Someone lit a fire under the asses of those who work in the PCAOB enforcement division because they issued seven disciplinary orders to audit firms and accountants from Sept. 22 to Sept. 30. One of those firms was Deloitte Canada.
Compliance Week reported:
The Public Company Accounting Oversight Board (PCAOB) on Wednesday [Sept. 29] imposed a $350,000 civil penalty on Deloitte Canada for reasonable assurance quality control failures.
The PCAOB further required the Canadian branch of the Big Four firm to establish or revise its quality control policies and procedures and provide additional training to employees involved in any audit.
According to the PCAOB’s order, from November 2016 through early March 2018, Deloitte Canada failed to “establish, implement, and communicate appropriate quality control policies and procedures to provide … reasonable assurance that the work performed by engagement personnel complied with applicable professional standards, regulatory requirements, and the firm’s standards of quality.”
In particular, according to the enforcement order, this:
Deloitte Canada’s system of quality control failed to provide reasonable assurance that Firm personnel appropriately dated their preparation and review of audit work papers. As a result, during that period, the Firm failed to comply with PCAOB audit documentation standards in connection with certain audits and quarterly reviews.
No matter how many times they’re told not to by the PCAOB, auditors just can’t resist the temptation to alter workpapers. It’s like they have an angel on one shoulder telling them not to do it and they have a devil on the other shoulder telling them to do it. And many times they side with the devil. And a lot of times they get caught.
PCAOB rules require auditors to prepare audit documentation that accurately reflects when audit work was completed and reviewed. Makes sense. Up until November 2016, Deloitte Canada’s electronic workpaper system allowed Deloitters to document their performance and review of work by manually selecting preparer and reviewer sign-off dates for each workpaper, according to the PCAOB. But in November 2016, Deloitte updated its system:
[The updated system] removed Firm personnel’s ability to manually select sign-off dates. Under the new system, when an auditor entered a sign-off, the current date was automatically generated. At the time the Firm adopted its new system, personnel from the Firm’s National Office were aware of a risk that individuals could override the new system by changing their computer date settings to backdate work paper sign-offs. Despite that awareness, the Firm did not take sufficient steps—through written policies, guidance, training, or otherwise—to address that risk.
Thus, Deloitte auditors faced the temptation of overriding the system. Did they resist that temptation? Of course not!
During the 16 month-period following the adoption of the new work paper system, Firm personnel overrode the system and backdated their work paper sign-offs in at least six issuer audits and two quarterly reviews subject to PCAOB standards. This conduct occurred while teams were assembling a complete and final set of work papers for retention, or earlier, in these engagements. Additionally, some auditors on these engagements deleted and replaced sign-offs in order to ensure that reviewer sign-offs were dated after preparer sign-offs. Collectively, this conduct obscured the dates on which work had actually been completed and reviewed.
Then in February 2018, a Deloitte auditor sided with the angel on his or her shoulder and put a stop to all the overriding and backdating:
[A] Deloitte Canada auditor raised a concern with senior Firm personnel about auditors altering the dates on their computers to backdate work paper sign-offs. In response, the Firm identified and implemented in early March 2018 a method to remove personnel’s ability to change the date settings on their computers, which prevented further backdating of work paper sign-offs. The Firm also promptly instructed personnel to “[a]lways use the actual date on when the physical sign-off occurs.”
Deloitte Canada is no stranger to $350,000 fines from the PCAOB. The firm got one in October 2018 for failing to maintain independence during its 2012, 2013, and 2014 audits of Canadian gold-mining company Banro Corp.
PCAOB fines Deloitte Canada $350K for quality control failures [Compliance Week]