Mike Mayo, one of the top-ranked finance analysts of the past 20 years, recently wrote a book entitled “Exile on Wall Street” which highlights his career as an analyst for firms like UBS, Lehman Brothers and Credit Suisse. The book is essentially a review of Mr. Mayo’s career, and the struggles he often faced due to his accurate ratings on financial institutions, many of whom would subsequently block him out and refuse to work with him as is customary (and willingly done with less critical analysts). In the closing of the book, Mr. Mayo mentions some particular changes that need to take place to avoid the crises we have been subject to since the turn of the century, one of which that struck me as particularly relevant: auditors.
“There are only four main audit and accounting firms, down from the so called Big Eight of the 1990’s – KPMG, Ernst & Young, Deloitte Touche Tohmatsu, and PwC (formerly known as Pricewaterhouse Coopers) – and they’re supposed to bring third-party objectivity to the accounting process. Yet accountants have a knack for saying that everything is OK, even when it might not be. That stems from the inherent conflict of interest, in that auditors are hired, fired, and paid directly by the company they’re evaluating.”
As he goes on to note, audits are big projects that result in huge fees; generally, it involves 100,000-400,000 man-hours and millions of dollars for the auditor. Yet, despite this gargantuan amount of work, the end result is relatively useless: “three or four boilerplate paragraphs that are almost always the same as in the prior year, and the same for 95% of all companies.” For investors who take the time to read through 10-K,s, they’ve probably come across this blanket statement many times, and probably skipped through it without a second thought (I know I have).
As Mr. Mayo discusses, the fact that all this work is simply boiled down into a pass/fail system is illogical, and should include a more detailed grading system with the goal of increasing transparency: “Audit results should include more details and conclusions, with a descriptive section about the possible risks or anything else that might keep an auditor awake at night. The point would be to spread knowledge and let all investors and potential investors see exactly what the auditors found.”
As with most things worth talking about in business, Buffett has discussed this point in some detail in his shareholder letters; in the 2002 shareholder letter, he had this to say (with emphasis added):
“Audit committees can’t audit. Only a company’s outside auditor can determine whether the earnings that a management purports to have made are suspect. Reforms that ignore this reality and that instead focus on the structure and charter of the audit committee will accomplish little. As we’ve discussed, far too many managers have fudged their company’s numbers in recent years, using both accounting and operational techniques that are typically legal but that nevertheless materially mislead investors. Frequently, auditors knew about these deceptions. Too often, however, they remained silent. The key job of the audit committee is simply to get the auditors to divulge what they know.
To do this job, the committee must make sure that the auditors worry more about misleading its members than about offending management. In recent years auditors have not felt that way. They have instead generally viewed the CEO, rather than the shareholders or directors, as their client. That has been a natural result of day-to-day working relationships and also of the auditors’ understanding that, no matter what the book says, the CEO and CFO pay their fees and determine whether they are retained for both auditing and other work.
The rules that have been recently instituted won’t materially change this reality. What willbreak this cozy relationship is audit committees unequivocally putting auditors on the spot, making them understand they will become liable for major monetary penalties if they don’t come forth with what they know or suspect.
In my opinion, audit committees can accomplish this goal by asking four questions of auditors, the answers to which should be recorded and reported to shareholders. These questions are:
1. If the auditor were solely responsible for preparation of the company’s financial statements, would they have in any way been prepared differently from the manner selected by management? This question should cover both material and nonmaterial differences. If the auditor would have done something differently, both management’s argument and the auditor’s response should be disclosed. The audit committee should then evaluate the facts.
2. If the auditor were an investor, would he have received — in plain English — the information essential to his understanding the company’s financial performance during the reporting period?
3. Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences and why?
4. Is the auditor aware of any actions — either accounting or operational — that have had the purpose and effect of moving revenues or expenses from one reporting period to another?
If the audit committee asks these questions, its composition — the focus of most reforms — is of minor importance. In addition, the procedure will save time and expense. When auditors are put on the spot, they will do their duty. If they are not put on the spot... well, we have seen the results of that.”
Warren’s commentary brings up a few points that are well worth remembering: For one, the board is there to represent the owners of the business, the shareholders, not to be cozy with the CEO and CFO; as a corollary, it is impossible for this relationship to hold when the CEO is simultaneously the chairman of the board, a common practice that should be eliminated.
As noted by Warren, a meaningful audit can be completed if and only if the committee makes it clear to the auditors what their purpose is; for shareholders, contact the board of the companies that you are an owner of if this duty is not being adequately performed (I’ve emailed the board of some large companies in the past and have received personalized responses, so I think it’s safe to assume that this is a customary practice of companies with adequate corporate governance). In the chain of command, auditors are ultimately serving the owners, not the managers; make sure that your audit committee is keep that link intact.
“There are only four main audit and accounting firms, down from the so called Big Eight of the 1990’s – KPMG, Ernst & Young, Deloitte Touche Tohmatsu, and PwC (formerly known as Pricewaterhouse Coopers) – and they’re supposed to bring third-party objectivity to the accounting process. Yet accountants have a knack for saying that everything is OK, even when it might not be. That stems from the inherent conflict of interest, in that auditors are hired, fired, and paid directly by the company they’re evaluating.”
As he goes on to note, audits are big projects that result in huge fees; generally, it involves 100,000-400,000 man-hours and millions of dollars for the auditor. Yet, despite this gargantuan amount of work, the end result is relatively useless: “three or four boilerplate paragraphs that are almost always the same as in the prior year, and the same for 95% of all companies.” For investors who take the time to read through 10-K,s, they’ve probably come across this blanket statement many times, and probably skipped through it without a second thought (I know I have).
As Mr. Mayo discusses, the fact that all this work is simply boiled down into a pass/fail system is illogical, and should include a more detailed grading system with the goal of increasing transparency: “Audit results should include more details and conclusions, with a descriptive section about the possible risks or anything else that might keep an auditor awake at night. The point would be to spread knowledge and let all investors and potential investors see exactly what the auditors found.”
As with most things worth talking about in business, Buffett has discussed this point in some detail in his shareholder letters; in the 2002 shareholder letter, he had this to say (with emphasis added):
“Audit committees can’t audit. Only a company’s outside auditor can determine whether the earnings that a management purports to have made are suspect. Reforms that ignore this reality and that instead focus on the structure and charter of the audit committee will accomplish little. As we’ve discussed, far too many managers have fudged their company’s numbers in recent years, using both accounting and operational techniques that are typically legal but that nevertheless materially mislead investors. Frequently, auditors knew about these deceptions. Too often, however, they remained silent. The key job of the audit committee is simply to get the auditors to divulge what they know.
To do this job, the committee must make sure that the auditors worry more about misleading its members than about offending management. In recent years auditors have not felt that way. They have instead generally viewed the CEO, rather than the shareholders or directors, as their client. That has been a natural result of day-to-day working relationships and also of the auditors’ understanding that, no matter what the book says, the CEO and CFO pay their fees and determine whether they are retained for both auditing and other work.
The rules that have been recently instituted won’t materially change this reality. What willbreak this cozy relationship is audit committees unequivocally putting auditors on the spot, making them understand they will become liable for major monetary penalties if they don’t come forth with what they know or suspect.
In my opinion, audit committees can accomplish this goal by asking four questions of auditors, the answers to which should be recorded and reported to shareholders. These questions are:
1. If the auditor were solely responsible for preparation of the company’s financial statements, would they have in any way been prepared differently from the manner selected by management? This question should cover both material and nonmaterial differences. If the auditor would have done something differently, both management’s argument and the auditor’s response should be disclosed. The audit committee should then evaluate the facts.
2. If the auditor were an investor, would he have received — in plain English — the information essential to his understanding the company’s financial performance during the reporting period?
3. Is the company following the same internal audit procedure that would be followed if the auditor himself were CEO? If not, what are the differences and why?
4. Is the auditor aware of any actions — either accounting or operational — that have had the purpose and effect of moving revenues or expenses from one reporting period to another?
If the audit committee asks these questions, its composition — the focus of most reforms — is of minor importance. In addition, the procedure will save time and expense. When auditors are put on the spot, they will do their duty. If they are not put on the spot... well, we have seen the results of that.”
Warren’s commentary brings up a few points that are well worth remembering: For one, the board is there to represent the owners of the business, the shareholders, not to be cozy with the CEO and CFO; as a corollary, it is impossible for this relationship to hold when the CEO is simultaneously the chairman of the board, a common practice that should be eliminated.
As noted by Warren, a meaningful audit can be completed if and only if the committee makes it clear to the auditors what their purpose is; for shareholders, contact the board of the companies that you are an owner of if this duty is not being adequately performed (I’ve emailed the board of some large companies in the past and have received personalized responses, so I think it’s safe to assume that this is a customary practice of companies with adequate corporate governance). In the chain of command, auditors are ultimately serving the owners, not the managers; make sure that your audit committee is keep that link intact.
