Managing Risk And Quality – More Of the Former And Less Of The Latter

Here’s how it went with Andersen at Enron:

“About a week later, the firm removed Bass from any further direct dealings with Enron…he was just doing his job, upholding accounting standards and protecting both the firm and the client…

John Stewart was furious. “I thought it was unprofessional for Enron to make such a request. Stewart, who had been at the Professional Standards Group since 1980, also said he viewed it as a defining moment. It was a request no client had ever made before and one the firm should have never granted. “We should have been more independent,” Stewart later said.”

All of the firms have a group that is supposed to do this.

KPMG from their web page:

Q. What is the role of KPMG’s Ombudsman, and when is appropriate for me to reach out to him?

The Partner in Charge – Risk Management in the Department of Professional Practice also serves as the firm’s Ombudsman, whose role is to respond to and investigate reports of issues or concerns involving Securities and Exchange Commission (SEC) audit clients. The Ombudsman operates under the firm’s principles of confidentiality and non-retaliation. The Ombudsman oversees the investigation, documentation, and resolution of issues involving the audits of SEC audit clients of KPMG LLP, including audits of foreign operations of those SEC audit clients of KPMG LLP. Any reports filed using the Ethics and Compliance Hotline, and which involve an SEC audit client, will be directed to the Ombudsman for investigation. In addition, the firm’s Ombudsman, Mike Plansky, can be contacted directly at 212-872-4458, or via e-mail, at mplansky@kpmg.com. In this role, the Ombudsman reports directly to the Chairman of KPMG.

Unfortunately, it’s hard out there for a pimp, I mean, a guy who has to uphold standards of audit quality…

“The complaint alleges that KPMG and its partners permitted Xerox to manipulate its accounting practices to close a $3 billion “gap” between actual operating results and results reported to the investing public. Year after year, the defendants falsely represented to the public that their audits were conducted in accordance with generally accepted auditing standards (GAAS) and that Xerox’s financial reports fairly represented the company’s financial condition and were prepared in accordance with generally accepted accounting principles (GAAP). The four partners named as defendants, all of whom are certified public accountants, are:

Michael A. Conway, 59, a resident of Westport, CT, has been KPMG’s Senior Professional Practice Partner and the National Managing Partner of KPMG’s Department of Professional Practice since 1990. He was the senior engagement partner on the Xerox account from 1983 to 1985. He again became the lead worldwide Xerox engagement partner for the 2000 audit. Conway also is a member of the KPMG board and is chairman of the KPMG Audit and Finance Committee.”

There are other examples. From the 2006 PwC Annual Report on their web site: (The 2007 report is not yet out, although their fiscal year end is June 30.)

Quality: The secret is out

“PwC is committed to a consistent worldwide culture of quality and compliance. Consequently, we strive to continually improve our quality and compliance standards. Risk management is fundamental to this drive for quality. We recently strengthened our network’s global Risk Management and Compliance organisation by appointing a Managing Partner of Global Risk and Quality, while our member firms have appointed Assurance Quality Leaders. Other steps we have taken this year include:
-Clarifying and extending globally defined risk management standards for member firms covering: independence, registration with regulators, ethics and business conduct, as well as member firm and engagement standards for Assurance, Tax and Advisory work.
-Providing all member firms with additional Risk Management and Compliance Support
Further developing our inspections, investigations and crisis management programme, shifting its focus toward the quality of overall management and governance processes of PwC firms. Ten PwC firms were subject to governance reviews in fiscal year 2006.
-Driving ongoing improvement in audit processes through our Six Sigma initiative, Connected Thinking for Excellence.”

Unfortunately, on the same page they had to admit:

PCAOB inspections

“In November 2005 the US Public Company Accounting Oversight Board (PCAOB) published its 2004 inspection report on the US firm, focusing on calendar-year 2003 audits of US Securities and Exchange Commission registrants.

The broad concerns identified in the PCAOB report were consistent with the findings of internal reviews carried out by PwC US. These concerns are the subject of ongoing policy, process and training initiatives and are incorporated into members firms’ audit quality improvement programmes.”

And because they must feel like they are still operating under a perpetual consent decree as a result of the significant Independence infractions they committed as both Coopers and Lybrand and Price Waterhouse, on the same page this strong statement:

Independence
“In fiscal year 2006, we continued our programme of investment in independence policies and guidance, automated compliance systems and monitoring compliance by partners and staff of PwC firms. In fiscal 2005, we introduced a programme of additional mandatory independence training for member firm leadership teams. The programme’s focus shifted this year to a broader group of partners and managers.”

Why such a strong program needed?

Independent Consultant Finds Widespread
Independence Violations at PricewaterhouseCoopers

“Washington, DC, January 6, 2000 — The staff of the Securities and Exchange Commission today made public the report by independent consultant…to conduct a review of possible independence rule violations by the public accounting firm PricewaterhouseCoopers (PwC) arising from ownership of client- issued securities. The report finds significant violations of the firm’s, the profession’s, and the SEC’s auditor independence rules.

Almost half of the PwC partners — 1,301 out of a total of 2,698 — self-reported at least one independence violation. …Almost half of the reported violations involved direct investments by the PwC professional in securities, mutual funds, bank accounts, or insurance products associated with a client. Almost 32% of reported violations, or 2,565 instances, involved holdings of a client’s stock or stock options.
Six out of eleven partners at the senior management level who oversee PwC’s independence program self-reported violations. Each of the 12 regional partners who help administer PwC’s independence program reported at least one violation; one reported 38 violations and another reported 34 violations. Thirty-one of the 43 partners who comprise PwC’s Board of Partners and its U.S. Leadership Committee self reported at least one violation. Four of these had more than 20 violations; one of these partners had 41 violations and another had 40 violations.

There are examples of groups at the other Big 4 firms and examples of situations where those charged with leading and advising the rest were complicit in noncompliance with the rules.

No firm was much worse, in my opinion, than Arthur Andersen was at the time of Enron and no firm is so much better now. They must continue spending tens of millions to improve or at least give the appearance of trying to improve the situation. Unfortunately, given their structure and cultures, it’s like trying to capture lightning in a bottle.

The questions the PCAOB, and potentially the SEC, should be asking the Big 4:

1)When a partner (or other professional) consults the firm’s Professional Standards Group, what record is there of this “consultation”, whether formal or informal, via a hotline or email, via telephone, anonymous or identified?

2)What connects these “consultations” to the ongoing internal quality reviews of audits? How does a PCAOB inspection team know that a “consultation” was ever sought on a specific issue and what advice was given and, hopefully, implemented?

3)Are the decisions of the Professional Standards Group binding on the engagement teams, partners, clients? How is this enforced? By whom within the firm? How are those who don’t comply disciplined?

4)How can you assure that all possible issues receive the best possible, timely advice and that this advice is followed, even if it means resigning from the client?

5)How do you prove “consultation” cases close and resolutions are documented, whether positive or negative, rather than deleted or just dropped?

6)Do systems support security over case files and independent audit reporting of adds, changes and deletions to the “consulting database” and by whom?

7)How does the firm resolve conflict with a a client who wants a “non-responsive” technical or quality partner removed from the engagement?

8)How are investigations of willful or egregious partner violations of independence and other professional standards documented and are they bound by privilege?

9)Are partners who are responsible for Professional Standards still managing client portfolios? Are they still subject to the power of client relationship partners, who they may be judging on compliance or technical competence, as judges of their performance and arbiters of their share of firm profits?

10)Is the firm able to hire and develop competent, objective professionals who are not just looking at the group as a way station on the way back to client service but as a valuable component of the firm’s viability and maintenance of professional integrity? Are the firms’ professionals going through a revolving door from the firm to regulators and back to the firm? Do any of them have any practical experience working on the industry side?