The Financial Reporting Council (FRC) has issued a report in respect of Grant Thornton’s audit of Patisserie, the failed restaurant chain chaired by Luke Johnson. The FRC is the UK’s accounting watchdog, looking at corporate reporting in the FTSE 350 and monitoring auditors’ performance.
Grant Thornton has been fined £4m, reduced to £2.31m for “early admission” and “exceptional co-operation”. The report states that the auditor failed to conduct proper testing in respect of revenue, cash, fixed asset additions and journal entries (this last being a technical accounting term for adjustments made to the financial records when the accounts are drawn up). Some of the examples in the report are extreme, as I shall explain below. Interestingly, the report concludes that the sanctions against the auditor would be imposed even if there had been no fraud.
Those sanctions are woefully inadequate in my view. Grant Thornton has been fined four times in the last four years and each fine has been discounted. This latest is less than the highest paid partner’s pay. That doesn’t seem a great deterrent.
What the auditor missed
The FRC summarised the issues clearly.
- The auditor failed to question large voucher sales just ahead of the year end date – three-quarters of the annual revenue from vouchers from a third-party company was received in one payment, three days before the year-end.
- Failings in the audit of cash and bank accounts included failure to investigate activity on reactivated “dormant” accounts; mistaking a £4m overdraft facility for a £4m overdraft; and failing to investigate properly lodgements after the year end recognised as cash in the year – over £30m over three years, which compares with reported earnings of £41m.
- Year-end accounting adjustments, known as journal entries, were not properly tested and the auditor used inappropriate selection criteria for that testing, resulting in entries being left untested and inconsistencies arising from testing unexplained.
- Motor vehicles were left as nil as they were incorrectly classified as plant and other categorisation errors were not challenged. Some £2m of additions to assets were not correctly classified. The company spent £25m on additions in the period so this is significant, albeit less damaging than some of the other disclosures.
It’s worth explaining this in a little more detail, to understand better exactly what the auditor missed (or skip to What the Report Omits below).
Wholesale revenues involved huge sums being received before year-end, as per the pattern in the chart, yet these were not investigated:
More income was received at the end of September than throughout the whole of the rest of the year for a number of customers. This is a higher skew than a retailer at Christmas, yet the sales of cakes and croissants are only mildly seasonal.
Receipts from one company cover 13 months not 12 and the final five items (54 per cent of the annual revenue) were invoiced post the year-end. They represent vouchers for 218k afternoon teas, although only 125k were sold via the company that year. The report notes that one of the October invoices had a different font and format and was missing the logo and website. I don’t want to be unsympathetic, as an auditor can of course be deceived by a skilled fraudster, but this sounds extremely amateurish.
The auditor relied (as is normal) on management to give a complete list of bank accounts, but then failed to challenge management about information received from Patisserie’s banks that suggested that the list supplied was incomplete.
“…there were 19 separate instances of bank accounts being included in bank confirmation letters but not listed in the audit lead schedules that GT used to audit bank account balances”. The whole point of confirming with the bank is to check the accounts! The auditor also failed to obtain transaction listings and reconciliations of all the bank accounts.
Some £0.5m was added to cash apparently because of remittances from customers in transit. The FRC is critical of the documents provided which had dubious provenance, and about this question of cut-off: for example it states “five lodgements recorded as reconciling items in the Patisserie Valerie Holdings’ Bank A account had posting dates of 4 October 2016. These were for large sums, each between £445,000 and £831,994.” It appears that a number of transactions were recorded in the wrong year – this is a critical error which should be a core audit check.
The FRC also cites three “refunds of business rates” on the last days of the year, which had unusual features including:
- “one did not refer to the period to which the refund related;
- another looked like an invoice (including attaching a bank payment slip, and wording “This notice requires you to pay business rates for the above property”); and
- the amounts were relatively large (ranging from £42.5k to £68k, amounting to large portions of the year’s rates for the relevant properties).”
The report also explains that the audit team relied on Excel spreadsheets rather than bank statements:
Reconciling items were unduly large:
Reconciling Items Year end cash
2015 3,018 6,094
2016 17,312 13,273
2017 11,110 21,526
The FRC report makes extensive reference to the nature of reconciling items which the auditor did not investigate properly. I particularly enjoyed this comment in the report:
These two payments represented £300k or 8 per cent of that subsidiary’s sales of £3.7m. It’s obvious that the cash balance, which is the easiest number to audit (a task usually given to the most junior member of the audit team) was not properly investigated. I wish the FRC report had explained that after misreading a £4m facility as an overdraft, why the auditor did not work out that their cash balance was £4m lower than the company’s and then trace why this difference had occurred.
The final category is fixed assets. Although the company had a balance on motor vehicles at end-2015 and spent £1.6m on the category in 2017 (18 per cent of the total capex), the assets were recorded as plant. There were other mistaken categorisations but for a car or van, an auditor would usually:
- check the registration numbers to ensure that the car or van existed
- check that road tax had been purchased for the vehicle
- check that it was insured
The principle is that these checks confirm that the expenses are accurate as well as the asset. The auditor reviewed the invoices but did not query that there was no VIN number or specification.
What the report omits
The FRC’s report naturally focuses on the failures of specific audit tests, but the auditor missed a fundamental point, in my view. A skilled analyst could assess in 15 minutes that the Patisserie Valerie accounts were not accurate. Now you might argue that you cannot expect the auditor to have the skills of an expert forensic accountant, but you did not need to be an expert. Consider that
- a fund manager at a large institution told me that he could not understand the Patisserie Valerie margins and decided not to invest.
- a portfolio manager at another boutique told me that a friend who owned a small chain of cafes asked him why the Patisserie Valerie fraud had not been detected many months before things turned sour. People in the industry did not believe the reported numbers.
I would expect that an audit partner on a restaurant chain would have other restaurant chain clients or be in contact with competing chains, industry experts and similar commentators.
This did not require detailed forensic skills – it was obvious. As I explain in my YouTube video on the subject, the margins which Patisserie claimed, at one point above those of Starbucks and continuing close to their level, made no sense. Starbucks is much larger, hugely efficient, mainly sells coffee, and sells much of its product to take away. In contrast, Patisserie Valerie sells cakes (a much lower gross margin product with a high level of wastage), sells little to take away and as a much smaller business, the costs of being a quoted company would be a much larger drag. Patisserie Valerie’s lower takeout sales are critical, as the two largest costs in a restaurant are labour and rent; the more takeout sales, the higher the margin.
If you bothered to look further (which I did primarily for training purposes), you would discover many more anomalies – for example its inventory was 20 times that of a peer, but its revenues were only three times larger. There are other similar oddities which in my view a thorough auditor should have spotted and questioned. Yes, the auditor failed to carry out the audit tests diligently (or at all, in some cases) and has rightly been reprimanded. But there is a wider question which all the commentary is missing, on this case, other frauds and more generally – see the conclusion below.
There are different schools of thought on sanctions. In my view, if the fines are big enough, the auditors are more likely to pay attention and increase their effectiveness. But the problem then is that the big four audit firms are, well, very large companies. Meaningful fines would increase their insurance rates and the price of audits would have to rise - is that ultimately in investors’ best interests? My view is that fines should be meaningful; partners should be fearful of them, not to the extent of cancelling their kids’ Christmas, but enough that they feel a serious dent in their wallet.
The company will have to report remedial action and progress to the FRC annually for the next three years and take action on checking bank and cash. The FRC stated that the breaches of the rules were “serious”, “numerous”, “pervasive”, and “basic and fundamental”. “The breaches include repeated failures to scrutinise documents and information and challenge management or properly investigate numerous matters calling out for investigation”. At least “the breaches were not dishonest, deliberate or reckless”.
Although Grant Thornton has been fined £3m, £0.65m, £4m and £3.5m in the last four years for various infractions, three of them Serious Reprimands, all of them have been discounted.
A criminal who offends repeatedly might expect increased sentences. But this audit firm still gets a discount on its fines – that has saved it over £5m since 2017 on total fines of £15m. Should repeated offenders receive discounts? Perhaps for co-operation, but surely not at the same level as a first time offender?
The Grant Thornton audit partner responsible for the Patisserie Holdings audit has been banned from signing audit reports for three years and fined £150k, reduced to £88k for “exceptional co-operation”. Three years of unacceptable audits, yet his fine is <£30k pa or c.7 per cent of the average partner pay over that period. I don’t know that larger fines would necessarily achieve a higher level of audit quality. And I believe that most audit partners want to do a conscientious job and are concerned at the risk of fraud or of being found to have done a bad job. But if you have under 10 per cent of your gross pay at risk, there doesn’t seem to be much of a financial deterrent.
Is the audit fit for purpose in the 21st century? In my view, the answer is no. Audit firms need to take action to protect themselves and more importantly investors against future occurrences. They should start with proper training – auditors need to be trained to carry out simple analysis and until they are, investors will continue to be at risk.
I commend the FRC which has been doing an outstanding job and has produced an excellent report. The UK, however, should surely be at the forefront of quality assurance in professional services. We have a long way to go to achieve that and we need a better plan to get there.