Ernst & Young made fast work of SmileDirectClub audit

Given SDC's disappointing performance post-IPO, retail investors may have suffered for EY's speed

I wrote here at the Dig on Dec. 3 that Ernst & Young LLP’s audit clients that have IPO’d so far this year appear to be like the citizens of Lake Wobegon — stronger, better-looking, and above average.  

That’s because none of the executives at those companies, including WeWork, disclosed any material weaknesses in internal controls over financial reporting in their S-1s. 

A reader wrote to ask why I had not included Nashville, Tennessee-based SmileDirectClub, ticker symbol SDC on Nasdaq, in my Dec. 3 analysis. This source had seen inside the company and was surprised executives there had not disclosed any issues with its internal controls over financial reporting, or ICFR, that may have been identified by the auditors.  

“I saw quite a few red flags,” they told me.  

SmileDirectClub was not originally included because it had yet to IPO when I originally analyzed data extracted from SEC filings by research firm Audit Analytics for a September 4 story at MarketWatch.

I took a look and it was true: SmileDirect executives had made no disclosures of any ICFR issues.  

That meant EY’s IPO clients were maintaining their perfect record — 0 for 32 —  on management disclosures of any ICFR issues in IPOs up until early September. 

EY’s 2019 audit clients have “immaculate IPOs,” a term coined by the New York Times’ Diana Henriques — author of the Bernie Madoff book, “Wizard of Lies” — on Twitter after my original story.

That’s compared to an average of more than 20% of the audit clients of the other Big 4 firms — Deloitte, KPMG and PwC—who included management disclosures of ICFR weaknesses in their S-1s, based on their own internal assessment or the auditors’ SAS 115 letter. 

It’s even more surprising there were no ICFR weaknesses cited when you consider that SmileDirect had a lot of issues when it went public on September 11. Within a month of the IPO, on October 4, Hindenburg Research published a scathing report saying that the company was “carelessly cutting corners in a field of specialized medicine, putting customer safety at risk.”

The Hindenburg report also highlighted that SmileDirect’s Chairman/CEO had sold the company his private plane a month before the IPO. This wasn’t even the first time the SmileDirect CEO had sold the company an interest in one of his private planes, according to Hindenburg. Hindenburg declined to comment further on the report or any response from the company.

(That’s reminiscent of EY audit client WeWork that leased space in buildings its CEO Adam Neumann partly owns and purchased the trademark on the name "We" from him for $5.9 million. The company also loaned Neumann hundreds of millions of dollars.)

So, it’s pretty amazing that the EY lead audit engagement partner for SmileDirect, Kimberley Ann Holleman out of Ernst & Young’s Nashville, Tennessee office, could complete the audits of two years’ worth of SmileDirect financial statements, including the review of all the accounting policies, related party transactions, disclosures and a going concern analysis, lickety-split to meet the deadline for the highly anticipated IPO.

SDC had dismissed Crowe Horwath LLP on November 8, 2018, after the firm had already signed an apparently perfectly good opinion for 2017. The 2017 Crowe Horwath opinion “did not contain an adverse opinion or a disclaimer or opinion, nor was it qualified or modified as to uncertainty, audit scope or accounting principles,” the company said, and “there were no disagreements with Crowe Horwath on any matter of accounting principles or practices, financial statement disclosure, or auditing scope procedure.”

The company signed up Ernst & Young and Holleman the same day it fired Crowe Horwath. Holleman completed the audit for two years, 2017 and 2018, in six months. She signed the SmileDirect audit opinion for 2017 and 2017 on April 26, 2019.  

It’s even more incredible that Holleman could get this work done so quickly given that, according to EY’s annual filings with the Public Company Accounting Oversight Board, SmileDirect was her fourth lead audit engagement partner assignment for 2018.  Holleman is also ultimately responsible for the audits of Kirkland’s, Inc, Healthstream, Inc, and Tractor Supply Company. 

That’s quite a client variety pack…

SmileDirectClub also had some turnover in financial leadership leading up to the IPO.  A Vice President/Controller, Derek Doyle, lasted less than a year in 2019.  His LinkedIn profile doesn’t specify his start and end months in 2019 but he does say he led the company through the IPO.  He took the job after seven years at a company called Asurion, also in Nashville, most recently as the Regional CFO.  Doyle came to Asurion after 8 years at EY, leaving as a Senior Manager, one step below partner.

Doyle took the job at SmileDirect as the resident C.PA. since the CFO, Kyle Wailes who joined the company in May 2018 is not one. He is an MBA-educated investment banker but had been the CFO at a Nashville company, also audited by EY, called Intermedix that was acquired by R1 RCM, in Feb 2018.  

SmileDirect is currently advertising on LinkedIn for a Financial Planning and Analysis Manager, a job that pays about $100k where it wants 2-4 years of experience in investment banking and/or private equity. 

The company is also looking for a Director of Corporate Communications.  That may be why I did not get a response to my request for comment.

A spokesman for EY declined comment.

SmileDirect has incurred losses since its inception in 2014. At June 30, 2019, there was an accumulated members' deficit of $226.0 million that exceeded its working capital of $184.9 million. Its operations had been financed primarily through net proceeds from the sale of its equity and with debt. The company said it believed that its current liquidity, along with the proceeds of the IPO would be sufficient to meet its projected operating, investing, and debt service requirements for at least the next 12 months. 

As a result, there was no “going concern” warning from the company management or its auditor. EY issued warnings for 10 of the 32 audit clients, or 31.25%, that IPOd through early September of 2019.

Fortunately for SmileDirect its IPO actually happened, unlike WeWork’s that didn't and created a liquidity crisis for that company that it dod not warn investors about. SmileDirect issued and sold 58,537,000 shares of its Class A common stock at a price of $23.00 per share for net proceeds of approximately $1,286 million, net of underwriting discount but before offering expenses of approximately $7.0 million.

Most of the net proceeds, all but about $470 million, were spent to cancel LLC units from pre-IPO investors and others and to fund incentive bonuses.  

Meanwhile, the stock has fallen 65% since it went public on Sept. 12.

Chart source:

The final version of SmileDirect’s S-1, posted September 9—it was Amendment No. 2 of the original filed on August 6— has the usual boilerplate risk factor disclosure for a company that isn’t ready to say anything yet about its ICFR:

As a public company, we will be required to maintain internal control over financial reporting and to report any material weaknesses in such internal controls. In addition, beginning with our second annual report on Form 10-K, we will be required to furnish a report by management on the effectiveness of our internal control over financial reporting, pursuant to Section 404 of the Sarbanes-Oxley Act. 

The risk factor doesn’t say anything about a Sarbanes-Oxley 404(b), an ICFR opinion, from its auditor, Ernst & Young.  

That’s a long way off. 

And, as the company says, “The process of designing, implementing, and testing the internal control over financial reporting required to comply with this obligation is time consuming, costly, and complicated.”

Since SmileDirect is also an Emerging Growth Company under the Jobs Act — WeWork did not qualify as an EGC because its revenue exceeded $1.07 billion— it also gets a pass on quite a few corporate governance, accounting and audit-related safeguards for retail investors.

In its S-1 risk factors the company says:

We qualify as an "emerging growth company," as defined in the JOBS Act. For so long as we remain an emerging growth company, we are permitted and plan to rely on exemptions from certain disclosure requirements that are applicable to public companies that are not emerging growth companies. 

These provisions include, but are not limited to: 

·      Being permitted to have only two years of audited financial statements and only two years of related selected financial data and management's discussion and analysis of financial condition and results of operations disclosure; 

·      An exemption from compliance with the auditor attestation requirement in the assessment of our internal control over financial reporting pursuant to Section 404 of the Sarbanes-Oxley Act; not being required to comply with any requirement that may be adopted by the PCAOB regarding mandatory audit firm rotation or a supplement to the auditor's report providing additional information about the audit and the financial statements;

·      Reduced disclosure obligations regarding executive compensation arrangements in our periodic reports, registration statements, and proxy statements; and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. 

In addition, the JOBS Act permits emerging growth companies to take advantage of an extended transition period to comply with new or revised accounting standards applicable to public companies. 

The SEC’s Corporation Finance accountants wrote four letters to the company before approving its prospectus commenting on a multitude of issues it had with the draft prospectus and, generally, getting the company to add more disclosure about quite a few things.

For example, the SEC noted that the company’s “SmilePay” financing option does not require a credit check and that the company had not disclosed the delinquency rate. The company added a delinquency rate but said there had been no significant subsequent reductions in revenue after the transaction date as a result of the lose credit standards.

Skeptical, the SEC asked the company to provide the delinquency rate and resulting revenue reduction for each period presented, and discuss any delinquency rate volatility or unpredictability in recent years. 

The company had also disclosed that David Katzman, its chief executive officer, does double-duty as a consultant and provides services to several entities on behalf of Camelot Venture Group where he and certain other members of the dominant SmileDirect voting group are affiliated.

The SEC asked the company to revise its disclosures to discuss its procedures for addressing potential conflicts of interest. Specifically the SEC asked for the company to provide an appropriate risk factor to disclose the number of hours per week that he devotes to SmileDirect operations and to address the limitations on the time and attention that he is able to devote to the company, any potential conflicts of interest faced by him as a result of such activity, and any procedures for addressing potential conflicts of interest. 

The SEC also asked the company to provide a risk factor disclosure that highlights the fact that its dual class structure could inhibit its inclusion in certain stock market indices, and thus adversely affect share price and liquidity. 

SmileDirect is also what’s called a “controlled company” within the meaning of the corporate governance standards of NASDAQ, where it lists its shares, because more than 50% of the voting power in the election of its directors is held by an individual, group, or another company. The New York Stock Exchange has a similar election available to companies listed there.

A "controlled company" may elect not to comply with certain corporate governance requirements, including the requirements that, within one year of the date of the listing of its stock: 

·      A majority of its board of directors consists of "independent directors," as defined under the rules of the exchange, 

·      The board of directors has a compensation committee that is composed entirely of independent directors with a written charter addressing the committee's purpose and responsibilities, and 

·      The board of directors has a nominating and corporate governance committee that is composed entirely of independent directors with a written charter addressing the committee's purpose and responsibilities. 

This is an election a company can make but not all do despite the lopsided voting power. For example, Facebook, which is controlled by Mark Zuckerberg, makes the election. Berkshire Hathaway, despite being controlled by Warren Buffett, does not.

SmileDirect says that for at least some period following the offering, it intends to utilize these exemptions. As a result, other than the audit committee, the majority of its directors are not independent. 

However, EGC status and a “controlled company” election does not eliminate the requirement for the company’s management to conduct an annual evaluation of the operational effectiveness of its ICFR with documentation of both the controls and the mandated testing of those controls, and to report the results publicly in its annual report on Form 10-K by its second year as a public company. 

The exemptions also don’t excuse EY, its auditor to make SmileDirect management aware of any internal control issues come to its attention during its audit of the financial statements and preparation of its opinion that are included in an S-1 and for the company to disclose them off they are told about them. That’s why on an average more than 20% of the audit clients of the other Big 4 firms — Deloitte, KPMG and PwC—included management disclosures of ICFR weaknesses in their S-1s, likely based on their auditors’ SAS 115 letter. 

EY is required under AICPA accounting standards to prepare a SAS 115 letter addressed to company management to describe any of these issues if they encounter them.

"Deficiencies identified during the audit that upon evaluation are considered significant deficiencies or material weaknesses under this section should be communicated, in writing, to management and those charged with governance as a part of each audit, including significant deficiencies and material weaknesses that were communicated to management and those charged with governance in previous audits and have not yet been remediated.”

SmileDirect is taking advantage of every exemption available to avoid many of the audit and corporate governance requirements of public companies. When its pass as an EGC is up either in five years or when it gets a bit bigger, it won’t be soon enough to help retail investors who bought in the IPO at $23 only to see the shares tank to $8 last Friday. 

Companies like SmileDirect are why the SEC’s rules regarding audit and corporate governance requirements should be tightened not relaxed.

Instead, Jay Clayton, Chairman of the Securities and Exchange Commission, told an audience of accounting and audit professionals at a conference in Washington DC earlier this month that he’s inclined to further relax rules for EGCs regarding auditor opinions on internal controls over financial reporting. The SEC has already proposed the changes to the “accelerated filer” definition that would reduce the number of companies subject to the SOX 404(b) auditor attestation requirement.

“We’ve talked to a lot of stakeholders about this and there are very few who see that adding [an auditors opinion on ICFR] after five years of audits, five years of 404(a) and five years of an independent audit committee is something that drives investor value,” Clayton told the audience on Dec. 9.

Clayton, however, has already been caught counting on the opinions of “stakeholders” who turned out to be flim-flam men.

Clayton told the audience this further erosion of the post-Enron and Arthur Andersen Sarbanes-Oxley law is in its “final rule stage.”