Friday, July 23, 2021

UK Audit Reform Proposals: Full of Sound and Fury but Likely to Amount to Nothing

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Francine McKenna, independent journalist at The Dig, a newsletter, an educator and a researcher. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

This piece was originally posted in March 2021 by Francine McKenna in her newsletter, The Dig. The post has proved prescient. The former head of the UK accounting regulator, Paul Boyle, told the FT on June 14 that the government’s plan to shake up the audit market was likely to fail and that industry lobbying had deflected attention from the dominance of the Big Four accounting firms. He believes the proposal would increase costs for companies without fully tackling the lack of competition faced by the Big Four — Deloitte, EY, KPMG and PwC, which audit the entire FTSE 100.

The UK audit firms themselves warned the following week that the plan to significantly increase the number of companies subject to the proposed stringent governance standards risks straining audit firms and their new regulator to breaking point.

Even Sir Jon Thompson, chief executive of the prior UK regulator the Financial Reporting Council, told the Financial Times in May he agreed with criticism of the regulator. Asked whether the FRC was “asleep at the wheel” during corporate failures, he told the FT’s Board Director series: “The answer is yes. Let’s be straight forward about it.” The proposed new regulator to replace the FRC, was not expected to be in place until at least 2023.

Let's all say again that auditors are supposed to be performing their public duty and finding fraud, shall we?

One after another the ongoing revelations of corporate fraud and bankruptcy in the UK remind us that audits — the last defense against failed financial reporting for investors and the markets — are still not preventing, detecting, or warning anyone about it. 

Enron’s bankruptcy, and its auditor Arthur Andersen’s collapse, happened twenty years ago. The financial crisis rocked the foundations of global financial stability a decade ago. Reforms intended to reassure investors and markets that company accounts can be trusted have instead fallen far short. Allegations of accounting muck-ups at UK companies such as Autonomy, Carillion, Thomas Cook, and Patisserie Valerie, to name just a few, prove politicians made empty promises.

The Right Honorable Kwasi Kwarteng, MP, the UK’s new business secretary, has now introduced a jumble of reforms after the latest corporate calamities and the failure of auditors to catch them, or even convincingly own up to a public duty to do so. The Beis proposals are pitched as a UK version of the US Sarbanes-Oxley Law, passed in 2002 in response to Enron’s failure and Arthur Andersen’s collapse.

The UK may be growling up the wrong tree. SOx reforms have always delivered more bark than bite.

It would be a huge mistake for the UK to model its reforms — ones that have so much momentum and urgent need — after US auditor reform that’s failed so miserably. UK investors deserve more.

I wrote in 2012, ten years after Sarbanes-Oxley was passed, that the law and feeble enforcement of it had failed to restore investor confidence in audit firms after Arthur Andersen’s failure to mitigate fraud at Enron. Nearly twenty years on my verdict is even more harsh. The Sarbanes-Oxley law has turned out to be a negotiated mélange of rules that have been barely enforced and gradually watered-down to within an inch of their original intent, all to reduce costs for corporations and increase new share listings.

Is the latest UK reform package truly radical or just more of the same incremental reforms, full of sound and fury yet signifying no meaningful change once again?

Incremental reform is not enough, Atul Shah, an accounting and finance professor at City University of London, told me.

I am afraid it is more of the same and the reforms will be as ineffective as all the rest. That’s because the largest global audit firms have fully captured the government and regulatory apparatus via the revolving door and have a shared objective to prop up the stock market and businesses no matter the cost to workers and small investors. After the 2008 crash, hardly any auditor was fined or went to jail over their failure to warn society.

After that, it got worse. The common factor is the cultural problem, Shah told Bloomberg in an interview this past June. When he spoke to me, Shah said the cultural problem in accounting and finance is being ignored by most universities and the firms when training new professionals. He believes there are vast cracks in the curriculums that ensure that the systemic problems continue to prevail.

Prem Sikka, an Emeritus Professor of Accounting at University of Essex, agrees. Sikka, in Left Foot Forward in September of 2020, wrote, "The audits of large companies need to be performed by a statutory body.” Lord Sikka, who was nominated for a life peerage in the 2020 Political Honours and raises his voice for the Labour Party in the House of Lords, has been a years-long critic of the audit industry status quo. He wrote:

Auditing firms have a choice. They can deliver honest, robust and socially useful audits or vacate the audit market and make way for a new institutional framework.

However, Sikka told me via email that he suspects the government would not like the idea of an independent body appointing and remunerating auditors because big corporations would oppose it.

Reform history

The last time the UK pressured global audit firms to reform was in 2010 when the House of Lords conducted an inquiry into the Big Four audit firms’ role in the global financial crisis. Auditors had failed in their public duty to remain independent, place public interest above commercial interests, and undertake their duties competently, objectively and prudently, Sikka wrote in a 2009 article.

UK regulators went through the motions in 2010, and their issues were even taken up in the European Union. Michel Barnier, a French politician acting as European Commissioner for Internal Market and Services under President José Manuel Barroso from 2010 to 2014, voiced overall displeasure with the audit firms and threatened new laws and regulations that would upend the industry’s structure.

“The status quo is not an option,” Barnier said in October 2010.

 Michel Barnier, however, did eventually accept the status quo. Barnier recently served as the European Commission's Head of Task Force for Relations with the United Kingdom during the Brexit negotiations. He’ll retire from the European Commission this month but stayed in the game long enough to see the audit industry status quo publicly pummeled again.

After the financial crisis, the Financial Times and the Guardian were full of stories about the auditors and what they did, and did not do, to warn of the crisis or mitigate the impact to investors. UK politicians made much more noise over the auditors’ role than US politicians did. In November of 2010 UK audit firm leadership appeared before the House of Lords Economic Affairs Committee and admitted they did not issue “going concern” warnings for any of the large UK banks that were eventually nationalized. That’s because they were assured during private, confidential meetings in December 2008 and January 2009 with Lord Myners, and others that the government would bail out the banks if needed.

The Financial Reporting Council’s Sharman inquiry, prompted by the incredible revelations, let them all off the hook in June of 2012. Bank auditors are not obliged to express doubts about their client’s short-term survival if it is receiving adequate liquidity support, including from the state, and are able to meet its long-term liabilities, the FRC said.

The latest proposals

On March 18, Kwarteng and Beis published “ambitious plans to strengthen the UK’s audit and corporate governance framework and empower shareholders” that have been much discussed and long delayed, most recently by the COVID pandemic. The proposals entertain most of the recommendations of three independent reviews of the UK audit industry completed in recent years.

Sir Donald Brydon, the former chairman of the London Stock Exchange, delivered a 135-page report in December 2019 that recommended significant structural changes to how auditors work and how their firms are structured and regulated including proposing a new definition of the purpose of a company audit. He also emphasized why auditors should be expected to act as “bloodhounds” that detect corporate fraud. (The collapse of Grant Thornton-audited Patisserie Valerie in January 2019 brought a new example of an auditor insisting it was not obligated to look for fraud.)

A Competition and Markets Authority report in 2019 recommended that UK-listed companies should be required to use two firms — preferably one a non-Big 4 firm — to do a “joint audit” of accounts. The year before John Kingman produced a highly critical report focusing on the regulation of the audit industry.

Lord Sikka believes the reform white paper’s foundation, all of the recent studies, is deficient. The Kingman Review only applies to one of five audit regulators and does not explain how to avoid capture, Sikka said. The CMA report does not tackle questions like auditor liability (an important pressure point) or inviting new suppliers of audit services and the Brydon Review does not look at the actual audit process, per Sikka.

The Financial Times Editorial Board has characterized the proposals as an equivalent to the US Sarbanes-Oxley regime, albeit one the UK must introduce carefully, “without piling unfair costs and burdens on to companies struggling to recover from the pandemic.”

The Beis white paper is a 232-page set of proposals and goes out for public consultation and comment until July. Given the number of recommendations and length of the report, the Beis plan is expected to generate plenty of mail.  That is only a first step and there is no guarantee any of the proposals will eventually be mandated.

Kwarteng writes in the introduction:

The Government understands the serious challenges that businesses are facing because of the pandemic and we will not add to those: reforms will be introduced over an appropriate timetable. However, I am committed to our stated aim of reforming the corporate governance and audit regime and we intend to bring forward these reforms later in the Parliament, once we have taken account of your responses.

Separating audit and consulting, in body or at least in spirit via service prohibitions, is a perennial reform recommendation whenever conflicts rear their ugly head. The UK’s Financial Reporting Council already issued a 22-point plan last July for a “ringfence” requirement — the operational separation of the audit side of the largest global firms from the rest of their business. Firms were required to outline how they would make the changes by late last year, and the plan must be implemented in full by June 30, 2024 at the latest.

When the ring fencing requirements were announced, Deloitte said it would work with the FRC to develop its plans, but was concerned about losing momentum with other reforms mentioned in the three reviews.

Deloitte UK has come around. The firm announced in September that its UK audit operations would have a standalone board beginning in 2021. Public relations firm Teneo is announced this week it would purchase the Deloitte UK restructuring arm which reportedly has 250 people including 27 partners.

PwC was less committal but agreed to “continue to engage with the watchdog on the complexity and detail of the principles.” EY said it would work with the FRC, but warned the proposals alone “would not deliver all the changes needed.” The firm said in December that its plans had been submitted to the regulator.

KPMG has said it supports the ring fence plan as a “first step to restoring trust in companies.” Previously, in 2019, KPMG Chairman Bill Michael had warned that "an extreme form of ring-fencing would have significant unintended consequences, especially with regard to audit quality.” Next tier firm Grant Thornton followed the leaders and said the move would fail to boost competition. 

KPMG UK agreed to a £400m deal with private equity firm HIG Capital for its UK restructuring unit. The firm is arguably in no position to complain about regulatory scrutiny. KPMG has been criticized recently — and been heavily fined — for the poor quality of its audits, in particular related to construction company Carillion. In 2020, the firm saw profits drop 6% before tax and partner payouts. Partner payouts were down 11% from 2019. 

KPMG is also the firm where an audit practice ring fence will have the least impact on its results. KPMG’s audit practice generates a higher percentage of total revenue, nearly 29% in fiscal year 2020 than the other Big 4 firms, EY (21.2%), PwC (22.9%) and consulting behemoth Deloitte which only derives 14.8% of its revenue in the UK form audit services.

Conflicts, however, will continue to turn up. The sell-off of restructuring arms, in particular may help firms like KPMG UK avoid the conflict between its work to wind-up companies like Patisserie Valerie and its audit work but won’t prevent the kind of conflict of interest to be replaced on the job. The Patisserie Valerie auditor Grant Thornton is also KPMG’s audit firm. The forced split up of Big Four audit practices from their consulting units may provide an opening for the firms to continue expansion into legal services. 

The US experience

The U.S. Securities and Exchange Commission attempted to “modernize” auditor independence rules — the ones that govern potential conflicts when an auditor  performs tax and consulting services —  in 2000, even before Enron filed bankruptcy. Audit firms were doing more consulting than auditing at audit clients and the concern was the work, and the fees, distracted them from their core purpose: auditing.

That time the Big 4 didn’t wait for regulators to force them to ringfence audit to protect its integrity from the influence of  consulting fees. The Big 4 were so concerned about the growing regulatory and public criticism that two of the four firms sold their consulting practices in 2000 and 2001. The Sarbanes-Oxley Act was passed in July 2002 and PricewaterhouseCoopers Consulting was sold to IBM in October 2002. Deloitte Consulting never separated from Deloitte & Touche, and went on an acquisition spree.  

Arthur Andersen’s perceived unhealthy emphasis on its lucrative consulting work at Enron instead of its audit was the catalyst for critics to succeed in getting nine prohibitions against consulting services to audit clients into the Sarbanes-Oxley law. The service restrictions prohibit audit firms from providing non-audit services such as internal audit outsourcing services, financial information systems design and implementation, and bookkeeping to an audit client including company affiliates.

However, between 2002 and 2012, the SEC and PCAOB made only a handful of enforcement actions against the firms for auditor independence violations and they were minor. This laissez-faire attitude encouraged the Big 4 firms to rebuild and then expand their consulting arms as soon as non-compete agreements with the original buyers of the businesses expired. The easiest prohibition to police – the one that restricts performing software design, development and implementation consulting for an audit client when it would impact the ability to audit accounting and financial reporting - is the one most recently sanctioned by the SEC, against PwC and a partner. In this case, one partner violated this prohibition in 15 clients for 19 engagements over five years, 2015-2019.  

Can the UK succeed where the US has not?

Professor Shah is pessimistic and wrote in a 2019 OpEd, “We have already lived through the costly experience of the failure of “Chinese walls” in banking. Why should we still believe they can and will work here?” 

Kingman’s recommendation for a new regulator called the Audit, Reporting and Governance Authority is also already in process. Following the FRC Review, the FRC, under new leadership, “has taken significant steps to strengthen its capabilities. However, legislation is needed in many areas to complete the task of remodelling the regulator and to establish the FRC’s successor body, the Audit, Reporting and Governance Authority (ARGA),” according to the Beis white paper. 

So, full reform will, again, wait for Parliament.

The UK reform proposals borrow from recommendations made by the Competition and Markets Authority but go around its recommendation to mandate joint audits in the FTSE 350. From the white paper:

It is not healthy for audit quality that the UK audit market is so concentrated, with 97% of FTSE 350 audits undertaken by just four audit firms. This concentration is not helped by the fact that those firms also compete to provide a wide range of other business services to the largest companies.

The reform proposals greater regulatory powers and duties intended to increase choice and competition in the FTSE 350 audit market, initially through a managed shared audit regime, not joint audits, and, later if needed, a managed market share cap.

The operational separation between the audit and non-audit arms of certain firms is intended to lead to separate governance, financial statements prepared on an arm’s length basis, and regulatory oversight of audit partner remuneration and audit practice governance.

Jane Fuller, a fellow of CFA Society of the UK and co-director of the Centre for the Study of Financial Innovation advocates separating audit from consultancy but admits implementing the ring-fence will be challenging. Fuller wrote in her CFSI blog in October:

The devil in the implementation detail lies in the second objective: ‘Improve audit market resilience by ensuring that no material, structural cross-subsidy persists between the audit practice and the rest of the firm. The seriousness of this issue has led a few of my contacts (outside the audit profession) to question whether the ‘standalone’ audit practices will be viable.

 

Legislation would also provide statutory powers for the regulator to “proactively monitor the resilience of the audit market and audit firms, including powers to require audit firms to address any viability concerns that are identified.” This is a big missing piece of US audit firm regulate on since the SEC primarily regulates audits and auditors as their activities impact public company issuers. The Public Company Accounting Oversight Board monitors the process of auditing and the firms and professionals’ adherence to auditing standards.

No one publicly acknowledges a legal obligation to monitor the financial viability of audit firms, despite widely expressed fears of catastrophic private litigation against one of the remaining Big 4 firms and a generally accepted aversion by regulations to put another firm pout of business through regulatory fines or sanctions, resulting in an implied “too few to fail” policy when faced with necessary enforcement actions against any of the Big 4.

The US government hasn’t officially scrutinized the level of concentration in the market for public company audits since 2008. The US General Accounting Office admitted “there was no general consensus for various proposals put forth for addressing concentration.”

In their 2015 paper, “Competition in the Audit Market: Policy Implications,” Joseph Gerakos of Dartmouth’s Tuck School of Business and Chad Syverson of the University of Chicago Booth School of Business explored the possibility of further audit concentration as a result of the unexpected exit of a Big Four audit firm. This impact could be mitigated by new entry into the public company audit market by next tier firms like Grant Thornton.

Spreading the work of auditing listed companies around outside the Big 4 would potentially keep fee increases in check and, maybe, also prevent the Big 4 from operating with impunity. However, next tier audit firms have not been able to successfully dilute Big 4 market power in the developed economies. When Arthur Andersen collapsed completely, for example, Grant Thornton, RSM, and BDO did not step-up to fill the void anywhere.  

In 2018 Grant Thornton UK announced that it would no longer even pitch for audit work with FTSE 350 clients. Perhaps that’s for the best given Grant Thornton’s failed audit of Patisserie Valerie and payment of a £3 million fine for “misconduct” relating to its audits of Nichols and the University of Salford.

In its November 2020 report, the UK FRC said that introduction of mandatory audit tendering and rotation in 2016 had not made much of an impact on industry concentration.

The Big Four firms continue to dominate the FTSE 350 audit market, particularly for the largest companies by market capitalisation. The failure of any one of these firms would threaten the stability of the overall audit market. 

UK firm revenues represent between 6-9% of global firm revenues but that understates the importance of the UK to each firm’s global network as a key spoke in its global seamless service delivery model for multinationals, wherever they are listed.

The UK member firm in each of the Big 4 global networks signs the audit opinion for a handful of key multinationals, some resident in the UK or other parts of Europe, that are listed on the New York Stock Exchange or Nasdaq. For example, Deloitte UK signs the opinion for Glaxo Smith Kline PLC and BP PLC. KPMG UK signs the audit opinion for BT Group, BHP Group, and Barclays and PwC audits Rio Tinto, Pearson PLC, and Santander. EY UK signs for Royal Dutch Shell and the Royal Bank of Scotland.

PwC’s rank as the largest UK firm by total revenues and audit services revenue is likely directly related to its significant activity as a participating audit firm in 81 US listed companies. That highlights how critical the UK Big 4 firms are as member firms of their respective global networks who audit the UK operations for US and other European exchange-listed clients.

As a result of the fraud and failure of German payments processor Wirecard, this has meant investors and regulators, as well as plaintiffs’ attorneys, are keenly interested in what role EY UK and EY US played in the EY Germany audit of Wirecard. Wirecard had a subsidiary in England and one in Dublin, Ireland. Its 2019 annual report said that the subsidiary in England was audited by an EY network firm and its Dublin sub by a third-party firm.

The FCA forced Wirecard’s U.K. subsidiary, Wirecard Card Solutions, to halt operations when its parent company filed for insolvency in Germany in June 2020. The Newcastle-based fintech Railsbank agreed to buy the U.K. subsidiary of Wirecard. Wirecard’s North America unit, which it bought from Citigroup in 2016, was sold by the bankruptcy administrator to a company backed by buyout specialist Centerbridge Partners LP.

The failure to detect fraud

The Beis proposal also, in line with the Brydon Review’s recommendation, proposes to legislate to require directors of public companies, or what are called “Public Interest Entities” in the UK, to report on the steps they have taken to prevent and detect material fraud.

The Brydon Review also identified “both confusion and a gap between the reality and the expectations of performance of auditors [regarding detecting material fraud].” To dispel such confusion, it recommended that the regulator amend the auditing standard on fraud “to make clear that it is the obligation of an auditor to endeavour to detect material fraud in all reasonable ways.”

The proposal says the UK intends “to legislate to require auditors of Public Interest Entities, as part of their statutory audit, to report on the work they performed to conclude whether the proposed directors’ statement regarding actions taken to prevent and detect material fraud is factually accurate.”

It’s one of the biggest myths that the global audit industry perpetuates: The audit is not designed to detect fraud.

Auditors used to acknowledge their responsibility to detect fraud. In March 2007, PwC’s former US Chairman Dennis Nally was interviewed by the WSJ:

WSJ: Is it an auditor’s job to try and find fraud?

Nally: Absolutely. We have a responsibility to perform procedures that are detecting fraud just like we have responsibilities to perform procedures to detect errors in financial statements.

WSJ: You seem pretty certain, but the firms as a whole often eschew some responsibility for finding fraud, especially in court.

Nally: The audit profession has always had a responsibility for the detection of fraud. The debate has always gone toward how far do you carry that, what type of procedures do you have to develop and in what environment. The classic issue becomes the cost benefit of all of that and this is why I think there is this expectation gap.

By 2011, Nally had changed his tune. Helen Thomas of the Financial Times asked PwC Global Chairman Nally, “What about fraud or disingenuous bookkeeping? Surely auditors should rightly find themselves in the line of fire when a case slips through on their watch?”

The FT’s Thomas writes that Nally “crossed his arms across his monogrammed shirt, for the first time looking a touch defensive.”

There are professional standards out there [and] an audit is not designed under those standards to detect fraud,” [Nally] says, pointing out that detecting fraudulent behaviour rests on other indications including a company’s governance, management tone and control systems. The reasons it has been done that way is because, while we always hear and read about the high-profile fraud, the number of those situations that you actually encounter in practice is very de minimis.

You’re not designing an audit for ‘the exception’ because, quite frankly, the cost itself would be prohibitive to all of the capital markets and . . . who wants to pay for that if the benefit isn’t there?”

What happened to change his mind? Satyam happened.

Nally, and his boss, former PwC Global Chairman Sam DiPiazza, were caught flat-footed on the Satyam fraud in India in December 2008. DiPiazza told the Times of India:

What we understand is that this was a massive fraud conducted by the (then) management, and we are as much a victim as anyone. Our partners were clearly misled.

Faced with allegations that PwC India partners were in on the Satyam fraud, now Global Chairman Nally gave a rambling, incoherent interview to Business Today in India in July 2009 – more than six months after the fraud was uncovered by the Satyam CEO not PwC — and reversed his WSJ comments from 2007:

Many times there is an expectation from the investor community that the auditor is in fact fully responsible for the detection of fraud. Now that is not our job, today.

Judge Barbara Jacobs Rothstein of the United States District Court for the Middle District of Alabama, in her decision in the case Federal Deposit Insurance Corporation v. PricewaterhouseCoopers LLP et al, No. 2:2012cv00957, found on December 28, 2017 that PwC had breached its professional duty to exercise reasonable care in performing its audits by failing to plan and perform its audits to detect fraud and failing to obtain sufficient audit evidence that would have led to discovery of the Colonial Bank-TBW fraud.

On July 2, 2018, Judge Rothstein wrote that the FDIC was "entitled to recover all reasonably foreseeable losses Colonial incurred from its ongoing fraudulent relationship with TBW," and “[t]here can be no real dispute (indeed PwC does not raise one) that it was foreseeable that because PwC failed to detect the fraud, Colonial would continue to fund TBW-originated mortgages, both legitimate and fake.” 

Judge Rothstein ordered PwC, the former auditor for now-defunct Colonial Bank, to pay the Federal Deposit Insurance Corp. $625 million in damages arising out of PwC's failure to detect the  "massive fraud" perpetrated by employees of Colonial Bank and Taylor, Bean & Whitaker Mortgage Corporation from 2002-2009, which ultimately led to Colonial Bank's failure.”

It was the largest ever damages award for auditor liability. The two sides eventually settled for $335 million.

Judge Rothstein’s decision in FDIC v. PwC,  should be the last word on whether the auditor has an obligation under law to design the audit to detect fraud and illegal acts at their audit clients.

In November 2013 the PCAOB published a very useful, and at the time very brave Appendix  to a discussion document distributed at a PCAOB Standing Advisory Group meeting. The agenda item for the meeting was, “Consideration of Outreach and Research Regarding the Auditor’s Approach to Detecting Fraud”.

The appendix provides a detailed overview of auditors’ obligations under existing PCAOB standards to design and perform the audit to detect fraud. The document covers the entire audit lifecycle from engagement acceptance and continuance to reasons to resign an audit. 

The Beis director proposals

The Financial Times Editorial Board believes the real “steps forward” in the BEIS proposals are not the audit firm reforms but changes to corporate governance rules.

At the least, directors would be required to sign off personally on the effectiveness of companies’ internal controls and risk management. That stops short of the US approach, where top executives must certify the accuracy of accounts. But making directors sign off on management, compliance and internal audit controls is a significant step — especially backed by the threat of fines, suspensions, or clawing back bonuses if sizeable errors or fraud are later found. It could also potentially make it easier to bring legal charges against them.

Strictly speaking, making directors sign off on internal controls would be quite a few steps above and beyond the US Sarbanes-Oxley requirement for the CEO and CFO to sign off on internal controls and disclosure controls. The FT’s mandarins, however, do not approve of the most severe controls proposed for company directors.

More stringent options proposed in the paper would require auditors to report on their views of how effective internal controls are, or — closest to the US system — give a formal opinion on directors’ assessment of controls. Jumping straight to the strictest option risks imposing unreasonable costs on post-Covid business.

Fuller told me in an interview she is hopeful that the proposed reforms to hold company directors personally responsible will act as a check and balance on executives and auditors.

That’s where the US SOx experience may be instructive.

The Sarbanes-Oxley Act of 2002 mandates that audit committees would be directly responsible for the oversight of the engagement of the company's independent auditor. SOX Section 302 requires that the principal executive and financial officers of a company, typically the CEO and CFO, personally attest that financial information is accurate and reliable. Besides lawsuits and negative publicity, a CEO or CFO who does not comply or submits an inaccurate certification is subject to a fine up to $1 million and/or ten years in prison, even if done mistakenly. Intentional certification of a false report risks even more severe criminal penalties. 

However, there have been very few enforcement actions for violation these SOX provisions and none for some of the highest profile potential cases from the financial crisis. Other than the high-profile prosecution of Health South’s Richard Scrushy for Section 906 violations — he was eventually acquitted — the US Department of Justice did not pursue a single prosecution under these statutes as a result of the financial crisis.

The BEIS proposals have been greatly delayed, including for another month after the FT reported they were imminent. Perhaps the Big 4 audit firms and business weighed in, again, to create more ambiguity and wiggle room for Parliament later.

Media reporting of “pressure on the Big 4 firms” to renounce the commercialism of the status quo and redirect their hearts and minds to serving the public as professionals has often been just be a clever public relations strategy orchestrated by the firms themselves. It allows government and legislators to entertain the mistaken impression they’re actually “regulating.” Auditors then fend off the worst proposals with the same old arguments, for a while longer, under the guise of compromise.

Follow Francine @ReTheAuditors on Twitter
The Dig is my newsletter 
https://thedig.substack.com/
re: The Auditors 
http://retheauditors.com

Sunday, June 27, 2021

Is the PCAOB Obsolete?

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Steve Mintz, Professor Emeritus, Cal Poly, San Luis Obispo. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

Is the PCAOB Obsolete?

The SEC removed William Duhnke as chairman of the Public Company Accounting Oversight Board, the U.S. audit watchdog, on June 4, 2021. This raises serious questions about the relevance of the PCAOB today and whether it has been operating as intended. In other words, is it protecting the public interest against deficient audits? The SEC removed Duhnke and took steps to replace its entire board, as the SEC’s new leader, Garry Gensler, begins to shape the regulator.

 

A recently issued report slammed the PCAOB as being too lenient with the Big Four accounting firms over audit deficiencies, resulting in only $6.5 million in fines during its tenure, according to a new report.  

 

The Project on Government Oversight (POGO), an independent watchdog, said its analysis of PCAOB annual inspection reports showed the board has in key respects been doing “a feeble job” policing the Big Four.

 

“It has taken disciplinary action over only a tiny fraction of the apparent violations its staff has identified,” the report said. “Meanwhile, the financial penalties it has imposed pale into insignificance compared to the fines it apparently could have imposed.”

 

In the 808 cases in which the Big Four performed audits that were so defective that the audit firms should not have vouched for a company’s financial statements, internal controls, or both, only 18 resulted in PCAOB enforcement actions, POGO found.

 

PCAOB, moreover, could have fined the audit firms more than $1.6 billion but has fined them a total of just $6.5 million, while penalties against individuals at Big Four firms totaled $410,000 — “less money than one partner at a big accounting firm can make in one year.”

 

According to Reuters, the POGO report “could increase pressure on the [PCAOB], which in recent years has been criticized for being too close to the industry it oversees and slow to ensure the industry performed its job.”

 

“It’s unacceptable that the agency is taking such a light-handed approach in holding these large audit firms accountable,” POGO’s executive director, Danielle Brian, said in a news release, adding, “By failing to hold the Big Four accountable, the board is putting all Americans’ financial futures in jeopardy.”

 

The report recommends reforms including requiring the PCAOB to clearly identify companies referenced in inspection reports and the individual auditors responsible for alleged audit deficiencies.

 

Holding individuals responsible for alleged audit deficiencies is risky business. After all, quite a few auditors review the financial statements, accounting and reporting, and audit report before they are issued. The firms should be held responsible because it’s their job to make sure deficiencies do not exist in audits.

 

The criticism of the PCAOB boils down to the fact that it does not appear to be making a discernible difference in moving audit firms to reduce audit deficiencies. But the real reason may be the scandal that erupted on January 22, 2018, when a former PCAOB staffer, Brian Sweet, who was hired by KPMG in 2015, leaked confidential information about PCAOB's plans to audit the company. Most of the leaked information concerned which audit engagements the PCAOB planned to inspect, the criteria it was using to select engagements for inspection, and on what these inspections would focus.

 

The motivation for KPMG in hiring Sweet was the high audit deficiency rate at KPMG when compared to the other Big Four firms. The average audit deficiency rate has ranged between 30-to-40 percent since the program started. The rate for Big-4 firms has gotten as low as 21 percent (Deloitte) and gone as high as 54 percent (KPMG). In the case of KPMG, it was determined that the firm too often failed to gather enough supporting evidence before signing off on a company's financial statements and internal controls.

 

It is time for Congress to investigate the accounting profession for a lack of independence and high rate of audit deficiencies. These are the two most prominent failures of the PCAOB during its twenty-year tenure. Independence violations are up and the audit deficiency rate, while declining recently, is still too high. In my view, the public is not being protected and we may be just one scandal away from having another meltdown of corporate financial reporting like we saw in 2008-2009.

Friday, April 16, 2021

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Steve Mintz, Professor Emeritus, Cal Poly, San Luis Obispo. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

EDI Courses and Accounting Ethics Education

Recently it was announced that Boise State University was suspending a course following allegations that the in-class instruction had humiliated and degraded some students over their beliefs and values. The suspension affected roughly 1,300 students in 52 sections of UF 200: Foundations of Ethics and Diversity, according to the University, a required course in the program. After a brief review of the facts, the University decided to restore the course but only with online instruction. The problem is the solution fails to address the underlying concerns about teaching classes that are consistent with equity, diversity, and inclusion policies.

Diversity, Equity, and Inclusion (EDI)

It is important to have a classroom environment that is welcoming to all students regardless of their race, religion, nationality, and sexual preference. After all, one job of a university is to prepare students for the challenges that face them in a diverse workplace. Moreover, accounting students should be sensitized to gender diversity and inclusion because it affects the culture of an organization and is the foundation of fairness in decision making.

The concept of diversity encompasses acceptance and respect. It means to treat each person as unique and to recognize our individual differences. It means understanding each other and moving beyond simple tolerance to embracing and to celebrating the rich dimensions of individuality.

Inclusion has often been defined in the context of a society that leaves no one behind. It is one in which the cultural, economic, political, and social life of all individuals and groups can take part. The United Nations report, Creating an Inclusive Society: Practical Strategies to Promote Social Integration, points out: An inclusive society is one that overrides differences of race, gender, class, generation, and geography, and ensures inclusion and equality of opportunity, as well as capability of all members of the society to determine an agreed set of social institutions that govern social interaction.

People tend to think about equality of opportunity and fairness in treatment as one and the same. It means having the same rights, social status, etc. Equality aims to ensure that everyone gets the same things to enjoy full, healthy lives. Like equity, equality aims to promote fairness and justice, but it can only work if everyone starts from the same place and needs the same things. But when we place it next to equity, that is when the lines get blurred.

Equity can be thought of in terms of equal opportunity that fit a person’s circumstances and abilities. It may mean giving a group of people different access to resources, as with disabled individuals who deserve special access for entry or different testing procedures in the classroom. In the workplace, it means to provide accommodations as needed.

A good analogy is to think of runners sprinting around an oval track during a competition. The concept of equality would mean treating runners the same way; having them start at the same place on the track. While this may seem fair at first, we quickly realize that those starting from an inside position have an advantage over runners in the outside lanes because the distance they must travel is shorter. As a result, equality – starting at the same place – does not result in fairness. The concept of equity would mean the starting positions should be staggered so runners in the outer lanes have an equal chance to win the competition. In this case, different or tailored treatment leads to fairness and justice, not the same treatment.

What is the Best Way to Teach About EDI?

Universities tend to treat specialized subject matter by developing new courses. A better solution is to incorporate issues related to gender issues and EDI in as many courses as possible. This sends a signal that EDI permeates society and are important to a well-balanced education including in areas such as Literature, Sociology, Psychology, and other courses in the humanities.

Integration throughout should be matched by a having a separate, required course in the curriculum specific to a students’ major field of study. For example, a Business Ethics course should address EDI issues in the workplace.

The integration of EDI into the curriculum whenever possible, and a separate dedicated course in one’s field of study, together sends a strong message that everything students do should incorporate a sensitivity to gender and EDI issues to prepare them to be contributing members of society.

Public Interest, Gender, and Diversity Sections of the American Accounting Association

One of the objectives of the Public Interest Section of the AAA is to promote interaction among members of the academic and professional communities interested in the interface of accounting with social, economic, ethical, and political consequences of corporate activity, and in exploring the social and ethical roles and responsibilities of the accounting profession. A significant interaction is in the social arena is on gender issues and on diversity issues because they influence socialization in the accounting profession.

The objective of the Diversity Section of the AAA is to encourage and support research that will create awareness of diversity issues in accounting education and practice. These issues have major implications for teaching about rights, justice, and fairness, three philosophical concepts that tend to be the foundation of accounting ethics courses.

The overall objective of the Gender Issues & Worklife Balance Section is to facilitate interaction among AAA members regarding gender issues and worklife balance as they relate to accounting practice, research, and education.

All members of the AAA should become aware of the workplace issues surrounding gender issues and equity and diversity since accounting students will become part of the organization and should adhere to organizational values, which includes to promote gender equality, diversity, and inclusion. These topics should be incorporated into the accounting curriculum, especially a separate course on accounting ethics in the accounting curriculum.

 


Monday, January 4, 2021

Cheesecake Factory Sanctioned by the SEC over its Disclosures About Covid-19

Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Steve Mintz, Professor Emeritus, Cal Poly, San Luis Obispo. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.

Accounting and Ethical Guidance

Overview

In the first enforcement action of its kind, the U.S. Securities and Exchange Commission says The Cheesecake Factory falsely claimed its restaurants were "operating sustainably" during the pandemic and it failed to disclose the whole truth about the impact on its business. According to the SEC, Cheesecake Factory's regulatory filings on March 23, 2020 and April 2, 2020 were materially false and misleading because the company failed to disclose that it was losing about $6 million a week and hemorrhaging cash. It is the first time the SEC has charged a public company over misleading disclosures related to the pandemic. To settle the charges, The Cheesecake Factory agreed to pay a $125,000 fine.

Operating and financial disclosures are a key part of ensuring that the financial statements are accurate and reliable and do not contain any material misstatements. The failure to disclose all the information that an investor and creditor needs to make their decisions is wrong. Earnings guidance for investors and financial analysts should meet similar standards. From an ethical perspective, honesty is about what you don't disclose as well as what is disclosed.

SEC Action

The SEC's administrative action says The Cheesecake Factory in mid-March faced "an unprecedent challenge to its business model as a result of the health crisis and issued several disclosures regarding the effect of, and its response to, the pandemic. Some of those disclosures failed to adequately inform investors of the extent of the pandemic's impact on the company's operations and financial condition in the period from late-March to mid-April 2020, when the company secured additional financing," the Commission says.

During this period, the SEC says, The Cheesecake Factory began taking steps to conserve cash and increase short-term liquidity by, for example, informing its landlords that it would not be paying April rent due to the "severe decrease in restaurant traffic [due to Covid-19 that] has severely decreased our cash flow and inflicted a tremendous financial blow to our business," noting that it hope[d] to resume our rent payments as soon as reasonably possible."

The SEC further states on March 2, The Cheesecake Factory filed a Form 8K and a press release disclosing that it was "withdrawing previously issued financial guidance due to economic conditions caused by the pandemic and that it was transitioning to an 'off-premise model' - to go and delivery services - that was 'enabling the company's restaurants to operate sustainably at present under this this current model'". The press release further disclosed a $90 million draw down on its revolving credit facility, that it curtailed planned growth, and that it was "evaluating additional measures to further preserve financial flexibility."

The company disclosed that, effective as of April 1, 2020, it had reduced compensation for executive officers, its Board of Directors, and certain employees. The company also announced that it had furloughed approximately 41,000 employees but allowed them to retain their benefits and insurance until June and provided them with a daily complimentary meal from their restaurant.

Accounting Issues

Since the pandemic began, the SEC has encouraged companies to provide disclosures that allow investors to evaluate the current and future expected impact of Covid-19 through the eyes of management and to proactively revise and update disclosures as facts and circumstances change. These disclosures should enable an investor to understand how management and the Board of Directors are analyzing the current and expected impact of the pandemic on the company's operations and financial condition, including liquidity and capital resources.

The disclosure involves a contingent event that, under generally accepted accounting principles, should be evaluated whether it is probable that a liability or loss will be incurred and the estimated amount of loss (record a journal entry), it's only reasonably possible that a future liability exists (footnote disclosure to the financial statements), or its highly unlikely that any liability exists at the time the disclosure is made (ignore).

Auditors also have to determine what, if anything, these disclosures mean to audit firms' ability to render an unmodified (unqualified) opinion about The Cheesecake Factory's results of operations. At a minimum, it would seem that a going concern alert should be given by the auditors.

Ethical Issues 

The SEC's actions send a clear message that Covid-19 disclosures will be carefully scrutinized to ensure that they meet established standards for disclosures. Companies that fall short of the mark expose themselves to SEC action that could include fines and other penalties. The failure to disclose adequate information about material events, such as the impact of Covid-19 on current and future business, violates the rights of users of the financial statements to receive full and fair operating and financial information about any material events including:

  • Whether disclosures are made on a timely basis
  • The ability of the company to continue operating as planned (i.e., going concern).
  • The effects of Covid-19 on current and future cash flows including the ability to pay off debts when due.
  • The role of management and the audit committee in dealing with current and future effects of Covid-19 on operations.

Kant's Categorical Imperative establishes the duties and obligations we have to each other. Simply stated, it says, that you should act only in ways that you could establish a universal law that to call something morally just it can be turned into a universal maxim, on which everybody should uphold in a similar situation.

There is no doubt that the public interest requires that a complete picture of the current and future impact of Covid-19 and its after-effects on the financial position and operating results should be made to accomplish the proper accounting response to the pandemic. Like anything else concerning disclosures, the devil is in the details. More guidance is needed by accounting standards setters to ensure the profession meets its ethical obligations to the public.