To his credit, Judge Kaplan does leave one important allegation for Ernst & Young to defend:

Ernst & Young had reason to know that Lehman’s 2Q 2008 financial statements could be materially misstated because of the extensive use of Repo 105 transactions.

John McDermott of FT Alphaville does a good job explaining why:

Kaplan dismisses the majority of the specific allegations against the auditors but writes that one particular incident means that the case against them cannot be thrown out [when] he stops to ask another question on Repo 105:

In other words, have plaintiffs sufficiently alleged that E&Y knew enough about Lehman’s use of Repo 105s to “window-dress” its period-end balance sheets to permit a finding that E&Y had no reasonable basis for believing that those balance sheets fairly presented the financial condition of Lehman?

The answer: yes, in one case.

Plaintiffs rely for this purpose on precisely the same alleged red flags discussed previously in connection with E&Y’s GAAS opinion – the “true sale” opinion, the netting grid, and the Lee interview. The first two are no stronger in this context than in that. The Lee interview, however, is a different matter.

The “Lee interview” pertains to warnings allegedly made by Matthew Lee, Lehman’s SVP for Global Balance Sheet and Legal Entity Accounting, that Ernst & Young were told of a $50bn repo 105 move in June 2008 but did not pass on the full information to Lehman’s board. Thus, it failed to fulfill GAAP requirements as part of its Q2 2008 auditing.

I’ve been saying for a while that there’s too much deflective focus on the accounting for Repo 105 and not enough on the disclosure.

Now they’ve got a public airing of some dirty laundry by the PCAOB.

From Compliance Week:

The Public Company Accounting Oversight Board has barred the now-former E&Y partner, Peter O’Toole, from associating with a PCAOB-registered firm for three years and fined him $50,000. The board barred the now former senior manager, Darrin G. Estella, from associating with a PCAOB-registered firm for two years. Both auditors can petition the board for reinstatement at the end of their penalty periods. In December, the PCOAB issued an earlier action against Jacqueline Higgins, an E&Y manager, in connection with the same incident.

The PCAOB says the three auditors created, backdated, and added documentation to an audit file when they learned it would soon be inspected by the board. The disciplinary orders say O’Toole was the engagement partner for an audit of an unnamed public company with a Sept. 30, 2009, year-end. The firm gave the company a clean audit opinion on Nov. 23, 2009, then learned the audit would be inspected in April 2010, with inspectors planning to study “securities valuation.”

Ernst & Young spokesman Charlie Perkins tells The Financial Times, “no harm, no foul,” as far as the firm is concerned.

“Our firm’s policy explicitly prohibits persons from supplementing or changing audit workpapers in circumstances like those present here,” said Charles Perkins, a spokesman for Ernst & Young, in a statement.

“When we determined that firm policy had been violated, we subsequently separated the partner and senior manager from the firm. We have co-operated fully with the PCAOB throughout its investigation of this matter. The conduct described in the order had no impact on our audit conclusions or on the client’s financial statements.”

Unless there are sanctions, we won’t know if more of this kind of thing is happening at U.S. firms. That’s becasue that part of the PCAOB inspection report is private.

We do know it’s happening at Ernst & Young in the U.K. Repeatedly.

From my post at Forbes.com, “By Any Means Possible: Auditors Try To Meet Standards By Faking It”:

The latest inspection report for Ernst & Young in the U.K., the same global firm that the PCAOB recently disciplined, cited specific deficiencies: (The AIU inspected thirteen engagements of a total of 295 eligible.)

Signing and dating of audit reports:

On two audits the auditor’s report was signed prior to the completion or evidencing of all necessary review procedures.

Completion of audit disclosure checklists:

…On two of the files that we reviewed it was unclear from the audit file whether the team had re‐performed the completion of the financial statements disclosure checklist.

Audit finalisation:

We found weaknesses in connection with audit finalisation procedures on seven of the audits we reviewed. The majority of these weaknesses related to undetected clerical drafting errors in the accounts including, in one case, an error in the disclosed audit fee.

That is, if there’s not a settlement first.

Yesterday I wrote up my analysis of the decision by Judge Kaplan for my column, “Accounting Watchdog”, at Forbes. In the interest of time and space, I stuck to commenting on the Ernst & Young portion of the decision.

Judge Kaplan dismissed the majority of the allegations against Ernst & Young. The same things auditors are always dismissed for. The only thing that’s new about the judge’s opinion is an indictment of the accounting standards themselves.

The Third Amended Complaint points to several General Standards (“GS”), interpretive Statements on Auditing Standards (“AU”), and Statements of Fieldwork that allegedly are part of GAAS and that E&Y allegedly violated. Many 288 of those standards are couched in rather general and in some cases inherently subjective terms. They require, for example, that the auditor plan the audit engagement properly, use “due professional care,” exercise “professional skepticism,” and “assess the risk of material misstatement due to fraud” – all matters as to which reasonable professionals planning or conducting an audit reasonably and frequently could disagree.

Bearing in mind that E&Y’s GAAS opinion, just like those rendered by all or substantially all accounting firms, is explicitly labeled as just that – an opinion that the audit complied with these broadly stated standards – more is necessary to make out a claim that the statement of opinion was false than a quarrel with whether these standards have been satisfied.

Or is this really news?

Judge Richard Posner during oral arguments in Fehribach v. Ernst & Young LLP, 2007 WL 2033734 (7th Cir. 7/17/07) (pdf),

“Posner: The auditor’s responsibility … so far as the company is concerned … is to make sure the [numbers] are accurate….  You don’t need an auditor to tell you your market is collapsing….  The auditors are not supposed to have business insight.  They’re counters.  They’re not supposed to make predictions about how your markets are doing.  They’re supposed to reconcile your books and indicate you’re not a going concern because your debt is too high and so on….

Do you think the auditor is supposed to know about market power?…  An auditor is not an economic consultant who goes out and figures out what the market trends in an industry are!…Your trends? That’s what the company knows. [Plantiff’s Attorney: You’re right. Here’s what the auditor’s responsibility under SAS 59...]

Posner: That is too vague for me…”

To his credit, Judge Kaplan does leave one important one allegation for Ernst & Young to defend:

Ernst & Young had reason to know that Lehman’s 2Q 2008 financial statements could be materially misstated because of the extensive use of Repo 105 transactions.

John McDermott of FT Alphaville does a good job explaining why:

Kaplan dismisses the majority of the specific allegations against the auditors but writes that one particular incident means that the case against them cannot be thrown out [when] he stops to ask another question on Repo 105:

In other words, have plaintiffs sufficiently alleged that E&Y knew enough about Lehman’s use of Repo 105s to “window-dress” its period-end balance sheets to permit a finding that E&Y had no reasonable basis for believing that those balance sheets fairly presented the financial condition of Lehman?

The answer: yes, in one case.

Plaintiffs rely for this purpose on precisely the same alleged red flags discussed previously in connection with E&Y’s GAAS opinion – the “true sale” opinion, the netting grid, and the Lee interview. The first two are no stronger in this context than in that. The Lee interview, however, is a different matter.

The “Lee interview” pertains to warnings allegedly made by Matthew Lee, Lehman’s SVP for Global Balance Sheet and Legal Entity Accounting, that Ernst & Young were told of a $50bn repo 105 move in June 2008 but did not pass on the full information to Lehman’s board. Thus, it failed to fulfill GAAP requirements as part of its Q2 2008 auditing.

I’ve been saying for a while that there’s too much deflective focus on the accounting for Repo 105 and not enough on the disclosure. And I took particular exception early on to Ernst & Young’s handling of the Matthew Lee “whistleblower” situation:

Ernst & Young failed to follow professional standards of care with respect to communications with Lehman’s Audit Committee.

Ernst & Young failed to follow professional standards of care with respect to an investigation of a whistleblower claim

Lehman’s own Corporate Audit group led by Beth Rudofker, together with Ernst & Young, investigated allegations about balance sheet substantiation problems made in a May 16, 2008 “whistleblower” letter sent to senior management by Matthew Lee. On June 12, 2008, during the investigation, Lee informed Ernst & Young about Lehman’s use of $50 billion of Repo 105 transactions in the second quarter of 2008. At a June 13, 2008 meeting, Ernst & Young failed to disclose that allegation to the Board’s Audit Committee. (Bankruptcy Examiner’s Report V3 page 945)

As the lawyers would say, the optics are bad here. The Audit Committee asks EY to support Lehman’s internal auditor in investigating a “whistleblower’s” allegations of balance sheet improprieties.  The auditors interview the “whistleblower” and then don’t say anything at any of the Audit Committee meetings. Turns out what Mr. Lee, the “whistleblower”, was alleging is what the examiner believes is the fundamental problem and grounds for “colorable claims” against top officers and EY.

The word “whistleblower” is tainted with tons of emotion post-Enron. We now look at those called “whistleblowers” and see heroes. But let’s look at what I think may have actually happened. Lehman’s Internal Audit department “naturally” asked their trusted, all-things-to-all-people advisor, EY, to help with the investigation of the “whistleblower’s” claims. The Internal Audit Department, not EY, was in charge of the investigation.

That was their first mistake. If I’ve said it once, I’ve said it a thousand times: The external auditor should not be conducting or assisting with internal investigations of potential fraud or illegal acts by top executives. I wrote about it atSiemens, subject of the largest ever FCPA settlement in history. KPMG, their auditor, got sued.

The external auditor should stay the hell away from internal investigations because they may get caught up in something they would rather not know. They may want to claim plausible deniability. And a company should not engage the external auditor to support internal investigations especially involving fraud or illegal acts by top management. Do they do it to be cheap or to keep dirty laundry inside? The external auditor is too often part of the problem, an enabler, instead of part of the solution.

If Lehman had hired another firm – a law firm or anyone except their external auditor – to perform the investigation, the investigation would have been covered end to end in privilege, the external auditor may or may not (in this case EY would have been better not to) have been included in the “circle of privilege,”  and the investigation would have been completed professionally.

However, by supporting this investigation, EY was essentially doing internal audit work, a prohibited service under Sarbanes-Oxley for independence reasons. It’s shocking to me that the EY audit partners did not at least turn over the investigation to EY’s Forensic Accounting and Investigations Practice in order to provide some semblance of independence and professionalism.

Even though EY may have been an unwilling party to knowledge of an ugly situation right before an audit committee meeting, they got stuck. They had an obligation under AU 380, as the external auditor  - not as an investigator – to inform the Audit Committee. They could have been on the other side being informed – or not – instead of being the one supposed to be doing the informing.

AU 380, the  rules for auditor communication with the Audit Committee, are very clear. But they relate to the auditors’ role as an auditor not the role  of an auditor who is lent as muscle to an internal investigation. By playing the “trusted advisor” they screwed themselves.

Stoplight?  Yellow. Looks bad, but EY may be able to talk their way out of this one once it gets to court. They need to explain how they were still looking into the issue, doing their “auditor” work and make sure their full but limited role and responsibilities for the process are explained. If they lose on this chalk it up to another case of audit partners wanting to be supermen to their clients, the corporation’s executives, rather than looking out for their own best interests. Unfortunately in this situation, the shareholders were probably going to lose either way.

For a few dollars more…  Or, more likely, no additional fee for helping with the internal investigation, Ernst & Young got stuck. Unfortunately, Berkshire Hathaway ignored this lesson in the Sokol case. They used a non-independent attorney and his law firm to investigate Sokol’s suspicious Lubrizol trades. And News Corp. is ignoring it, too. They also are using insiders to investigate the phone hacking allegations.

Despite what some columnists are saying…

Floyd Norris, The New York Times, July 28, 2011:

The company misled investors and its officers and directors may be held liable. But the company’s auditor seems likely to escape any responsibility for an audit that wrongly concluded the company’s financial statements were completely proper. That, anyway, is the conclusion a federal judge has reached regarding Lehman Brothers. The judge said this week that it appeared Lehman had violated Generally Accepted Accounting Principles, or GAAP, even if it was in technical compliance with accounting rules. But he threw out a claim against Ernst & Young, whose 2007 audit certified that Lehman had followed GAAP.

…I believe Ernst & Young has not escaped anything. Here’s what I emailed Lynn Turner, former Chief Accountant at the SEC, after he circulated Norris’ column to his newsletter subscribers:

They are on the hook for something, it allows discovery, and this is not the only case against them.

This Lehman suit over a securities offering is not Ernst & Young’s biggest worry. They are a bit player. The New York Attorney General’s case against them, the one about fraud, is where they star.

Nevertheless, this dangling allegation is serious – scienter regarding their client’s deliberate material misstatement of a quarterly financial statement filing and public disclosure.

Here’s an excerpt from what I wrote on March 31, 2010 after the Lehman Bankruptcy Examiner’s report came out and EY defended itself with a letter to Audit Committee members:

EY: General Comments

EY’s last audit was for the year ended November 30, 2007. Our opinion stated that Lehman’s financial statements for 2007 were fairly presented in accordance with US GAAP, and we remain of that view. We reviewed but did not audit the interim periods for Lehman’s first and second quarters of fiscal 2008.

Although technically correct, EY is not yet off the hook. In fact, EY did something that seems odd to me – issue an actual report of their review of the 10Qs in 2008 that were included in Lehman’s regulatory filings. I credit Jonathan Weil of Bloomberg for bringing this potential Achilles’ heel in EY’s defense to my attention. However, he incorrectly used the term “opinion” in his most recent commentary to refer to EY’s reports of their review that were included in Lehman’s 10Q’s. It’s an oddity that investment banks insist on a report for the 10Q review from their audit firms. A review is required. A report is not. I still don’t know why Lehman requested  reports to be included in quarterly filings. I certainly can’t, for the life of me, figure out why the auditors would do it.

Post- Private Securities Litigation Reform Act, auditors (and law firms) have escaped liabilities for misstatements in quarterly reports because they do not make “explicit” statements. That is, their review is done in the background, they provide no written report and their review is not technically, or in their opinion, an “opinion.”

But providing an actual report of the 10Q review, one that is included in the regulatory filing, may be what opens EY to liability for Lehman’s 2008 financials. Auditors also provide reports documenting their 10Q reviews for Goldman Sachs (PwC) and Morgan Stanley (Deloitte).

Deloitte also provided reports of their 10Q reviews for Merrill Lynch prior to their absorption by Bank of America and for Bear Stearns prior to their bankruptcy and absorption into JPM Chase. The auditor’s report of their review for Bear Stearns’ 10Q as of February 28, 2008 actually had a “going concern” warning. Bear Stearns agreed to be bought by JPM Chase in early March.That was crucial but too little too late. The actual 10Q was not issued until April, after the JPM purchase had been proposed.

Notably, EY does not provide these reports of their review of 10Qs for UBS, PwC does not do this for JPM Chase or Bank of America, and KPMG does not do so for Citigroup.

Cases such as Lattanzio v. Deloitte & Touche LLP, 476 F.3d 147, 154 (2d Cir. 2007) make it clear that an explicit statement by the auditors is necessary to hold them liable. I have not been able to find any cases where auditor reports of their 10Q reviews made the difference in auditor liability. It may difficult to find case like this since so many complaints of malpractice against the auditors settle rather than go to trial. I have the distinct impression Jonathan Weil thinks that provision of a report of the auditor’s 10Q review may strengthen the possibility of liability for EY.

I agree, but recognize I have nothing but hope to base this conclusion on.

In addition to the New York Attorney General’s case against Ernst & Young, they still have to worry about the SEC and Department of Justice. Serious sanctions against Ernst and Young by the SEC, or criminal charges from the Department of Justice for Lehman executives possibly fraudulent Section 302 certifications, are unlikely. However, the SEC and PCAOB would be remiss if they did not eventually sanction some individuals at least, if not the firm as a whole.

What I wrote October 31, 2010:

Ernst & Young, take my word for it, will never be indicted by the U.S. government, as a firm, for its role in any Lehman fraud that’s eventually proven. It’s also highly unlikely – 1000 to 1 odds I’d say – EY will be fined by the SEC or the PCAOB, as a firm, in a civil or disciplinary case.

The Ernst & Young partners named in the bankruptcy examiner’s report, and maybe a national practice partner, might be sanctioned by the PCAOB or SEC. Later. Much later. We can predict the timing based on the SEC’s handling of the Bally’s sanctions. Even with a slam dunk case, the SEC waited six years before they settled with EY.  The eventual sanctions against six Ernst & Young partners for the Bally’s fraud were too little and much too late to provide a deterrent or any real justice.

Ernst & Young, as a firm, and their individual partners are named as additional defendants in private lawsuits against Lehman executives. But the New York Court of Appeals, in a 4-3 opinion, refused to hold the auditors responsible for their role in frauds perpetrated by management in the Kirschner (Refco Trustee) v. KPMG and Teachers’ Retirement v. PwC (re: AIG 2002-2005 fraud) cases. The opinion reaffirmed the application of the in pari delicto doctrine and the principle of imputation in these cases.

The judges who disagreed with the majority opinion said it best:

These simplistic agency principles as applied by the majority serve to effectively immunize auditors and other outside professionals from liability wherever any corporate insider engages in fraud…it is unclear how immunizing gatekeeper professionals, as the majority has effectively done, actually incentivizes corporate principals to better monitor insider agents. Indeed, it seems that strict imputation rules merely invite gatekeeper professionals “to neglect their duty to ferret out fraud by corporate insiders because even if they are negligent, there will be no damages assessed against them for their malfeasance”

The more successful a fraud case is against Lehman’s executives, the less likely EY or any of its partners will suffer any consequences for their acquiescence to or complicity in the fraud. That’s not to say the firm won’t suffer slowly and painfully from the enormous amount of time and money devoted to defending themselves in Lehman litigation and the rest of the suits they face.

Don’t get me wrong.

I’m thrilled that there’s a lot of traffic in my lane. What I mean is, it’s good for everyone that we’re talking about these issues and that someone other than me and a few other broken records are playing these tunes.

Fairly new PCAOB Chairman Jim Doty and his fellow board members have been on the road constantly since the three newest members – Doty, Ferguson and Hanson – took their seats in February. And they’re not letting up on the auditors and their firms.

Every speech is laced with lessons, examples, and promises of more to come.

Some key areas of focus:

• Reform of the audit reporting model
• Erasing gaps in international inspection coverage especially U.K., E.U., and China
• Response to the Chinese reverse merger frauds
• Audit quality and professional skepticism
• Auditor independence
• Greater transparency of PCAOB activities especially sanctions and disciplinary activities

There’s been significant activity in many of these areas. In fact, Board member Lew Ferguson is currently in China with representatives of the SEC to discuss opening up that country to PCAOB inspectors.

But whenever talk of audit industry reform comes up, usually after the latest accounting scandal or major fraud, the same old suggestions come up again, too.

The global financial crisis set in motion, again, the soul searching that occurs every ten years or so in the audit industry. It’s been almost ten years since the Enron scandal bred the Sarbanes-Oxley legislation that was supposed to be the “be all end all” for auditor failures and to prevent frauds and failures of all kinds.

But, of course, this wasn’t the case.

Before that the U.S. had a savings and loan crisis and, before that, other crises of confidence in the profession sparked by individual malpractice cases or fraud and corruption where the auditors either missed the problem or, worse yet, were complicit in it.

The auditors’ role in the latest crisis is only recently being examined. I’ve been pushing hard for that since 2007 when we started to see the subprime crisis and the failures of mortgage originators and home builders. The subprime crisis turned into a credit crisis which turned into a full blown financial crisis and recession or depression depending on which country you live in and your personal circumstances.

I think the turning point in attitudes towards this crisis, and the auditors’ role in particular, was the Lehman bankruptcy examiner’s report in March 2010. This was the first time the issue of fraud was raised relative to major failures that precipitated the financial crisis and, specifically, with regard to the auditors. In the Lehman case it’s Ernst & Young.

Until then, most media accepted the bankers’ and government’s version that the end of 2008 was a black swan economic calamity of unpredictable and unprecedented proportions that no one could have prevented.

But even that didn’t really turn the tide completely for the auditors. Critics in the UK started asking the question, “Where were the auditors?” much sooner than anyone in the mainstream media in the U.S..

U.S. regulators began to take notice when Big Four audit industry leadership claimed, in testimony in the House of Lords in November of 2010, to have been ordered to stand down and not issue going concern warnings on the major banks that failed and were nationalized. In response, the PCAOB’s Investor Advisory Group (IAG) raised the issue of the auditors’ role in the crisis and requested deeper study. It remains to be seen if that study will be completed by the IAG or another group, but just the fact the issue was raised, and so pungently by so many, meant that the auditors’ “good crisis” was, perhaps, over.

The PCAOB, at least, has taken up the challenge of responding to investors’ concerns about the value of the audit report, the role of the audit industry in the crisis and the profession’s role in preventing another one. The audit report itself, in spite of the profound changes in the business environment, has changed very little in the last forty years. In the meantime, frauds, Ponzi schemes, business failures and various other financial calamities continue to occur all over the world with increasing frequency and little or no warning from the auditors. The PCAOB has issued a Concept Release on the subject and is expecting comments from all fronts.

A few other reforms are less dramatic but equally likely to elicit strong feelings on all sides.

Auditor rotation is a suggestion that comes up over and over with no resolution. The Financial Times’ Agenda (subscription only) explored the pros and cons of the issue. I was quoted and so were a few other notables such as Denny Beresford, who currently chairs the Audit Committees at Fannie Mae and Legg Mason.

I get the last word with this quote:

But even Francine McKenna, an outspoken critic of the industry, does not advocate mandatory term limits. “In a perfect world, if we had enough firms and if we had enough capacity and ability to go around, then it would be a wonderful idea,” she says. “But I think, practically speaking, it would make things worse. Trading one potentially corruptible firm for another potentially corruptible firm doesn’t really help.”

Instead, McKenna advocates radically changing the industry structure. “My personal feeling is we’re not going to get a good audit until we take it out of the companies’ hands and put it into the hands of an agency that controls the fees and controls who does the work,” she says. “You can’t have companies paying for audit firms directly.”

Another perennial favorite audit reform straw man is audit partner signatures on audit reports. I wrote a column about it at Forbes.com this week.

As usual, I think the proposals never go far enough – more likely a feature rather than a bug  - and that’s why they end up spinning, eventually, down the drain.

The PCAOB approved Auditing Standard No. 7, Engagement Quality Review on July 28, 2009. They also issued a Concept Release on requiring the engagement partner to sign the audit report.

The suggestion was not a new one. On October 14, 2009, the PCAOB’s Standing Advisory Group (SAG) discussed the concept release and the comments that were received.

Auditors have traditionally opposed individual partner signatures for audit reports arguing the engagement partner is already known to the client audit committees and partners already hold themselves accountable to their own own high standards of professionalism and accountability. Those professional standards are supplemented by mechanisms that are in place to allow third parties to hold them accountable.

Like lawsuits.

The comment period closed September 11, 2009 and boy oh boy were there a lot of comments. The audit firms arrived en masse to denounce the proposal. Jim Hamilton’s World of Securities Regulation had a great summary of their arguments.

Whenever there’s talk again of reforms, the audit industry uses fear of catastrophic liability and higher fees to inure alignment with their clients – rather than shareholders the auditors view the public company executives who hire them as their client – and to scare everyone else into leaving sleeping dogs lie.

When discussion of these reforms started to gain momentum in the U.K. earlier last year, the first thing out of the industry’s mealy mouths was liability caps. I suppose worrying about no moral compass is moot if there’s moral hazard.

The Standing Advisory Group (SAG) discussion of the concept release in October 2009 highlighted that previous panels and studies had raised the suggestion before, the objections were always the same, and nothing ever came of it. The SEC put together a group in 2008 to streamline financial reporting that touched on audit industry issues. The Treasury’s Advisory Committee on the Auditing Profession (ACAP), a panel formed after the Enron scandal, also delivered recommendations in early 2008.

Gaylen Hansen: During the Treasury Committee proceedings and the testimony, the investors felt very, very strongly about this…We’ve been over these arguments. I didn’t hear any new arguments in the comment letters that we’ve heard during the testimony that came before ACAP or in the discussion that we had last year, or maybe it was the last SAG meeting, on this particular issue. But we’ve been doing what we have for the last hundred years…

The Concept Release on Requiring the Engagement Partner to Sign the Audit Report is still on the PCAOB standards setting docket. No further public action has been taken on it since 2009.

Please go to the Forbes.com article, “Auditors and Audit Reports: Is The Firms’ ‘John Hancock’ Enough?” for my suggestion.

Hint: It’s something like what they do with sex-offenders.

Main page photo courtesy of The Guardian UK.

The Dodd-Frank Act gave the Securities and Exchange Commission the authority under existing antifraud rules in Section 10(b) of the Securities and Exchange Act of 1934 to take action in cases involving transnational securities fraud. Congress also instructed the SEC through Dodd-Frank to get some public feedback and conduct a study to determine the extent to which such actions should be allowed even for private litigants. The SEC issued a call for comments to kick off the study. That prompted seven major firms, including all of the Big 4 firms, to pool their legal resources and plead for protection. In a joint comment letter to the SEC, the audit firms remind the SEC that they already face claims in the United States that are big enough to threaten their existence. Now they’re worried that allowing private actions related to transnational securities fraud will enable that threat to seep into their international audit networks as well.

I wrote last week in Forbes that audit firms are more interested in milking their lucrative government-mandated franchise to perform audits than accepting full responsiblity for poor performance of their public duty to their true clients – shareholders of public companies.

Auditors send professionalism packing and abdicate their public duty to shareholders when legislation threatens the lucrative business of being a public accounting firm.

Section 929Y of the Dodd-Frank Wall Street Reform and Consumer Protection Act mandated that the SEC complete a study to determine, “the extent to which private rights of action under the antifraud provisions of the Securities and Exchange Act of 1934 should be extended to cover transnational securities fraud”.

In a recent decision in Morrison v. National Australia Bank, 130 S. Ct. 2869 (2010), the Supreme Court significantly limited the extraterritorial scope of Section 10(b) of the Exchange Act. In the Dodd-Frank Act, Congress restored the ability of the [Securities and Exchange] Commission and the United States to bring actions under Section 10(b) in cases involving transnational securities fraud. Congress further directed the Commission to conduct a study to determine whether, and to what extent, private plaintiffs should also be able to bring such actions…Exploration of these issues will also help inform how the Commission can best protect investors and the integrity of U.S. markets in an environment in which a significant volume of securities transactions are conducted across borders.

I’ve written extensively about the litigation risks of the largest global audit firms. The risk of failure of a large member firm outside of the United States is especially acute. There have been several big scares in recent years. There are some significant cases still pending. However, others have been dismissed or could be dismissed based on Morrison.

The Big 4 audit firms have always been preoccupied with significant legal liability in the US. Managing these cases requires exorbitant amounts of the US firms’ time and money. Their international umbrella firms and, in many cases, members firms in other parts of the world are also burdened. It’s my estimate that Big 4 leadership spends 75% of their time on litigation matters.

On top of the ever-present specter of potentially catastrophic liability, large U.S. audit firms have been burdened by the need to spend a meaningful percentage of their audit-related revenues—15.1% in FY 2008—on litigation protection.

That’s an embarrassing amount of partner capital that could be used to train professionals, improve quality, and stop staff and partner cuts but is instead being spent on lawsuits where clients and regulators say they didn’t perform their government-mandated public duty well.

Or at all.

For the rest, please go to Forbes.

On September 24, 2009 the Public Company Accounting Oversight Board issued a report on the first year of implementation of Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements (AS No. 5).

The report is based on PCAOB inspections that examined portions of approximately 250 audits of internal control over financial reporting (ICFR) by the eight largest domestic registered audit firms in 2007 and 2008. In the Spring of 2008, the SEC sent their dog, the PCAOB, to hunt firms who were not implementing Auditing Standard 5 in their clients.

Some regulatory background is necessary to understand the tangle of standards auditors must address in the age of the PCAOB. Although I’m typically hard on the firms, I do sympathize with the sheer volume (and lack of timely, definitive effective dates) of pronouncements, drafts, practice alerts, special projects, and requests for comment that auditors of public companies must contend with. It’s one of the reasons why I wince every time I see the long list of firms registered with the PCAOB. Most of them are not auditing more than 100 public companies, get inspected by the PCAOB only every three years, and undoubtedly have a hell of a time maintaining the necessary technical expertise, experience, and research capabilities necessary to audit one public company let alone a few or any that are reasonably complex.

In March 2006, the Accounting Standards Board (part of the AICPA) issued a suite of eight risk assessment standards as part of a joint project with the International Audit and Assurance Standards Board (IAASB) to update and align their risk assessment requirements. The PCAOB’s interim auditing standards consist of generally accepted auditing standards, as described in the ASB’s Statement of Auditing Standards No. 95, as in existence on April 16, 2003, to the extent not superseded or amended by the Board. As a result, the ASB’s 2006 risk assessment standards are not included in the PCAOB’s interim standards.

I know. Makes me dizzy.

On October 21, 2008, the PCAOB proposed changing its auditing standards related to the auditor’s assessment of, and response to, risk. In general, the PCAOB’s proposed standards are consistent with the ASB’s proposed standards. Auditing Standard 5, implemented on June 12, 2007, was intended to improve implementation of the provisions of the Sarbanes-Oxley Act of 2002 relating to audits of internal control over financial reporting (ICFR).

This month’s PCAOB report on Auditing Standard 5 says:

“Risk assessment underlies the entire AS No. 5 audit process, including the identification of significant accounts and disclosures and relevant assertions, the selection of controls to test, and the determination of the audit evidence necessary for a given control…the inspectors’ review of the firms’ implementation of AS No. 5 focused on the following areas:

• Risk Assessment,

• Risk of Fraud,

• Using the Work of Others,

• Entity-Level Controls,

• Nature, Timing, and Extent of Controls Testing, and

• Evaluating and Communicating Deficiencies.”

I’m going to summarize the findings of the PCAOB report and highlight a few areas that impact the business of the firms. Get a cup of coffee and make yourself comfortable. We’ll be here a while.

In general, the report tries to balance each mention of areas for improvement or deficiencies with a pat on the back and a reassuring hug first. The PCAOB tries to convince us that most of the auditors performed as expected. However, we’ve come to expect the soft touch from a regulatory body made up of former audit firm professionals. The PCAOB is also currently missing quite a few leaders. More importantly, given the range of firms and the number of audits inspected, there’s something negative to say about each of the components reviewed.

Some findings are particularly interesting in light of the financial crisis and the failures of the audit firms to prevent, mitigate, or warn shareholders and other stakeholders of the risks these companies were facing and the catastrophic result of ignoring or hiding them either through negligence or fraud.

Risk Assessment

Probably the most important area for review was the auditors’ success at risk assessment. The PCAOB inspectors found instances where the auditors failed to adequately assess risk for certain relevant aspects of the audit.

“The auditors failed to identify certain components of an account or certain locations in a multi-location environment that presented different risks of material misstatement of the financial statements than other components of the same account or other locations, respectively. They also failed to evaluate both the qualitative and quantitative factors when determining whether to perform tests of controls at a location…”

Why? There’s an unhealthy emphasis on numbers in the auditing process – strict materiality guidelines, sample sizes, and rigid formulas applied to every aspect of the methodology and audit approach. Less emphasis is placed on qualitative factors or judgment. It’s not easy to apply judgment or use experience and industry, global or general economic knowledge when you’re a 24-year-old second-year associate and you’ve never met the engagement partner or any subject matter expert.

Qualitative factors are so much harder to document as evidence, too. How do you scan and tickmark 20 years of experience and many times over seeing the same tricks pulled by management? Longer, more detailed analyses of strange data, reports detailing the history of a foreign location and higher fraud risk, doubts about a new system implementation, uncertainty and tension due to multiple management changes, repeated previous internal audit deficiencies are boring and suck up precious budget hours. No time. No inclination.

The PCAOB inspectors also report that auditors are having a hard time identifying all of management’s relevant assertions when developing their risk assessment. Relevant financial statement assertions are those having meaningful bearing on transactions, accounts, and disclosures. Why is it important that an auditor gets them right? They are the fundamental basis for defining scope of activities (and budget).

An auditor should perform substantive procedures (tests) for all relevant assertions related to each material class of transactions, account balances, and disclosures. That means not neglecting to test the most important assertions even if controls appear strong. Even seemingly effective controls can be compromised due to the constant threat of management override and the inherent limitations of internal controls. In the end, the auditor’s assessment of risk is judgmental. It can never be sufficiently precise to identify all material risks of misstatement so more important assertions with larger risk of misstatement must be tested, and that takes time and money as well as competence and objectivity.

The PCAOB also mentions that there is a general lack of focus on IT throughout the risk assessment process. They later raise additional issues related to IT risk and controls when using the work of others and when determining the timing, nature and extent of testing.

I’ve written about the IT audit issue for the Big 4 many times before:

• Lack of sufficient technical staff at clients as well as on audit teams,
• Pressure on fees,
• Dominance of the financial audit practice in engagement leadership,
• Organizational challenges for the IT audit and risk teams within the audit firms,
• Lack of involvement of most CIOs in Sarbanes-Oxley work and the external audit except by default, and
• Tendency to use inquiry and observation rather than substantive procedures for IT testing.

All of these issues contribute to the failure of audit teams to consider the effects of deficiencies in pervasive controls such as information technology general controls on the risk assessment. Therefore, the scope of tests that are conducted is limited for all the wrong reasons.

Risk of fraud

Fraud is one of the most contentious issues I write about. It’s happening more and more and in bigger and bigger ways and, yet, the audit firms standard public relations position (and legal defense) is, “We are not responsible for finding fraud.” The “We were duped” defense is probably the most professionally embarassing, irresponsible, and self-serving excuse the auditors use for abdicating responsibility for their public duty to shareholders. I’ll keep pushing it because it is their duty to both identify risk of fraud and adjust their audit scope and methodology accordingly in order to mitigate this risk and uncover fraud whenever possible.

The PCAOB, SEC and AICPA support this contention, even if the firms use their lawyers to avoid their responsibility whenever possible. In this report, the PCAOB again tells us that the nature, timing, and extent of auditors’ tests of controls were, in some cases, “not sufficiently responsive to an identified fraud risk because auditors either failed to alter the extent of testing in areas of greater risk, or they failed to identify and test compensating controls when the controls identified and tested did not completely address the identified risk.

“The inspectors also observed instances where auditors either did not evaluate all the relevant processes of the company’s period-end financial reporting process or did not appropriately test the design or operating effectiveness of controls to address the risk of management override.”

Using the Work of Others

When it was originally adopted, Auditing Standard 5 was intended, in the PCAOB’s own words, to focus the auditor on the matters “most important” to internal control, eliminate “unnecessary procedures”, simplify and shorten the standard by “reducing detail and specificity”, and make the audit more scalable for smaller and less complex companies.

“Considering and Using the Work of Others” superseded AU sec. 322 and the direction currently contained in AS No. 2 regarding using the work of others.

High auditor (and other fees) required to meet Sarbanes-Oxley requirements was the major complaint of the business community. Most fees paid to audit firms increased substantially after Sarbanes-Oxley, with the justification by the audit firms being the additional work required by AS No. 2. AS No. 5 was intended to reduce the extra work and therefore the higher fees of the Big 4 audit firms attributed to Sarbanes-Oxley.

I predicted that the audit firms would use this new provision to take on more work themselves, skirting the independence rules in order to put more of the Sarbanes-Oxley work into the internal control review bucket under the external audit. A lot of companies spent a lot of time and money trying to get the work done internally and expecting the Big 4 firms to eventually accept it and mitigate their effort and fees. But, until recently, the firms just wouldn’t do it.

Under AS No. 2 the audit firms interpreted the standards very strictly. They continued to do so for as long as possible under AS No 5. This was partly due to their desire to do as much work and reap as much of the fee as legally possible, the “share of the wallet” concept. This was also due to concerns about liability. Finally, in early 2008, their clients, pressured themselves by the economic downturn, took the upper hand. The auditors’ ability to fight the scope reduction demands was limited by economic reality and losses of clients due to failures, takeovers, and the bailouts. They started to cut their overbloated rolls and then were hard pressed to push for more given staffing constraints, especially in the IT audit arena.

As a result, this report describes several instances where PCAOB inspectors saw further opportunities for the auditors to use the work of others when the assessed level of risk was lower, including when testing certain system reports and application controls. These audit firms were probably trying to hold on to as much as they could.

In other instances, probably in larger issuers, the inspectors observed instances “where the extent of the auditor’s use of the work of others to reduce the auditor’s own work was greater than was appropriate under AS No. 5 considering the level of risk associated with the control being tested (e.g., in the area of controls over journal entries, which generally would be considered higher risk because of the risk of management override or other risk of fraud).”

Given the presence of other Big 4 firms as internal audit co-sourcers and pressure from clients to use the work of their finance and internal auditors to cut costs, I expect the auditors became reluctant to question qualifications of internal staff or professionals from another Big 4 firm. Inspectors observed certain instances where auditors, “performed few or no procedures to assess the competence of the others relative to the task being performed, or they did not adequately assess the objectivity of the others, particularly where the work was performed by company personnel other than internal auditors.”

Finally, “get it done and get it over with” type pressures probably resulted in limited discernment of who or what to retest and how much. The inspectors also “observed numerous instances where the extent of the auditors’ retesting of the work of others was seemingly unrelated to the risks involved (e.g., a uniform approach to retesting of 20 percent of the controls tested). “

Entity-Level Controls

The control environment sets the tone of an organization and has a huge influence on the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure to all activities.

“In evaluating the design of the entity’s control environment, the auditor should consider the following elements and how they have been incorporated into the entity’s processes:

a. Communication and enforcement of integrity and ethical values.

b. Commitment to competence.

c. Participation of those charged with governance.

d. Management’s philosophy and operating style.

e. Organizational structure.

f. Assignment of authority and responsibility.

g. Human resource policies and practices.

For example, management’s response to internal control deficiencies communicated in prior periods may relate to one or more of the aforementioned elements, such as commitment to competence or management’s philosophy and operating style…The auditor should obtain sufficient knowledge of the control environment to understand the attitudes, awareness, and actions of those charged with governance concerning the entity’s internal control and its importance in achieving reliable financial reporting. In understanding the control environment, the auditor should concentrate on the implementation of controls because controls may be established but not acted upon. “

Unfortunately, the PCAOB inspectors found that in some instances:

“…auditors did not evaluate entity-level controls beyond those associated with the control environment and the period-end financial reporting process. (Inspectors were told in certain cases that the auditors did not evaluate other entity-level controls because the issuer had not done so.)

Some auditors identified entity-level controls that appeared to be designed to operate with a high degree of precision, but failed to obtain sufficient audit evidence of their operating effectiveness. There also were instances where the auditors identified and tested entity-level controls and found them to be designed and operating with a high degree of precision, but did not alter their tests of process-level controls in response to that assessment.

There also were situations where auditors inappropriately reduced their testing of process-level controls based on reliance on entity-level controls. In certain of these instances, the auditors failed to consider the precision with which the entity-level control addressed a relevant financial statement assertion. In other instances, the auditors determined that the entity-level control was not operating at a level of precision sufficient to address the risk related to a relevant financial statement assertion, yet they nonetheless reduced the testing of the process-level controls for the relevant assertion.”

It looks like there was generally a “precision” problem. Control precision describes the alignment or correlation between a particular control procedure and a given control objective or risk. A control with direct impact on the achievement of an objective (or mitigation of a risk) is said to be more precise than one with indirect impact on the objective or risk. The inability to discern level of precision and the impact on testing seems to be a training issue and, perhaps, a direct result of the level of professional assigned to perform these high level, critical assessments. The subtlety of the “precision” component is lost on too junior or inexperienced professionals.

Nature, Timing, and Extent of Controls Testing

After completion of the risk, fraud, and controls assessment activities, including identifying relevant assertions and determinations of the precision with which entity-level controls are operating, it’s time to test. Unfortunately, as I have seen in engagements I have been involved in, the actual testing often doesn’t correlate well with the voluminous spreadsheets and matrices developed in the earlier phases intended to tell professionals what to test, how to test, and to what extent to test certain controls.

How does this happen? Inadequate engagement management, inadequate supervision and review of work, changes in personnel, poor team communication especially when changes occur, fatigue, and rushing at the end which forces professionals to ignore all instructions, do what they have time/energy/inclination to do, and then retro-justify the decision by fudging the documentation.

The result is PCAOB inspectors noting that “in certain cases, the auditors did not consider the assessed level of risk when selecting controls to be tested, or the controls selected were not designed to address the risk of misstatement to the relevant assertion(s).

In particular for IT general controls, segregation of duties controls, and application controls over authorization, disconnects between what auditors intended to do and what and how the tests actually get done occur quite frequently, in my experience. The PCAOB inspectors observed situations where auditors “failed to test a relevant control appropriately or, in some cases, at all. For example, inspectors observed instances where the auditors’ testing of controls over financially significant applications was dependent on appropriate segregation of duties, but the auditors did not test to determine whether appropriate segregation of duties existed.”

Similarly, in some instances:

“…the auditors tested certain controls without testing the system-generated data on which the tested controls depended; the auditors did not test controls over applications that processed financially significant transactions, including important manual spreadsheets; or the auditors observed evidence of review and approval controls (e.g. management signoff evidencing review and approval) without testing the design or operating effectiveness of management’s controls.”

“In some instances, the auditors did not obtain service auditors’ reports (SAS 70) related to controls at outside service organizations, or the auditors failed to perform procedures related to the necessary user controls identified in the service auditors’ reports.”

I have written before about the SAS 70 issue and the fact that it has been neglected in most Sarbanes-Oxley initiatives given the number of companies that have little or no centralized control over this process. It’s one of those things, like disaster recovery and business continuity, that hardly anyone does well, an “elephant in the room” type vulnerability for most companies.

“Inspectors also observed instances where the evidence gathered by the auditor was insufficient to support a conclusion that the controls were operating effectively, yet the audit team relied on the supposed effectiveness of those controls to reduce the scope of other audit procedures. For example, inspectors noted instances where the operating effectiveness of higher-risk controls was tested solely through inquiry and observation, which are tests that ordinarily produce less audit evidence than other tests, such as inspection of relevant documentation or re-performance of a control. In other instances, auditors did not test the completeness of the population from which items were selected for testing. Inspectors also observed instances where the extent of audit procedures was similar for both lower- and higher-risk controls.”

Evaluation of Deficiencies

Finally, when all the work is done, the auditors count up the various deficiencies, categorize them, group them, and combine them to determine if one or several become significant deficiencies or material weaknesess. The categorization of a control deficiency depends on whether there is a reasonable possibility that a company’s controls will fail to prevent or detect a misstatement and the magnitude of the potential misstatement. This exercise is the source of much discussion, first within an issuer’s own Sarbanes-Oxley team, separately within the external auditors team based on their work, then in joint meetings where the two compare their lists, discuss discrepancies, and resolve disagreements via negotiation and horse-trading to come up with the agreed upon list of deficiencies and their severity.

Inspectors observed some instances, that auditors, “inappropriately based their conclusions about the severity of control deficiencies solely on the materiality of the identified errors in the financial statements. Also, some auditors failed to consider relevant risk factors when evaluating the severity of identified control deficiencies. In addition, there were instances where the auditors did not consider whether certain control deficiencies identified through using the work of others, in combination with other identified control deficiencies, constituted a material weakness in controls.”

In some instances, “the compensating controls that the auditors identified and tested were not sufficiently precise or did not operate effectively to mitigate the risks associated with the identified deficiencies. In addition, the inspectors observed that “certain auditors’ required communications of identified control deficiencies to management or the audit committee were incomplete.”

When push comes to shove, the auditors are always in a position of deference to the Audit Committee and/or client management. If their incompetence, inexperience, and unwillingness to challenge technical and industry practices doesn’t do them in, their lack of objectivity and close relationship with management in service to keeping their big fees does. Granted, in rare instances, auditors do resign or let themselves be fired because of standing their ground. But by that time the situation is so bad, their potential liability so great, it scares the hell out of both sides and bodes ill for the shareholder. Ironically, it’s the next auditor, and there’s always one willing to step in even in the messiest of situations, that typically forces the client to do what the other may have been trying to do for a while.

Is audit firm rotation, like auditor signatures on reports and greater transparency of audit firm financials the way to force more much needed audit firm and auditor accountability right now?

Photo Source

I joined several of the leading bloggers in the securities litigation and SEC enforcement world — including Kevin LaCroix (The D&O Diary); Tom Gorman (SEC Actions); and Lyle Roberts (The 10b-5 Daily) — hosted by Securities Docket’s Bruce Carton for what promises to be lively and entertaining event.

My slides are here.
Bruce Carton has his summary here.

Here’s a replay of the webcast:

I got an email from Jim Peterson of Re: Balance yesterday afternoon. He poked at my comments about auditors and subprime lawsuits. He’s concerned about my use of the word “immunized” which, I guess, has special meaning for lawyers.

• Auditors immunizing from most subprime suits by claiming, “assertions of fraud are unjustified against those who were doing their best under circumstances that were exceedingly difficult…” The Michael Young defense.

“The notion of auditors being “immunized” from suit trips all over the practical fact that once a complaint survives motions to dismiss (which as Kevin noted, is going in plaintiffs’ direction lately), the likelihood of eventual settlement is overwhelming, and cases do not go to trial. The count since the 1995 “reform” act (big joke) is I think fewer than 10 in all — only a couple involving auditors…”

We spoke this morning and he is preparing a post for tomorrow that responds to the webcast.   I clarified my “immunized” comment this way:

“I was talking about the “so far” effectiveness of shills like Michael Young of Wilkie Farr and other proxies for the audit firms and their interests like the Center for Audit Quality. They use their advisory panel memberships, conference speaking gigs, and the mostly naive mainstream media to put forth the theory that the auditors do not, can not, should not question their clients business strategy and therefore cannot be held responsible also for the spectacular failures that have occurred.  

So far, and that’s a big “so far,” legislators, regulators, the press, and most of the plaintiff’s bar (with the exception of Steven Thomas, Stuart Grant, and a limited number of others) are  unwilling to kick the tires hard on the “We tried hard,” and the “We were duped,” and “We are separate and equal member firms who have no control over each other…” defenses. Their reluctance is sometimes borne of laziness to dig into the details and try to understand complex topics and other times due to entrenched, traditional loyalties. Steven Thomas, for example, is on his own because according to the interview in American Lawyer, his former firm, Sullivan Cromwell, did not want to go up against audit firms even though he proved it could be done very well.”

Still coming is my exclusive interview with Steven Thomas post-BDO verdict.  I alluded to a few of his comments in the webcast. Stay tuned for the full text next week.

In the meantime, if you’re interested in auditor related trials, there’s an interesting one going on again in Florida that’s being webcast in its entirety (gavel to gavel) by Courtroom View Network. It’s available for live and on demand on line viewing. Alan Schein contends in a suit filed in Broward Circuit Court that he relied on the E&Y audits that gave Illinois-based Superior Bank a clean bill of health for more than a decade in deciding to merge his mortgage marketing company with the bank in 1998.

If you’ve been reading me for a while, you know that I pretty much stick to discussing the largest 4 audit/accounting firms.  This is for practical reasons – keeping my sanity in dealing with so much information –  and to be realistic. Put the three next tier firms in the US together and they don’t equal either the critical mass in terms of experience and infrastructure nor the client/revenue base of any one of the Big 4.  They will never, either individually or collectively, be able to step up and absorb the detritus from another Big 4 firm failure, either in the US or out.  

That doesn’t mean the next tier don’t serve the clients they have well.  Mostly.  Just means that the next tier are not ready to play in the same pitch as Cristiano Ronaldo. (Front page photo/Portuguese.)

Or even Ronaldinho. (Brazilian)  (Pictured here with Ronaldo the Brazilian)

And this conclusion is drawn before you consider the considerable litigation threats each one faces.  RSM and Grant Thornton both have Madoff exposure and Grant Thornton also has Refco.   And BDO, well, in addition to Madoff exposure, there’s the BDO International litigation and the judgement against BDO Seidman US for Banco Espirito Santo.  You’ve heard of zombie banks?  Well, BDO in the US, at least, and potentially overall if the case against BDO International is also won, is a zombie audit firm.

So I’m constantly amazed to find Grant Thornton’s CEO Ed Nusbaum acting as the designated spokesboy for the accounting industry. He probably drew the short straw at the last Center For Audit Quality back room with cigars and cognac pow-wow.  And I’m incredulous to see Jeremy Newman of BDO International still huffing and puffing a seemingly progressive and transparent patter with whomever will interview him.

Now, that’s no slight to my friend Dennis Howlett.  I was genuinely chuffed to see Newman post a comment to Dennis’ blog. Dennis blogged about Newman’s “candid” admissions in his Huffington Post blog post regarding the auditors and mark-to-market accounting. 

“It is easy to look at the details of the accounts with hindsight and see how banks results were boosted by certain transactions. The transparency required by current accounting standards ensures we can see how banks were affected by increases in the market values of financial assets. However, it seems no-one realized the fragility of the markets in such securities. When problems first emerged in the sub-prime debt market, no-one was prepared to recognize the scale of the impact. In reality, we all looked for reasons why the problem would not be contagious.

Should accountants and auditors have identified these issues? Should regulators have realized the vulnerability of banks’ capital and reserves? Should governments have recognized that a problem in one bank would affect others? The answer to all these questions is “probably.” We believed that real value was being created by these new financial instruments and wanted to believe that the “good times” were here to stay…”

My comment in Dennis’ original post responds to this Pollyanna-ish pronouncement.

“Unfortunately, I don’t agree that any of the Big 6 firms are “recovering” from the intoxication with good times at all. All you have to do is observe closely, which I am, all the reductions in force and other cost cutting moves they’re making because of the way they say they indulged themselves with too many resources and overhead during the good times.

Although I value the candour exhibited by that emphatic “probably,” I’m less ecstatic about the firms’ complicity in the creative accounting we are seeing at Citigroup, for example…

Inspired by Mr. Newman’s seeming desire for a conversation, Dennis grabbed the bull by the horns, or the CA by the short-hairs, and asked for a meeting.  And he got it.

I helped him draw up some questions and was excited for him.

On May 15th Dennis interviewed Mr. Newman in London and tells us he spent two hours shooting the bull with Newman, a man he already admired for his candor. His post, Jeremy Newman, The Cautious Maverick, begins with some flattery. 

“I also had the sense I’d be meeting a person willing to speak with passion for a profession that I and others believe needs to change. It is perhaps a reflection of the liveliness of our discussion that what was meant to be a one hour meeting turned into nearly two hours of debate that only ended because we each had other things to conclude that day…”

To Dennis’ credit, his first question is the toughest one:  What of the BDO franchise?

In light of the crippling Banco Espirito Santo judgement against their US firm and the impending trial for BDO International to determine their culpability in this case, I’ve said BDO US is already dead.

“He was unequivocal: “It will be dealt with and we’ll move on. And no, we’re not at any risk.” I have no reason to disbelieve him…”

Well,  I have 521 million reasons to disbelieve him.  That’s the number of millions BDO has to pay. It’s already been adjudicated in the BDO Seidman vs. Banco Espirito Santo case.  They lost.  They’re hanging on by the thread of a desperate appeal. At the time of the judgement in August of 2007, a mere two years ago, mandatory discovery revealed that they could not pay it.  It would break them.

Jury Awards Rise Against BDO Seidman 
“A jury on Tuesday ordered the accounting firm BDO Seidman to pay more than $351 million in punitive damages in a negligence case, bringing BDO’s potential liability in the case to roughly $521 million, an amount the chief executive said threatens its operations.
The Florida jury had found BDO negligent for failing to find extensive fraud in its audits of a financial services company backed by a Portuguese bank. The amount will be added to the same jury’s award of $170 million in compensation to the bank, Banco Espírito Santo.”

`Big Problem’

““The big problem is a single case can bring down a big firm,” University of Georgia Professor Dennis Beresford said. Firms such as BDO Seidman typically distribute most of their profit to partners each year, leaving little in reserve for large legal judgments, said Beresford, a former chairman of the Financial Accounting Standards Board. ”

So what’s changed in two years?  Has BDO, in this period of pre-recession and recession, sold enough profitable services, asked partners for more capital, and begged, borrowed, or worse enough to cover the judgement if they lose on appeal?  Given the lack of transparency of all the audit firms with regard to actual profits and reserves for such contingencies, it’s hard to know for sure.  

In the year ending June 30, 2008, BDO’s US firm had revenues of $659 million and claims 81 percent cumulative growth over the past three years (2005-2008). But how much profit?  The profit margin for the year ended 2007 was 30%. If the numbers are accurate, how much could they have set aside since?  Would you lend money to an accounting firm to pay a judgement? 

“Jurors were given financial statements indicating Chicago-based BDO made a $176 million profit last year after collecting $526 million in revenue, up 25 percent over the previous year.

BDO chief executive officer Jack Weisbaum testified the firm has about 2,800 employees and its 250 partners made $131 million in total compensation last year.

“The company couldn’t pay punitive damages. We certainly wouldn’t look the way we do now,” he said. 

Back in February, after being granted the umpteenth BDO International requested delay in the case which is due to start May 26th in Miami, Mr. Newman was much less effusive:

BDO International’s defence has always centred on the fact that the umbrella body only has 10 employees and the audits conducted by member firms are done independently. BDO International has said it has no control over its audits and should therefore not be held responsible.

Jeremy Newman the CEO of BDO International would not comment on the issue.

Mr. Newman: I dare say, you’re bluffing.

Photo credits here and here.

Jeremy Newman the CEO of BDO International would not comment on the issue.

Deloitte Is Protected in “Insolvency” Ruling
A Pennsylvania judge says that a firm that improperly keeps a company out of bankruptcy may not be liable, unless it is negligent in other ways, too.

A recent Pennsylvania Court ruling favoring Deloitte & Touche seems to restrict a company’s ability to win a case against an accountantcy for actions that lead to the company’s “deepening insolvency,” unless the accountant is negligent in other ways as well.

The issue arose in a lawsuit that Reliance Insurance Co. filed in the state’s Commonwealth Court against Deloitte & Touche, over allegations that the accountancy improperly certified that the insurer’s loss reserves in 1999 was reasonable. That caused Reliance to take underwriting losses on payments that it could not really make, to avoid the wrath of regulators, and to go deeper into debt when it should have declared bankruptcy, according to The Legal Intelligencer newspaper.

EY Partners Overwhelmingly Approve the Creation of EMEIA

LONDON–(BUSINESS WIRE)–Ernst & Young today announces that its partners across Western and Eastern Europe, the Middle East, India and Africa have overwhelmingly approved the proposed integration of its country practices into a single EMEIA Area.

The new Area will be a US$11 billion organization with more than 60,000 people and 3,300 partners. It will operate as a single unit, led by Mark Otty as Area Managing Partner, and a single executive team. EMEIA will be effective from 1 July 2008.

Chairman and CEO Jim Turley said, “I am of course delighted by the tremendous response from our partners in favor of this significant step change in the globalization of our business. I have also been greatly encouraged by the level of feedback I have received from many of our clients across the globe, our young people and our regulators. The feedback is that this is a groundbreaking and positive step both for our own organization, and the profession as a whole.”

“Our clients tell me this move is important because it is going to enable us to better meet their needs to deliver seamless, consistent high-quality service, not just across EMEIA, but right across the world. Our people want to be in an organization where their opportunities are without boundaries. They want and expect mobility, challenging international assignments and a diverse and teaming culture on a truly global scale,” Turley said.