Getting to know all about you

Probably the only work of fiction written about auditing is Bruce Marshall’s ‘The Bank Audit’ written in 1958. (Surely time for another one?). The Bank Audit is basically a love story between the dashing heroic auditor of a branch of a British bank based in Paris, where a fraud has been committed – possibly, and a beautiful French woman. In the grand tradition the noble auditor finds the fraud and gets the girl.

In order to audit the bank our hero has to understand how the systems work and what the bank does. Clearly in 1958 life was much simpler – all the records are hand written in big ledgers for a start – but the principle remains the same.

And here we go again. The mighty PricewaterhouseCoopers (‘PwC’) has now been hauled over the coals by the Financial Reporting Council (‘FRC’) this time for their failures in the audit of Wyelands Bank between 2015 and 2019.

In its ruling the FRC stated that the breaches of audit regulation stemmed basically from a common cause namely:

“The failure of the audit team to properly understand the bank’s lending and adequately consider the risks posed by its actual and potential exposure to related parties in the GFG alliance”

The GFG alliance is the Gupta Family Group and Wyeland’s Bank was part of it.

Wyeland’s activities centred around trade finance, primarily invoice discounting. It was estimated that 84% of the bank’s business came from companies in the GFG alliance. Wyeland’s was funded by deposits from around 15,000 UK customers.

The Bank of England’s Prudential Regulation Authority (‘PRA’) had given clear warnings to Wyelands about this concentration of risk.

In its commentary on the case the FRC’s deputy executive counsel said:

“The audit breaches in this case highlight the importance for auditors to have a full understanding of the audited entity and its business.

In this audit the risks around the bank’s membership of and involvement with the GFG Alliance were not properly recognised and considered despite clear warnings to the bank from the PRA”

Well this is fairly basic stuff surely. The ISA’s stress the importance of understanding the client’s business to properly understand audit risk. ISA (UK) 315 is full of comments like that including its title. Related parties have their very own ISA number 550. This failure cost PwC £2.9m and the lead audit partner £33,412. He no longer works for PwC.

This egregious breaches of fairly straightforward audit principles do nothing to enhance the reputation of either the firm in particular or the profession generally.

GFG alliance is now facing investigations from the Serious Fraud Office and it was recently revealed that many of its companies were audited by King & King a two office firm based in London whose creative interpretation of the so called 15% rule – that one client mustn’t form more than 15% of gross practice income – led to an amendment of the FRC’s ethical code in the 2025 revision.

In 2019 none of this was known and maybe, if it had been, PwC would have reviewed its audit risk assessments and acted differently but that’s not the point. The audit rules embodied in the ISAs are clear enough even for the dimmest auditor so this is yet another case which should never have happened.

Don’t want to make the same mistakes? Check out all of out verifiable CPD on audit here!