alphaspirit - Fotolia
The big audit firms are risking conflicts of interest by taking on commissions from the major software suppliers to search out evidence for legal claims against their own clients.
The Sleeping with the enemy report from Cerno Professional Services found that the so-called Big Four audit firms – Ernst & Young (EY), Deloitte, KPMG and PricewaterhouseCoopers (PwC) – maintain and actively promote specialist divisions to run software audits for software providers.
Speaking to Computer Weekly about the findings, Robin Fry, a legal director of Cerno Professional Services, said freedom of information (FoI) requests sent to a number of local authorities found that one in seven of the councils that responded used an auditor which also worked for Microsoft to conduct software audits.
“There are regulatory rules and code for conflict of interest if an auditor is acting for both sides at the same time,” said Fry.
While auditors may well maintain a separation of duties between the auditors conducting statutory audits for organisations and software audits on behalf of software providers, Fry added: “I don’t think these Chinese walls exist.”
In a typical FTSE 100 organisation or public sector body, auditors will have 50 accountants on site. “There is an intense personal relationship between the statutory auditor and corporation,” Fry said, adding that among the problems with a software audit is that it is not a transparent process.
“If software licensing was very clear and it was simply about totting up the users, any shortfall is just an arithmetic decision. You need to be fully licensed, but there are surprisingly many different interpretations of what can be licensed. There is lots of ambiguity in software licensing,” he said.
Fry has passed on his findings to the Competitions and Markets Authority. According to Fry, the rules say that a conflict of interest exists if an independent business person looks at the evidence and concludes that there is a potential for conflict of interest.
However, one auditor Computer Weekly spoke to said the software licence audit work is allowed as per the rules and any potential conflict is managed by the code of ethics set out by the regulator, as well as strict internal rules and processes regarding independence.
“Any work done on software licensing would not be completed by an audit team, but by our consulting practice which is separated from the audit practice by these independence rules and processes,” said the auditor.
Another of the big four, EY, stated: “EY has stringent rules around its client engagement and acceptance procedures and has a global conflicts policy which it strictly follows.”