Recommendations for Dealing with Big-4 Audit Firm Ethical Violations
PCAOB Sanctions Fifteen Firms for Violating Auditor Independence Rules
On December 8, 2014, the SEC announced that it was sanctioning eight firms and the Public Company Accounting Oversight Board (PCAOB) was sanctioning seven others for violating auditor independence rules when they prepared the financial statements of brokerage firms that were their audit clients. Essentially the firms prepared the financial statements for clients and audited their own work thereby inappropriately aligning themselves more closely with the interests of clients’ management teams in helping prepare the books rather than strictly auditing them.
The SEC didn't go to court. The eight firms agreed to settle the cases through administrative orders without admitting or denying the findings. The SEC censured the firms and ordered them to collectively pay $140,000 in penalties. According to the SEC press release, "Under auditor independence rules, firms cannot jeopardize their objectivity and impartiality in the auditing process by providing such non-audit services to audit clients.”
The SEC sanctions are a slap on the wrist at best. Even though none of the firms sanctioned were big-4 firms the meager amount of the penalties brings into question whether the SEC is serious about the cleaning up independence violations that fly in the face of the public interest obligation of auditors under the profession’s ethics rules of conduct.
In one of the most bizarre cases dealing with sanctions of a big-4 firm, on July 14, 2014, the SEC charged Ernst & Young LLP (EY) with violations of auditor independence rules because an EY subsidiary lobbied congressional staff on behalf of two audit clients. Such lobbying activities place the firm in the position of being an advocate for their clients' interests. Despite providing the prohibited legislative advisory services on behalf of the clients, EY repeatedly represented that it was “independent” in audit reports issued on the clients’ financial statements.
I wonder how a big-4 firm can even remotely think that engaging in lobbying activities on behalf of a client would not violate ethics rules because of the advocacy threat to independence. This is a blatant disregard for the rules. Either EY management was clueless, acted with reckless disregard for the rules, and/or was oblivious of its ethical obligation to maintain its integrity and objectivity when auditing a client. In any case the firm got off with a slap on the wrist by merely being fined for its independence violations.
EY is not alone in being sanctioned for deficient audits by the PCAOB. On August 28, 2013, the Board published inspection reports for KPMG and PricewaterhouseCoopers (PwC). KPMG got a failing grade on 17 of 50 audits inspected for an overall failure rate of 34 percent, up from a 22.60-percent failure rate in 2011. PwC took heat for 21 of 54 audits inspected for a rate of 38.9 percent, down only barely from the 2011 rate of 41.3 percent. Unfortunately for EY, the firm turned in the worst rate of 2012 at 48 percent. However, Deloitte fared the best at 25 percent. Deloitte was the only Big 4 firm to register a significant improvement from 2011 to 2012.
Inspectors hit KPMG the hardest for failures to properly audit internal control over financial reporting in finding problems with 14 of the firm's audits in that area alone. The board also took KPMG to task over its compliance with Auditing Standard No. 13, The Auditor's Response to the Risks of Material Misstatement, finding problems in nine separate audits. Inspectors noted a handful of instances where the firm identified fraud risks, but failed to complete audit procedures that addressed the heightened risk. In terms of accounting issues, the PCAOB says the firm failed in a number of respects to properly audit revenue recognition, allowance for loan losses, valuations of securities, inventory, and others.
The SEC has recently turned its attention to Chinese branches of U.S. audit firms and the results of its inspections paint a bleak picture of whether the Chinese government is willing to cooperate with inspections. Chinese law forbids the firms from handing over documents to the SEC. The lack of transparency by the Chinese government is in direct contra-diction to U.S. accounting standards and poses at immense problem for U.S. firms operating in China going forward.
On January 23, 2014, the SEC came down hard on Chinese units of big-4 firms, ruling that these units should be barred from auditing U.S.-traded companies for six months. The ruling comes after the firms failed to show the SEC their work. For their part the firms seem perplexed by the SEC decision, which is not final at this time. The firms plan to appeal the decision and have said: "It is regrettable that the SEC’s administrative law judge has recommended sanctions against the big four firms in China for failing to produce work papers to the SEC in circumstances where such production would have violated Chinese law and regulations.”
I fear we are headed for a new crisis in the accounting profession where shoddy audits return to pre-Sarbanes-Oxley levels. There is historical precedence for my statement as it seems that every 10 years or so the audit profession has to deal with Congressional investigations over failed audits. In the 1970s it was the Metcalf Committee that examined the relationship between audit firms and their clients in light of increasing non-audit services for those clients. In the 1980s it was the Treadway Commission investigation of firms for failing to identify fraud and internal control weaknesses. In the 1990s it was the massive failure of savings and loan institutions, many of which had deficient audits of loan loss reserves. In the 2000s, it was a whole host of problems with respect to earnings management at companies such as Enron and WorldCom.
Will the next scandal focus on deficient audit reports identified by the PCAOB? I fear the worst because of the track record built up by the audit profession and because the firms seem to suffer from a short-term memory lapse. The underlying issue is that the firms are getting too close to their clients whether due to providing non-audit services, creating a self-review threat to independence, or developing close business relationships with audit clients that create a self-interest threat to independence.
What are the answers? First, I believe all non-audit services should be prohibited for audit clients. Sarbanes-Oxley only prohibited a handful of these services and since the enactment of the Law the firms have broadened the scope of non-audit services that fall through the cracks of these prohibitions.
Second, every firm that audits a public company should be required to have a designated senior-level SEC manager work with the audit review partner in real time to investigate whether any independence violations exist before going forward with the audit. The SEC needs to detect independence violations before firms proceed with audits or at least on a timelier basis than now exists.
Finally, audit firms that have been found to have deficient audits of public-company clients based on PCAOB inspections should be required to rotate off those clients. The PCAOB has been considering audit firm rotation for several years. This is a way to make some headway in new rotation rules by saying to the firms if you produce deficient audit reports, then we will force you to give up client audits. I believe this would serve as a wake-up call for the firms that the PCAOB and SEC are serious about the consequences of audit inspections that highlight failures in audits, and the importance of protecting the public interest.
Violations of the Foreign Corrupt Practices Act (FCPA) seem to be occurring at a more rapid rate than at any time since the 1970s when bribery by companies such as Lockheed led to the passage of the Act by Congress to stem the tide of bribing foreign officials by U.S. companies to gain business overseas. In the debate surrounding Congressional passage of the FCPA, a discussion took place around whether U.S. companies should be held to ethical standards in the U.S., which prohibits bribery, or to those of the country in which the entity operate,. In other words, is the old adage true today as in years past: “When in Rome, do as the Romans do.”
Congress eventually decided the FCPA would permit relatively small amounts of “grease payments,” referred to as facilitating payments in the Law, but would prohibit outright bribery. Of course, the devil is in the details and the line drawn between these two types of payments can get blurred.
The anti-bribery provisions of the FCPA make it unlawful for a U.S. person, and certain foreign issuers of securities, to make a payment to a foreign official for the purpose of obtaining or retaining business for or with, or directing business to, any person. On December 22, 2014, French company Alstom pled guilty and agreed to pay $772 Million to resolve foreign bribery charges. An interesting aspect of the Alstom case is it reflects a ramped-up effort by U.S. authorities to stem the tide of overseas bribery enforcement by investigating foreign companies that have a subsidiary located within the U.S., as is the case with Alstom.
The settlement with the U.S. Justice Department (DOJ) points out that from at least 2000 to 2011, Alstom paid tens of millions of dollars in bribes to win $4 billion in projects from state-owned companies in Indonesia, Egypt, Saudi Arabia, the Bahamas, and Taiwan. The company earned about $300 million in profits from the scheme.
Alstom attempted to conceal the bribes by retaining consultants who actually acted as conduits for the payments to government officials, according to the DOJ. Alstom falsified books and records to hide the payments and referred internally to the consultants using codes names such as “Mr. Geneva,” “Quiet Man,” and “Old Friend,” according to the government.
In the U.S., Alstom pleaded guilty to two charges, one for violating bribery laws by falsifying records and the other for failing to have adequate controls. Several countries have opened probes into Alstom since 2004, when auditors for the Swiss Federal Banking Commission unearthed documents showing possible corrupt payments. Since then, the company has paid more than $53 million over claims its employees bribed officials in at least five countries.
Cases enforcing the FCPA have drawn attention in recent years for the magnitude of corporate penalties they command. Among the largest U.S. penalties for foreign bribery are KBR Inc.’s $579 million settlement in 2009 and Alcoa Inc.’s $384 million penalty earlier this year. Those cases included criminal and SEC penalties.
In addition to the $450 million Siemens paid to the Justice Department, it paid an additional $350 million to the U.S. Securities and Exchange Commission. Alstom isn’t subject to SEC scrutiny because its shares don’t trade in the U.S.
In a high-profile case that was settled in May of 2014, cosmetics giant Avon announced it would will pay $135 million to resolve criminal charges resulting from violations of the books and records and internal control provisions of the FCPA in connection with its China operations. The Avon case involves certain travel, entertainment, gifts and other expenses that were improperly incurred in connection with the company's China operations through the use of third-party vendors and consultants
These examples of FCPA violations all have one common element – the failure of compliance systems. U.S. companies should have in place a robust compliance system that includes strong internal controls to help prevent and detect illegal payments backed by a strong system of corporate governance. However, regardless of existing systems nothing can replace the importance of setting an ethical tone at the top by the CEO, CFO, COO, and other top managers who make it clear by word and deed that the company will not sanction violations of any law and will hold all employees personally responsible for adhering to ethical standards. Violators should be dealt with swiftly and a message sent that the company will not tolerate such behavior. Unfortunately, companies such as Alstom and Avon failed to establish an ethical direction for its employees and the result was an embarrassing event that brings into question the effectiveness of the leadership in both companies. Both companies need to learn the lesson that espoused by management guru Warren Bennis years ago that “Managers are people who do things right and leaders are people who do the right thing.”
Blog posted by Dr. Steven Mintz, aka Ethics Sage, on December 29, 2014. Dr. Mintz is a professor in the Orfalea College of Business at Cal Poly San Luis Obispo. Professor Mintz also blogs at: www.ethicssage.com.