Auditing big firms is hard and to be honest, there's little general audits can do to detect fraud (nor is it even the main goal, forensic auditing is a different beast) and if management is intent to commit fraud, it will happen. But in this case the fraud didn't involve very complex and very opaque structures à la Enron where normal checks wouldn't have been sufficient. The crazy part here is that EY did not verify directly with the banks if the account statements were real, which is very basic and very easy to audit. They just took what Wirecard gave them to confirm what Wirecard told them for something as important as accounts that were supposed to hold almost all the cash the company had. Absolutely insane.
But the thing is EY , like all the big 4, have totally seperate entities for every country they operate in. Now that could mean EY Germany is an isolated case of incompetence and (criminal?) neglect, which would be very surprising considering that EY seems to be involved in a lot of the recent big financial scandals. But it also means that they can't really be "taken down" and are basically immune from existential threats that could actually hurt them.
Yes, there's a partnership structure meaning people at the top of let's say EY Germany have the incentive to keep their credibility and avoid liabilities since they have a direct stake in the business. But considering how many perverse incentives there are ( one of these are low margins and high competition that can encourage having a cozy relationship with who you are auditing to keep the contract) in the auditing world, this opaque structure where EY itself can't lose much more than what it gained... You start understanding why this happen.
But even then EY still really stand out since the rest of the big firms have similar structures yet manage to be a lot more competent.
Audit can only spot certain types of problems. But the trouble with the Big Four is that their record on spotting those problems is terrible. If they made breakfast cereal you'd be reading a story every week about severed fingers found in a kid's breakfast or somehow a factory making choco-puffs exploded killing a thousand people.
Of course the reason is that being terrible at their jobs is profitable, whereas factory explosions generally cost the manufacturer money even if they aren't held liable for killing all those people.
I think company audit needs a regime like the Paris MOU port state inspection regime. Government employed auditors would re-audit a sample of companies proportional to a current estimate of how bad their existing auditor is at finding problems. This would inform subsequent rounds of re-auditing, while also detecting non-compliances at companies whose auditor is bad in the process. I'm confident that such a scheme could effectively pay for itself in reduced economic damage from surprise corporate failures and improved tax revenue as re-audits find money that was "accidentally" not revealed in the official audit.
The Paris MOU scheme drastically improved safety, not just because now governments that cared were doing inspections but because governments that don't directly care were incentivised to hire competent inspectors. "Let's just do a bad job and keep the money" ceased to make sense and scarcely any countries offer that now.
(The US is currently greylisted in the Paris MOU by a narrow margin, under a different executive I assume there'd be focus on improving US oversight to get back onto the white list but today who knows, maybe the Marines will be instructed to attack Zeebrugge to "free" American cargo ships or something)
>Auditing big firms is hard and to be honest, there's little general audits can do to detect fraud
E&Y didn't verify cash balances at Wirecard for years, despite the fact there were whispers of fraud for years. Some fraud is hard; this kind is not "hard".
Yes I completely agree... and I mentioned it in my comment! ;) When I said that auditing is hard, i meant that it's a painstaking process with a high employee turnover, isn't gratifying, at all and that doesn't and can't catch everything.
In some cases, I truly don't blame auditors when very sophisticated fraudulent schemes fall apart since a part from the basic checks auditors are mostly there to verify the reported numbers match the internal numbers. If those internal numbers are fudged then there's little that can be done expect to some small degree with simple cross checks, of which even the simplest has not been done in this case. It takes minutes to ask for a bank to confirm statements. I literally can't see how this doesn't involve colluding with EY to cook the books.
Unfortunately, it actually takes _months_ to send bank confirmations and receive all the replies. Mad, I know but that’s the way it worked when I used to do it. The process involves sending snail mail to the banks who take ages to respond with the confirm response. Especially so because all auditors are sending them at the same time because it’s year end.
There are some web platforms to help speed things up but most were and maybe still are rubbish.
But it's not months of work, it's months of doing other things and going through the checklist every few weeks to see what's missing and then calling them again or writing another letter.
> They just took what Wirecard gave them to confirm what Wirecard told them for something as important as accounts that were supposed to hold almost all the cash the company had
The same thing killed Barings Bank in the 90s, only on that occasion it was an internal audit
Madoff was the same as well. SEC "investigators" accepted falsified documents and failed to verify transactions with third parties. Particularly with options trades.
But the thing is EY , like all the big 4, have totally seperate entities for every country they operate in. Now that could mean EY Germany is an isolated case of incompetence and (criminal?) neglect, which would be very surprising considering that EY seems to be involved in a lot of the recent big financial scandals. But it also means that they can't really be "taken down" and are basically immune from existential threats that could actually hurt them.
Yes, there's a partnership structure meaning people at the top of let's say EY Germany have the incentive to keep their credibility and avoid liabilities since they have a direct stake in the business. But considering how many perverse incentives there are ( one of these are low margins and high competition that can encourage having a cozy relationship with who you are auditing to keep the contract) in the auditing world, this opaque structure where EY itself can't lose much more than what it gained... You start understanding why this happen.
But even then EY still really stand out since the rest of the big firms have similar structures yet manage to be a lot more competent.