Audit Firm Professionals Have Cheated on Ethics and Internal Training Exams

How can it be that three of the big four CPA firms were caught cheating on external and internal ethics and continuing professional education (CPE) courses given that their role as auditors is to protect the public interest and the capital markets that rely on audited financial statements? My blog today explains what happened and why, and it provides a cautionary tale for all accounting firms.

By way of introduction to the problem, it’s worth noting that audit professionals are given three opportunities to pass each examination at the end of a CPE course. If a professional is unable to pass after two attempts, that person's performance management leader is notified. If audit professionals are unable to pass after three attempts, the consequences are more significant: They are required to retake the training; they are prohibited from conducting audit work until they pass the exam; and others at the firm may be notified. Audit professionals also know that failing to pass an exam could lead to their compensation being reduced.

Ernst & Young

Last month it was announced that the SEC fined Big Four CPA firm Ernst & Young (EY) $100 million after admitting that its employees cheated on their ethics exams.  It is the largest fine ever imposed on an auditor. In this case, almost 50 EY audit staff cheated on the ethics component of CPA exams and in ethics CPE, the latter with software flaws that allowed exam takers to exploit the flaw and to pass CPE exams without the required number of correct responses.

The offenders shared answer keys to the ethics portion of the CPA Exam between 2017 and 2021 and hundreds more cheated on CPE courses, according to the SEC. This is the largest sum ever imposed by the SEC against an auditing firm. The firm said in a statement “nothing is more important than our integrity and our ethics” and promised it would take efforts to enforce compliance with ethical rules. A curious statement, to say the least.

EY undertook an internal investigation and self-reported to the regulator, the Public Company Accounting Oversight Board (PCAOB). It is quite evident, though, that EY’s decision to undertake an internal investigation and self-report to the PCAOB without also correcting in the June 20 submission about the problem was not, in the Commission’s view, the right course of action. The Order draws a direct link between the cheating and the failure to correct the submission to the SEC: “Just as many of its audit professionals failed to report their colleagues’ cheating as required, EY withheld this misconduct from the SEC during an investigation about cheating at the firm.”

The Order further states that “despite the message from EY’s U.S. Chair and Managing Partner only two days earlier about the importance of integrity and honesty, EY did not correct its submission to the SEC’s Enforcement Division.” EY’s initial failure to correct, presumably combined with its conducting of an internal investigation without providing updates to Commission staff, metastasizes into “withholding information about misconduct that EY knew SEC staff was investigating” and “continued misrepresentations to the SEC’s Division of Enforcement [that] significantly hindered the SEC’s ability to take action that would protect investors” from cheating audit professionals.

The Order concludes that the sum of EY’s conduct—the widespread cheating, policies and procedures deficiencies, and the failure to correct the June 20 submission—violated PCAOB Rule 3500T, constituted a failure to comply with AICPA Code of Professional Conduct 1.400.001, and contravened the requirements of PCAOB Quality Control Standard 20 (“QC 20”).

To make matters worse, in December 2014, an internal EY whistleblower reported a flaw in the firm’s software that allowed professionals to pass CPE exams without the required number of correct responses. The firm investigated the matter and found that from 2012 to 2015, over 200 EY audit professionals exploited the flaw to pass CPE exams.

KPMG

The cheating scandal at KPMG that occurred in 2019, was discovered by the SEC while investigating the firm for another ethical failing, which was to hire former PCAOB staffers to gain access to inside information about which audits the Board would investigate as part of its inspection process. KPMG had the highest deficiency rate of the Big Four and chose to cheat the system to bring the deficiency rate down. The PCAOB sanctioned Scott Marcello, KPMG’s former Vice Chair of Audit, fining him $100,000 and censuring him for supervisory failures in connection with KPMG’s receipt and use of confidential PCAOB inspection information. This is the largest money penalty ever imposed on an individual in a settled case.

Returning to the training exams and cheating at KPMG, the SEC complaint said that "on numerous occasions" KPMG audit professionals who had passed their training exams sent the answers to their colleagues to help them pass too, primarily via email or printed answers. The SEC noted that this practice took place at all levels of seniority, from nervous first-year auditors to lead engagement partners who were responsible for compliance with PCAOB standards in auditing their clients’ financial statements.

The senior cheaters not only sent exam answers to other partners, but even solicited answers from and sent answers to their subordinates. When word of this began getting through to senior leadership, KPMG launched its own internal investigation, which prompted the cheaters to hide the evidence.

For example, in one case, a now-former junior partner sent another former partner the answers from his exam by text message. After receiving a document preservation notice from the firm, the partner deleted the text messages that the junior partner sent him and encouraged his colleague to do the same. The partner also encouraged the junior partner to lie, saying that the texts were deleted by accident. When the partner was asked in a written questionnaire in December 2018 whether he had received any answers to KPMG training exams, he answered “no."

PwC

Turning to PwC, the PCAOB fined PwC-Canada $750,000 for having faulty quality control standards that allowed more than 1,200 professionals to cheat on internal training courses covering auditing, accounting, and professional independence by improper answer sharing from at least 2016 until early 2020. More than 1,100 of them were from the firm’s assurance practice.

After discovering the training-related misconduct in January 2020, PwC-Canada reported the matter to the PCAOB and began implementing remedial policies and procedures,” the PCAOB order stated. “In ordering these sanctions, the Board took into account the Firm’s extraordinary cooperation in this matter, including self-reporting and remedial actions.”

In a statement, PwC Canada CEO Nicolas Marcoux said that when the firm became aware of the widespread cheating, primarily by junior-level assurance employees—who shared online documents that had answers to some internal assessments—the firm immediately started an investigation with the help of external parties and notified the matter to the regulators.

“We have since undertaken several remediation steps including retraining, additional ethics training, financial penalties, written warnings and terminations where warranted,” Marcoux said. “While we are confident there has been no impact or compromise to the quality of our audits as evidenced by our current inspection results, we expect more from everybody in our firm.”

Kudos to PwC for being forthright. PwC--Canada voluntarily stepped forward and self-confessed to these embarrassing happenings within the firm.  However, the extent of the cheating and the very fact that it went unabated raises serious questions about the firm’s internal controls.

Summing it Up

In each case, there was a violation of the firm’s code of conduct. Perhaps the most concerning thing about these cheating scandals is the reasons given for the ethical failings. According to the SEC, many EY employees knew that their behavior violated the firm’s code of conduct, but some still did it because they couldn’t pass on their own. This is nothing more than a rationalization for an unethical action and should be beneath a certified audit professional.

Moreover, the gatekeeper role of auditors demands complete allegiance to the public interest above all else. Clearly, the firms did not do that. The public doesn’t expect, and certainly does not want, its audit firm to sanction cheating at this level. How can clients trust their auditors when they cheat on exams—ethics exams, no less?

These failures raise questions about professional integrity in accounting firms and the very culture that should support ethical behavior. Why should clients trust audit firms when they can’t get their own house in order?

Blog posted by Dr. Steven Mintz, The Ethics Sage, on July 19, 2022. You can sign up for Steve’s newsletter and learn more about his activities on his website  (https://www.stevenmintzethics.com/) and by following him on Facebook at: https://www.facebook.com/StevenMintzEthics and on Twitter at: https://twitter.com/ethicssage.