auditors be so poor quality? So many of us implicitly trust them through our trust in public equity markets. If I can't trust company financial statements, how can I deploy my savings in a low friction way.

Ugh. This year it seems so many institutions we trusted are failing us.