The PCAOB has a new board. Time to get to work!

There's a lot to do to restore credibility to a regulator badly damaged internally and externally by the most egregious scandal ever to hit the accounting industry.

On November 8 the SEC announced the appointments of four new board members for the PCAOB and the decision to allow the one remaining board member from the disastrous Duhnke era, Duane DesParte, to serve out his remaining term.

DesParte had been serving as the acting Chairperson ever since SEC Chair Gary Gensler unceremoniously dumped Duhnke in June. DesPartes has been a party of one at the PCAOB since the resignations of the last remaining Duhnke appointees, Megan Zeitsman and Rebekah Goshorn Jurata, who stepped down October,

Gensler has now anointed Erica Y. Williams, a former SEC Deputy Chief of Staff to three former SEC Chairs and Assistant Chief Litigation Counsel in the SEC’s Division of Enforcement trial unit, to be Chairperson. She joins the PCAOB from Kirkland & Ellis LLP, where she is a litigation partner who focused on corporate investigations and corporate compliance.

Williams, Christina Ho, and Anthony C. Thompson will be the first people of color to serve on the five-person board since its founding, the SEC told the Wall Street Journal. Ho is a former Treasury Department official who most recently worked at Elder Research and Thompson is currently chief administrative officer of the Commodity Futures Trading Commission, where Gensler was formerly Chairman. Filling out the roster is Kara Stein, who served as a Democratic SEC commissioner from 2013 to 2019.

Ho is the first new member to be sworn in. She took the oath on November 9.

Now that we’ve got a full board, I hope they will get to work quickly. There is a lot to do to restore credibility to a regulator badly damaged internally and externally by the most egregious scandal — and that is saying a lot — ever to hit the accounting industry.

The KPMG-PCAOB scandal that we all first learned about in April 2017 was a self-inflicted wound, one inflicted on the industry by KPMG and PCAOB professionals themselves, rather than as a result of missing a fraud or scandal at a public company. The KPMG-PCAOB regulatory data theft scandal represents an unprecedented legal and ethical breakdown at one of the largest global audit firms, and an internal controls and compliance breakdown at the PCAOB, its regulator.

Ethical and professional norms at both organizations collapsed. PCAOB professionals acted criminally and corruptly in cooperation with the leadership of KPMG’s audit practice and multiple professionals at the firm.

On April 11, 2017, KPMG had announced in a press release that its internal investigation had determined that six individuals in its audit practice, including the leader of the audit practice Scott Marcello, four other partners, and one employee, had violated the firm’s Code of Conduct by taking advantage of inappropriate advance access to regulatory inspection data. No one from the SEC or PCAOB made any public comment at the time of  KPMG’s announcement.

In mid-December 2017, in between the KPMG announcement and the DOJ/SEC announcement, Jay Clayton fired the PCAOB board and installed a political ally, William Duhnke, as Chairman. His tenure was a disaster in many ways, but we did not know then that the dramatic move was, at least in part, a response to a massive criminal conspiracy the board had presided over.

A month later, on January 23, 2018, the United States Attorney for the Southern District of New York indicted four KPMG partners, one KPMG Director, and one PCAOB professional, charging them with conspiracy and wire fraud in connection with the scheme. The SEC also brought civil enforcement charges against all defendants on the same day. All defendants were arrested and then released on bail. Scott Marcello and one other KPMG official were not charged but were identified by prosecutors during the trial as unindicted co-conspirators. One KPMG partner and the one PCAOB official stood trial and were found guilty, sentenced to jail terms. The rest pled guilty and were either sentenced to prison or, if they had cooperated, to probation. One KPMG partner was later deported.

The SEC issued a press release describing its charges against the six individuals and the SEC’s chairman at the time, Jay Clayton, issued a separate statement. Clayton attempted to calm any concerns about KPMG’s future and also pointed to actions the PCAOB would take. Clayton said he understood that “when the alleged breaches were first discovered, the [PCAOB] Board members and staff at the time took remedial action, including with respect to the PCAOB’s internal information technology and security controls.” Clayton also asked PCAOB Chairman Duhnke to review and take further action, if necessary.   

Again, the PCAOB deferred to the SEC and did not issue a press release but did respond to some media inquiries.

The PCAOB did tell the Wall Street Journal that it would implement a new “cooling-off” period for senior inspections staff, prohibiting them from seeking employment with an audit firm that they had inspected until one year after the inspections. The PCAOB’s Ethics Code did not prohibit staff from joining firms they were involved in inspecting.  Two of the indicted former KPMG employees with prior PCAOB experience had both previously been assigned to the PCAOB team tasked with inspecting KPMG.  

The PCAOB escaped most of what little media coverage and other scrutiny occurred. Only one PCAOB professional, Jeffrey Wada, was charged by the SEC and arrested, tried, and convicted in a criminal trial in March of 2019.

There are many, many things I could put on a to-do list for the new PCAOB board members, but I am going to limit my comments today to just a few urgent ones. They speak directly to transparency — about the KPMG-PCAOB scandal and about how the Board should promote transparency in the future.

1) Issue a report of actions taken by the PCAOB after the KPMG scandal: Despite Clayton’s mention of remedial action by the PCAOB after a review of what happened during the KPMG scandal, there’s never been a public report of any findings, recommendations, or remedial action. I asked Clayton and Duhnke and other PCAOB officials about a report more then once and was rebuffed. It’s kind of an arrogant “do as I say, not as I do” attitude given how strongly the regulator enforces accountability for review, remediation, and reporting by its regulated entities and how auditors must enforce such activities in the event of internal control weaknesses at public companies.

2) Implement more stringent cooling-off and post-employment rules: I asked a PCAOB spokesperson if the agency ever implemented the revised “cooling-off” period that was promised to the Wall Street Journal.  The response was that it did not. Stricter constraints on movement between a PCAOB inspections team for a particular firm and subsequent employment by that same firm is just common sense.

3) Work with an SEC that isn’t undermining the PCAOB, for a change, and a Democratically-controlled Congress to get the transparency legislation that has been introduced over and over finally through Congress: The Sarbanes-Oxley Act currently requires the PCAOB to keep its investigations and disciplinary proceedings confidential at least until the case is appealed to the SEC, the SEC elects on its own to review the PCAOB’s final decision, or the opportunity for SEC review has passed. Various bills have been repeatedly introduced over the years in the Senate as well as in the House, but each time has met with defeat after significant lobbying by the largest audit firms.

Passage of such a bill may allow investors to find out if the PCAOB is actually investigating EY for its apparent independence violations at Coca Cola, investigating a whistleblower tip from Mauro Botta, and following up on PwC’s alleged auditor independence violations reported by Mattel, for example.  

The PCAOB hasn't published pandemic period audit inspection results yet but PwC promises nearly zero defects

Judge smacks down Ernst & Young's aggressive tax strategies for audit client Coca-Cola

An exclusive interview with auditing whistleblower Mauro Botta

What's behind the SEC's auditor independence warning? Auditors don't care about reputation risk anymore

4) Reestablish the Investor Advisory Group and Standing Advisory Group and hold public meetings as required by law: The PCAOB stayed out of the public eye after the the indictments and then the trial of the KPMG and PCAOB officials. That was a violation of bylaws established by the law that created the PCAOB, the Sarbanes-Oxley Act of 2002. The law requires the PCAOB to hold at least one public meeting of its governing board each calendar quarter. However, the PCAOB board has had very few public meetings of its governing board since the scandal and, when they did, disposed of the formalities with alacrity.

© Francine McKenna, The Digging Company LLC, 2021