Editor's Note: The Public Interest Section of the American Accounting Association is pleased to publish the following blog post by Francine McKenna, independent journalist at The Dig, a newsletter, an educator and a researcher. Please contact lawrence.chui@stthomas.edu with questions, comments, or suggestions about our blog, or to express interest in our organization. Disclaimer: When you read the comments of our columnists, please keep in mind that they only speak for themselves. They are not expressing the positions of the AAA or of any other party.
This article was
originally published in my newsletter, The Dig, in January, 2020. This is Part
1 of 4 parts. Part 5 of this series will be an
update, since the SEC approved the proposals discussed below on October 16,
2020 by a 3-2 vote.
On June 11, 2020, my paper, “SEC Proposals to ‘Modernize’ Auditor Independence Rules: Doublespeak for Capitulating to the Big 4's Dominance?” which encompassed all 4 parts was presented at the inaugural AAA SPARK conference for the Public Interest Section. You can find my presentation page here.
Back in June 28, 2016, in a speech entitled, “Auditor Independence and the Role of the PCAOB in Investor Protection,” PCAOB member Steven B. Harris told an audience at the International Corporate Governance Network Annual Conference that he believed,
“…investors should be concerned about the emerging threats to
auditor independence from the evolving firm business model.”
Auditor independence issues have been in the news in recent years in the U.S. and the U.K. Investors wonder how they can trust auditors’ opinions when there is so much corporate fraud, conflict of interest and other malfeasance the audit firms seem to be missing.
Barbara Roper, the director of investor protection for the
Consumer Federation of America, told me in an interview this week:
“Investors value audit opinions only if the auditors are independent. But audit firms have time and again shown they are either unwilling or unable to meet that most basic of standards.”
The big difference between Trump’s SEC under Jay Clayton and the
regulators in the U.K. is that Clayton’s SEC has recently proposed loosening auditor
independence rules, while in the U.K., the Financial Reporting Council, FRC,
has been issuing revised auditing standards aimed at strengthening auditor
independence.
This analysis of where we’ve been, and where we are now, on this
issue will cover a lot of ground and add new information to the
discussion.
This is Part 1.
The PCAOB’s Steve Harris had noted that in the five years prior
to 2016, the Big 4 global audit firms — Deloitte, Ernst & Young, KPMG, and
PwC — had acquired more than 160 consulting businesses, including over 50 in
2015 alone. “As a result,” said Harris, “the Big Four in the U.S. now dominate
the consulting market.”
In April of 2018, The Wall Street Journal’s Michael Rapoport wrote that the potential conflict between audit and the
firms’ consulting businesses had escalated substantially.
“Since 2012, the
firms' combined global revenue from consulting and other advisory work has
risen 44%, compared with just 3% growth from auditing.
The result is that the bulk of the firms' revenue now comes from consulting and advisory, $56 billion last year, compared with $47 billion from auditing. Five years earlier, auditing pulled in roughly the same amount -- $46 billion -- while consulting and advisory's haul was only $39 billion.”
At the same time, between 2016 and the end of 2019,
all of the global network firms and their foreign member firms settled multiple
enforcement actions related to auditor independence violations and were forced
to resign from client engagements because they provided prohibited services to
a client or its affiliates.
Last year’s big SEC auditor independence enforcement actions,
against PwC, RSM and Deloitte
in Japan, all suggest that the violations occurred
because the largest global audit firms have insufficient governance and
internal controls, policies and procedures to prevent years-long, blatant
violations of the post-Enron, Sarbanes-Oxley auditor independence rules.
An enforcement action by the PCAOB in 2019 against a regional firm that focuses on
startups, especially in China, highlighted an auditor independence issue
related to its chronic, years-long promotion of audit clients as investments, a
blatant independence violation.
The Public Company
Accounting Oversight Board today announced the settlement of disciplinary
proceedings against Marcum LLP and Marcum Bernstein & Pinchuk
LLP, as well as Alfonse Gregory Giugliano, CPA.
This is the first time
the Board has: (1) sanctioned a registered public accounting firm for publicly
advocating its audit clients as investment opportunities—a violation of auditor
independence requirements; (2) sanctioned an annually inspected firm’s head of independence
for substantially contributing to the firm’s independence violations; and (3) mandated the retention of an independent
consultant.
The matters concern auditor independence violations over multiple years in connection with the firms’ annual Microcap Conference and China Conference, which were designed to bring together investors and companies looking for investment. In addition to violating independence requirements, both firms violated quality control standards by failing to appropriately design, implement, and monitor their independence policies and procedures.
The enforcement action highlights a program eerily similar to
the longstanding EY Entrepreneur of the Year Award program, which has
spotlighted EY audit clients in the past.
This past year, EY named Brad Keywell its EY World
Entrepreneur of the Year 2019. Keywell founded or co-founded six companies
including e-commerce site Groupon, the EY audit client which famously had a bad
IPO due to internal control weaknesses.
Barbara Roper told me:
“Instead of
acknowledging ongoing violations as a sign that the audit firms are willfully
ignoring the law, in the absence of strong deterrent-level sanctions
and individual punishments, and stepping up enforcement to provide
that deterrent, the SEC and PCAOB propose to weaken the auditor independence
rules.
If audit firms aren’t willing to maintain their independence, and regulators aren’t willing to hold them accountable, at a certain point investors are going to start asking whether it is really worth paying for the not-so-independent audit.”
Because the audit firms have insisted on re-establishing a
business model that presents ongoing threats to independence and one that
results in ongoing violations by the firms and their partners, the Big 4 and
lobbyists/allies have been advocating for "modernizing" or,
in other words, relaxing the auditor independence rules.
That language should sound familiar.
On December 9, 2019, SEC Chairman Jay Clayton told
an audience of audit professionals, regulators and interested public company
officials at a conference hosted by the auditor trade association, the American
Institute of Certified Public Accountants, that he expected more auditor
independence rule changes calling the plans, “stage two” after changes enacted
in June.
Three weeks later, while everyone else was getting ready for the
dawn of the new year, an SEC
press release on Monday
December 30, 2019, announced, “SEC Proposes to Codify Certain Consultations
and Modernize Auditor Independence Rules.”
The SEC’s proposal says that it’s been a while since auditor
independence rules have been updated and that a lot has changed since then.
“Since the initial
adoption of the auditor independence framework in 2000 and revisions in 2003,
there have been significant changes in the capital markets and those who
participate in them.”
“The proposed amendments would update select aspects of the nearly two-decade-old auditor independence rule set to more effectively structure the independence rules and analysis so that relationships and services that would not pose threats to an auditor’s objectivity and impartiality do not trigger non-substantive rule breaches or potentially time consuming audit committee review of non-substantive matters.”
The last time the Securities and Exchange Commission sought
to “modernize” auditor
independence rules was in 2000,
even before the Enron failure and Arthur Andersen’s demise, and came as a
result of the last time there was a growing concern that firms’ increasing
focus on consulting was distracting them from their core purpose:
auditing.
Audit firms became concerned about the growing regulatory and
public criticism and two of the four firms sold their
consulting practices. A third sold shortly after. Deloitte Consulting, however,
never separated from Deloitte & Touche, but instead went on an acquisition
spree and continued to grow its consulting arm.
Barbara Roper told me:
“When Congress was
drafting the Sarbanes-Oxley Act, they didn’t go as far as they could have, or
should have, to strengthen the auditor independence rules, in part because they
put their faith in the new PCAOB to address the problem through enforcement and
oversight.
But the PCAOB has never been as tough as it should be on enforcement, and now things appear to have reached a new low. Not only do independence violations go unpunished, in many cases, but PCAOB is making it easier for issuers and audit firms to hide those violations from the investing public.”
The Big 4 global audit firms have been lobbying ever since to go
back in time, before Enron, when the industry was self-regulated and mostly
left alone.
The Big Four’s congressional lobbying activity between the first
quarter of 2017 and the third quarter of 2019 shows the auditors and the AICPA,
their trade association, have been attempting to roll back Sarbanes-Oxley’s
auditor independence reforms during the window of opportunity provided by the
Trump administration’s deregulation initiatives. Those efforts include chipping
away at the SOx law’s auditor prohibited services provisions.
Since the beginning of 2017, the largest four global firms have
spent $25.28 million lobbying Congress using their own in-firm lobbying arms.
The AICPA, the industry’s trade association, spent $14.18 million more lobbying
on the industry’s behalf on many of the same issues the firms lobby for on
their own.
The industry has been targeting the strict SOX auditor
independence rules—specifically the prohibited services list — and strongly
challenging the authority of the Public Company Accounting Oversight Board, the
industry regulator established after Enron and its auditor, Arthur Andersen,
collapsed. In particular, the Big 4 have closely monitored repeat legislative
efforts to make PCAOB enforcement actions against auditors available to the
public earlier.
Deloitte LLP led the lobbying efforts, spending $560,000 in the first quarter of 2017 to lobby
legislators for the “modernization of independence requirements.”
A specific mention of “modernization of auditor
independence requirements” hasn’t appeared again since the first
quarter of 2017, but every one of the Big 4 disclosures and the AICPA’s
consistently mention a focus on PCAOB “enforcement transparency,” in particular
when specific bills such as the PCAOB Enforcement Transparency Act of 2017 and
2019 were in play.
For example, KPMG paid The Velasquez Group, LLC an additional
$640,000 during 2017 and 2018 to watch for any expansion of the PCAOB’s
regulatory authority and any change in legislative language “attempting to
require the Public Company Accounting Oversight Board to hold its disciplinary
proceedings in public, and any other provisions pertaining to the PCAOB or its
oversight.” The lobbying firm was also looking, on KPMG’s behalf for any
legislation related to regulatory agency information sharing between the PCAOB
and other agencies.
In April of 2017 KPMG fired six employees, including the partner
who led its U.S. audit practice for using confidential advance notice of
planned audit inspections by its regulator, the Public Company Accounting
Oversight Board.
The Securities and Exchange Commission later fined KPMG $50 million in mid-June 2019
for using stolen PCAOB inspection information to cheat on audit inspections.
Five of the former KPMG officials — David Middendorf, Thomas Whittle, and David
Britt, along with Brian Sweet and Cynthia Holder who came to KPMG from the
PCAOB and one former PCAOB official, Wada — have either been found guilty or
pleaded guilty of criminal charges in the case.
In 2016 and 2017, KPMG was also monitoring any legislative
activity related to its audit client Wells Fargo where it has faithfully served
for 87 years. That’s because Wells Fargo has been continuously under siege from
legislators for a number of scandals beginning in 2016 when Wells Fargo admitting to a fraudulent account opening scandal, the first of many violations that harmed retail and wealth
management customers.
KPMG had also been hit by the SEC with a big auditor independence violations
case in 2014 related to tax
services.
Given the turnover of the House of Representatives from
Republican to Democratic majority after mid-term elections in 2018, the global
audit firms may have decided that lobbying the SEC for auditor independence
rules changes would be more productive than hoping for a wholesale reversal of
Sarbanes-Oxley legislation.
The SEC’s proposal said that the catalyst for “modernizing” auditor
independence rules was a change made in June 2019 to an arcane rule related to
whether an auditor is independent when it has a lending relationship with certain
shareholders of an audit client at any time during an audit or professional
engagement period.
The SEC’s actions suggest I was likely right when I wrote for the University of Chicago Booth Business School’s
Stigler Center Pro-Market blog in 2017:
“Perhaps it’s the fear
of more auditor independence violations that haven’t yet hit regulators’ radar
that may be driving the Big Four to lobby to get rid of the rules.”
Part 2… The SEC sanctions PwC for a multi-year, multi-engagement
batch of independence violations that the regulator says were primarily caused
by one partner!