EY failed to follow through on the fraud-hunting measures it promised in the wake of the Wirecard scandal, according to a former partner involved in the clean-up effort.
Joe Howie, who was part of a team tapped to conduct a post-Wirecard revamp of EY’s processes, says he was pushed out after he urged EY to drop risky clients and refused to sign off on quality control systems he thought were flawed.
After losing a string of internal battles over the issues, causing an early end to his 35-year career with the firm, he has taken his campaign public with a lawsuit and tells the Financial Times that, in his view, EY is failing investors who rely on it to endorse corporate accounts.
“I may be a Big Four snob, but there’s a difference between a Big Four firm and somebody in a strip centre,” he said. “There’s a responsibility we have because of what we build ourselves out to be, beyond the normal professional standards and conduct.”
EY said it will vigorously defend the lawsuit Howie filed in New York in July, which claimed he was unlawfully dismissed. “His characterisation of events is not credible,” it said.
The federal court lawsuit touches on significant open questions for the accounting profession, including how far auditors should go to uncover wrongdoing by clients and how much control the Big Four’s global head office should exercise over member firms in each country.
Unlike traditional multinationals, the Big Four operate as a network of independent, locally-owned partnerships that agree to abide by common standards.
“I tried very hard not to get to this point,” Howie told the FT. “I sent stuff to the board, stuff to the attorneys. I tried very hard to get them to engage and understand, because I didn’t want to do damage to the brand. They just left me no choice.”
The public fight reveals details of a multiyear effort by EY’s global bosses to reset its reputation after the 2020 collapse of Wirecard.
EY’s German member firm had repeatedly given the payments processor’s accounts a clean bill of health, missing the fact that half its revenues were fake and €1.9bn it claimed to have in cash did not exist.
EY’s response, known internally as “Strengthening Trust and Confidence”, was designed to provide new standards for audit teams in the member firms to follow, and new tools to properly assess risks and make it more likely they would find fraud.
The initiative included the creation of a “risk centre of excellence”, co-led by Howie, that adopted some of the tactics used by short sellers. It scraped websites for negative news stories on clients and licensed a research tool from the Hong Kong group GMT Research that screens financial statements for accounting red flags.
But Howie claims some bolder ideas, such as mandating the use of forensic accountants in more audits, ran into resistance from member firms where executives worried about aggravating clients.
EY also resisted dropping many of the clients the risk centre flagged. He says he floated the idea of a global committee to personally approve work with particularly risky clients, but the idea gained no traction. “Business was overriding ethics,” he said.
An ongoing frustration for Howie was EY member firms’ refusal to sever ties with a group of clients in the gaming industry, despite official investigations in Australia and China that indicated they could be used for money laundering by organised crime and others.
These risks were not properly reflected in EY’s client acceptance systems, Howie argued, and meant its auditors could not credibly sign off accounts that stated the companies had appropriate financial controls.
The Strengthening Trust and Confidence initiative “developed good policies. We definitely developed great technology”, he said. “It’s just that it breaks down if people don’t adopt it or if people use it but then don’t make the right decisions around it.”
EY said that Howie’s campaign against gaming clients consisted of “speculative narratives” based on information already known to the market, and that his “distorted perspectives” on Strengthening Trust and Confidence “should be viewed in the context of a personal employment claim he has chosen to bring against EY”.
The global initiative had “directly influenced EY member firm decisions to decline work with certain organisations, some of which later faced publicly documented issues, demonstrating the positive impact of these initiatives”, it said.
Howie joined EY in 1990 after finding accounting “clicked” in college. “I’m a pattern recognition person,” he said. He specialised in securitisation accounting and worked on the audit of banks including UBS, before joining the US national office that advised audit teams on particularly complex problems.
He concedes he had “butted heads” with his superiors on other occasions, including with leaders of EY’s US member firm, who he accused of undermining audit quality by focusing on growing the consulting side of the business. It was following that clash that he transferred to the global headquarters in 2020.
Joining the post-Wirecard task force shortly after, he took on responsibility for EY’s global client acceptance system, known as Pace, where he says he found local audit teams often did not identify all the risks associated with their engagements. “Reviewers are signing off on a risk profile that’s less than what’s actually present,” he said.
Eventually, Howie threatened to escalate his campaign by refusing to sign the annual certification of EY’s quality control systems, something that could have triggered scrutiny by regulators.
He claims the threat prompted EY to strip him of his responsibilities last year, and he was ultimately removed from the partnership in May after initiating a complaint against the firm. EY says he disclosed confidential information.
Auditors are not necessarily required to drop risky clients, just to properly assess the risks and tailor the audit accordingly.
The Big Four successfully fought off an effort last year by the US audit regulator that would have imposed additional requirements on them to look for fraud or regulatory non-compliance by clients. The regulator said it would bring the rules into line with what investors think an audit does already.
Firms argued it would be impractical to expand their remit in matters beyond those most closely relevant to the financial statements. The plan was withdrawn after Donald Trump’s November election victory.
“They don’t have to go be cops. They can just take a stand,” Howie said, adding that the stakes are high when a Big Four auditor decides to work with risky clients without sufficiently strong risk management procedures in place.
“It’s really not your risk to run,” he said. “What you’re actually doing is you’re taking more risk on behalf of investors.”
