According to the Financial Times, Germany has responded to the Wirecard scandal by proposing a slew of audit regulations aimed at bolstering auditor independence. The proposal includes reducing the maximum auditor tenure from 20 years to 10 years and limiting firms from providing certain consulting services. It would also modify auditor liability by increasing the cap from €4 million to €20 million.
Maximum tenures and limitations on audit services were established by the European Union’s 2014 Audit Regulation. The regulation capped maximum tenures at 24 years for companies with more than one auditor, and 20 years for companies with a single auditor. The audit is required to be put out to a tender offer after 10 years.
Non-audit services are capped at 70% of average audit fees over the past three years. And certain non-audit services are prohibited, such as many tax-related, decision-making and finance-related services.
When each member state implemented their own rules, many chose to create stricter requirements. Germany however, adopted the regulation with little modification.
In our forthcoming report, we examine the impact of the 2014 Audit Regulation on audit market concentration and auditor independence metrics, such as auditor tenure and non-audit services.
Germany is the third largest market by audit fees, behind the United Kingdom and France, with about €930 million in audit fees, annually. The decisions made by Germany can set a precedent that goes beyond its own borders due to Germany’s relative size.
These proposed changes are reflective of a wider conversation concerning audit quality. It is important to evaluate the new proposal in light of Germany’s intended goals and consider the extent of its effects.
Reduction of maximum auditor tenure
Per the Financial Times, Germany’s proposal would reduce the maximum auditor tenure from 20 years to 10 years. Currently, Germany allows entities with tradable securities that are listed on regulated exchanges to engage an auditor for up to 20 years provided the entity puts the audit up for a tender offer after the first 10 year period. Other public interest entities – financial institutions and insurance undertakings – are already limited to 10 years.
The extent of change brought on by this regulatory proposal is unclear. The average tenure for an auditor in Germany is just over 8 years as of 2019; consistent with the overall average tenure public companies listed on EU exchanges.
Wirecard’s auditor, Ernst & Young GmbH, was initially engaged for the 2009 financial year and last signed an opinion for the 2018 financial year. The 10 year maximum proposed in Germany’s regulations would not have triggered a mandatory change in Wirecard’s case until the fraud had already been discovered.
The intent of shorter engagement periods is to increase auditor independence. Regulators have been concerned that long relationships between audit firms and their clients can lead to lower audit quality and threaten auditor independence. Others argue that short engagement periods result in poorer audit quality because it takes time for audit firms to become familiar with their clients’ operations and risk factors. Evidence from academic research finds mixed results.
Non-audit fee service limitations
Germany may also limit the types of non-audit services that can be performed by statutory audit firms. The 2014 Audit Regulation allows member states to cap non-audit services at lower levels and prohibits additional non-audit services. Germany adopted the non-audit service rules largely unchanged.
The average non-audit fees as a percentage of total fees paid to a statutory audit firm in Germany was roughly 20% in 2019, in line with the overall average of the European Union.
Stricter non-audit fee caps would not have impacted Wirecard. The highest percentage of fees paid for non-audit services by Wirecard was 23% for fiscal year 2017. Wirecard does not directly disclose what these non-audit service fees are for, though they may be, in part, due to the audit of Wirecard’s subsidiaries.
The purpose of restricting non-audit services is to ensure auditors are not reviewing information they helped prepare. The most famous example of this conflict of interest is Enron. Prior to its collapse, Enron paid its auditor – Arthur Andersen – $27 million for tax and consulting work, which is more than the $25 million it paid for audit services.
Germany can enact additional restrictions on tax and valuation services like several other EU countries have, but the 2014 Audit Regulation has already restricted most non-audit services that would cause a direct conflict of interest.
Article 31 of the 2006 Audit Legislation required the European Commission to conduct a study on auditor liability, but the Article did not lead to any changes in the auditor liability rules. Instead, some countries – like Germany – have limits on auditor liability, while others have unlimited liability.
Unlimited liability can be a hindrance for competition. The recent €126.8 million BDO fine in Spain for the firm’s work with Pescanova is an example of a large burdensome fine that can drive smaller firms out of the market.
While Germany will continue to cap potential auditor liability, a raised cap from €4 million to €20 million may have a deterrent effect. The average audit fee in Germany was roughly €1.7 million in 2019. Though, this is highly skewed because of large audit firms. The average fees paid to mid-sized and small firms were just €200,000 and €90,000, respectively. The new cap would raise the maximum fine for a mid-sized firm to 100 times average audit fees and small firms more than 200 times average audit fees.
There is often a swift and harsh reaction to audit failures involving large companies like Wirecard. Unfortunately, quick and severe punitive action does not always create a more secure market.
Before recommendations about how to improve the audit market are made, the facts and circumstances surrounding audit failure should be better understood. Just this week, FT reported that Wirecard’s management board and supervisory board released EY from its secrecy obligations. Though, EY continues to seek a judgment from the German High Court.
More information from EY and KPMG – the audit firm hired to conduct a special audit of Wirecard in October 2019 – should help law and rule makers better understand what went wrong at Wirecard.
It is important to create an environment that is appropriately skeptical while limiting overburdensome regulation that creates an even more concentrated audit market. Regulation can often have unintended consequences. It will be necessary for Germany to carefully evaluate the effects of the proposed changes as they seek to improved their audit and governance environment.
For more information about Audit Analytics or this analysis, please contact us.
Interested in our content? Be sure to subscribe to receive our email notifications.