In July, Open Secrets released the latest Corporations and Economic Crime Report (CECR). Volume 2 – The Auditors – draws on information from Open Secrets’ investigations and publicly available information to illustrate the crisis faced by the auditing industry and how this affects the public. Each of the next four instalments in the Unaccountable series will explore one of the Big Four firms. We start with Deloitte.

Deloitte

Auditors are supposed to provide an essential check on abuse in both the private and public sectors. When an auditor signs off on financial statements, it provides assurance to the public that the numbers match up and that they are a fair reflection of financial reality. The perceived credibility of a Big Four firm like Deloitte only adds to the weight that the public places in its findings. This is why an audit fulfils a crucial social utility and public good. It is also why the public cost of audit failure is so high. 

Deloitte does not just know that the public looks to it for assurance, it actively trades on this as its business model. Celebrating its 175th year of operations this year, Deloitte states the following on its website:

“We’re not trusted because we’ve existed for 175 years. We’ve existed for 175 years because we’re trustworthy. That’s why clients choose Deloitte.” 

But in the past six years alone, globally and locally, Deloitte has been implicated in audit failure, corporate malfeasance, and allegations linked to state capture. Despite this, there has been little accountability for the firm or its employees.

Fraudulent irregularities

“Accounting irregularities” is the euphemism used to whitewash corporate malfeasance and fraud. The news of the frauds perpetrated at both Steinhoff and Tongaat Hulett started with announcements that “irregularities” had been discovered. It has since been established that both companies were the victims of systemic and long-running fraud by senior management. 

At Steinhoff, CEO Markus Jooste and his friends engaged in transactions aimed at enriching themselves while defrauding the company and its shareholders. To do so, they used a global web of companies, including in notorious tax havens like the British Virgin Islands. A forensic investigation by PwC revealed that for at least a decade “a small group of Steinhoff Group former executives and other non-Steinhoff executives, led by a senior management executive, structured and implemented… fictitious and/or irregular transactions” to misrepresent profit by over R100-billion.

At Tongaat Hulett, senior executives including the CEO of 15 years, Peter Staude, are accused of making numerous incorrect and probably fraudulent misrepresentations in the financial statements. The alleged fraud ranged from misstating the value of assets; incorrectly listing expenses as assets; declaring income from the sale of land that had not yet been sold, and then, failing to declare it when some of those deals fell through. In December 2019, Tongaat confirmed that the “undesirable” practices led to the 2018 financial statements being wrong to the tune of nearly R12-billion and that the company’s assets were overstated by R10-billion.

In both cases, there was a catastrophic failure of corporate governance, but the public harm was also significant. A total of 948 pension funds in South Africa were invested in or exposed to Steinhoff. As a result of the fraud, the company lost 98% of its value in just two years – and most of this happened in 24 hours in September 2017. The Government Employees Pension Fund (GEPF), which provides for civil servants in their retirement, alone lost over R21-billion. Those invested in Tongaat saw similar destruction of value.

It is a searing indictment of the capacity and political will of South Africa’s investigative agencies and National Prosecuting Authority (NPA) that executives like Jooste have not yet been formally charged with crimes ranging from fraud to insider trading. This should be a priority going forward. Years of political interference in these institutions and their resultant weakness is a windfall for corporate crooks.

But, where were the auditors?

See no evil, report no evil

Aside from being sites of looting and fraud, Steinhoff and Tongaat Hulett have something else in common. Their auditor was Deloitte. 

Steinhoff has been described by at least one director as “in effect just a giant Ponzi scheme”. So, how did Deloitte’s auditors not spot what was going on? Deloitte was the company’s external auditor from the time the company listed in 1998. Every year for 20 years, Deloitte stated that Steinhoff’s financial statements “fairly present, in all material respects, the financial position of the company”. Until 2017, they were apparently oblivious to the billion-rand hole in the company’s finances. When they finally did refuse to sign off the statements in November 2017, it was too late.

In 2018, Deloitte accepted the need for an investigation by the Independent Regulatory Board for Auditors (IRBA), but said that they remained “confident in their conduct” at Steinhoff. Deloitte defends itself on the basis that they flagged concerns about the 2017 accounts. Yet, this was only after a criminal investigation related to possible fraud had commenced in Germany. 

Their other defence, popular among the Big Four when implicated in audit failure, is that it is not the auditor’s job to look for fraud, and that they rely on the honesty of the executive management. In their view, the public is expecting too much. This is the so-called “expectations gap”. This argument is so dangerous because it contains truth and yet is disingenuous in this context. 

External auditors are not tasked with identifying fraud. However, the profession is based on a duty to show “professional scepticism” – defined broadly as “an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence”. If an auditor’s professional scepticism leads them to identify any misstatement, fraud or other crime, they are legally bound to report it. Moreover, if an auditor is uncritically signing off on what management says, it is hard to see what value they deliver at all.

It is not enough for Deloitte to say that finding fraud was not its job. The public is right to demand answers as to whether its auditors used a questioning mind, were alert to conditions indicating possible misstatement, and critically examined evidence with which they were provided. It is difficult to believe that Deloitte did all of these things and yet failed to identify any of the widespread fraud and misstatement at both Steinhoff and Tongaat.

Deloitte was Steinhoff’s auditor for two decades. It was Tongaat’s auditor for more than 15 years as well. This kind of entrenched relationship inherently undermines the independence that an auditor is supposed to exercise. Deloitte’s long-running work for these firms means they should have had an even greater insight into the company and how it operated. The only upside to this is that it should have made it easier to identify patterns of strange transactions in both cases. This did not happen.

Will there be accountability?

There are serious questions about the quality of Deloitte’s work at Steinhoff and Tongaat. However, we cannot say with certainty precisely what the auditors knew, and for how long. This is because both Steinhoff and Tongaat have refused to release the full forensic reports (both compiled by PwC at incredible cost) that expose the extent of the rot. 

By taking refuge in the argument that the documents are legally privileged, the companies have cherry-picked which findings are released. The public is denied access to the complete findings and thus the full picture of the role of the original auditors. Given the public cost of these corporate crimes and the public interest in truth and accountability, it is unjust that these reports remain hidden. 

In the absence of this information, the public relies on the IRBA – to investigate and hold the firms to account. But the reality has been disappointing. Apart from not currently having sufficient power of investigation and sanction (the maximum fine is a paltry R250,000 – small change for auditing firms ensconced in glitzy glass towers who generously pad the pockets of executives), the IRBA faces incredibly well-resourced firms who throw money at the best legal teams to fight their case.

While it starts investigations into Deloitte’s work at Steinhoff and Tongaat, the IRBA is still entangled in a long-running battle to hold Deloitte to account for allegations of wrongdoing related to its auditing of African Bank, which failed spectacularly in 2014. The IRBA claims that Deloitte auditors not only missed red flags in the financial statements that massively overstated future cash flow predictions for the bank, they also ignored the red flags raised in their own internal reports. The disciplinary matter against two Deloitte partners has been ongoing for years, at great expense, and Deloitte is vigorously fighting the case.

The IRBA is also now subject to a gross conflict of interest in terms of its investigation into Deloitte’s work at Tongaat. The IRBA’s outgoing board appointed Jenitha John as the new CEO in April 2020. John was the non-executive director who headed Tongaat’s audit committee for nine years up to May 2019, precisely the period when Tongaat’s accounts were a fiction and investors were lied to. The conflicts of interest are serious. John must now lead an organisation tasked with investigating the Deloitte auditors that reported to her as head of the audit committee. 

The fact that the IRBA’s board knew of these facts but found them unproblematic calls into question their understanding of conflicts of interest and their role in ensuring the independence of the regulator. The IRBA is not the only body to look the other way when it comes to John’s role on Tongaat’s audit committee. In July 2020, the Institute for Internal Auditors (IIA) elected John as the chair of their global board of directors. The IIA is a global body tasked with setting standards and providing guidance to the industry. It can have no good reason to double down in its support for John before a thorough and transparent investigation into what happened at Tongaat Hulett and the role of Deloitte’s auditors there.

Consultants at the trough

Fees from the Big Four’s consulting work now make up around two-thirds of their income. While they should ensure that these commercially lucrative consultancy services do not compromise the credibility of the auditing side of the firms, the evidence suggests that they have repeatedly failed to strike this balance. Further, their consulting work has often been linked to dubious contracts with state entities.

In the ninth instalment of Unaccountable, we told the story of how consulting giant McKinsey made R1-billion from an unlawful contract with Eskom. It also partnered with Gupta-linked Trillian, which was paid R700-million by Eskom despite no contract being in place and no work being done. McKinsey later admitted to overcharging Eskom and paid back the R1-billion. It also cut its ties with Trillian and told Eskom that the partnership would not continue.

It was around this time that Deloitte started engaging Eskom on consulting work. In June and September 2016, Eskom procured the services of Deloitte’s “CFO [Chief Financial Officer] Transition Laboratory” which aims to train CFOs entering the position. Deloitte was appointed by Eskom CFO Anoj Singh and senior executive Prish Govender.

The way Deloitte secured these contracts was suspicious for several reasons. For one, Deloitte submitted proposals before the tender process was opened (such unsolicited bids to SOEs were common in the State Capture period). The CFO tender – much like other suspicious tenders in which Anoj Singh participated when he was at Transnet – was a closed bidding process, used when there is an urgent need for services. It remains unclear why the CFO training was urgent. Deloitte also used “off-the-record briefings” with Eskom to submit proposals. Eskom management later alleged this made the process uncompetitive, untransparent and inequitable.

Further digging by investigators at amaBhungane showed that Deloitte was already conducting extensive work for Eskom on unsolicited bids “at risk” (another common State Capture feature), meaning the company would not be paid unless a formal contract was concluded. This meant that 42 Deloitte staffers, including senior partners and at least one director, were working full time for five months without a contract to guarantee payment. When a tender process was finally opened, Deloitte was granted these contracts despite their proposals being up to five times more expensive than their competitors. This constituted a clear violation of the Preferential Procurement Policy Framework Act (PPPFA).

Responding to questions by journalists from amaBhungane, Deloitte Consulting’s managing director for Africa, Thiru Pillay, said:

“I do feel we were led down a path by Eskom, and we tried to cooperate and do the best that we could… The world is in a very different place today. When you look at what was happening in 2016; our environment is very, very different…Was our intent to go and defraud and exploit Eskom? Definitely not.”

The Public Finance Management Act (PFMA) has been in existence since 1999, so it is not clear what the relevance of the 2016 “environment” has on this matter.

In October 2019, Eskom made a court application to recover funds from Deloitte linked to these contracts. Eskom described the R207-million tenders as “pure corruption”. However, Eskom and Deloitte would soon reach an out-of-court settlement. Deloitte agreed to pay back R150-million, keeping over R57-million earned between April 2016 and September 2017.

In a joint statement, Deloitte and Eskom agreed their respective investigations showed no evidence of State Capture or corruption. It stated that Eskom did benefit from Deloitte’s work and that Deloitte should be paid for this. All that was conceded was that there were “technical irregularities” within the procurement process, and that Deloitte Consulting accepted that it participated in this irregular procurement process.

Just as in the case of Steinhoff and Tongaat, detailed findings of these “investigations” have not been made public, nor is it clear if external investigators were consulted. This makes it difficult to understand the basis on which Eskom has abandoned its allegation of “pure corruption”.

Deloitte has since confirmed that both Thiru Pillay and Shamal Sivasanker resigned in the wake of the Eskom revelations. The firm has said that the two senior directors “have acknowledged that the events related to the Eskom matter occurred on their watch. They have taken leadership accountability and have withdrawn from the Firm”.

This is the extent of accountability in so many cases where powerful private firms are implicated. Directors and partners quietly exit their firms and if the public is lucky some of the illegitimate fees are paid back, but there is no hard accountability for those responsible. It’s a set-up that ensures the cycle of impunity remains unbroken. Inadequately regulated, these professionals cash in on the feeding frenzy around providing financial and consulting services to the state.

A reckoning for Deloitte?

In its 2019 “Transparency Report”, Deloitte says that it has embarked on a “journey of self-reflection as a firm” as a result of its work at Steinhoff, Tongaat Hulett, African Bank and Eskom. However, despite acknowledging what it calls “gaps” in its processes, and committing to “self-correct”, Deloitte does not acknowledge any wrongdoing; adding that “none of our internal investigations have found evidence of any unethical behaviour, corruption or State Capture on the part of the firm or the partners leading the above-mentioned client engagements”.

In sum, nothing to see here, move on.

Given the cost to the public of the implosions of Steinhoff, Tongaat and African Bank, as well as State Capture at Eskom, this reflection is inadequate. It is essential that the IRBA and the NPA act as required by the law and conduct rigorous investigations into Deloitte’s conduct in these cases. Where there is wrongdoing found, the penalties should be significant enough to provide justice to the public and harsh enough to deter this pattern of wrongdoing.

Deloitte and its peers cannot be trusted to “self-correct”. Only full accountability can change their “irregular” conduct. DM

Open Secrets is a non-profit organisation which exposes and builds accountability for private-sector economic crimes through investigative research, advocacy and the law. Tip-offs for Open Secrets may be submitted here.

Previous articles in the Unaccountable series are:

Unaccountable 00001: Dame Margaret Hodge MP – a very British apartheid profiteer; Unaccountable 00002: Liberty – Profit over Pensioners; 

Unaccountable 00003: Dube Tshidi & The FSCA: Captured Regulator?; 

Unaccountable 00004: Rheinmetall Denel Munition: Murder and mayhem in Yemen; 

Unaccountable 00005:National Conventional Arms Control Committee: handmaiden to human rights abuse?; 

Unaccountable 00006: Nedbank and the Bank of Baroda: Banking on State Capture.

Unaccountable 00007: HSBC – The World’s Oldest Cartel

Unaccountable 00008: FNB and Standard Bank- Estina’s Banks

Unaccountable 00009: McKinsey – Profit over Principle

Unaccountable 00010: Jacob Zuma – Comrade in Arms

Unaccountable 00011: Thales – How to buy a country

Unaccountable 00012: John Bredenkamp – Agent of BAE Systems

Unaccountable 00013: Fana Hlongwane – Agent of BAE Systems

Unaccountable 00014: BAE Systems: (Profit) Before Anything Else

Unaccountable 00015: The BAE Corruption Bombshell