What's behind the SEC's auditor independence warning? Auditors don't care about reputation risk anymore
Another question I get all the time: Professionalism and trust is the cornerstone of auditing! Would an auditor ever risk their reputation to collude with an unsavory client?
It’s a myth that the largest global audit firms will avoid doing anything that harms their reputation, and will police their own to make sure any professionals that bring shame on the profession by committing illegal and unethical acts are fired, not rewarded, and will never audit or give advice ever again.
In 1990, in the DiLeo v. Ernst & Young case related to the failure of Continental Illinois National Bank, the judge expressed a strong belief that an audit firm and its partners will, above all, think about the firm’s and their own reputations first.
An accountant’s greatest asset is its reputation for honesty, followed closely by its reputation for careful work. Fees for two years’ audits could not approach the losses E & W would suffer from a perception that it would muffle a client’s fraud. And although the interests of E & W’s partners and associates who worked on the Continental audits may have diverged from the firm’s, see AMPAT/Midwest, Inc. v. Illinois Tool Works, Inc., 896 F.2d 1035, 1043 (7th Cir.1990), covering up fraud and imposing large damages on the partnership will bring a halt to the most promising career.
E & W’s partners shared none of the gain from any fraud and were exposed to a large fraction of the loss. It would have been irrational for any of them to have joined cause with Continental.
In 2013 I wrote for Chicago Booth Review about recent research that argued auditors have “reputational incentives to avoid audit failures because audit quality is valuable to clients and so priced in the market for audit services…clients defect to other auditors when an audit firm’s reputation for quality deteriorates.”
“Do they really?” I countered. “The authors admit most prior literature ‘finds mixed support, at best, for the importance of auditor reputation as a driver of audit quality.’”
PwC’s Dual Cases
It wasn’t a given that PwC would ask Brandon Sprankle or Joshua Abrahams to leave. That usually doesn’t happen.
The WSJ headline for a story on an SEC enforcement order against PwC and Sprankle says Sprankle would stay.
PwC to Pay $8 Million to Settle SEC Charges Over Auditor Independence and Improper Conduct The U.S. regulator also charged partner Brandon Sprankle, who will remain with the firm
Sprankle, who is based in California and has been a partner at PwC since 2014, agreed to a $25,000 civil money penalty and suspension from practicing or appearing before the SEC. [He] continues to serve as a partner at the firm, a PwC spokesperson said.
Mattel lead engagement partner Abrahams, who was forced from the engagement because of Mattel’s disclosure of independence violations by him and and his team, was still at PwC when the WSJ wrote up a whistleblower’s allegations of alleged PwC complicity in a restatement-related scandal at audit client Mattel. After the story hit, I confirmed Abrahams had left the firm.
Law.com brings us up to date on the latest in the Mattel-related cases that PwC and Abrahams are defending against.
Mattel Inc. shareholders have claimed the company keeps its financial information in disorganized piles of paper, and another lawsuit was added Tuesday to the pile that’s been brought against the company as a result.
The newly filed shareholder suit in the Court of Chancery isn’t the only case in which shareholders are going after Mattel for its alleged financial missteps: three other derivative cases making similar allegations were filed in the court earlier this year and have since been combined into a case in which a consolidated complaint was filed under seal, also on Tuesday. And in the Central District of California, a consolidated securities class action is also underway.
The new complaint accuses Mattel of rushing accounting practices from a less-than-clear paper trail, miscalculating tax asset allowances by hundreds of millions of dollars in 2017 and underreporting company losses on financial reports by $109 million in the same year, with former PricewaterhouseCoopers lead auditor Joshua Abrahams working on calculating Mattel’s 2017 tax allowances.
Were Sprankle and Abrahams allowed to “retire” so they could remain “friends of the firm” and not potential adversaries in any litigation? Abrahams is surely getting his legal bills paid by PwC. His LinkedIn profile indicates he left PwC in 2019 but is not employed anywhere else right now.
What have the SEC and PCAOB decided to do given the admissions by PwC’s client Mattel that the firm and its engagement team under Abrahams violated auditor independence rules, too? Nothing, but it’s worse. The SEC and PCAOB recently relaxed several auditor independence rules they have been unwilling and unable to monitor and enforce.
Consumer Federation’s Barbara Roper told me for The Dig:
Enforcement of all auditor independence rules, including SOx rules, has been inconsistent and weak since 2002.
But why? Regulators say they can’t run the risk of putting another big firm like Arthur Andersen out of business, Roper says.
But by being unwilling to hold the firms fully accountable for repeatedly defying the law and compromising the integrity of audits, regulators like Chairman Clayton and his predecessors, send the message the Big 4 firms can operate with impunity.
They are not just too big to fail, they are truly too few to call to account.
The Sprankle and Abrahams cases are similar to the one against PwC partner Adrian Beamish, who according to the SEC engaged in improper professional conduct during his role as lead engagement partner on the audits of Burrill Life Sciences Capital Fund III, LP’s 2009-2012 year-end financial statements.
Beginning in 2009, according to a recent SEC order, Beamish became aware that the fund’s founder had arranged for the fund to pre-pay millions of dollars in purported management fees to the fund’s management company that the founder owned and controlled.
The SEC says Beamish failed to inquire whether the management company had the authority to take the unusual payments, nor did he scrutinize the rationale for the payments. Beamish was subject to only a one year suspension but is not, at this time, seeking to appear or practice before the SEC as a preparer or reviewer, or a person responsible for the preparation or review, of any public company’s financial statements that are filed with the SEC.
Beamish is still currently subject to probation under the California State Board of Accountancy. Failure to abide by the terms of his probation could result in the suspension of Beamish’s CPA license.
When I checked in September 2020 a PwC spokeswoman said Beamish remained employed at PwC as a partner but would not say what role he now plays in the firm. Beamish’s LinkedIn profile as of October 29, 2021 says he is still with PwC.
Sometimes disgraced partners hide in plain sight
In 2013 the PCAOB censured Deloitte & Touche LLP and imposed a $2 million civil penalty against the firm for violating the Sarbanes-Oxley Act and PCAOB rules when it permitted Christopher E. Anderson, a former partner, to perform or continue to perform activities as an “associated person” that were prohibited while he was subject to a PCAOB suspension order. Anderson works somewhere else since 2014.
Anderson was the partner on Deloitte’s Navistar audit engagement, based in the Chicago office. Anderson was the first individual fined or suspended by the Public Company Accounting Oversight Board, barred for a year and fined $25,000 in October 2008 because he “violated PCAOB standards” by agreeing “without a reasonable basis” to accounting decisions by Navistar Financial Corp in 2003 that led to restatements, SEC investigations, delisting and numerous lawsuits including by Navistar against Deloitte. (The lawsuit settled on a confidential basis but the amount was rumored to be close to $25 million.)
In 2008 Nicholas Difazio was barred by the SEC from practicing before it as an accountant for three years for his role as the partner on the Delphi audit failure.
Difazio, the lead engagement partner for Delphi, was sanctioned for engaging in improper professional conduct in auditing: (1) Delphi's improper accrual of an estimated warranty expense by its former parent as a direct charge to equity in the second quarter of 2000, rather than as an expense of the period in accordance with GAAP; (2) Delphi's improper classification of most of a $237 million payment settling the former parent's warranty claims to pension and other post-employment benefit "true-up," causing the amount to be accounted for as prepaid pension cost in the third quarter of 2000 in contravention of GAAP; and (3) Delphi's failure to account for the fourth quarter 2000 sale of certain batteries and generator cores, coincident with a side agreement to repurchase that inventory, as a financing transaction, as required by GAAP.
Difazio was even flipped by the SEC after being sanctioned for his negligent audit and used to strengthen the regulator’s case against Delphi executives by saying the executives “duped” him.) Difazio has been working for Deloitte ever since as a partner in Deloitte LLP, the public accounting firm, leading the firm’s IFRS practice. There is no record he was ever reinstated by the SEC.
There have been several cases of insider trading by leadership level, high-ranking partners in the largest global audit firms since the Sarbanes-Oxley Act of 2002 was passed. Those cases should have provided an example to others that not only was such behavior illegal and unethical, but that they would be caught.
But instead we have three recent cases, one of a partner at KPMG, and two at PwC of non-partners and several more cases of high-level, experienced partners and professionals in the last fifteen years who didn’t get the memo.
In April 2013, Scott London, a senior partner from KPMG who led its audit practice for the Pacific Southwest, was criminally charged with one count of conspiracy to commit securities fraud through insider trading.
London pled guilty to providing confidential information about KPMG clients to a close friend of his, over a period of several years. That friend used this information to make highly profitable securities trades that generated more than $1 million dollars in illegal proceeds.
London was sentenced to serve 14 months in prison but served about eight months in prison with the rest in home detention. In an interview with Francine McKenna in June 2018, London confirmed he “retired” from KPMG with his accrued benefits after he was indicted and signed a non-disclosure agreement forbidding hm to talk about any other violations or to work anywhere, such as a speakers bureau called “Pros and Cons”, without KPMG’s permission.
Thomas Flanagan, a Deloitte Vice Chairman, repeatedly traded from December 2006 to May 2008 on confidential information he learned as a Deloitte partner about some of the firm's audit and consulting clients.
Deloitte was alerted by FINRA, the securities self-regulatory organization, about profitable trading activity by an audit firm partner that aligned with M&A activity at Deloitte audit and consulting clients including several Fortune 500 companies including Berkshire Hathaway.
Flanagan resigned from Deloitte in 2008 amid an investigation into his trading activities. The firm sued him and he gave up about $14 million in pension and deferred compensation in a settlement with the firm.
In 2010, as part of a settlement with the SEC Flanagan, without admitting or denying the allegations, paid a civil penalty of $1.05 million and was permanently barred from practicing before the commission as an accountant. Flanagan was sentenced in a criminal trial in 2012 to 21 months in prison.
The SEC and PCAOB has never fined or sanctioned PwC, KPMG, Deloitte or Ernst & Young in any of these cases. KPMG did have to resign as auditor from two of Scott London’s clients, Herbalife and Skechers.
In the Tom Flanagan case, Deloitte paid for the necessary independent investigations to support the firm's claim to clients that it was still independent as an auditor. None of them – Berkshire Hathaway, Walgreens, Sears Holdings among the victims – fired the firm.
Scandals are the cost of doing business
There are also the examples where despite scandals and frauds that should have severely dented auditors reputation in the public eye, there was little impact on the firms from a business perspective. For example…
KPMG was not debarred from federal contracts after its guilty plea and record fine for tax shelter crimes in 2005 that almost resulted in a criminal indictment that would have been an Andersen-like death penalty.
While the US Treasury, via the IRS, was scaring the living daylights out of KPMG over tax shelter abuses in 2005 and the Department of Justice was considering indicting the firm, KPMG was busily auditing the Department of Justice and the US Mint. In 2007 and 2008 KPMG also audited the Department of Treasury’s Financial Management Service.
The US Treasury, the Department of Justice and near failure and one-time government majority-owned Citigroup still use KPMG as their auditor. KPMG also remained auditor of the combined Wells Fargo and Wachovia where it had audited both banks, and Deutsche Bank, to name just the most notorious financial crisis bailout recipients who have gone on to more ignominy.
AIG executives beholden to federal government owners rehired long-time auditor PwC again and again even though PwC has been sued by, and settled with, AIG shareholders more than once and missed AIG’s risk run up until that company was taken over by the government, too.
The US Treasury and New York Federal Reserve hired Ernst & Young in 2008 to help manage the TARP program even after EY’s role as auditor of failed Lehman Brothers was criticized by the Lehman Bankruptcy Examiner and the New York Attorney General sued EY for fraud in the case.
The federal government hasn’t debarred Deloitte as one of its largest government contractors, in particular for the defense department, in spite of all the failures the firm has presided over and the ban by the New York state authorities for Deloitte’s “misconduct, violations of law, and lack of autonomy during its consulting work” at Standard Chartered Bank on those anti-money laundering (AML) issues. Deloitte was also the long-time auditor of the Federal Reserve.
KPMG replaced Deloitte as auditor of the Federal Reserve beginning in 2015.
What does all that breed? Moral hazard, an attitude of impunity.
The KPMG/PCAOB scandal
The KPMG/PCAOB conspiracy to steal the regulatory inspection data lasted from 2015 and 2017, according to the charges. It was not a one-off occurrence. This is corruption at the top of the firm, in the function which is supposed to ensure quality and integrity of the audits on behalf of the client, shareholders, and the public.
This is corruption at the PCAOB, the regulator that is supposed to be “watching the watcher.”
DOJ and SEC imply even more people at KPMG were aware the data was stolen, but leave open the question whether the same thing occurred at more firms with more data stolen from PCAOB. A consulting firm that was implicated is also left unnamed.
“…the Issuer-2 re-review identified a significant error in the way the 2015 audit had been performed. According to the indictment, KPMG had failed to obtain required information from one of Issuer-2’s third-party vendors concerning that vendor’s own internal controls. As a result, the KPMG partner responsible for this audit decided to withdraw the previously issued KPMG opinion included in the company’s 10-K that had already been filed with the SEC, according to the indictment.”
The names of the clients whose audits were reviewed and revised based on the stolen data were not disclosed by the SEC, the PCAOB or the firm. We do not know if KPMG told the clients’ audit committees or moved any of the partners who revised workpapers based on advance notice and stolen PCAOB data off those engagements.
The SEC said, despite the situation, it had determined that the companies could continue to rely on KPMG and investors could continue to rely on the audits. Why do you think they made this decision?
In June of 2018 I wrote three more stories based on two documents that were filed with the court that had additional information
And yet, KPMG paid the legal fees for the three legacy partners. During the criminal trial of David Middendorf, however, Whittle testified that the three indicted legacy KPMG partners — Middendorf, David Britt, and Thomas Whittle — and one who was not indicted, audit practice head Scott Marcello, were all allowed to retire by KPMG, thereby retaining their full retirement benefits.
The SEC suspended Middendorf, who was sentenced after a trial to 1 year and 1 day in prison for his role in the scheme to steal confidential audit inspection lists from the PCAOB, from appearing or practicing before the commission as an accountant with no current right to request reinstatement. Middendorf is appealing his conviction.
Former KPMG and PCAOB executive Cynthia Holder who pled guilty is also serving 8 months in prison and has also been barred. Jeffrey Wada, the now-former PCAOB inspections leader who fed confidential information about upcoming audit inspections to some folks at KPMG, including Middendorf, in the hopes of landing a job at the Big 4 firm, will serve 9 months and is also now barred by SEC from appearing or practicing before the commission as an accountant.
Auditor independence today
The Independence Standard
“Independence generally is understood to refer to a mental state of objectivity and lack of bias. The amendments retain this understanding of independence and provide a standard for ascertaining whether the auditor has the requisite state of mind.
The first prong of the standard is direct evidence of the auditor's mental state: independence "in fact."
The second prong recognizes that generally mental states can be assessed only through observation of external facts; it thus provides that an auditor is not independent if a reasonable investor, with knowledge of all relevant facts and circumstances, would conclude that the auditor is not capable of exercising objective and impartial judgment. “
Section 201 Sarbanes-Oxley Act of 2002
Bookkeeping, actuarial services, financial information systems design and implementation, appraisal or valuation services, fairness opinions, or contribution-in-kind reports, actuarial services, internal audit outsourcing services, management functions or human resources, broker-dealer, investment adviser, or investment banking services, legal services and expert services unrelated to the audit.
•The standard used to judge the independence of a business relationship between a company and its auditor or services provided to an audit client is Rule 2-01 (b) of Regulation S-X (17 CFR 210.2-01.)
•Amended under SOx to enhance auditor independence after the Enron/Arthur Andersen
•Key question is: Does the relationship create a mutual or conflicting interest between the firm professional and the audit client?
On October 27, Matt Kelly wrote over at his blog Radical Compliance that Paul Munter, the SEC’s acting chief accountant since the Biden Administration arrived, made a statement last week about the importance of audit firm independence and corporate audit committees overseeing that relationship with the external auditor. The statement came almost one year to the day after the Trump Administration’s SEC relaxed auditor independence rules.
Munter’s statement was a 1,600-word refresher course on audit firm independence and audit committee oversight, and he supposedly issued the statement “as we mark the upcoming 20th anniversary of the enactment of the Sarbanes-Oxley Act.”
Umm, the 20th anniversary of SOX isn’t for another 10 months. The one-year anniversary of previous SEC leadership relaxing auditor independence rules, however, just happened the other week. And since everything is political these days, of course one wonders whether Munter is sending a message to audit firms and audit committees that they shouldn’t relax too much about this stuff.
Kelly asks, why this speech and why now?
My other thought was whether sometime soon the SEC might revisit the rules it adopted last year to relax auditor independence standards. That doesn’t seem to be on the SEC’s rulemaking agenda right now — and let’s remember, the current SEC leadership has already signaled its plans to revisit plenty of other Trump-era rules. If chairman Gary Gensler wanted to revisit auditor independence too, I think he’d have no trouble saying that, and so far he hasn’t.
Cydney Posner, an attorney who writes often about corporate governance and audit issues for Cooley LLP has a slightly different idea:
But what is happening in the current setting to prompt this statement? It is the recent trend toward the use of “new and innovative transactions” to access the public markets, such as SPACs, together with the continued expansion by audit firms of business relationships with non-audit clients. That is, gatekeepers must be especially vigilant to prevent an audit firm from unwittingly losing its independence in the event of a transaction by an audit client with a non-audit client, a risk that is enhanced as audit firms engage in consulting relationships with more non-audit clients.
Posner also notes that this a recurring theme for Munter and is echoed by remarks he and Matt Jacques, the chief accountant in the SEC’s Enforcement Division made at a PLI conference in October. As reported by Bloomberg, Munter cautioned that “[o]ne merger or deal can turn accounting firm advisory clients into audit clients and run headlong into strict U.S. conflict-of-interest rules that require auditors to be independent in both fact and appearance.”
Jacques doubled down on Munter’s remark.
Amanda Iacone @AiaconeICYMI: SEC warns that #CPA firm growth could threaten #auditor independence https://t.co/Sz1yNamGCk
Why do I think these comments are being made now?
We’ve seen a deluge of auditor independence issues sanctioned by the SEC and the PCAOb in the last few years. That’s after peaks and valleys of enforcement since Sarbanes-Oxley’s new prohibitions were passed in 2002. The violations that have occurred recently are not the clever schemes of masterminds. They are bread and butter violations of long-standing rules, once that are the pillars of the profession and they are pervasive. The SEC and severely compromised PCAOB are on a whack-a-mole mission that has neither dissuaded nor deterred systemic and systematic violations by more individuals.
The rules that Trump’s SEC reversed included one that again allows firms like PwC and EY, the ones most active in the pre-IPO space, to do everything for a pre-IPO company. That’s a direct repeal of SOx auditor independence rules via rulemaking versus legislation.
The Big 4 is able to
help hire finance, tax and accounting professionals including placing audit firm alumni in those spots,
implement financial reporting and internal control compliance systems,
develop and decide on appropriate accounting treatment for “innovative” and “disruptive ” business models,
write accounting policies and procedures,
and in some cases run the accounting, tax, payroll, and finance function until up to the very last minute before an IPO.
I reported on a case of EY doing too much for Coca-Cola. It’s been a year since I heard directly that the PCAOB was investigating.
KPMG was hit by the SEC with a big auditor independence violations case in 2014 related to tax services.
In July of 2015, the SEC announced a $1 million settlement with Deloitte & Touche LLP for violations of auditor independence rules.
The PCAOB publicized sixteen cases involving auditor independence during 2016, most alleging audit firms had prepared financial statements or accounting records for a client. EY was been caught up in two more egregious cases recently, two based on inappropriate relationships and one based on fixing an audit tender. That’s in addition to multiple cases of EY’s tax arm caught lobbying for audit clients.
Another egregious auditor independence case that escaped any action by the SEC and PCAOB despite ample evidence presented in a federal court was PwC’s independence violations, plural, while auditor of Colonial Bank. In 2016, PwC settled the first of three trials it was facing, Taylor Bean & Whitaker Trustee v. PwC, for non-disclosed amount mid-trial related to PwC’s failure to stop a fraud at its audit client Colonial Bank which exacerbated losses at its partner in the collusive fraud, Taylor Bean &Whitaker. The original claim was $5.5 billion.
The Justice Department also settled with Deloitte, but not any individual partners, for its role as auditor of TBW. The amount, a fairly large fine of $149.5 million, was made public but barely caused a media ripple. There was no formal complaint, no indictment charges, just a pre-indictment settlement.
Neither the SEC nor the audit regulator have ever sanctioned the firms or partners of Deloitte or PwC over their roles in TBW or Colonial Bank or PwC or its partners over their role in MF Global.
During the TBW v. PwC trial former SEC Chief Accountant and witness for the plaintiffs Lynn Turner told the jury that PwC had violated auditor independence standards after one of the PwC senior managers, T. Brent Hicks, was hired by Colonial in a top financial oversight position.
Turner testified that as a result, PwC was not independent in 2005 and 2006. PwC tried to suppress Turner’s testimony, but the court denied the motion.
Where is T. Brent Hicks, the former Colonial accounting chief and PwC audit team member, now? He is currently the Senior Vice President at BB&T Bank, another PwC audit client.
The court also determined pre-trial that PwC was not independent, “as a matter of law,” for 2004 because a contract between PwC and a Colonial subsidiary included prohibited indemnification language, a violation of SEC rules. Finally, after PwC objected, the judge prevented testimony about a third potential independence violation for the 2008 audit. The SEC and PCAOB have never publicly acknowledged an investigation of any these alleged independence violations.
Auditor Analytics says that there were 7 SEC enforcement actions in 2019 related to related to auditor independence, documented as financial reporting related administrative proceedings and civil lawsuits called Accounting and Auditing Enforcement Releases or AAERs. That’s compared to 3 AAERs in 2018. Of all the AAERs since 2000, there have been 97 related to auditor independence.
I think the SEC and PCAOB have given up on policing auditor independence at the largest global audit firms. All they have left is the bully pulpit, but the power of the revolving door makes that tool pretty useless. Current SEC staff hope the firms will ask for permission via consultations rather than forgiveness after playing “catch me if you can” if only to keep everyone from looking really bad.
But that is likely not the case, if you have to, like Matt Jacques, beg them to confess.
In his opinion, the OCA has a strong consultation process in providing thoughtful responses.
However, he warned that companies and accountants must present clear and correct facts and circumstances to OCA staff.
“Auditor independence, it’s just not an area where begging forgiveness is better than asking for permission,” Jacques said.
He also said that the consultation must be transparent.
“Misrepresenting the facts and situation or omitting key information—I repeat omitting key information—during a consultation … with the Office of the Chief Accountant is not something we take lightly when we are considering potential enforcement actions,” he said.
My Auditor Independence Series from January 2020
•The SEC proposes to "modernize" auditor independence rules However, examples of actions taken, and not taken, suggest "modernize" is doublespeak for capitulating to the Big 4's dominance.
•"Modernizing" Auditor Independence, Part 2 The SEC sanctions PwC for a batch of independence violations committed in the last five years it says were primarily caused by one IT audit partner!
•More "Modernizing" of Auditor Independence, Part 3 More SEC auditor independence enforcement actions but many more potential enforcement actions that were not brought and will likely not be brought.
•Play it again... "Modernizing" Auditor Independence, Part 4 It's déjà vu all over again. More potential violations, more SEC custom-made rule changes to avoid having to prosecute them.
© Francine McKenna, The Digging Company LLC, 2021
“I’m worse at what I do best
And for this I feel blessed”