| Format | Not a single case — the pattern that runs underneath the single cases we have covered |
| The firms | Deloitte, EY, KPMG, PwC — the "Big Four" that audit most of the world's large listed companies |
| The question | Why the statutory auditor — the control specifically built to catch this — so often does not |
| The India hook | Satyam, and the jurisdictional tangle over who is even allowed to discipline an auditor |
| Scope | Commentary on matters already in the public domain; regulator findings, not the author's assertions |
Why this edition breaks the pattern
For four editions this newsletter has done one thing: take a single case, open the file, and trace how a misstatement was built and why nobody stopped it. ADM and the intersegment rebates. Rajesh Exports and a journal entry that turned aged receivables into African gold mines. Each time, the same closing question — how did nobody see it?
This week, a different cut at the same question. In almost every one of these cases there was a statutory auditor in the room. A firm whose entire reason to exist is to look at the numbers and tell everyone else whether they can be trusted. So before we open the next file, it is worth asking the uncomfortable structural question: when the fraud runs for years, where is the auditor — and why is the answer so often "right there, signing"?
The profession's founding wound
There used to be five large firms, not four. Until 2002, Arthur Andersen sat among the elite. Then Enron went bankrupt, the fraud became public, and the auditor went down with its client — at the time, the biggest audit failure on record. Andersen dissolved.
What grew out of that wreck is the oversight architecture we now take for granted. The United States created a dedicated audit regulator, the PCAOB, and passed the Sarbanes-Oxley Act to tighten corporate governance and auditor independence. The whole edifice rests on a single admission the profession does not enjoy making out loud: the people who check the books need checking themselves.
The same failure, on four continents
If Enron were a one-off, we could file it as bad luck. It is not. In the two decades since, each of the four surviving firms has signed off on a company that later fell over, or been sanctioned for how it did its work.
Different countries, different mechanisms, the same outline every time: a fraud the statutory auditor was positioned to catch, and didn't — or, in the regulators' harsher findings, chose not to.
The Indian footnote — who is even allowed to punish an auditor?
Satyam is worth pausing on, because what happened after the fraud is its own small study in policy absurdity.
SEBI banned the audit firm from auditing listed companies for two years. On appeal, the Securities Appellate Tribunal threw the ban out — ruling that SEBI had no business disciplining auditors at all, that the power belonged only to the ICAI. The Supreme Court then stayed that ruling, handing the reach back to SEBI. So while the underlying fraud sat on the record, a meaningful stretch of the enforcement era was spent litigating not the fraud, but who was allowed to hold the pen.
The fraud was settled in years. The question of who could even punish the auditor took nearly as long.
India eventually answered the structural question by creating a dedicated audit regulator — the National Financial Reporting Authority (NFRA) — in 2018. Roughly a decade after Satyam. The gap between identifying the problem and building the machinery to address it is, itself, one of the quieter red flags in this whole story.
It isn't bad luck. It's the structure.
The pattern repeats across too many jurisdictions to blame on a handful of bad partners. Three structural problems turn up nearly every time. The first is the one most worth drawing out, because it is invisible in any single audit file.
1 · Audit and consulting under one roof
The firms long ago moved into advisory and tax work, which pays far more than the audit itself. When the same firm earns large advisory fees from a client, the audit relationship stops being the prize and becomes the thing that protects the prize. A whistleblower at one firm alleged exactly this dynamic — audits softened to keep management comfortable and the broader engagement intact.
2 · Selling the schemes they later vouch for
The firms do not only miss problems; in the tax arena they build and market the structures. Document leaks such as LuxLeaks tied every major firm to avoidance engineering at industrial scale. It is difficult to audit a client's tax position with full independence when your own firm sold them that position.
3 · The regulators are often old colleagues
The people who police the firms are frequently former insiders. Former partners have sat on — and chaired — the very committees meant to review audit quality. There are few genuinely neutral voices in the room, which is part of why reform proposals debated for two decades have moved so little.
The defense, and its limit
The firms have a real argument, and it deserves stating plainly. An audit is verification of what management represents, not a forensic fraud investigation. A determined conspiracy among the people running a company can defeat even competent procedures. Anyone who has done the work knows this is true — the auditor is not a detective, and the engagement is not designed as one.
But the defense thins quickly. When cash that should be in the account is simply not there, when regulators describe the red flags as too obvious to miss, and when the deficiency rate on inspected files climbs toward half, "we could not have known" stops sounding like an explanation and starts sounding like a position.
None of this is a morality tale. It is an incentive structure doing what incentive structures do.
The firm earning the advisory fee is the firm signing the audit. The regulator across the table was often a partner last year. Until that changes, the honest way to read an audit opinion is the way this newsletter reads every set of accounts: as a useful signal, not a guarantee.
What to Watch For
- Non-audit fees that rival or exceed the audit fee from the same client. The ratio is disclosed; when advisory income dwarfs the audit, the auditor has more to lose from a hard conversation than from a soft one.
- An auditor relationship measured in decades. Long tenure builds familiarity, and familiarity is the slow enemy of professional scepticism. Evergrande's auditor had been in place for close to fourteen years.
- Audit areas dismissed as "low risk" that happen to be exactly where the manipulation lives — intersegment pricing, escrow confirmations, related-party balances. Low-risk labels are where frauds go to hide.
- A regulator with former practitioners on its oversight committees. Ask whether the body disciplining the firms is structurally able to be tough on them.
- Minimising language at first disclosure — "reclassification," "immaterial revision." As Edition 03 noted, the measured first statement often precedes the restatement and the enforcement action.
Next: Edition 06 returns to the file — one case, opened line by line. Same series. Same question. How did nobody see it? Only this time, we already know where to look first: at the signature on the audit report.
US Public Company Accounting Oversight Board (PCAOB) — annual inspection reports on Big Four audit deficiency rates · China Securities Regulatory Commission (CSRC) ruling on PwC Zhong Tian re: Evergrande / Hengda Real Estate (Sep. 2024) · German prosecutors and contemporaneous reporting on EY and the Wirecard collapse (2020 onward) · UK Financial Reporting Council (FRC) fines re: Carillion, BHS and Babcock; UK House of Commons committee findings · Australian Senate inquiry into the PwC tax-leaks matter and Deloitte Australia · SEBI order; Securities Appellate Tribunal and Supreme Court of India rulings in the Price Waterhouse / Satyam matter; SEC and PCAOB settlements; establishment of the NFRA (2018) · US SEC and PCAOB sanctions on KPMG concerning exam-cheating and related conduct · LuxLeaks disclosures (ICIJ).