It is not a new issue for due diligence practitioners to grapple with the challenges of getting the auditors to confirm that they are, in fact, actually the auditor of a hedge fund.
The issue for the audit firms is, surprise surprise, liability. The auditors are desperate to navigate around the concept of privity, which basically states that only the parties to a contract have rights and obligations - and can then sue if things turn south.
As such, the auditors sign an engagement letter and contract with the fund as a distinct, individual legal entity. There is no direct contract with the shareholders, collective or individual.
The legal problem arises if an audit firm confirms their relationship with an individual investor - especially (gasp!) if that investor is conducting pre investment due diligence and is not yet actually a shareholder of the fund (we will discuss this issue on the assumption that we are looking at an offshore fund structured as a corporation). Any direct communication with the investor could, it is argued, create a contractual relationship which could then be enforced through a court of law.
As such, what should be a basic, utterly reasonable due diligence step - to confirm a key service provider relationship - can turn out to be slightly more painful than root canal surgery.
In fairness, most auditors outside the Big 4 are eminently reasonable - you can call the partner and get an immediate, verbal confirmation that the auditor has been engaged. Job done in 2 minutes - excellent - and our ongoing appreciation for each audit firm that does adopt this approach.
However, the fun starts with the Big 4. Most auditors will allow investors to confirm with the auditor that that they are, in fact, the auditor in question - upon signature of a quite laughable disclaimer letter under which the investor signs away all rights and obligations.
However, the auditors have yet to agree a standard process and procedures differ by firm, and then by office within each firm. We recently encountered a situation where a specific office of a Big 4 auditor will only provide a letter to the fund's board of directors (who are, needless to say, members of the Cayman "usual suspect" group serving on hundreds of individual boards - as an aside, our new rule is that if a director cannot, from memory, name all the entities they are a director of...then they are not fit to be a director).
This letter is then to be furnished to investors by the manager. However, it goes without saying that, unless investors contact the auditor, they cannot confirm that the letter given to them by the manager is genuine! It is patently ridiculous for an audit firm to expect investors to rely on this type of confirmation especially as (we hope!) an auditor would not rely on a PB statement or other confirmation given to them by the manager during the GAAP audit. Yet investors are meant to be happy with this type of confirmation when they are about to invest tens of millions of dollars into a hedge fund?
However, there is an even bigger issue at play. Even if an investor can get some form of confirmation that the audit relationship is genuine, the auditors will not send a copy of the financial statements direct to the investor because of privity. In most instances, the accounts come from the manager; if the accounts come from the administrator, admins are, in turn, not stepping up to enforce a policy that the financial statements should be given to them by the auditor, not the manager - some do, some don't. Even with the the audit confirmation, therefore, it is still not guaranteed that an investor is looking at a set of genuine accounts.
Clearly, this situation is unacceptable and, if the industry is going to evolve and institutionalize, we need to find a workaround. To that point, we'd like to be a little contrarian and think out of the box.
We recently heard a leading audit partner make the comment that it was surprising and probably unfair that hedge fund investors seem to apply a different standard of care to a hedge fund audit, and certainly have different expectations, than they do when dealing with a public company. This is certainly true - if I hold 100 GE shares, I do not phone up GE's auditor to confirm that the set of accounts I received through the mail are genuine.
However, this perspective goes, in our view, to what is really the heart of the problem. A hedge fund is not a public company, it is not subject to meaningful regulatory oversight, it does not have deep pockets and it does not offer itself to hundreds of thousands of individual shareholders. Instead, a hedge fund is a very small, private entity designed to pool significant assets from a very small number of investors. Very, very few funds have more than a couple of hundred investor relationships - many have less than a couple of dozen.
An audit of that hedge fund is, therefore, disproportionately important to each of those investors as compared to an investor in a Fortune 500 public company. Given the lack of transparency in a pooled hedge fund vehicle, the audit is a key tool to provide confidence that assets actually exist (the audit should have a full confirmation process). The audit also gives some confidence over asset valuation given the auditor's testing (but certainly not independent repricing) of the manager's marks. As such, it is entirely reasonable - and should be entirely expected by hedge fund auditors - that they are playing a different role, and have different functions, than if they are working on the audit of Pfizer.
If you have elected to invest via a managed account and have created your own managed account platform, you get round all of these issues. The investor creates a fund entity to hold the assets, managed by a third party hedge fund manager; the investor appoints the directors of that entity (or may serve him / herself) and the investor - not the manager - appoints the auditor. In this case, the auditor is now clearly working for you and the investor has direct confidence as to the identity of the auditor and the fact that the final financial statements are genuine.
Looking at the current challenge of working with auditors through a commingled hedge fund, this has to be a very material advantage for a managed account structure.
However, let's be really heretical. Do investors in a hedge fund actually need an audit? Or, to be more accurate, do they actually need a GAAP audit?
Would investors not be better with some form of agreed upon procedures engagement which results in the preparation of financial statements presented in accordance with GAAP, but whereby the audit work is conducted in accordance with an AUP engagement letter? In that way, investors (and potential investors) could sign to confirm the adequacy of procedures and thereafter get financial information direct from the auditor. The twist here, of course, is that the auditor is now working for the investor, changing the nature of the relationship.
A heretical idea, we agree. But not as heritical as a state pension plan losing $100 million when it turns out that a hedge fund gave them a fake set of accounts....and Deloitte / PwC / EY / KPMG refused to confirm that they were the auditor of the fund.
Hedge Fund Operational Due Diligence
"Risk Without Reward" is a trademark of Entreprise Castle Hall Alternatives Inc. All Rights Reserved.