My previous post summarized the findings by the UK audit regulator, the Audit Inspection Unit (AIU) of the Financial Reporting Council (FRC).
Recent reports from the UK Audit Inspection Unit (AIU under the FRC) and the US PCAOB (under the SEC) highlight several very serious issues that should force regulators and legislators to act on wholesale reforms and sanctions against firms and individuals.
More importantly, these criticisms – that auditors failed to follow professional standards, were insufficiently skeptical of managements’ assumptions, and did not obtain sufficient evidence for their audit opinions – should first and foremost make investors furious. Where is the outrage when government sponsored guardians of shareholder interests have failed the public so miserably?
Today I’d like to discuss the PCAOB’s most recent summary of observations from their inspections process, Report on Inspection Observations of Auditing During the Economic Crisis.
The report is based on PCAOB inspections that examined portions of audits of financial institutions, financial services companies, and other companies that posed audit risks and challenges specific to the disruption in the credit and financial markets and the broader economic downturn… Some of the information in this report has previously been reported in public portions of inspection reports on individual firms; but the report also includes information not previously made public.
Also, from the report itself: Information received or prepared by the Board in connection with any inspection of a registered public accounting firm is subject to certain confidentiality restrictions set out in Sections 104(g)(2) and 105(b)(5) of the Sarbanes-Oxley Act of 2002 (“the Act”). Under the Board’s Rule 4010, however, the Board may publish summaries, compilations, or general reports concerning the results of its various inspections, provided that no such report may identify the firm or firms to which any quality control criticisms in the report relate.
Regular readers know that I am a very vocal proponent of full disclosure of the PCAOB’s meetings, reports, findings and enforcement activities. Unfortunately, some of the improvements to transparency that I advocate are obstructed by the Sarbanes-Oxley law itself.
In anticipation of the Supreme Court decision on the PCAOB, I made several recommendations for improvements to the PCAOB and the Sarbanes-Oxley law that would have actually helped them do their job faster and protect investors better:
1. Eliminate the revolving door
2. Eliminate obstacles to inspections of international firms
4. Enforce stronger sanctions on a more timely basis and more clearly delineate responsibility for sanctions between the PCAOB and SEC
5. Give the PCAOB the power, under law, to review or stop mergers and acquisitions by the firms that may not be in the public’s interest or may cause independence violations
6. Put bigger teeth into the inspections process
Subsequent to the decision by the Supreme Court, the SEC issued Release No. 34-62575 giving the agency a greater role in PCAOB inspections. Audit firms can ask the SEC to review PCAOB findings. The SEC’s chief accountant can now also step in and override PCAOB decisions if they were “arbitrary or capricious.” This rule was passed with no public notice or comment. I believe it thwarts potential improvements in transparency and auditor accountability.
In fact, I think the SEC trumped the PCAOB’s own announcement a week later that the PCAOB would request Congress to amend the Sarbanes-Oxley Act to make all PCAOB disciplinary proceedings public.
Finally, PCAOB Acting Chairman Daniel Goelzer asked his legislative team to draft a request to Congress to amend the Sarbanes-Oxley Act to change the PCAOB’s rules regarding the assumption of privacy for PCAOB disciplinary proceedings. Here’s the press release.
“No other auditor, investor, audit committee, or member of the media is entitled to know what the PCAOB considers to merit discipline, whom it has charged, what issues are being litigated, or whether the PCAOB staff has prevailed or not,” said Acting Chairman Goelzer. “The public is in the dark about how the Board uses its enforcement authority until there is a settlement or an SEC decision on the Board’s sanctions…
There’s subtle tension right now between the PCAOB and the SEC. The commissioners who are left at the PCAOB, in my opinion, are some of the most passionate and vocal regarding auditor accountability. They are not representative of the original “captured” crew I often criticized heartily in 2007-2008.
Unfortunately, I think this bright, shiny and new post-Madoff SEC continues following the implicit policy of the federal government regarding the fate of the Big 4 firms themselves – “Too few to fail.”
That policy was first voiced by Attorney General Alberto Gonzalez when he let “KPMG the firm” off the hook for tax shelter transgressions in 2005.
“KPMG LLP, anticipating criminal charges would be a “nuclear bomb” that would wipe out the accounting firm, pleaded with federal officials in 2005 not to indict it for selling fraudulent tax shelters, newly released internal documents show. Expecting the worst, KPMG partners sought advice from bankruptcy lawyers, the internal documents show. The firm’s attorneys told prosecutors that KPMG’s demise would disrupt capital markets, leaving more than 1,000 companies without an auditor.
The argument was dismissed as “ridiculous” by David Kelley, then the U.S. attorney in New York in charge of the case.“You are not the only firm in trouble and not just from criminal exposure,” Kelley said, according to the memos. “The industry is going to crap.” …In the end, the documents reveal, the U.S. Justice Department’s top two officials interceded, and KPMG avoided the fate of Arthur Andersen LLP…
Comey said he was “struck by the scope of the wrongdoing,” according to the internal documents. He also expressed concern that audit firms after the Andersen case might believe they were immune from prosecution.
“Does the notion of corporate criminal liability mean anything for the Big 4?” Comey asked.
About two weeks after meeting with Comey, the KPMG legal team met in New York with Kelley and his aides and got the good news: Comey and Gonzales decided against an indictment of the firm, the papers show…The resolution, Gonzales said, “reflects the reality that the conviction of an organization can affect innocent workers and others associated with the organization, and can even have an impact on the national economy.”
The “too few to fail” policy has been mentioned off the record and in many conversations I’ve had and overheard since. As one of the 2010 Compliance Week speakers blurted, “We now know the collateral damage from putting one of these audit firms out of business and no one wants to see that repeat…”
What that means is the SEC will go after individuals at the audit firms but not the firms themselves in any way that might precipitate their failure. (And the firms, like KPMG and most recently Deloitte re: Flanagan, will throw partners and employees under the bus to appease prosecutors and redirect attention away from a firm and its current leadership.) No one wants to be blamed for the “collateral damage” that will occur if a “nuclear bomb” is dropped on the profession as in the Arthur Andersen case. The damage would be extensive, I agree, since there is no Plan B for meeting investors’ needs for timely, sufficient, reliable, and true financial information.
But what that truly means is the global audit firms do have a free pass, immunity from criminal prosecution, and they know it. (I’ve said that a Big 4 audit firm would have to be suspected at the highest leadership level of conspiracy to commit mass rape and murder of minors in New York to be even seriously investigated, let alone actually called to account.)
The rest of the Big 4 risk management strategy consists of running ahead of catastrophic litigation – which they’re doing as fast as their mostly skinny white legs can carry them – and getting their “not-ready-for-prime-time” next tier firm brethren to lobby for liability caps on their behalf.
The Financial Times, September 28, 2010: A cap on the market share of UK auditors needs to be introduced to reduce the systemic threat posed by the dominance of the four biggest firms, Grant Thornton has urged.
The country’s fifth-largest auditor claims that financial markets would be thrown into chaos if one of PwC, KPMG, Deloitte or Ernst & Young – which collectively audit the majority of FTSE 100 companies – were to collapse.
Exasperated by previous attempts to dilute the power of the Big Four, Grant Thornton’s UK arm is now pushing for radical intervention by regulators and investors.
In its submission, Grant Thornton said the collapse of one of the Big Four was a “tangible rather than a purely academic risk”…If one of the four did fail, Grant Thornton said the stricken firm’s audit partners would probably not move to one of the second-tier operators because of the smaller sums they would earn there.
“Instead they would seek to join one of the three remaining largest firms, leading to an audit market concentrated on just three large firms,” it argued.
In a submission to the committee, BDO, the number six UK auditor, said the failure of one of the Big Four was “a distinct possibility” because international attempts to cap their exposure to potentially ruinous litigation had been patchy.
Staying in front of litigation is getting harder and harder for the audit firms, however. There’s so damn much of it, both in the US and abroad. And what’s been filed is only the tippy-top of the potential pile.
The PCAOB has issued a scathing report describing auditor failure during the crisis that mirrors, in many respects, the findings of the AIU in the UK. In fact, the issues are quite similar and the firms’ stubborn refusal to acknowledge them is equally familiar.
There is one issue that’s unique to the UK – the acknowledged diminution in quality when a non-partner leads an audit and reviews/signs off on the workpapers. I was very surprised that UK accounting standards do not require a partner to actively participate in the audit and review and signoff on final work product. In the US partners have been sanctioned for fudging hours charged to engagements and their signatures on documents in order to prove to internal and external inspectors that they spent sufficient time on the job and exercised proper supervision. What’s ironic is that the UK will now require a real person to sign the audit opinion letter, but that’s a major sticking point in the US, as we never know the names behind the work until there’s litigation. Liability fears drive partners to make sure they do the work but individual liability concerns mean audit firms hide the names until forced to reveal them by courts.
So what did the PCAOB find? (The links I’ve provided with the bullets point to articles I’ve written about audit failures related to these issues and PCAOB warnings in inspections reports.)
1. PCAOB inspectors identified instances where auditors sometimes failed to comply with PCAOB auditing standards in connection with audit areas that were significantly affected by the economic crisis, such as:
- Fair value measurements (How are the banks getting away with this back and forth, write-up and write-down, pin the tail on the donkey style valuation that seems to serve only their limited need to buy time? The auditors, specifically KPMG (Citigroup, Countrywide prior to B of A’s purchase, Wells Fargo and Wachovia) and PricewaterhouseCoopers (Bank of America and JP Morgan), are sitting on their hands, twiddling their thumbs and collecting payola while banks are doing as they wish. In some cases the auditors even allow the same assets to be valued differently at two of their clients. The data proves it. See “Accounting for Banks’ Value Gaps,” Michael Rapoport, The Wall Street Journal, December 29, 2009)
- Impairment of goodwill (In December of 2008, the PCAOB issued their Report on the PCAOB’s 2004, 2005, 2006, and 2007Inspections of Domestic Annually Inspected Firms (KPMG US, PwC US, Deloitte US, EY US and KPMG Canada.) Goodwill impairment issues makes it to the “Top Ten” list of repeated deficiencies. PwC has been repeatedly cited for deficiencies in auditing goodwill impairment – in 2008 all of the deficiencies cited in their firm report were about goodwill. Then their client, Huron Consulting, suffered a significant scandal regarding their goodwill accounting.)
- Indefinite-lived intangible assets, and other long-lived assets
- Allowance for loan losses (KPMG’s regulator, the PCAOB, has told us over and over that KPMG will fudge on behalf of their clients when it comes to auditing estimates of loan loss reserves. That claim was the smoking gun in the New Century litigation. New Century is reportedly settled, so the truth will be buried, but the PCAOB told anyone that would listen about several other cases. See the PCAOB’s inspection of KPMG dated June 2009 for 2008. Also, if anyone had cared to look more deeply, they would have found plenty of mistakes on Deloitte’s part to add fuel to the fire of a negligence or accounting malpractice claim in the American Home failure. Deloitte had been warned by the PCAOB about its shoddy work on the 2007 audit of AHM. See the PCAOB final report on Deloitte’s 2007 audits issued May 19, 2008
- Off-balance sheet structures (“How can anyone — regulators, investors or anyone — understand what’s in these financial statements if they have to dig 15 layers deep to find these kinds of interlocking relationships and these kinds of transactions?” See my quote in a New York Times story about a Lehman SPE, ““Lehman Used ‘Alter Ego’ To Transfer Risks.” Of course the most notorious off-balance sheet strategy to come out of the crisis was Repo 105. Start here for a set of links describing the technique and Ernst & Young’s response to the criticisms.)
- Revenue recognition (No one should be surprised by the recent SEC sanctions against Dell and its founder and executives. This firm has been a problem for PwC for a while. “The investigation raised questions relating to numerous accounting issues, most of which involved adjustments to various reserve and accrued liability accounts, and identified evidence that certain adjustments appear to have been motivated by the objective of attaining financial targets.” So why is PwC still the auditor of such an incorrigible client?)
- Income taxes (I was recently interviewed by The Street.com about Citigroup’s deferred tax asset sleight of hand.)
2. Firms have made efforts to respond to the increased risks stemming from the economic crisis. The deficiencies identified by inspectors in their reviews of issuer audits suggest that firms should continue to focus on making improvements to their quality control systems. (This continues to be a problem, has been cited numerous times before and the firms are defiant.
“In some instances, inspection teams found various matters that provided cause for concern about firms’ partner evaluation and compensation processes. These included situations where audit quality did not appear to be a significant factor in the partner evaluation process or its role in the process was unclear.
In some cases, partners received high ratings on technical competence even though there were significant deficiencies in their audits that were reviewed in the firm’s internal inspection program or in the PCAOB’s inspection program. In addition, inspectors observed situations where concurring review partners or internal inspectors were not held accountable for failing to identify significant deficiencies in audits they reviewed and where partners’ quality ratings were affected significantly by the results of client satisfaction surveys or the profitability of their audits or their ability to increase revenues.”
Well… Did they comply with any of the auditing standards? It seems not, since the auditors failed to detect, warn, mitigate or issue a “going concern opinion” for any of the failed, bailed out or more or less nationalized financial institutions at the center of the crisis in the US and abroad.
And do the firms really take the PCAOB inspections seriously? It’s apparent to me, based on personal observation and documented incidents, that audit firm leadership does not take the inspection results seriously. They may pay lip service to the findings, but in the same way they advise their clients, they know how to respond to the letter of the finding without putting any heart or soul into it. In some cases they publicly embarrassed the PCAOB by openly disagreeing with them.
The PCAOB report is issued without consideration of the full impact of some very serious scandals that occurred at the same time as the financial crisis – Madoff and Satyam. The report of the PCAOB’s spring 2008 inspections of Indian audit firms and their clients, including PwC India and Satyam, has still not been issued and the level of accountability of the auditors of Madoff feeder funds not determined via trial.
And then there’s the still lingering problem of firms in foreign jurisdictions that can not be inspected.
Because of the position taken by authorities in certain European countries and in China, the PCAOB is currently prevented from inspecting the U.S.-related audit work and practices of PCAOB-registered firms in certain European countries, China, and, to the extent their audit clients have operations in China, Hong Kong. The PCAOB continues to work to eliminate obstacles to inspection in those countries.
The PCAOB issued a press release describing a revised approach to this challenge:
This is a good step, but… What about all of those firms outside the US that were already granted registration and are conducting audits of public companies listed on US exchanges but the PCAOB is still denied access to information necessary to inspect those firms?
“…to provide notice of a development in its approach to registration applications from firms in non-U.S. jurisdictions where, because of asserted legal restrictions or objections of local authorities, thePCAOB is denied access to information from PCAOB-registered firms that is necessary to inspect those firms.
Effective for all pending and future applications from accounting firms in such jurisdictions, the Board will ask the applicant to state its understanding of whether a PCAOB inspection of the firm would currently be allowed by local law or local authorities. The applicant may choose to keep its application pending until it can respond, with confirmation from the appropriate authority in the jurisdiction, that PCAOB inspection is permitted. If the applicant, in order to obtain earlier action on its application, responds that PCAOB inspection would not currently be allowed, the Board will issue a Notice of Hearing to consider whether, in light of the obstacle to inspection, approval of the application would be consistent with the Board’s responsibility under the Sarbanes-Oxley Act of 2002.
(1934)Spend the years of learning squandering
courage for the years of wandering
through a world politely turning
from the loutishness of learning.