When the FDIC sued PwC over the collapse of Colonial Bank, a startling detail emerged: a senior auditor, overwhelmed by a complex securitisation transaction, essentially tapped out, claiming the work was "above his pay grade."
The firm’s solution wasn't to call in a national specialist, instead it assigned a college-aged intern to evaluate the $600 million asset.
According to Judge Rothstein, PwC relied on the chief architect of the fraud, the chair of Taylor Bean (the borrower), to verify key information about the collateral underlying the credit facility. PwC signed off on Colonial’s audit without ever understanding the most complex iteration of the fraudulent transaction: a facility based on phantom mortgage securitizations. PwC ultimately settled with the FDIC for $335 million over the audit failures at Colonial.
Rothstein’s ruling was distinctly harsh, and rightly so. Charging an intern to decipher a loan facility beyond the expertise of a senior auditor is a damning indictment of the firm’s staffing model.
What do you reckon the odds are that the PwC audit partner reported to the audit committee that completing the audit involved a degree of chaotic resource management, including the use of college-age interns to audit such a complex area?
Zero.
I’d wager the committee at Colonial was instead, treated to a glossy PowerPoint deck of the steady-handed assurance that is the hallmark of Big Four client service. This exposes a fatal flaw in the logic of oversight: If audit committees are kept in the dark about how an audit is actually conducted, can they truly be counted on to protect the investors they serve?
Audit Committees may be the last vestiges of oversight investors rely on to protect their interests. For good governance to create long-term value in companies, boards must transition from a passive, "check-the-box" culture to one of active stewardship where directors possess the financial literacy and the independence to challenge management and auditors alike.
Unexpected feedback on audit committee proficiency
The PCAOB devoted considerable effort to setting standards requiring firms to report “Firm and Engagement Performance Metrics” (EPMs). These metrics - covering workloads, turnover, and experience levels - were designed specifically for the audit committee. They were intended to provoke uncomfortable but necessary questions for effective oversight:
- How did the audit delivered compare with the audit promised?
- How do the ratios for industry experience, workloads, experience levels, training, and year-over-year continuity signal quality?
- How does the audit firm compare with the competing firms in the same geography?
- Whether the auditor should be retained?
- Justifying the continuation of a long-tenured appointment as being at least on par with competing firms?
- Whether the audit firm exhibits not only the ability but the willingness to deliver quality audits especially considering inspection results, government settlements/investigations, recent high-profile missed frauds and litigation?
Yet, a vocal contingent of public commenters pushed back with a defense that I find hard to buy: Audit committees already have everything they need. Do they really?
PCAOB board member Christina Ho led this charge, citing interviews with audit committee members who claim they are perfectly satisfied with their current level of insight. I don’t doubt she heard those words. But think about it for a moment:
A regulator from the industry's primary watchdog interviews an audit committee member. That committee member plays a starring role in the COSO Framework, the very construct used to certify the internal controls over financial reporting. What did Board Member Ho expect to hear? A full-throated confession that they lack the information to discharge their duties?
That’s like a flight safety inspector asking the airline passengers if they feel safe based on how plush their seats are. The passengers may feel comfortable and secure, but they have no visibility into the cracks in the engine.
One only has to look at the information in audit proposals. There are promises about “first call on the firm’s top resources,” timely turnaround on critical issues, a high degree of partner involvement throughout the audit, and where relevant, industry experience. Granted, industry experience is an important differentiator. There might even be a breakdown of hours and rates. But, competing proposals won’t be much different. So how can we accept the assertion that audit committees have everything they need?
Without access to engagement metrics, an audit committee’s approval of a 'clean' opinion is purely a priori. They are trusting the idea of a rigorous audit rather than the empirical reality of who actually did the work and how it was conducted.
Without access to engagement metrics, an audit committee’s approval of a 'clean' opinion is purely a priori. They are trusting the idea of a rigorous audit rather than the empirical reality of who actually did the work and how it was conducted.
Much of the audit resides in a black box
I guarantee what you won’t see in the glossy proposal is the internal chaos behind how the audit firm conducts its business.
An audit suitably planned in June can become a hot mess by December as events occur that strain the audit firm’s resources. Unexpected new work results from a client’s acquisition of a business; another client announces its intent to pursue an IPO; an ERP migration at another client has problems affecting the audit scope; and the sudden resignation of key managers and staff are familiar ‘business-as-usual’ scenarios.
Because audit profit planning is typically based on a lean staffing model, there is no bench of professionals sitting, waiting to be deployed. When the system stresses, schedulers re-work logistics, assignments and workloads. Some professionals may get double-booked, others find themselves on the receiving end of battlefield promotions. Edicts go out requiring a minimum 55-hour work weeks office-wide.
If the situation gets bad enough, a search begins for surplus staff that can be borrowed from other offices, including in other countries; or where work can be allocated to off-shore centralized service centers. Requisitions go out for emergency hires. The number of interns sought during the busy season goes up from eight to fifteen.
Professionals scheduled to return to clients they worked on in the prior year are reassigned to unfamiliar clients to cover a staffing void. Matching professionals with industry specific needs begins to deteriorate. Hard-working professionals find themselves pulled between multiple clients and soon find themselves in “catch up mode.”
This can happen at all levels of the engagement team: staff, managers, and partners.
And we haven’t even discussed similar issues with staffing key specialists supporting the audit in IT, tax, valuation, pensions, etc. who may also get pulled away due to aggressive growth in non-audit work.
Audits are not widgets
An important takeaway is that audits are not widgets coming off a well-controlled assembly line. Instead, there is considerable variability in quality based on human resourcing issues. If you were an audit committee member, wouldn’t you like to know whether your audit was executed as planned or was the product of chaos?
What the audit committee sees is typically well-scripted. They have little visibility into what is actually happening behind the scenes. Management may be aware the audit is trending toward chaos, but it is not unheard of for them to shield the committee from the mess. If the relationship between management and the auditor is too cozy, the audit committees risk being presented a façade of diligence and harmony that masks each other’s shortcomings.
If the relationship between management and the auditor is too cozy, the audit committees risk being presented a façade of diligence and harmony that masks each other’s shortcomings.
Until we get the transparency of EPMs, the committee might just be relying on broken instruments and flying blind.
This blindness is not always an accident of the system; sometimes, it is a design choice. If the audit committee is the gatekeeper, we must ask what they are looking for when they stand at the gate. Too often, the search isn't for the most rigorous skeptic, but for the best "cultural fit."
In 2019, the UK’s Competition and Markets Authority (CMA) released a study that laid bare the incentives of the audit market. Their observation was as simple as it was discouraging: audit committees often prioritize "cultural fit," "chemistry," and established relationships over factors tied to audit quality.
When "chemistry" becomes the featured criteria, the audit committee isn't looking at governance for long-term value creation, they are looking for a partner who won't rock the boat. This is where the risk of a "cozy" relationship begins to materialise - where the auditor’s desire to be retained and management’s desire for a smooth close can be neatly arranged.
"Friendly" director syndrome
The preference for harmony can extend to the very composition of the board. In Walter Isaacson’s biography of Steve Jobs, he recounts a telling anecdote about the Apple board. Jobs once invited Arthur Levitt, the former SEC Chairman and a champion of independent oversight, to join. But after reading a speech where Levitt argued that boards should play a strong, independent role, Jobs rescinded the invitation.
"Arthur, I don’t think you’d be happy on our board," Jobs told him. "The issues you raised... really don’t apply to Apple’s culture."
Levitt’s conclusion was an epitaph for independent oversight: "It’s plain to me that Apple’s board is not designed to act independently of the CEO."
This sentiment is the quiet pulse for much of Corporate America. Shortly after the Sarbanes-Oxley Act was passed, a seasoned in-house counsel for a large public company told me: “Bob, Sarbanes-Oxley is making it tough to find friendly audit committee members.”
Sarbanes-Oxley is making it tough to find friendly audit committee members.
The irony was lost on him. In the wake of Enron and WorldCom, the goal wasn't to find friends; it was to find directors who would exercise their independence rigorously in order to protect investors.
Disclosure gap
Even when directors are technically independent, they suffer from the same affliction as the auditors they oversee: they are hired and well-compensated by the issuer. Landing a corporate board position is a plum assignment. The subtle pressure to maintain the status quo is immense.
This situation contributes to long-tenured auditor relationships where the common wisdom is: "It is better to stay with the devil you know than switch to the devil you don’t know." The fear isn't that a new auditor will be less competent—it's that they might have differing views on long-established accounting policies.
As it stands, it is too easy for audit committees to stand in the shadows. The CAQ’s 2025 Audit Committee Transparency Barometer tells us that audit committee reporting in the proxy remains far below where it needs to be. With respect the S&P 500:
- Only 50% of the Audit Committee Reports describe the considerations in auditor appointment;
- Only 17% acknowledge their responsibility for negotiating the audit fees;
- Only 14% discuss their consideration of the length of the auditor’s tenure;
- Only 7% describe the relationship between the audit fees and audit quality.
Why are the numbers so low? Perhaps because without the EPMs the industry is so desperate to suppress, the audit committee lacks the objective information to make any statement at all.
Can audit committees be counted on?
I am sure there are many diligent audit committee members. But no matter how diligent the audit committee members may be, there is a heightened risk that they are unable to see beyond the facades that may have been erected by management and/or the auditors.
There is also a risk that the audit committees may fit the “Friendly Audit Committee Member” designation of those who will “not rock the boat.”
Lastly, while some audit committee members may be identified as “Audit Committee Financial Experts,” bear in mind that the SEC rules permit a broad range of people to qualify for this designation, including the least worthy category I refer to as “Captains of Industry Who Supervised Finance from Afar.”
With all of this said, audit committees cannot be counted on to protect investor interests.
