Is the regulator ready for the flood of findings, fines, and sanctions that might jeopardize the viability of more than one firm?
Dave Michaels of the Wall Street Journal has been on a reporting roll. I mentioned his stories related to the Diller/Geffen insider trading investigation and the recidivist Deutsche Bank here.
I also gave another Michaels story a shout-out during a recent podcast where I was a guest, talking about crypto regulation but also the state of selective regulation of the audit industry.
This latest Michaels piece, from March 17, is the one I want to talk about today.
SEC has launched probe into how firms manage conflicts of interest caused by sale of non-audit services
There’s a lot of great information in this piece.
For starters, it’s a great scoop. Someone told Dave about the SEC investigation and he had the exclusive and likely exclusive follow-ups. Someone wanted this investigation to be known, but the SEC and the audit firms are not yet talking about it publicly. Second, the investigation is being led out of Miami.
The SEC’s Miami office last year sent letters seeking information about client work that could cause auditors to violate rules requiring they be independent of clients whose finances they inspect, sources say. They say the letters were sent to some smaller accounting firms as well as the big four: Deloitte & Touche, Ernst & Young, KPMG and PricewaterhouseCoopers.
The Big 4 firms either declined to comment or ignored his requests for comment.
Spokesmen for the SEC, KPMG and PwC declined to comment. A spokeswoman for Ernst & Young and a spokesman for Deloitte did not respond to requests for comment.
Michaels says in his story that the SEC’s Miami office asked the audit firms for information about all non-audit services for audit clients — information that is readily available to the SEC via issuer proxies, the PCAOB inspection data gathering process, and research firm Audit Analytics — but also for information on any cases in which the firms obtained contracts that reimburse them for losses caused by lawsuits over their work, or made fees contingent on a particular result or outcome, the sources say.
Typically a high profile investigation, one that touches the core of the Big 4, would be led by SEC HQ in DC. For example, the PwC independence-related enforcement action that Dave mentions, where PwC paid $7.9 million in fines, was led by two SEC attorneys who are both based in Washington, D.C..
The 2014 KPMG case Dave mentions, where the firm paid $ 8.2 million to settle an SEC investigation that alleged it provided prohibited non-audit services such as bookkeeping to affiliates of audit clients included a report of a non-prosecuted investigation that was a direct result of my reporting.
It’s been almost three years since I first broke the story of KPMG’s loaned tax staff arrangement with audit client GE. On January 24 the Securities and Exchange Commission (SEC) announced an $8.2 million settlement with KPMG over violations of auditor-independence rules. KPMG’s settlement includes pay back of some fees earned on the illegal services and some fines. The wheels of justice turn very slowly. Unfortunately, none of the companies involved were named and, as far as I can see, the GE case was not one of the three cited as a subject of the enforcement…
A person familiar with the SEC’s thinking on the matter confirmed to me that the investigation report is referring to the GE case. This person also pointed to the SEC’s earlier independence case against KPMG for violations in its Australia practice for clues as to why the agency did not issue an enforcement order here. I discussed the Australia case in my original reporting.
KPMG should know better. KPMG was recently sanctioned by the SEC for a similar transgression involving their Australian office. KPMG Australia and at least one other KPMG member firm outside Australia seconded non-tax professional staff to work at each client’s premises, under the supervision and direction of each client, doing the same types of work that each client’s own employees or managers ordinarily would perform, in violation of the prohibition under Rule 201(c)(4)(vi) against “[a]citing, temporarily or permanently, as a director, officer, or employee of an audit client, or performing any decision-making, supervisory, or ongoing monitoring function for the audit client.”
EY and its professionals have paid fines for quite a few auditor independence enforcement actions since the passage of Sarbanes-Oxley in 2002.
There’s one just this past December 2021 that specifically involved tax professionals billing on a contingent basis for services to an audit client.
The SEC’s orders find that tax professionals at EY billed public company Cintas Corporation for contingent fees for non-audit tax services for approximately nine years, despite EY also being hired to audit Cintas.
Despite the SEC saying that the result of these violations was that the firm was not independent of is audit client, the SEC did not hold the firm responsible for the actions of two partners and one manager, two of whom were attorneys. That investigation was also led by Washington D.C. -based SEC attorneys.
Contingent billing to audit clients is a really big no-no and, as I mentioned, Dave’s story says the SEC wants to know more about these situations, if they exist at other firms.
There’s another EY independence enforcement action from the summer of 2021 — there were two in one year — where the SEC charged EY, one of its partners, and two of its former partners with “improper professional conduct for violating auditor independence rules” for rigging the bid the firm was making for the company’s audit. EY agreed to a censure, to a penalty of $10 million — a bit more than the typical firm penalty of around $8-9 million — and to “comply with a detailed set of undertakings for a period of two years.” That investigation, also, was led by a veteran SEC HQ D.C. -based attorney.
And then there’s the time in 2016 where the SEC fined EY $9.3 million to settle charges that “two of the firm’s audit partners got too close to their clients on a personal level and violated rules that ensure firms maintain their objectivity and impartiality during audits.” That investigation was driven out of New York.
Dave’s story mentions a 2014 enforcement action where the SEC accused EY of lobbying congressional staff on behalf of two audit clients. That was an SEC HQ D.C. sourced investigation with a fine of only $4 million.
It’s no wonder SEC Enforcement Director Gurbir Grewal said in December at the AICPA SEC and PCAOB update conference:
The third thing I’ll highlight and I’ve spoken about this in other conferences is about increasing our penalties when historical penalty amounts are not having the desired deterrent effect. Quite often, when we see these independence cases in particular, very skilled defense attorney on the other side come in. I will sit at a table like this one and they’ll show us a list of other resolutions and other independence cases, and they’ll say, “Okay, it was a one-year suspension. In that case, it was $20,000,” and give us five other examples of similar conduct with similar penalties.
In my mind, as someone who’s trying to deter this type of conduct, that doesn’t work. That’s just showing me that, you know, dear Mr. Defense Counsel, that just makes it apparent to me that that penalty is not having the desired deterrent fact, and that we need to up our penalties. So I think you will see us really ratcheting up penalties where appropriate so they do have that desired deterrent effect, particularly in these auditor independence cases. Because, you know, there’s almost a static penalty amount and it’s sometimes viewed as a cost of doing business. And that can’t really be the case.
The story also cites recent data from Audit Analytics about “significant” non-audit fees paid recently by S&P 500 index firms. Audit Analytics defines “significant” as non-audit fees — audit-related, tax, and other — of more than 25%.
I recently took a look at EY’s fees for Google, where the firm is tangled up in private litigation Google‘s parent Alphabet is facing from privacy advocates.
What was EY doing for Google that resulted in the receipt of a subpoena and a significant effort to identify thousands of responsive documents?
Plaintiffs served the subpoena on E&Y, requesting documents related to valuation of user data, and any privacy audits or evaluations related to Chrome.
EY consistently bills non-audit fees to Alphabet that are more than 25% of total fees. The audit-related fees focus on “attest services related to information systems” in every year since 2014. It may be a good idea for the SEC to ask EY how it is getting paid for the original work and if it is being reimbursed for the extra work associated with this litigation.
That kind of reminds me of another EY case where the firm did some IT controls work that I thought was not aligned with auditor independence rules. I documented that the Equifax case was not the only one where EY was auditor and producer of the certification for critical IT controls that its audit team relies on.
Finally, since I write about this issue all the time, it was easy for me to find a few examples of “any cases in which audit firms obtained contracts that reimburse them for losses caused by lawsuits over their work, or made fees contingent on a particular result or outcome,” where there has as yet been no SEC enforcement action.
Coincidentally, or maybe not given the firm’s track record, they are all for EY.
Fees contingent on a particular result or outcome
I first wrote about EY and Wal-Mart on October 29, 2007. I re-upped the story in March of 2013 because of Wal-Mart’s Mexican bribery problems and the SEC’s investigation of EY for tax lobbying to audit clients that was finally settled in 2014. EY was silent about its audit client Wal-Mart’s FCPA problems in Mexico and elsewhere and most media left the firm out of its stories on the subject.
Firms and their clients put a value on the services and the firms charge a percentage or a flat rate, sometimes taking a contingency fee (only, according to the rules, if they are not also the external auditor of the company.)
Ernst and Young have been Wal-Mart’s independent auditors for a long time, including the fiscal year 2001 when this work started. Was the tax work structured on a flat fee or a contingency/reward for results basis?
PCAOB and SEC, you should want to know, especially given the large percentage these fees represent as compared to the regular audit fees.
In which an audit firm obtained reimbursement for costs associated with legal or regulatory action regarding its work
In 2013, EY’s audit client HP reimbursed the auditor $2 million for costs associated with its partner having to testify to Congress about the tax avoidance strategies EY had developed and implemented for HP. There wasn’t even any effort to disguise it, I wrote for Forbes. It was right in the proxy!
Last September Senator Carl Levin’s Permanent Subcommittee on Investigations called auditor Ernst & Young to Washington DC to explain how its client HP moves profits offshore to avoid taxes. Beth Carr, the partner responsible for the tax-related services provided to audit client HP, testified on behalf of Ernst & Young. Ernst & Young’s testimony cost HP almost $2 million dollars, according to HP’s latest proxy.
All other fees included reimbursement of approximately $2.0 million in costs relating to responding to a request for EY information from, and EY providing testimony before, the U.S. Senate Permanent Subcommittee on Investigations relating to taxation of earnings generated outside of the United States as well as fees for advisory services relating to HP’s services business.
The $2 million paid to Ernst & Young for showing up is shown as “Other” advisory fees, not audit-related or even tax services, in the proxy. For that much walking around money, I’m sure the firm, and Ms. Carr, are more than willing to sit through some grilling by Levin.
Similarly, I wrote about EY and its vigorous advocacy for its audit client Coca Cola Co. in 2020 when its client was sued by the IRS. As a result of my reporting, I heard from the PCAOB, who was looking into it based on a recommendation from the SEC. The PCAOB attorney thought I had filed a whistleblower tip to the SEC and went radio silent when he found out I was a journalist who had publicly written about it. I have not heard anything since. (I do not file whistleblower tips. I write publicly about issues and hope regulators act.)
The Tax Court has since issued an order denying Coca-Cola’s request that it reconsider the original decision.
Ernst & Young’s tax avoidance strategy consulting work for Coca-Cola, while also acting as its auditor, helped reduce Coca-Cola’s 2007-2009 taxable income by more than $9 billion, according to the Tax Court’s opinion in the case The Coca-Cola Co. v. Commissioner. The Tax Court on Wednesday upheld two IRS adjustments that reinstated the $9 billion in 2007-2009 taxable income. Coca-Cola Co. is liable for most of $3.4 billion in additional tax on that income that the IRS has been seeking. Coca-Cola could owe more if the IRS applies the successful legal argument to later tax years.
When the IRS questioned the strategy EY developed for Coca Cola, EY appeared in tax court [for the trial in 2020] on behalf of its audit client to defend its work. From the tax court opinion:
At trial an E&Y partner testified that all of these transfer pricing reports “were written based on the [ServCo] contract[s] and the cost-plus nature of the service provided” by the ServCos, which he described as “the exact standard required [under the] transfer pricing analysis paradigm in effect in every country at the time.”
Oh, and here’s another one I wrote about in 2020, EY again, that no one at SEC ever followed up on.
What this means is that EY is lobbying on tax issues that benefit its public company audit client and benefit individuals, the Ziffs, who funded the original public company and played a significant role in its growth through a 2007 IPO. Not only do EY’s two clients have a mutual interest in the tax issues EY is paid to lobby on, but EY has a vested interest in pleasing not only the Ziffs but its public company audit client, the former Och-Ziff Capital Management Group Inc..
Why don’t the audit firms get on the program and stop violating fundamental auditor independence rules?
It’s pretty simple, I wrote in October, when the SEC started rattling its sabres about the issue: Scandals are the cost of doing business.
(Michaels’ story says that SEC Miami sent the letters to the firms “last year” so the firms have known what all the fuss was about ever since.)
It’s a myth that the largest global audit firms will avoid doing anything that harms their reputation, and will police their own to make sure any professionals that bring shame on the profession by committing illegal and unethical acts are fired, not rewarded, and will never audit or give advice ever again…
We’ve seen a deluge of auditor independence issues sanctioned by the SEC and the PCAOB in the last few years. That’s after peaks and valleys of enforcement since Sarbanes-Oxley’s new prohibitions were passed in 2002. The violations that have occurred recently are not the clever schemes of masterminds. They are bread and butter violations of long-standing rules, ones that are the pillars of the profession and they are pervasive. The SEC and severely compromised PCAOB are on a whack-a-mole mission that has neither dissuaded nor deterred systemic and systematic violations by more individuals.
I documented many, many more auditor independence issues that the SEC and PCAOB never went after in a four-part series in January 2020. Maybe the SEC should give me a call.
© Francine McKenna, The Digging Company LLC, 2022