Rebel A. Cole DePaul University / U.S. IRS Drew Dahl Utah State University / U.S. Treasury Dept. Presentation for the 2014 Annual Meetings of the Midwest Finance Association Orlando, FL March 6, 2014

Summary  We examine the decision of a bank to hire an external auditor and the decision of a bank regulator to close a bank.  In univariate tests, we find that audited banks failed at 3X the rate of unaudited banks.  Using a bivariate probit model to control for endogeneity of the audit decision, we also find that this disparity disappears once we control for differences in ex ante and ex post measures of risk.  However, we find no evidence that external audit reduces the probability of failure; in fact, we find no significant effect.

Summary  From this evidence, we conclude that the incidence of external audit has no impact on the likelihood of bank failure.  In contrast, our evidence supports our hypothesis that high- risk managers choose to be audited in order to benefit from the certification effect of audits.  Being subject to external audit enables high-risk bank managers to push back against regulators who question their high-risk asset and liability portfolios.  Our findings with respect to the determinants of audit and failure are generally consistent with the extant literature on these two topics.  More complex firms are more likely to choose to be audited.  CAMEL proxies explain the likelihood of bank failure.

Introduction  There are widespread beliefs that bank external auditors:  enhance market confidence,  improve the quality of information relied on by banking supervisors,  mitigate internal control weaknesses,  identify problems unknown to supervisors and help correct them  U.S. General Accounting Office (GAO),  Basel Committee of Bank Supervision (BCBS),  Commercial Bank Examination Manual,  Such beliefs have been confirmed, to varying degree, in studies by Dahl et al. (1998) and Gunther and Moore (2003) indicating that auditors affect discretionary accounting decisions in banking.

Introduction  Yet bank failures during the recent financial crisis raise questions concerning external auditing practices in the banking industry.  Why did auditor reports issued in early 2009 on financial institutions receiving government bailouts fail to contain any “red flags” when compared to the very same audit reports in 2006, at the peak of the business cycle (U.S. Senate, 2011)?  Did audit inadequacies play a role in the inability of regulators to mitigate bank risk in a timely manner during the crisis period (FRB, 2011)?

Introduction  In this study, we shed new light on this issue.  We examine whether the incidence of external audit affects the likelihood of bank failure.  The only previous study of bank audit and failure (Jin et al. JBF 2010) examines the intensity of audit.  Are banks audited by bank specialists?  They find that banks audited by specialists are significantly less likely to fail.  However, that study is riven by methodological problems that render its findings meaningless.

Data: Sources  Our bank data come from two sources.  Failure data come from the FDIC’s website.  Audit status and financial data from the U.S. FFIEC, which collects quarterly financial data on all U.S. banks on behalf of the three primary regulators (FDIC, FRB, and OCC).  These financial data are available quarterly from 1980 – 2010 from the FRB-Chicago website.  We focus on year-end data.

Data: Explanatory Variables  The explanatory variables we create for inclusion in our audit and failure models follow the existing literatures on audits and failures.  The incidence of bank audit is modeled as a function of firm complexity.  The likelihood of bank failure is modeled as a function of proxies for the regulatory CAMELS component ratings.

Data: Explanatory Variables AUDIT_1_2 i,t = a 0 + a 1 LNSIZE i,t-1 + a 2 LNAGE i,t-1 + a 3 SCORP i,t-1 + a 4 PUBLIC i,t-1 + a 5 FFE_EXP i,t-1 + a 6 TTE i,t-1 + a 7 TLGROWTH i,t-1 + a 8 GOODWILL i,t-1 + a 9 INSIDER i,t-1 + e i,t FAILURE,t+1 = a 0 + a 1 AUDIT_1_2 i,t + a 2 TTE i,t + a 3 LLR i,t + a 4 NPA i,t + a 5 ROA i,t + a 6 SEC i,t + a 7 RECOM i,t + a 8 RECON i,t + a 9 BD i,t + e i,t

Data: Bank Audit Status  Banks with $500 million or more in total assets are required to be externally audited.  Banks with less than $500 million in assets are encouraged, but not required to be externally audited.  In practice, about 1 in 3 small banks choose not to hire an external auditor.

Data: Bank Audit Status  (1) independent audit of the bank conducted in accordance with generally accepted auditing standards by a certified public accounting firm which submits a report on the bank;  (2) independent audit of the bank’s parent holding company conducted in accordance with generally accepted auditing standards by a certified public accounting firm which submits a report on the consolidated holding company (but not on the bank separately);  (3) attestation on bank management’s assertion on the effectiveness of the bank’s internal control over financial reporting by a certified public accounting firm;  (4) director’s examination of the bank conducted in accordance with generally accepted auditing standards by a certified public accounting firm;  (5) director’s examination of the bank performed by other external auditors;  (6) review of the bank’s financial statements by external auditors;  (7) compilation of the bank’s financial statements by external auditors;  (8) other audit procedures; and  (9) no external audit work.

Data: Bank Audit Status  We combine (1) and (2) into a classification for being externally audited.  We combine (3) – (9) into a classification for not being externally audited.  These two classification define our audit status variables AUDIT_1_2 and ZEROAUDIT.  We collect annual audit status as of 2005 – 2008 and classify a bank as audited if it reports classification 1 or 2 during any of these four years.  In practice, very few banks change audit status.

Data: Bank Failure Status  We classify banks that were closed by their primary regulator during 2009 as failures.  We also classify banks that reported year-end 2009 NPLs greater than 200% of equity as failures.  We classify all remaining banks as survivors.  We only include in our analysis banks with less than $500 million in assets as of year-end  We collect our explanatory variable for our failure model as of year-end 2008.

Data: Endogeneity of Audit and Failure  One important issue we face is the endogeneity of bank audit and failure:  Small banks receiving a composite CAMELS rating of 4 or 5 (the two worst rating, indicating serious problems) must hire an external auditor.  This induces a positive correlation between audit and subsequent failure.

Data: Endogeneity of Audit and Failure  We deal with this potential endogeneity using two approaches:  First, we employ the bivariate probit methodology,  This enables us to jointly model the bank audit decision and regulatory closure decision.  The methodology controls for endogeneity of failure and audit by ensuring that the error terms in the two equations are uncorrelated.  [See Wooldridge (2002), pp ]

Data: Endogeneity of Audit and Failure  Second, we lag our classification of audit status by up to four years—back to 2005—in our model of 2009 failure.  It is unlikely that audit status in 2005 is correlated with incidence of failure in  Moreover, only 52 banks were rated CAMEL 4 or 5 back in 2005—the smallest number in 36 years—and no banks failed in 2005 or  However, we do not know their identity because CAMELS are confidential, so we cannot exclude them.

Univariate Results: Descriptive Statistics by Audit Status

Univariate Results: Descriptive Statistics by Failure Status

Multivariate Results: Bivariate Probit ZEROAUDIT Eq.

Multivariate Results: Bivariate Probit FAILURE Eq.

Summary & Conclusions  Our purpose has been to explain the apparent paradox by which auditors are thought to constrain risk-taking by banks, yet during the recent financial crisis, audited banks were 3x more times likely to fail than unaudited banks.  We analyze a sample of 5,568 small commercial banks, of which 3,630 were audited and 1,938 were unaudited; and of which 174 failed and 5,394 survived.

Summary & Conclusions  We find that a strong and positive relation between incidence of audit and likelihood of failure disappears once we control for bank risk- taking.  Specifically, we find that adding controls for CRE lending, C&D lending, and brokered-deposit funding to a simple CAMELS-based model renders the incidence of audit insignificant in explaining failure.

Summary & Conclusions  This supports our hypothesis that high-risk managers choose to be audited in order to obtain “certification” benefits, and is at odds with our hypothesis that audits reduce bank risk-taking.  Our results conflict with those of Jin et al. (2010), who conclude that auditors are better able to “constrain the tendency…to engage in aggressive reporting or fraud.”  Our results also conflict with the belief that auditors can help identify, and mitigate, incipient financial problems.