Please ensure Javascript is enabled for purposes of website accessibility

Deloitte Auditors Got Caught Changing Their Computer Clocks to Backdate Workpapers

Posted on by Adrienne Gonzalez
computer clock, white desk, minimalist office space

This is not the kind of behavior we expect from our friends in the north!

CPA Ontario announced yesterday Deloitte will be paying $1.59 million ($1.15 million USD) in fines and costs for breaches of the CPA Ontario Code of Professional Conduct (Rule 501 and 502). 501 covers a firm’s maintenance of policies and procedures for compliance with professional standards and 502 a firm’s maintenance of policies and procedures: competence and conduct of firm members.

The press release says:

A number of Deloitte auditors in Ontario changed the date and time settings on their computer clocks to manually override controls in Deloitte’s audit software and backdate audit working paper signoffs between November 2016 and May 2018. During this period over 930 audit working papers were backdated in at least 39 audit engagements.

The settlement agreement [PDF] gives a bit more info:

Certain Deloitte audit practitioners identified the opportunity to bypass the new limits imposed by the November 7, 2016 EMS update and began adjusting the clock on their computers to Backdate the sign-off dates of audit working papers.

A number of students, staff, managers, engagement partners, and engagement quality control review partners in the audit practice changed their computer clocks to Backdate sign-offs in the course of performing assurance engagements for private and public entities. This conduct continued until March 2018.

During this period at least 35 Deloitte CPA Ontario members engaged in Backdating, and in some cases instructed others to do so, in over 930 audit working papers in 39 audit engagements.

Sign-off dates were changed from after the date of the audit report to a date prior to the audit report, or before the date of the audit report to an earlier date, or after the audit report date to another date after the audit report date.

According to the settlement agreement, it was the firm themselves that tipped off CPA Ontario that a number of its partners and professional staff had changed the sign-off dates in numerous audit working papers. The investigation began in September 2019 and concluded with the settlement reached in September. Prior to 2016, Deloitte Canada’s engagement management system allowed users to manually select a sign-off date for an audit working paper.

The settlement gives us the backstory on the change, explained below.

In response to findings by the Public Company Accounting Oversight Board of an incident where archived audit documentation had been improperly altered outside of Canada, DTTL required all its global members, including Deloitte, to conduct a mandatory conference call focused on audit quality and integrity with all audit partners before the end of October 2016.

Prior to debuting the new procedure that would default sign-offs to the date on a user’s computer, Deloitte National Office held a call with partners informing them off the change.

Leading with the script National Office was given by DTTL, the National Office first set out the regulatory context of the call, referencing:

  • (a) the emphasis placed by the PCAOB on integrity, and PCAOB’s recent public statements about how integrity was “as important, if not more
    important, than audit quality issues;”
  • (b) many discipline orders issued by PCAOB to date involving a failure to cooperate included the improper alteration of documents;
  • (c) that PCAOB inspectors uncovered evidence of the creation of documents shortly before or during a PCAOB inspection which were then backdated and provided without disclosing when they were created, resulting in firm sanctions for improperly deleting, adding, or altering documentation in connection with an inspection.

The National Office then expressed Deloitte’s zero tolerance policy for the type of behavior found by PCAOB, focused on recently introduced DTTL quality processes for archiving and forensics, and informed call participants that:

“Going forward we are enhancing EMS such that the undocumented alteration of a previously archived engagement file will be identified as part of a process prior to the provision of a file for inspection.

Effective immediately, ‘back-dating’ of working papers is not allowed. DTTL is mandating that this function be discontinued at each DTTL member firm, so that it will no longer be available.”

The National Office script did not make it clear that backdating of all sign-off dates, and not just those that might be under scrutiny during a regulatory inspection, was not permitted and was conduct which violated professional standards and the Code. This omission led, at a minimum, to confusion, with some call participants understanding that the prohibited “back-dating” referred specifically to archived working papers, rather than the broader focus of the pending Engagement Management System change to disable the selection of working paper sign-off dates.

On October 26, 2016, Deloitte issued an audit practice alert to all audit staff, indicating, among other things, that the ability to choose a sign-off date in EMS was being removed.

The EMS update was released on November 7, 2016, disabling a user’s ability to use the software to both choose the date of their sign-off and the ability to sign-off on someone else’s behalf.

On November 7, 2016, a second audit alert email was issued indicating that the EMS changes would be pushed to users’ laptops that day to disable the “edit signoff date” and “sign-off on behalf” features.

Certain personnel in the Firm’s National Office were aware of a risk that the new software restrictions could potentially be bypassed by individuals manually changing the date and/or time on a user’s computer clock . They took steps to determine if it was possible to detect or prevent any effort to avoid the new EMS functionality, and they concluded that there was no solution available. LOL.

Having identified that the new EMS restrictions could potentially be bypassed by a user changing their computer clock, the National Office considered whether to expressly address this issue in its communications, and to be explicit that doing so was prohibited. Instead, the National Office decided not to communicate this message on the basis that such communication could instead “socialize” inappropriate conduct if it were made known that Clock Adjusting in order to Backdate sign-off dates remained possible.

No messages were conveyed by the National Office between November 2016 to February 2018 to communicate that: it was inappropriate for auditors to bypass the function of the audit software by changing the computer clock; highlighting why the EMS sign-off date edit function had been disabled; or that Backdating was unacceptable and contrary to the Code.

Deloitte incorrectly assumed that the two practice alerts sent October 26 and November 7, 2016, about the changes to EMS were sufficient communication to the audit practice, and that no additional communication was required about the changes to the ADG in November 2016.

In early 2017, two Ontario audit partners learned that audit practitioners were engaging in the practice of Backdating. Both partners communicated to members of their respective audit teams that the practice was not acceptable. Neither partner took steps to address the issue with other partners or with Firm leadership. Moreover, a number of audit partners took part in the practice themselves. LOL again.

So here we are. Per the settlement, Deloitte will pay a fine of $900,000 ($649k USD) and costs of $695,000 to CPA Ontario for its troubles.

Related Posts

UK Regulators: Let’s Try and Quantify Audit Quality

RG-1031.jpgOur friends across the pond have put it out there that as it stands, an audit report is an audit report is an audit report. Regardless of the firm doing the work, the end product is the same and the Professional Oversight Board (POB) wants audit firms to produce, “more quantitative data to better equip investors and companies with the tools needed to scrutinise their auditors.”


It’s long been popular to call an auditor’s product a “commodity” and this appears to be the Brits’ attempt to dispel that notion. The talk of asking auditors to somehow quantify quality has already garnered support in the investing community in the UK:

Michael McKersie, assistant director capital markets at the [Association of British Insurers], said he would welcome more comparative information. “The relative lack of hard quantitative reporting data on the audit firms and global networks has been… a concern. Comparability is really important and we have, in the past, seen no n-comparability [sic] here as a problem.”

Fine idea, although there’s not a single indication of how the quality could be measured and the director of auditing at the POB even admits that ‘The challenge is how can auditors demonstrate quality and those that use their services assess it.’
This whole idea of “comparability” came up because of a POB inspection of showed, “some firms were rewarding staff for attracting business at the expense of promoting audit quality.” So the answer to this problem — from the POB’s point of view — is to slap together a “rate this audit from 1 to 10” system and the firm with the highest score has the best audits?
Audit firms will always claim that their work is of the highest quality regardless of the circumstances but now regulators want them to put that in some quantifiable form. And because we like to keep the pace with our friends in the UK, it probably won’t be long before an ambitious bureaucrat Stateside (e.g. new PCAOB Chairman) will insist on a similar approach.
If there’s any wonky auditors out there that have some ideas how this could be done, we’re all ears but for now we’re firmly in the skeptical camp.
Clients blind on audit quality [Accountancy Age]
Also see: You mean the Big 4 aren’t transparent? [Tax Research UK/Richard Murphy]

Slim Pickings For SIG, as It Settles on EY as New Auditor

While the U.K.’s Financial Reporting Council investigates Deloitte’s 2015 and 2016 audits of SIG, the […]

PCAOB Chairman Doty Shares Some Confusing Statements Made by Auditors

Yesterday, prior to today’s excitement regarding Satyam and PwC, PCAOB Chairman James Doty spoke at the The Council of Institutional Investors 2011 Spring Meeting and he had some interesting things to say about the audit profession, specifically that auditors don’t always remember that “protecting investors” ≠ “client service”:

Time and time again, we’ve seen services that might be valuable to management reduce the auditor’s objectivity, and thus reduce the value of the audit to investors. While management may need the services, they just don’t have to get them from the auditor.

Audit firms call this “client service,” and it makes things terribly confusing. When the hard questions of supporting management’s financial presentation arise, the engagement partner is often enlisted as an advocate to argue management’s case to the technical experts in the national office of the audit firm. The mortgaging of audit objectivity can even begin at the outset of the relationship, with the pitch to get the client.

Consider the way these formulations of the audit engagement that we’ve uncovered through our inspections process might prejudice quality:

• “Simply stated we want management to view us as a trusted partner that can assist with the resolution of issues and structuring of transactions.”

• We will “support the desired outcome where the audit team may be confronted with an issue that merits consultation with our National Office.”

• Our audit decisions are “made by the global engagement partner with no second guessing or National Office reversals.”

Huh. Doty doesn’t name names but you could easily interpret those statements as one made by a client advocate, not a white knight for investors. He continues:

Or, to demonstrate how confusing the value proposition could be even to those auditors who try to articulate it:

• We will provide you “with the best, value-added audit service in the most cost effective and least disruptive manner by eliminating non-value added procedures.”

(What is a “non-value added procedure”? Whose value do you think the claim refers to? If a procedure is valuable to investors but doesn’t add value to management, will it be scrapped?)

In other words, “we promise that we won’t be pests” and “value” will be a game-time decision. And finally:

Or, consider this as a possible audit engagement formula for misunderstanding down the road:

• We will deliver a “reduced footprint in the organization, lessening audit fatigue.”

(What is “audit fatigue”? Does accommodating it add value to investors? How should investors feel about a “reduced footprint”?)

Yes, what is “audit fatigue”? Is that what happens to second and third-year senior associates every February/March? Or is this better articulated by “we know audits are annoying and our hope is that we won’t annoy you too much.”?

Taking this (the whole speech is worth a read) and everything else that happened today into account, it will be interesting to hear what Mr Doty has to say at tomorrow’s hearing.

Looking Ahead: Auditor Oversight [PCAOB]
Also see: Watchdogs caught nuzzling and wagging tails; auditor sales pitches exposed [WaPo]