It's a rotten idea to fold the U.S. audit industry regulator into the SEC

That's because SEC is part of the problem with auditing, not the potential solution

I’ve authored an opinion piece, “Weakening the oversight of US auditing is a very bad idea,”published February 17 by the Financial Times.

The column says the PCAOB, created by the Sarbanes-Oxley Act of 2002 in response to the Enron failure and the collapse of its auditor Arthur Andersen, “has not been the most effective regulator, it must be said.”

That’s a significant understatement, although it’s not for want of trying by a lot of very good people over the last 18 years.

On the PCAOB’s watch since 2002, the auditing profession has continued to miss the forest of fraud for the trees of mechanical pencils ticking and tying checklists and spreadsheets in an anal retentive attempt to prove they’re doing something, anything, for the billions of fees paid ostensibly to protect investors in public corporations.

The Big Four firms, and next tier firms like BDO and Grant Thornton, have repeatedly had to settle billions in claims that they failed to catch fraud and material misstatements that wrecked shareholder value just since 2002.

I mention Bear Stearns, Lehman Brothers and MF Global in the FT column, but you can add many others like JP Morgan’s London Whale scandal, the Taylor Bean & Whitaker fraud and more around the world that cross borders, and use Big 4 global networks of firms that include those in the U.S. and U.K.. The multinational M&A transactions and audit engagements often suck in more than one firm. For example, the HP-Autonomy scandal tainted all of the Big 4.

Just look at Petrobras in Brazil, Centro in Australia, Satyam in India, 1MDB in Malaysia, Carillion and Patisserie Valerie in the UK, and KPMG’s mess with the Guptas in South Africa.

In 2018, a federal judge said PwC’s auditing of Colonial Bank was so negligent that it missed a massive fraud and that PwC should pay $625m to the Federal Deposit Insurance Corporation, which stepped in to protect depositors. The two sides eventually settled for $335m, likely after pressure on the new Trump administration appointed FDIC chairman from PwC, anxious to get the damages down to a more manageable size.

Last year KPMG was fined $50m for altering audits after receiving tipoffs on impending inspections by the PCAOB.

Largest SEC fine is small compared with other punishments

This latest fine ties the largest ever imposed by the SEC on an audit firm, but is dwarfed by other recent fines and settlements absorbed by audit firms with no hiccup.

In 2003, KPMG and five of its partners — including the head of the firm’s department of professional practice — paid a $22 million fine in connection with the 1997-2000 audits of Xerox Corp. That same month, the SEC announced that Deloitte & Touche LLP would pay $50 million — the largest fine the SEC had ever obtained from an audit firm at that time — to settle charges stemming from its year 2000 audit of Adelphia Communications Corp.

The Justice Department fined Deloitte $149.5 million in early 2018 for allegations of False Claims Act violations related to its audit of bankrupt mortgage issuer Taylor Bean & Whitaker, despite no criminal complaint filed. It’s one of the largest audit-related fines, settlements or damages awards ever against an audit firm but got very little media coverage.

I actually thought that the Colonial case, in particular, might stop the audit firms incorrect but always ready excuse for missing the boat, once and for all: “The audit is not designed to detect fraud.”

Get 20% off for 1 year

Eliminating an independent audit regulator, rather than re-dedicating it to a broader and stronger focus on investor protection and transparency, is as if having impeached the industry in 2002 based on overwhelming evidence of wrongdoing, we’re now acquitting it of all charges in 2020 because we’ve given up trying to tame the bad boys.

There’s plenty of evidence the Big 4 firms and their trade association, the AICPA and its lobbying arm the CAQ, have never stopped lobbying Congress and the SEC to relax auditor independence rules that prohibit them from providing many consulting services to audit clients. They’ve also all tried to quash any additional legislation that requires more transparency about disciplinary and enforcement proceedings against the firms and their professionals.

Politicians will capitulate to the largest global audit firms if they implement this proposal, giving them what they have wanted since 2002— a return to laissez faire self-regulation, so they can expand their scope of services and do more lucrative consulting for all clients rather than just commodity priced-audit work.

If granted this acquittal the Big 4 global auditors will definitely operate with even more impunity going forward than they are now.

Which is saying a lot…

I am very consistent on this subject. That’s because SOx is a very good, well-intentioned law that could have made a big difference but it is barely enforced.

I said it in 2011 in Boston Review.

In a recent New Yorker profile that focused on the Galleon insider-trading case, Preet Bharara, the U.S. Attorney for the Southern District of New York, discusses the obstacles to civil and criminal enforcement of fraud and securities laws since the 2008 financial crisis. He could have mentioned the clear evidence that U.S. Attorney’s offices have been short of funds and understaffed. But he doesn’t. Instead, Bharara cites the difficulty of prosecuting anyone when the case is complicated by the “blame game”—that is, when executives and their attorneys, bankers, and auditors point fingers at each other to excuse material misstatements and inadequate disclosures.

Bharara’s remarks are telling. Sarbanes-Oxley provides several ways to prosecute executives, board members, and their lawyers, auditors, and bankers on a civil and criminal basis in the event of fraud, material misstatement, or inadequate disclosure that harms investors. But Bharara, for one, has chosen not to take advantage of them.

And I said it eight years ago, again, in the FT.

“Today is the 10th anniversary of the Sarbanes-Oxley Act, which was enacted by Congress “to enhance corporate responsibility, enhance financial disclosures and combat corporate and accounting fraud”. It has failed. Most importantly, Sarbox has not restored investor confidence in audit companies after Arthur Andersen’s failure to mitigate fraud at Enron.”

It’s not going to be possible to simply absorb an independent not-for-profit corporation into the SEC, experts in how the SOX law was crafted tell me. The SEC already has significant authority over the agency and ultimate oversight responsibility but has neglected, by design or default, its responsibility to provide oversight of the PCAOB.

The SEC has even actively undermined the PCAOB.

In December 2015 Charles Levinson of Reuters wrote a story about the conflict between the SEC and PCAOB, with the Big 4 accounting firm leaders playing a supporting role as a critical chorus. 

Levinson documented several lurid, embarrassing, and highly personal jabs at Jim Doty, the former PCAOB chairman, by those in and out of the SEC.

Doty’s efforts have floundered, in large part because Schnurr’s office has used its oversight powers to block, weaken and delay them, according to a dozen current and former SEC and PCAOB officials. Schnurr’s staff has also campaigned to have Doty removed from office, these people said…

Some Big Four accounting firm officials, meanwhile, say the tensions with the PCAOB stem from turf battles and personality clashes and aren’t part of any industry effort to undermine a tough watchdog. The Big Four say they don’t oppose regulations that improve standards, but believe the PCAOB would be more effective if it pushed rules focused on the nuts and bolts of auditing…

The PCAOB began aggressive yearly inspections of audits by U.S. accounting firms and published its findings in lengthy reports for each firm. It was a dramatic change from the pre-Enron days, when big firms chummily policed each other through an industry-run self-regulator.

“Many thought this new regulator was behaving a little aggressive,” said a former Deloitte partner…

For months, Doty negotiations with Beswick and Croteau went nowhere. Tensions came to a head at Doty’s 8th floor corner office in the PCAOB headquarters on Farragut Square in Washington, D.C. Doty told the SEC’s Croteau that he was carrying water for the Big Four, according to a person close to Doty and Croteau. Croteau and his staff stormed out.

In a subsequent meeting, Beswick urged Doty to focus on less-controversial rules. Doty told Beswick that he was so biased in favor of the accounting industry that he had no business serving as chief accountant and that he should resign, according to a person briefed on the meeting.

Beswick has since resumed his partnership at Ernst & Young….

Brian Croteau returned to being a partner at PwC in November 2016 after 6 1/2 years at the SEC.

Wes Bricker, the SEC’s former chief accountant who was responsible for supervising the PCAOB, testified for the prosecution at the criminal trial of two of the KPMG/PCAOB scandal defendants. Bricker admitted that the SEC had learned late it had missed issues a PCAOB inspection report flagged in the Lehman Brothers audit for 2008.

And why didn’t the SEC wonder how KPMG made sudden, unnatural improvements in its inspection quality after years of lagging behind the other three big firms? And why didn’t the SEC know KPMG had hired secretive data analysis firm Palantir to build a model using stolen regulatory data that would predict regulatory inspection selections?

Wes Bricker moved directly last year from the SEC to a job as Vice Chairman at PwC, responsible for its audit practice in the U.S. and Mexico. I’ve also heard from sources that Kyle Moffatt, who’s been leading the disclosure review program at the SEC and serves as the SEC’s Corporation Finance Division Chief Accountant, will soon join Bricker at PwC.

But it’s not just the revolving door between the SEC, the PCAOB and the audit firms that makes strong regulatory enforcement actions against them infrequent. The biggest reason the SEC, and the PCAOB, pulls their punches with the Big 4 is the overwhelming fear of being responsible for putting another big firm out of business after Arthur Andersen. 

That’s why SEC Chairman Jay Clayton rushed in 2018 to reassure markets when he announced the civil charges against KPMG for the PCAOB scandal. He said the SEC’s actions against the KPMG partners would not “adversely affect the ability of SEC registrants to continue to use audit reports issued by KPMG in filings with the Commission or for investors to rely upon those required reports.”

Clayton apparently based his assertion, according to his statement, on “discussions with the SEC staff,” the ones revolving back to the Big 4 now, rather than a complete forensic audit of all companies whose audits KPMG partners tampered with based on stolen notice of the inspections.

© Francine McKenna, The Digging Company LLC, 2020

Share The Dig