From the Observer today, commenting on the failure of Dutch / Belgian bank Fortis:
Fortis's accounts were jointly audited by KPMG and PricewaterhouseCoopers - two of the big four practices. They have received audit fees running into tens of millions. But they seemingly failed to give investors an indication that Fortis was heading for severe problems.
'The basis of an audit is the assessment of risk,' said forensic accountant Richard Murphy. 'These people, I believe, fundamentally failed to assess risk. They were responsible. That's what their job was. They didn't do it. We have to look at different audit systems for the future [and in the UK] the National Audit Office should now be protecting the taxpayers' investments in banks. We can't rely on the big four.'
Auditors at Bradford & Bingley, Northern Rock and a host of other institutions [also] failed to sound the alarm over the significant risks in these businesses.
KPMG and PricewaterhouseCoopers prefer not to discuss Fortis's case, though representatives say it is unfair to pin the blame for destruction of global firms solely on them. They argue that credit rating agencies who gave 'Triple A' assessments of sub-prime bonds, and regulators who failed to bear down on over-leveraged institutions, must also share responsibility.
Two things follows:
1) KPMG et al say they audited within the rules, i.e. they confirmed 'market value', but what they do not say is they set the rules, and they were also responsible for suspending the previous rule that required a 'true and fair over-ride' meaning that the auditor had to do more than follow the rules.
2) There is no future for those who set the rules wrong. the Big 4 did that. Amongst the money things we'll have to get right are new rules for auditing, as well as accounting. But in the meantime I cannot see who but the National Audit Office (with all its faults) that can protect HMG's investments in banks.