Professional Services Monitor: Today

In another look at audit marketshare, below are the total FY2008 fees, average FY2008 fees per client, and number of clients in three cities—Chicago, Denver and Seattle—based on the city from which the firm is serving a client. That is, the data is grouped on the office of the firm signing off on the client’s financials. This is often the same city as the client’s headquarters, but not always. The data is taken from Ames Research Group’s audit fees database, sourced primarily from DEF-14A proxy statements.

More lists are available on our Auditor Marketshare page.

Fees are listed in $US millions.

Chicago

Seattle

Denver

WebCPA.com last night reported that BDO Seidman’s fiscal 2009 revenue fell by 5.9%.

BDO Seidman said its revenue for the fiscal year ended June 30 fell 5.9 percent to $620 million from last year’s revenue of $659 million.

However, the firm said its tax business line experienced revenue growth of 6 percent. BDO’s assurance business fell 9.1 percent and its BDO Consulting business decreased 15.3 percent from last year’s high. Over the past four fiscal years, BDO Seidman has averaged double-digit growth of 10.2 percent.

The PCAOB today voted to adopted a rule, Auditing Standard No. 7, that “provides a framework for the engagement quality reviewer to objectively evaluate the significant judgments made and related conclusions reached by the engagement team in forming an overall conclusion about the engagement.” In other words, according to CFO.com, the rule prohibits lower-level employees for conducting final reviews of financial statements.

Under the new Auditing Standard No. 7, such reviews — which the PCAOB officially calls “engagement quality reviews” but are often referred to as concurring reviews — are expected to be done by a partner or other high-level auditor who hasn’t worked on the audit under review.

To further put the onus on reviewers to take the evaluations seriously, the PCAOB also today issued for comment a concept release to gauge whether concurring reviewers should be required to put their signatures on audit reports.

The PCAOB has struggled to explain how these reviews should be conducted. After the original proposal was made in February 2008, finance executives worried it would lead to “re-audits” rather than just a final backstop to an audit team’s work before signoff on a client’s financial reports.

If approved by the SEC, the rule would take effect for fiscal years beginning on or after December 15, 2009.

Separately, but in the same press release, the PCAOB is seeking public comment “on a Concept Release to consider the effects of a potential requirement for the engagement partner to sign the audit report.”  That is, instead of the audit opinion simply reading, “PricewaterhouseCoopers LLP, New York, NY,” Partner & CPA Jane Smith would also need add her name to the opinion.  Partners personally signing opinions is not uncommon in other countries and jurisdictions.  We encounter this often in Scandinavian countries, for example this annual report from the Finnish company, Outokumpu.

This morning on my Facebook advertising sidebar, which I actually read more often than not, an ad for the AICPA’s FeedThePig.org site appeared.

FeedThePig.org is the AICPA’s financial literacy initiative, particularly aimed at younger people.  From its about page:

I’m “spokespig” Benjamin Bankes, here to remind you to feed your piggy bank.

This website is here to help you do just that. Here, you’ll find fun tools, a quiz, tons of tips and other resources. They will all help you think through your spending and saving habits, identify ways you can start saving and commit to making changes that will reduce your debt and grow your savings.

The spokespig himself itself is creepy in the same way the Burger King King scares the living hell out of my kids while also making them want a Whopper Jr.

Who’s VS. Creepier?

I mention this because financial education and literacy is important to me.  It’s crucial importance to successful adult life is woeful neglected by our educational system.  I also think that the accounting industry is suited to take an active role in educating young people outside of the classroom.  I know that FeedThePig.org has been around for some time, and I am glad to see that they are advertising themselves in the social media market.

This afternoon, we have posted a new list to our Audit Market Share list section, a list of the Department of Defense’s largest contract recipients for FY2008.  We have followed this list for 15 years, and this is the first time we can recall that any of the Big 6/5/4 have appeared in the top 100.  Furthermore, BearingPoint received nearly $750 million in defense contracts, some of which will presumably go to Deloitte and PwC in Fy2009, all other things remaining equal.

(more…)

Our 2009 Big Four Annual Report is now available for immediate purchase and download. More information at www.amesrgi.com/products_annualreport.asp

Mark Olsen, chair of the PCAOB since June 2006, announced his resignation effective then end of July.

Mark Olson, chairman of the Public Company Accounting Oversight Board, said he is resigning his post at the end of July, but did not elaborate on the reasons.

In a letter of resignation, Olson, 66, simply said, “The decision is entirely personal and reflects my desire at this time of life to establish new priorities.”

Olson was named PCAOB chairman on June 26, 2006, after serving on the board of governors of the Federal Reserve. The resignation will take effect after more than three years of service in the job, on July 31, 2009.

He was appointed by the SEC to run the board, which inspects accounting firms that perform audits on public companies. The PCAOB is also slated to begin inspecting accounting firms that audit non-public broker-dealers, such as the three-person accounting firm that audited Bernard Madoff’s investment management firm.

A study conducted by two accounting professors at North Carolina State University on the SEC’s pilot XBRL program found significant flaws in the data.  The study examined filings submitted by 22 companies during the SEC’s voluntary program, and raises concerns about data quality ahead of the mandatory XBRL filing deadline for the largest 500 companies, beginning with quarter-ending June 15, 2009.

But, while the XBRL concept is promising, the study from NC State found that reports from companies that participated in the voluntary pilot program contained multiple errors. “They were poorly tagged,” [Dr. Eileen] Taylor says, “and there were fundamental errors of accounting. One report, for example, contained too many zeros – turning millions into billions.” In their abstract, the researchers note that “These errors are serious because since XBRL data is computer-readable, users will not visually recognize the errors, especially when using XBRL analysis software.” In other words, users won’t be able to spot that something is wrong.

The study, “A Comparison of XBRL Filings to Corporate 10-Ks – Evidence from the Voluntary Filing Program,” examined XBRL filings by 22 companies that participated in the SEC’s voluntary pilot program in 2006. The study was co-authored by Taylor, Drs. Al Y. S. Chen and Jon Bartley, who are both professors of accounting at NC State. The study will be presented at the American Accounting Association Annual Meeting being held in New York City, Aug. 2-5.

Savvis, a “IT infrastructure services” provider, is being sued after issuing a clean security audit to CardSystems Solutions in 2004, three months before CardSystems was hacked and compromised.  Wired’s Threat Level blog calls this the first such suit against a security auditing firm.

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.

In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.

More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.

They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies.

The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards.

Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secure and trustworthy. Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company’s system was underway.

A Visa executive told an audience earlier this month that the companies were not compliant, though auditors certified they were. “No compromised entity has yet been found to be in compliance with [the standards] at the time of the breach,” she said.

In the CardSystems case, Merrick Bank, which is based in Utah and services 125,000 merchants, sued Savvis last year in Missouri. Merrick says Savvis was negligent in certifying that CardSystems was compliant. The case was moved to Arizona five months ago but only recently assigned a judge, allowing the suit to finally move forward.

We wrap up the March to April proxy statement busy season with three more lists of audit fees, as a follow-up to our earlier post. We again look at largest increases and decreases from FY2007 to FY2008, and we’ve added a third list of the 10 largest total audit fees.

These 30 companies were taken from about 2400 proxies filed during March and April, 2009. The average increase in this group was about 10.0%.

PricewaterhouseCoopers clients had an average increase of 8.9%. The three of the four largest audit fees-paid in FY2008 belong to PwC clients: JP Morgan Chase, Goldman Sachs Group and Bank of America. With the large acquisitions made by each of these three companies in the second half of 2008, one might expect that audit fees increases ought to be even larger in FY2009.  Net, audit fees increased for this group of PwC clients by about $6.5 million.

(more…)