Call of Duty: Who Has The Last Word On “Network” Audits of US-Listed Companies?

Call of Duty : Modern Warfare 3 [Eminem – Till I Collapse]

Most associate the proposal for disclosure of other participating audit firms or experts in the audit with the “Chinese problem”. Audit Practice Alert No. 6 at 2 noted that “in a 27-month period ending March 31, 2010, at least 40 U.S. registered public accounting firms with fewer than five partners and fewer than ten professional staff issued audit reports on financial statements filed with the SEC by companies whose operations were substantially all in the China region.”

The PCAOB’s re-proposal cites an example—a small US-registered public accounting firm signed an auditor’s report for an issuer based in China even though “the audit procedures performed by the other firm [based in China] constituted substantially all of the audit procedures on the issuer’s financial statements.” Additional recent enforcement actions against US-based audit firms who signed audit reports for US listed Chinese companies say those firms failed to properly audit Chinese companies.

The “Chinese problem” runs both ways. Sometimes audit firms based in the US agree to sign audit opinions for Chinese companies listed on US exchanges, even though the company’s operations and management are substantially located in China and, so, all the audit work has to be done in China. The PCAOB re-proposal document describes how that works:

The signing firm uses another firm in a foreign country to audit the financial statements of a subsidiary in that foreign country. These arrangements can be an effective and cost efficient way to audit today’s multinational corporations. At the same time the quality of the audit is dependent, to some degree, on the competence and integrity of the participating accounting firms. This is especially true when the signing firm has not reviewed all the work done by the other firm.

(It’s not just smaller audit firms signing US-based audits that have to use Chinese member firms or affiliates of their marketing consortiums like Praxity to assist. Large US-based multinationals and their Big Four auditors do, too. I wrote about the US-based audits of the major casinos with significant percentages of revenue in Macau, a Special Administrative Region of the People’s Republic of China. The other Special Administrative Region of the People’s Republic of China is Hong Kong. The wholly-owned subsidiary of Las Vegas Sands, for example, is listed on the Hong Kong exchange and its audit is performed by a Hong Kong Big Four firm. That firm is untouchable by the PCAOB and the LVS subsidiary and its executives untouchable by the SEC and Department of Justice. Las Vegas Sands recently changed auditors after a long relationship with PwC to Deloitte.)

Another scenario occurs when the final audit report signing firm is a Chinese audit firm, perhaps the network member of a Big Four firm like Deloitte or PwC, located on mainland China or in Hong Kong. The signing firm, in this case a Chinese audit firm, depends on its fellow audit network member firms, including in the US, to audit the portions of revenue and company assets that are outside of China. An example of this scenario is NQ Mobile Inc. (NQ), a Chinese mobile communications firm with an audit opinion signed by the PwC Beijing firm which claims a significant amount of revenue outside China including in the US.

Somebody has to audit that revenue and it is probably not going to be the PwC Beijing office.

Which scenario is a bigger problem for US regulators? There are a few key differences between the scenarios. In the first case, when the audit report is signed by a US firm, all final engagement quality assurance, including the Appendix K review required for compliance with SEC Practice Section rules is, theoretically, performed by US personnel in the US. A US partner of a US firm is the responsible engagement partner and has the last word before the audit report is final. The audit is subject to PCAOB inspection and is likely, these days, to be selected by the PCAOB and inspected in person at the audit firm’s offices.

When a final audit report is signed by a Chinese audit firm for a US exchange-listed company, the Chinese audit firm and its partners must perform all engagement quality review in China. That includes supervising, reviewing and consolidating work done by audit firms outside of China, including possibly the US firm, and making sure the work complies with US GAAS, the PCAOB auditing standards. The Chinese member firms of the largest global firms often have US expats in China that can perform this service and their National Office colleagues in the US are just a phone call or email away for any consultation. In either case the firm must have this expertise available to assist with required engagement quality review and the Appendix K review.

The Chinese audit firm engagement for a US-listed company is also subject to PCAOB inspection, but that’s the part that’s been disputed by the Chinese audit firms who say that the Chinese government won’t allow it. Unfortunately, with all due credit to recent shiny MOUs and subtle diplomacy, the PCAOB is still prohibited from inspecting Chinese audit firms and their engagements for audits of US listed companies on the ground, whether they’re signed by a mainland China firm or a Hong Kong firm. A Chinese partner of a Chinese audit firm is the responsible engagement partner and, we assume, he has the last word before the audit report is final.

Or does he?

ChinaCast is a Delaware company traded on NASDAQ that has a significant number of US investors. The company’s operations, providing post-secondary education and e-learning services, are in China. According to a recently filed lawsuit, Deloitte Touche Tohmatsu CPA Ltd (DTTC) in Beijing, Peoples Republic of China, signed the ChinaCast audit opinion but not until, according to the complaint, Deloitte’s US firm agreed the company’s disclosures were in accordance with Generally Accepted Accounting Principles (GAAP) and SEC reporting requirements.

This Chinese fraud lawsuit names the US Deloitte firm as a defendant, too. Not only had that not been done before but the US firms have traditionally been able to insulate themselves fairly successfully from frauds that happen abroad anywhere, not jut China. How do the plaintiffs plan to rope Deloitte US into the ChinaCast case? I explained in Forbes:

The investment funds suing ChinaCast executives, directors and Deloitte firms claim Deloitte US controlled the DTTC audit of ChinaCast because one of Deloitte US’s partners was a key audit team member, charged with providing technical expertise and the ultimate responsibility for US GAAP issues.

Where have you seen that idea before? Back in May of 2012 I wrote about the SEC’s waste of time suing the Chinese Big Four audit firms to see audit workpapers for Chinese frauds under investigation. I still contend the SEC can review anything they want about the US listed Chinese frauds from the US.

Let me explain further for those not be familiar with Appendix K rules.

A US member audit firm is required to join the SEC Practice Section and comply with the Section’s membership requirements, if it audits “SEC clients”. (The definition of an SEC client is found in SECPS §1000.38 Appendix D.) The SEC Practice Section adopted some procedures that are intended to enhance the quality of SEC filings by SEC registrants whose financial statements are audited by foreign associated firms. These rules are a membership requirement for the audit firms that belong as described in SECPS §1000.08(n). SECPS members are required to adopt policies and procedures for their international organizations or individual foreign associated firms that audit SEC registrants.

Procedures for Certain Filings by SEC Registrants—The policies and procedures should address the performance of procedures with respect to certain SEC filings by SEC registrants that are clients of foreign associated firms by a person or persons knowledgeable in accounting, auditing, and independence standards generally accepted in the U.S., independence requirements of the SEC and ISB, and SEC rules and regulations in areas where such rules and regulations are pertinent (the “filing reviewer”).

The procedures are performed to provide assistance to the partner of the foreign associated firm responsible  for the audit (the “audit partner-in-charge of the engagement”) and the foreign associated firm. Such filings are limited to registration statements, annual reports on Form 20-F and 10-K, and other SEC filings that include or incorporate the foreign associated firm’s audit report on the financial statements of an SEC registrant.

ChinaCast is not the first time the US firm, as an Appendix K reviewer, has been a key part of an audit that didn’t detect fraud. Electronic workpapers, not summary documents or filings only, were the subject of PwC’s Global Capital Markets Group’s activities to review the 20-Fs for $1 billion fraud Satyam. In the SEC’s public administrative and cease-and-desist proceedings against the Price Waterhouse India firms for their negligence leading to the Satyam fraud, the SEC noted:

“Specifically, in May 2008, in response to questions raised by the ‘Appendix K filing reviewer’ of Satyam’s draft Form 20-F, PW India requested that the PwC Network Firm Partner review the electronic workpapers for the 2008 Satyam audit. In response to that request, the PwC Network Firm Partner provided the Satyam engagement team with a detailed set of comments, including remarks on the cash and interest bearing deposit confirmation workpapers. In particular, the PwC Network Firm Partner informed the Satyam engagement team that their cash confirmation procedures appeared inadequate because the working papers indicated that ‘the confirmation was obtained either directly or from copies obtained from the client. We can only take credit for confirms we send and receive directly.”

Global Capital Markets Group (GCMG), the unit at PwC that supports foreign firms who want to be listed on US exchanges and their colleagues who are auditing companies or portions of companies listed on US exchanges, is the group that helped Satyam file its financial statements with the SEC before the company blew up in a $1 billion fraud. Many countries like the UK and China have a local GCMG with locals and expats that can help PwC client companies meet and manage US exchange requirements. The US-based group is a resource to locals if the local group can’t answer a question or otherwise fully meet a needs of their clients. PwC GCMG professionals in China that support local audits of US listed companies, for example, hold conference calls between local China client CFOs, local audit firm relationship partners, US-based GCMG professionals and, sometimes, the PwC national office who can provide even more technical SEC reporting or GAAP technical advice.

The SEC admitted in its complaint against Deloitte Shanghai that it asked Deloitte US for the information the firm has right here in the US on Longtop and other US listed foreign-based audits. The firm’s first answer was to deny any involvement in the audit.

4. On April 9, 2010, staff served Deloitte LLP, the U.S. member firm of the Global Firm with a subpoena requesting audit work papers relating to the Global Firm’s audit of Client A’s financial statements for the period January 1, 2008 through April 9, 2010.

5. Between April 13, 2010 and May 18, 2010, staff had several communications with U.S. based counsels for both Deloitte LLP and the Global Firm.

6. Counsel for Deloitte LLP initially informed the staff that Deloitte LLP did not perform any audit work for Client A, that all audit work was conducted by Respondent, and that Deloitte LLP did not have possession, custody, or control of the documents called for by the subpoena.

7. Counsel for Deloitte LLP subsequently informed the staff that Deloitte LLP performed some review work of Client A’s periodic reports and produced certain documents relating to this review to the staff.

Deloitte did eventually produce some documents related to the audit that are, and always have been, available in the US. If the Deloitte US reviews were sufficient, that should be enough for the SEC to see the quality of work performed by the Deloitte Shanghai unit.

Sadly, the PCOAB’s proposal for disclosure of participating audit firms and experts carves out an exception for the Engagement Quality Review (EQR) and Appendix K review activities.

The Board does not propose disclosing individuals performing the EQR because the EQR is intended to be an objective second look at work performed by the engagement team, and the reviewers’ work is not supervised by the auditor in accordance with Auditing Standard No. 10…Similarly, the Board does not propose disclosing persons performing the Appendix K review because the auditor does not supervise or assume responsibility for the Appendix K review.

I have to ask… Who supervises whom? Does the Appendix K reviewer have the last word on the audit and the filing or does the local engagement partner give the final sign off? Will this be more clear once the engagement partner’s name is in the audit report or do we need the EQR and National Office partner names, too, to understand who is ultimately responsible? If the buck stops at the local engagement partner, a local Chinese partner in this case, what guarantee do capital markets and the SEC have that the filing complies with GAAP?

In the Satyam fraud, PW India ignored the PwC GCMG concerns, according to allegations made by private plaintiffs, was a slow pay on the arms-length invoice the GCMG issued for its work, and did things the “Indian way” with disastrous results. From Forbes in May of 2011:

PwC US GCMG performed, over the years, additional consulting and transaction advisory work for Satyam, in spite of their status as an audit client. That probably de-motivated them to jeopardize the additional revenue to their practice by complaining up the chain about Indians ignoring their advice.

When the plaintiffs’ lawyers presented their “gotcha” – the U.S. controlled the Satyam audit through GCMG US reviewers – the defense lawyers and their clients probably smiled. I imagine they conceded, yes, we conduct quality control reviews on audits of foreign firms listed on US exchanges. But the reviewer’s reach exceeds his grasp when he hits a sovereign border.

Why do the Big Four audit firms like the Appendix K exception, in particular? Because it shields the US firm from instant exposure for every single non-US based audit of a US listed company because the US firm is, whether from the US or onsite, often the Appendix K reviewer and maybe also helping with EQR. Plaintiffs firms will have to be creative and do extensive investigation work stymied by the discovery limitations inherent in working with a signing firm in China or another country the PCAOB can’t inspect—there are more— and where US litigation is not welcome. If the right smoking gun is found, then and only then, the investor might be able to pin any liability for financial statement audit failure and undetected fraud on the US firm.

Nota bene: On December 4 the PCAOB re-proposed a rule to require public companies to disclose the engagement partner’s name for the most recent period’s audit and the names, locations, and extent of participation of other public accounting firms that supported the completion of the audit.

There are numerous examples, recent ones, showing the audit firms are deliberately less than transparent about where partners who have been sanctioned or had problem audits in the past are currently working. Many continue working at the firms and some have been caught continuing to audit public companies.

I wrote about the proposed engagement partner naming re-proposal on November 24:

The global capital markets, not just current shareholders, need full disclosure of the engagement teams on all public issuers over time, and in a way that is accessible in general, not hidden in Edgar filings and PCAOB Forms.