With Democrats like Representative Carolyn Maloney of New York, who needs the Republicans? When special interests pursue self-interested legislation  – or seek to block legislation that affects their interests  – Maloney waves the jobs and economic growth flag for campaign contributors rather than defending investors.

Maloney voted for the JOBS Act in spite of the fact the bill destroys investor protections hard-won after the Enron fraud in the Sarbanes-Oxley Act. Maloney also recently spoke up on behalf of the audit industry instead of investors during a hearing held by the House Subcommittee on Capital Markets and Government Sponsored Enterprises. PCAOB Chairman Jim Doty testified about several agency initiatives to increase auditor independence, transparency, and accountability for auditors behaving badly. Maloney joined Republican Congressmen who pushed back hard on Doty and the PCAOB, the audit industry regulator, accusing the regulator of  “mission creep” and “overreach”.

Maloney represents Manhattan’s East Side and Queen’s West Side, the home of the financial services industry including the US headquarters of all of the Big Four accounting firms. Maloney serves on three key subcommittees of the House Committee on Financial Services because she, “believe[s] one of my chief tasks is to maintain the preeminence of New York City as the world’s financial center.” Maloney is “committed to defending the health of our financial institutions so that they can lead our economic recovery.”

But, in my opinion, she’s no expert on financial services or accounting policy.

Maloney’s real interests show up at the most inopportune moments. Back in 2000, before the Enron scandal, Richard Baker, a Louisiana Republican, ran the House Subcommittee on Capital Markets. He was very worried at the time about Fannie Mae and Freddie Mac. Baker saw the writing on the wall with the mortgage giants, behemoth Government Sponsored Enterprises (GSEs) that were eventually nationalized under a conservatorship in September of 2008 because of the significant losses they racked up from subprime mortgage securitization. Taxpayers are still paying the bill for the inattention by so many for so long to the accounting manipulation, fraud, and excessive risk taking at the GSEs that put both public companies into receivership.

Baker convened hearings and the undersecretary for domestic finance at Treasury at that time, Gary Gensler, offered his views during one of them on the Housing Finance Regulatory Improvement Act. Baker’s bill proposed removing the $2.5 billion line of credit available to Fannie and Freddie from Treasury. Gensler came out in favor of cutting off Fannie and Freddie. According to Gretchen Morgenson and Josh Rosner in their recent book, Reckless Endangerment, the Subcommittee on Capital Markets at that time was dominated by two factions.

“First were the “housers”—true believers in government subsidies for housing and supporters of Fannie and Freddie as the best vehicles to provide them. Equally zealous, though, were the members who received campaign contributions funded by the companies as well as the ribbon-cutting ceremonies for projects in their districts.”

As one of the most contentious hearings ended, Representative Carolyn Maloney piped up with a closing question for Franklin Raines, Fannie Mae’s chief executive, that seemed to ignore the point of the hearings – Fannie and Freddie were already overextended.

“I think it would be appropriate to bring the GSE structure to childcare, an area that has been failed by the private markets. I would like to know, would Fannie and Freddie be opposed to having the authority to buy childcare facility mortgages?”

Maloney’s quest to use the GSEs to fund childcare facility mortgages went nowhere in 2000. She sponsored variations of the bill repeatedly  in the following years. In 2006 it was called H.R. 5207, the Children’s Development Commission Act (Kiddie Mac). Maloney ignored what everyone else who was close to the financial services industry saw at that time: The mortgage industry was headed for a crash, led by subprime. By 2006, some of the big mortgage originators who fed Fannie Mae and Freddie Mac like New Century and Countrywide had started to falter.

These days Carolyn Maloney is pushing jobs and growth, growth and jobs, and protecting the interests of the venture capitalists, bankers, and “job creators” who woudl love to repeal the Sarbanes-Oxley Act. Maloney recently supported the Jumpstart Our Business Start Ups Act (JOBS Act) which goes a long way towards erasing the gains investors made in Sarbanes-Oxley.

Some Democrats who voted for the JOBS Act as a jobs bill, including Maloney, are now backpedaling.  ”I don’t see it as a great jobs bill,” Rep. Carolyn Maloney (D-N.Y.) told MSNBC’s Chris Hayes. “I don’t see it creating a lot of jobs.”

When Chris Hayes confronted Maloney with SEC Chairman Mary Schapiro’s objections to the removal of significant investor protections in the JOBS ACT, Maloney said Schapiro could write a letter to all Senators and Congressmen explaining her objections and they would consider a bill to address them.

Maloney also told the panelists that day, “I think it’s very difficult to take on the financial interests.”

I guess it wasn’t enough for SEC Commissioner Schapiro to send a letter with her concerns to the Senate Banking Committee before they took up the bill that the House passed with bipartisan support. That bipartisan support included votes from current House Committee on Financial Services ranking member Rep. Barney Frank, Rep. Maloney, and Rep. Maxine Waters. Rep. Capuano was the only Democrat voting no on this bill in committee.

In her letter to Senators Johnson and Shelby, SEC Commissioner Schapiro said the Jumpstart Our Business Startups (JOBS) Act, HR 3606, passed by the House would weaken investor protections by, for example, exempting emerging growth companies from the internal control audit opinion provisions of Section 404(b) of Sarbanes-Oxley. Schapiro believes the Section 404(b) internal controls requirement “has significantly improved the quality and reliability of financial reporting and improved investor protections and, therefore, believe this change is unwarranted.”

Instead of carefully considering growing public objections to the bill, the Senators expedited its passage instead. There was no bill mark-up session and no further hearings. SEC Chair Mary Schapiro did not testify and neither did any of the SEC Commissioners.

I attended the bill markup session for H.R. 3606, “Reopening American Capital Markets to Emerging Growth Companies Act of 2011″ by the House Committee on Financial Services on February 16^th.  Republican Congressman Garrett, the Committee Chairman, led a quick discussion of proposed amendments to the bill. Carolyn Maloney had none. In fact, Maloney was absent for much of the discussion because this was the same day as a Senate hearing on birth control. Maloney’s protests about, “Where were the women?” at that hearing dominated the evening news and play repeatedly as a video on her website. Instead of looking out for the investor, Maloney was focused on a soundbite and a photo op.

Maloney’s focus on women’s issues is the excuse given by many for giving her a pass on otherwise generally corporatist positions on everything else. As a woman and a progressive Democrat, I take Democratic legislators’ support for women’s health, anti-domestic violence, and pay equality issues for granted. I give Maloney no extra credit points for strongly supporting these initiatives. Maloney is a drive-by Democrat who does the warm and fuzzy blanket stuff and supports financial services and business legislation based on who has buttered her bread.

Maloney sought to repeal the protections of Sarbanes-Oxley early on. According to reports in the Huffington Post on October 28th, 2009, Rep. Carolyn Maloney sponsored the original bill to repeal SOx 404 internal control audit requirements for companies with market capitalization less than $75 million. This loophole applied to about 55% of publicly traded firms. Maloney’s amendment, co-sponsored with Rep. Scott Garrett, a New Jersey Republican, was to be attached to a bill pending in the House Financial Services Committee, the Investor Protection Act of 2009,.

The permanent exemption for companies under $75 million in market capitalization was passed under Dodd-Frank in July of 2010. The audit industry otherwise escaped any mention or sanction in Dodd-Frank, in spite of their failure to warn investors of problems at the bank who failed, were bailed out or acquired by healthier banks. In particular, legislation to repeal the exemption from aiding and abetting liability in securities litigation for third-parties like auditors never made it into Dodd-Frank.

Employees of KPMG, PwC, and Deloitte were among House Committee on Financial Services ranking member Barney Frank’s top 25 contributors leading up to the passage of Dodd-Frank, 2009-2010. During the 2008 election year, all of the Big 4 contributed to Frank’s reelection campaign.

The JOBS Act exempts “emerging growth companies” – that’s companies with up to $1 billion in revenue – from SOX 404(b) internal controls audits for five years or until they exceed the revenue threshold. That’s bad for the business of the accounting/audit industry. The additional provision that reduces required audits at the time of IPO filing for “emerging growth companies” from three years to two also takes food off auditors’ tables. The audit industry said nothing during the debate about the impact those provisions would have on investors. They would have appeared greedy. The auditors learned the hard way after the Sarbanes-Oxley Act was passed not to oppose public company executives who push for less regulation and less cost just because reducing investor protections may harm the true client – investors.  After all, it’s company executives and Audit Committees who hire auditors and their consulting and tax professionals and pay their bills, not shareholders.

Representative Carolyn Maloneycontinues to be a member of the House Financial Services Subcommittee on Capital Markets and Government Sponsored Enterprises. The latest incarnation, under the leadership of Rep. Garrett, recently held a hearing to discuss pending proposals and current challenges facing the auditing and accounting industries. (I guess the firms fal under this subcomittee because the audit firms are government sponsored enterprises by way of their exclusive franchise for providing stock exchange mandated and SEC mandated audits of public companies and because there’s a a stated “too few to fail” policy?)

Jim Doty, Chairman of the PCAOB, Jim Kroeker of the SEC, and Leslie Seidman of FASB answered questions from Committee members. Among the issues discussed was HR 3503, co-sponsored by Reps. Lynn Westmoreland (R-GA) and Barney Frank (D-MA) which would amend the Sarbanes-Oxley Act of 2002 to make Public Company Accounting Oversight Board disciplinary proceedings open to the public and a bill sponsored by Rep. Michael Fitzpatrick (R-PA) that would prohibit the PCAOB from mandating firm rotation. The bill, sponsored by Rep. Michael Fitzpatrick (R., Pa.), hasn’t yet been introduced.

The Wall Street Journal’s Michael Rapoport tells us:

According to data from the Center for Responsive Politics, which tracks campaign finance, Rep. Fitzpatrick has gotten major contributions from PricewaterhouseCoopers and Deloitte during the 2012 election cycle. PwC is his 10th-biggest contributor throughout his career in Congress, and the accounting industry has given him a total of $108,779 over his entire career.

Rep. Scott Garrett (R., N.J.), who is chairman the capital-markets subcommittee, has also benefited from the industry’s contributions. KPMG is his fourth-largest contributor throughout his career, and PwC is his 12th-largest. The accounting industry has given him $152,904 over his career.

Rep. Maloney is skeptical about the PCAOB’s request to make disciplinary proceedings against audit firms and auditors public. The Sarbanes-Oxley law bars the PCAOB from making such proceedings public unless both parties consent. That’s inconsistent with how the SEC handles similar sanctions against audit firms and auditors for violating securities laws. The PCAOB has said this allows audit firms to drag out legal proceedings for years while keeping audit committees and investors in the dark about auditor negligence and bad behavior.

“I understand the concern … but I also want to hear whether there is any concern that by making these proceedings public, we are unnecessarily harming the reputation of a firm before any official action is taken. Personally, I don’t think we should do so unless there is an official action taken.”

Maloney isn’t crazy about mandatory auditor rotation, either.

“Aren’t there other ways to boost auditor independence without putting in an arbitrary requirement that may disrupt the relationship between the firms and companies they audit?  It may affect the cost and quality of the audits, too.”

Those talking points could have come directly from the audit firms. In fact, they probably did.

“Mandatory firm rotation will not improve audit quality and its cost cannot be justified. “

PwC’s Bob Moritz in testimony to the PCAOB on March 21, 2012

“Ernst & Young…does not support mandatory firm rotation. In our view, it is not a necessary or constructive means to promote auditor skepticism, and we are aware of no evidence that it will improve audit quality…A mandatory audit firm rotation model would not only give rise substantial costs and disruptions, but would also impair audit quality and undermine sound corporate governance – all to the ultimate disadvantage of investors. We believe the mandatory re-tendering approach suffers from the same or even greater flaws.”

Steven Howe, Ernst & Young in testimony to the PCAOB on March 21, 2012

“Given the significant costs and disruption, the lack of evidence linking engagement tenure to audit quality, and, most importantly, the risk that mandatory rotation is actually a detriment to audit quality, we oppose mandatory firm rotation.

PCAOB enforcement proceedings currently are confidential under Sarbanes- Oxley, because Congress understood that auditors belong to a profession in which a good reputation is essential and publication of unproven charges may end an individual auditor’s career or audit firm’s existence.”

Barry Melancon, President of the AICPA, the audit industry trade organization, in testimony before the House Subcommittee on Capital Markets and Government Sponsored Enterprises, March 28, 2012

Maloney is at the top of the list of Democrats receiving campaign contributions from the auditors, second only to Brad Sherman of California, a CPA and Big Four alumni. Sherman has pocketed $49,500 from the industry already in 2012. Maloney, who counts the Big Four US headquarters amongst her district’s constituents, has accepted $28,500 in 2012. The accounting industry has given her $176,000 over her twenty-year career according to OpenSecrets.org, more than either Republicans Garrett or Fitzpatrick.

Looks to me like it’s the audit firm money, not Carolyn Maloney, doing the talking.

Last week was Groupon’s big week, although not in a good way. What happened? Well, the premier source of daily deal dish got knocked down a few more pegs after announcing a revision to 4th quarter earnings and the announcement by management that there was a material weakness in internal controls over financial reporting that was causing their disclosure controls to be ineffective. Groupon went public just a few months ago, last November, and the annual report was the company’s first filing as a public company.

Here’s one of the few journalists who got the details right, Jonathan Weil of Bloomberg, explaining why, in this case, the news was especially bad:

Didn’t Groupon know before its initial public offering that its controls were weak? A company spokesman, Paul Taaffe, declined to comment. Let’s assume for the moment, though, that its executives did know. Even then, they wouldn’t have had to tell investors beforehand.

That’s because there is no requirement to disclose a control weakness in a company’s IPO prospectus. Groupon would have had no obligation to disclose the problem until it filed its first quarterly or annual report as a public company — which is what it did. Sandbagging IPO investors in this manner is perfectly legal, it turns out.

The reason lies with a gaping hole in the Sarbanes-Oxley Act, which Congress passed in 2002 in response to the accounting scandals at Enron Corp. and WorldCom Inc. That statute had two main sections related to companies’ internal controls, which are the systems and processes that companies are supposed to have in place to ensure the information they report is accurate. Those provisions apply only to companies that are public already, not ones that have registered for IPOs.

One section, called 302, requires public companies’ top executives to evaluate each quarter whether their disclosure controls and procedures are effective. The other section, known as 404, is better known. It requires public companies in their annual reports to include assessments by management and outside auditors about the effectiveness of their internal controls over financial reporting. Congress left it to the Securities and Exchange Commission to write the rules implementing those provisions.

Here’s where it gets tricky. Groupon reported the weakness in its financial-reporting controls through a Section 302 disclosure, not a Section 404 report. In other words, the problem was serious enough that it amounted to a shortcoming in the company’s overall disclosure controls.

Groupon won’t have to comply with Section 404’s requirements until its second annual report, due next year, under an exemption the SEC passed in 2006 for newly public companies. Likewise, Groupon’s auditor, Ernst & Young LLP, to date has expressed no opinion on the company’s internal controls in its audit reports.

From the moment Groupon announced the revision on March 30, there were two important facts that almost all major media financial journalists got wrong:

1) The announcement of lower revenue and lower income for the fourth quarter was a revision of an earnings release, not a restatement. Groupon never filed a 10Q so there was no SEC filing to restate. Fessing up to the right numbers in the annual report was the first time the company was bound to report those numbers and, at that time, they corrected previously announced earnings for the 4th Quarter.

2) Management made the assessment of the material weakness in internal controls over financial reporting that caused disclosure controls to be ineffective, not auditor Ernst & Young. Ernst & Young deserves no credit for the announcement, nor any blame, just yet, for the fact that the weaknesses had to be finally admitted. There is no transparency regarding the auditor’s agreement or disagreement previously with Groupon, any public documentation of their discussions or any reason to believe Ernst & Young either encouraged or discouraged Groupon to get their act together sooner.

We just don’t know.

What we do know is that Ernst & Young signed the fourth clean audit opinion when it signed the audit report included in Groupon’s annual report. With the three audited financial statements included in the S-1, we can assume that control weaknesses Ernst & Young was aware of, if they were aware of any, were not serious enough in their opinion to qualify the audit opinion.

Because I was very busy with some other projects when the Groupon announcement came out I chose to be quoted regarding Groupon, rather than to blog about it, last week. I also tried to use Twitter to alert fellow journalists and the readers that the reporting had mistakes.

I was asked to comment on the Groupon story by three media outlets: the Marketplace radio program on PRI/NPR, Phil Rosenthal at the Chicago Tribune, and Crain’s Chicago Business.

I haven’t seen the story in Crain’s yet, but it Here’s the Crain’s link. It was nice to have two local media outlets notice they had someone who writes about these issues right here in Chicago where Groupon is based.

Marketplace’s Heidi Moore, who I follow on Twitter, wrote a short piece and my comment is strictly color. You can read the text and listen here.

The Tribune piece is extensive and Phil Rosenthal does a great job explaining why Groupon’s success or failure means a lot to the Chicago tech scene.  I get a long quote:

“As a Chicagoan, I’m really sad, because we’re proud when somebody does good here,” said Francine McKenna, an expert on the accounting and auditing industry who writes the Accounting Watchdog column for Forbes. “We love promoting our companies, especially homegrown success stories, and this is embarrassing.

“Because they’re growing so fast, because they’re trying to take a less conservative approach when they’re developing these numbers, because they want to shine the best possible light on what they’re doing, they got caught short. There was nothing they could do but admit they screwed up.”

To be honest, I’m holding back a bit on this subject because Groupon is a small part of a larger piece I’m wrapping up, hopefully, for the next issue of Forbes Magazine.  So let me make a few comments that did not make it to the magazine piece.

The role of the auditor, Ernst & Young, is confusing to experts, let alone the average investor or business reader.  Should the firm have caught Groupon’s errors before or after the IPO? Did Ernst & Young catch Groupon’s errors before the IPO and now?  Did Ernst & Young influence Groupon management’s decision to make the painful acknowledgement that they were caught short in the return reserves department and had to revise revenue and earnings? We’ll never know.

Here’s what Groupon management admitted in the annual report:

“…management concluded as of December 31, 2011 that our disclosure controls and procedures were not effective at the reasonable assurance level due to a material weakness in our internal control over financial reporting, which is described below.

In connection with the preparation of our financial statements for the year ended December 31, 2011, we concluded there is a material weakness in the design and operating effectiveness of our internal control over financial reporting as defined in SEC Regulation S-X. “

Groupon says they are deficient in:

• Controls over monthly financial close process and procedures
• Controls to insure accounts were complete and accurate and agreed to detailed support
• Controls over account reconciliations to identify errors and omissions in journal entries
• Controls over timely, effective review of estimates, assumptions and related reconciliations and analyses, including those related to customer refund reserves

That’s a lot of weakness. I find hard to believe these weaknesses only showed up in the last month or so of the year, after the IPO and multiple S-1 filings. Could Ernst & Young have stopped the IPO? Could the SEC have stopped the IPO?

One proposal that the audit industry regulator, the PCAOB, has on the table that could help in the future – but maybe not for pre-registration filings and auditor opinions – is the Auditor’s Discussion and Analysis. (The italics are my comments back to the PCAOB, the audit industry regulator under the SEC.)

b. In what ways, if any, could the standard auditor’s report or other auditor reporting be improved to provide more relevant and useful information to investors and other users of financial statements? Two places where the current report could be improved are:

1. Development of a clearing house of auditor names attached to public company audit engagements worldwide with their biographies and information about sanctions, suspensions and litigation against them.  I’m not so concerned about seeing a name on a printed report as knowing who is responsible for that audit over time and their qualifications and professional history.

2. The addition of an auditor’s “Disclosure and Analysis” would be priceless. It should be addressed directly to shareholders, not the Audit Committee, and be written in the style of Warren Buffet’s letter to shareholders.  It should state where the auditors and management disagreed and which one prevailed.  It should focus on judgments, estimates, and the range of practices especially regarding interpretation of key accounting standards amongst that issuer’s peer group.

c. Should the Board consider expanding the auditor’s role to provide assurance on matters in addition to the financial statements? If so, in what other areas of financial reporting should auditors provide assurance? Auditors should provide explicit assurance on MD&A. They are already required by standards to communicate with the Audit Committee regarding the adequacy of required disclosures. Interim Auditing Standard AU 380 requires auditors to determine whether all audit-related matters are communicated to the committee.

Potential Alternatives for Changes to the Auditor’s Report

A. Auditor’s Discussion and Analysis

Questions

5. Should the Board consider an AD&A as an alternative for providing additional information in the auditor’s report? Yes

a. If you support an AD&A as an alternative, provide an explanation as to why. See above 1.b.

b. Do you think an AD&A should comment on the audit, the company’s financial statements or both? Both. Provide an explanation as to why. Should the AD&A comment about any other information? The quality of management’s D&A and any disagreements in that regard over sufficiency or quality of disclosures.

c. Which types of information in an AD&A would be most relevant and useful in making investment decisions? I think information about how the issuer compares in key metrics, disclosures, aggressive interpretation of standards, and use of models and estimates to their peers would be very useful.  In some industries, one auditor has an audit relationship with several major companies, addresses similar issues, evaluates similar approaches and either sees consistent or inconsistent results. This type of discussion and comparison would be very useful to identify outliers and anomalies as well as instances of collusion amongst companies with significant business with each other.

Another factor to consider is the auditor’s responsibility right now with regard to disclosure or reporting of fraud and illegal acts – if errors and misstatements rise to that level even pre-IPO.  I’ve written previously that auditors are not very quick to tattle-tale on the executives of the companies they audit.  The audit firms prefer to work it out internally and over time. There’s just too much money at stake both as an auditor and as a consultant. We do not know what Ernst & Young’s fees from Groupon – or Zynga or Facebook – are yet.  The first proxies are not out.  But we do know how much money was at stake with some other clients that have had issues:

• Ernst & Young was paid more than $150 million in fees by Lehman for 2001 to bankruptcy in 2008 according to the New York Attorney General complaint against Ernst & Young for fraud regarding lack of disclosure of Lehman’s issues.
• Google paid Ernst & Young $13 million in 2010 and 2009. Google’s proxy did not explain how Ernst & Young could reduce its fee for audit services to this high-risk company by $1 million in 2010. Google is a serial subject of SEC investigations for its accounting for stock options and taxes. The company recently settled a Department of Justice criminal investigation over the illegal use of its AdWords program by Canadian pharmacies. Ernst & Young did charge Google $500 thousand more in 2010 to address those tax issues.
• UBS, home of a recent rogue trader scandal, paid Ernst & Young $63 million in 2011 for their the audit, $12 million for audit-related activities such as assurance and attest services, control and performance reports, advisory on accounting standards, transaction consulting including due diligence, and tax advisory.  Ernst & Young also earns another $32 million for services performed on behalf of UBS investment funds, many of which have independent fund boards or trustees.
• News Corp, where executives are accused of paying illegal bribes and hiding those payments on the balance sheet, paid Ernst & Young almost $35 million dollars in 2010 and about $31 million in 2009.  The increase equals about 10% more for more tax consulting services, which make up almost half – $16 million – of the total fees paid to EY by News Corp. That, to me, is a serious indictment of EY’s independence as auditor.

Getting back to Groupon and their erroneous earnings release and uncontrolled S-1s…

According to a recently published academic paper entitled, Pro forma disclosures, audit fees, and auditor resignations:

Pro forma disclosures are non-GAAP disclosures; however, under the provisions of SAS 8, auditors are still responsible for ensuring that no overtly misleading voluntary disclosures are released to investors. That is, auditors are required to review voluntary disclosures and prevent any misleading or overtly optimistic information from being released. In addition, auditors are potentially responsible for ensuring consistency of pro forma reporting in voluntary disclosures, such as press releases, with any pro forma numbers included in mandated disclosures, such as SEC 10-K or 10-Q reports (PwC Dataline 2010-03).

I know I expect the auditors to be earning their fees by looking out for investors. But maybe that’s just pie in the sky.

The video is Glen Hansard and Marketa Irglova singing “You must have fallen from the sky” from The Swell Season.

Original main page art from this site.

sciss

The Private Securities Litigation Reform Act of 1995 (Public Law 104- 67) added Section 10A to the Securities Exchange Act of 1934 (15 U. S. C. 78j- 1). Section 10A reporting requirements first became effective for fiscal years beginning on or after January 1, 1996.

The GAO[1] prepared a report in February 2000[2] and again in September 2003 at the request of Congress, regarding the audit industry’s compliance with Section 10A. The GAO also reported the statistics for SEC enforcement actions under Section 10A.

The February 2000 report stated that six Section 10A reports had been submitted by audit firms through December 14, 1999. Records from the SEC’s Office of the Chief Accountant show that during the period December 15, 1999 through May 15, 2003 – four years of turmoil in the markets and in the accounting industry – an additional 23 Section 10A reports were submitted.

From the inception of the 10A reporting requirement in 1996 through May 15, 2003, a total of 29 Section 10A reports were submitted to the SEC. The reports cover a variety of potential illegal acts, including improper revenue recognition, unusual capital transactions relating to stock warrants, inadequate financial statement disclosures, and failure to disclose expenses relating to stock options.

In the 2003 report, the AICPA attributed the low level of 10A reporting to the reasons they cited as stated in the 2000 GAO report: In most cases, management or the board of directors, often with the participation of internal or external counsel, took timely and appropriate action to address a situation involving an illegal act when it was brought to their attention by auditors.

According to SEC officials in 2003, all Section 10A reports from 1996 to 2003 were investigated. Of the 29 SEC registrants named in the reports as of 2003, 10 were the subject of active SEC enforcement investigations, 8 had actions brought against them by the SEC, and 11 reports were closed without formal action being taken by the SEC.

Injunctive actions and administrative proceedings were filed in 8 cases alleging violations such as (1) failure to disclose transactions in public statements to shareholders and the SEC, (2) inclusion of fraudulently- valued assets on financial statements filed with the SEC, (3) underreporting the value of inventory resulting in an understatement of expenses and liabilities and an overstatement of income, and (4) improper revenue recognition and understatement of expenses.

A violation reported under Section 10A may be closed without formal action being taken by the SEC because the registrant is no longer publicly traded, has a very small dollar amount of assets, or is no longer doing business. In certain instances, after discussions with the SEC, the registrants took remedial action, which the SEC found satisfactory, such as obtaining a review of the registrant’s quarterly financial statements filed with the SEC.

In 2002, the American Institute of Certified Public Accountants (AICPA) issued a new audit standard for detecting fraud, Statement on Auditing Standards (SAS) 99: Consideration of Fraud in a Financial Statement Audit. The AICPA believed SAS 99 would substantially change auditor performance, thereby improving the likelihood that auditors will detect material misstatements in financial statements due to fraud by placing an increased focus on exercising professional skepticism throughout the audit. The new standard required auditors to identify and consider risks of material misstatement due to fraud when planning and performing the audit through brainstorming among audit team members, inquiring of management, performing analytical procedures, considering inappropriate reporting of revenue and management override of internal controls, evaluating internal controls that address the identified risks of fraud, and assessing throughout the audit and at the completion of the audit the risk of fraud based on the results of auditing procedures.

The new standard also required auditors to communicate about fraud to management, the audit committee, and others, and to document the auditors’ consideration of fraud. SAS 99 was adopted and effective for audits of financial statements for periods beginning on or after December 15, 2002. The PCAOB, the regulator for the auditing industry established by the Sarbanes-Oxley Act in 2002, updated the standard the first time with Auditing Standard No. 5, adopted in 2007. The PCAOB revised the standard further in December 2010 as AU Section 316: Consideration of Fraud in a Financial Statement Audit.[3]

The Sarbanes-Oxley Act of 2002 also contains a number of provisions aimed at improving the quality of audits of public companies including more audit committee involvement with the auditor, a requirement for auditors to attest to management’s assessment of internal controls over financial reporting, a requirement for audit partner rotation, prohibition of certain non-audit services to audit clients, prohibition of providing audit services to a company that employs as a top official a previous member of the audit engagement team, and greater penalties for failure to report fraud.

Rule 240 10A-1 states that auditor reports under Section 10A must be submitted to the SEC’s Office of the Chief Accountant. The report must be in writing and identify the registrant and the auditor and the date that the registrant received the Section 10A report from the auditor. In addition, the report must include either a copy of the auditor’s report or a summary of the report including a description of the act that the auditor has identified as a likely illegal act and the possible effect of that act on the financial statements. The rule is based on the premise that the reports under Section 10A are supposed to assist the SEC in performing its enforcement responsibilities and therefore, the auditors’  reports are nonpublic.

After receiving and logging the Section 10A reports, the Office of the Chief Accountant forwards the reports to the Division of Enforcement, which conducts investigations into possible violations of federal securities laws and prosecutes the SEC’s cases. The reports are also forwarded to other divisions within the SEC, including the Division of Corporation Finance, which reviews the financial statements and other financial reports filed by SEC registrant companies. The Office of the Chief Accountant and the Division of Enforcement monitor the progress on any investigation initiated or facilitated by a Section 10A report.

Auditors are still getting used to an external regulatory regime under the PCAOB since 2002 versus the self-regulatory regime they operated under with the AICPA, their trade organization, as the rulemaker and enforcer. Frauds did not end after the Sarbanes-Oxley Law was enacted. It’s now apparent that fraud drove many of the financial crisis failures. The subprime crisis turned into a credit crisis then a full blown financial crisis. Major industrial and financial services companies in the United States and abroad were bailed out, forcibly acquired, and effectively nationalized in order to survive.

During that time, no warning bells for shareholders and society as a whole, in the form of “going concern” opinions, were sounded. As financial crisis litigation has increased, we are now seeing, almost four years later, the extent to which accounting fraud, disclosure fraud, and accounting manipulation played a role in these failures. We have also seen a record number of enforcement actions for illegal acts by corporations and individuals under the Foreign Corrupt Practices Act.

Section 10A is not mentioned very often in enforcement actions against auditors. Frankly, there are few enforcement actions against auditors at all compared to the number of enforcement actions against client company executives. But 10A has been mentioned recently on two specific occasions.

“The reliability of global capital markets depends on auditors fulfilling their obligation to investors to perform robust audits, resulting in well-founded audit reports. Two of the PW India firms, PW Bangalore and Lovelock, repeatedly violated PCAOB rules and standards in conducting the Satyam audits. These confirmation deficiencies contributed directly to the auditors’ failure to uncover the Satyam fraud.”

James R. Doty, PCAOB Chairman

On April 5, 2011, the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PCAOB) announced settled disciplinary orders against five firms, members of the PricewaterhouseCoopers LLP (PwC) global network, for violations of PCAOB rules and standards and for violations of federal securities laws as well as improper professional conduct by PW India while PW Bangalore served as auditor of record for Satyam.

In addition, the SEC also sanctioned the PW India firms for, “violation of Section 10A(a) of the Exchange Act by failing to conduct procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts.”

Technically, this was not an enforcement action for, “failing to report likely illegal acts that have a material impact on a company’s financial statements,” but instead for failing to perform the audit in such a way that those illegal acts have a high likelihood to be detected. The SEC, and the PCAOB which filed a simultaneous enforcement action, chose to believe that PW India was ignorant of the illegal acts. The jury is still out, literally, in India, on whether the Price Waterhouse India auditors were aware of the illegal act, complicit in the fraud with executives, and did not report them or were simply incompetent as the SEC would lead us to believe.

On October 3, 2011, the PCAOB issued Staff Audit Practice Alert No. 8, Audit Risks In Certain Emerging Markets.

In the Alert, the PCAOB warned that although authorities in many emerging market countries were taking steps to improve investor protection, the PCAOB, “has observed from its oversight activities some conditions in audits of certain companies in emerging markets that indicate heightened fraud risk. Other situations have come to light in recent corporate filings with the Securities and Exchange Commission (“SEC”) and in SEC orders suspending trading in securities of certain companies in emerging markets.”

In just two months in 2011, more than 24 companies with their principal place of business in the People’s Republic of China (“PRC”) filed Forms 8-K with the SEC reporting auditor resignations, accounting irregularities, or both.[4] “In some instances, the auditor’s letter of resignation stated that the auditor resigned because of circumstances that could constitute illegal acts for purposes of Section 10A of the Securities Exchange Act of 1934 (“Exchange Act”).” [5]

The SEC took action, including instituting stop order proceedings against two PRC-based companies.[6] Additional auditor resignations, recorded on Form 8-K, have occurred.[7]

• How many of the auditors associated with the 24 companies with their principal place of business in the People’s Republic of China that filed 8-Ks also filed 10A reports? Did the auditors who mentioned, “circumstances that could constitute illegal acts for purposes of Section 10A of the Securities Exchange Act of 1934,” file 10A reports with the SEC?
• Did the auditors of the two PRC-based companies where the SEC issued stop order proceedings perform their duties under Section 10A or did they fail to conduct procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts?
• Will we see any SEC enforcement actions against these auditors for failing to detect these illegal or fraudulent acts via proper audits and failure to report the illegal acts to the SEC?
• Did the auditors do their job in China?

Investors count on the auditors as the last defender of shareholder interests before regulators and the lawyers get involved. I wanted to see if the auditors had at least warned the SEC of potential frauds and illegal acts, in particular during the period leading up to the 2008 financial crisis bailouts.

I checked with the GAO in June of 2011 to see if anyone in Congress had asked for an update since 2003 on Section 10A reporting by auditors. Chuck Young, Managing Director of Public Affairs said, “No, we have not done any review since the one in 2003.”

So I prepared a Freedom of Information Act (FOIA) request in June and then again in October for the same information Congress and the GAO had previously requested from the SEC. The first request I made covered the entire period since the last report to Congress, 2003, until the present. It also referred to a tracking system that the 2003 report said would be implemented to help track these submissions by auditors and the SEC’s actions on them.

5) It was reported to the GAO in May 2003 that the Division of Enforcement was developing a computer tracking system for referrals of Section 10A reports, as well as complaints concerning possible financial reporting violations. Please attach any status reports that document the development progress and eventual implementation of this “computer tracking system”.

Unfortunately, the helpful response from the SEC to my initial request was that a request for data for the period May 16, 2003 through May 31, 2011 was too extensive, especially because the above referenced “computer tracking system” had not yet been implemented.

So I revised my request to cover just the years since January 1, 2007 as a start. The idea was to replicate the statistics the GAO had prepared, at least. If I could also see the underlying reports and data, all the better.

In December the SEC responded to my request, but refused to provide information about three of the four inquiries. They cited confidential treatment of investigatory materials or they told me to do my own investigating. I will appeal. I can also appeal to the House Financial Services Committee’s Subcommittee on Oversight and Investigations. Maybe the Congressmen will make a new request to the GAO to update this important oversight report since it’s not been done during the post-Sarbanes-Oxley era and now post-financial crisis period.

It’s quite surprising that the one substantive response from the SEC I did get was to my FOIA inquiry regarding the number and case numbers of SEC actions filed, by year, between January 1, 2007 and September 30, 2011 against auditors for alleged violations of Section 10A for failing to report likely illegal acts materially impacting on a company’s financial statements.

The SEC replied that, “ a search was conducted of the Commission’s various systems of records, but did not locate or identify any information responsive to your request.”

There are still many unanswered questions about how and why the financial crisis frauds occurred. New frauds, such as the Chinese reverse merger frauds, took advantage of a public listing loophole that the SEC and auditors missed. All these investor losses occurred under the supposedly watchful eyes of auditors, who are paid dearly to protect shareholders but in many cases are either complicit, incompetent, or both.

Dear SEC, Please send me the following records:

SEC Response:

As was mentioned in our letter of October 25, 2011, the FOIA was not intended to compel agencies to become ad hoc investigators for requestors whose requests are not compatible with their own information retrieval systems.[8] Nor does the FOIA require agencies to conduct legal research and answer questions disguised as FOIA requests.[9] Consequently, we have processed the portions of your request where responsive records exist; however, we did not process the portions wherein questions are posed.

(1)  Please provide the number of Section 10A submissions, by year, from January 1, 2007 through September 30, 2011 and a copy of each report filed that identifies the registrant and the auditor and the date that the registrant received the Section 10A report from the auditor. The filing should include either a copy of the auditor’s report or a summary of the report including a description of the act that the auditor has identified as a likely illegal act and the possible effect of that act on the financial statements.

(2)  Please provide the status of the SEC actions on those 10A reports that were filed, by year, between January 1, 2007 and September 30, 2011.

SEC Response: After consulting with Commission staff, we have determined the following: With respect to items 1 and 2 of your request, responsive records are withheld in their entirety under FOIA Exemptions: 5 U.S.C. § 552 (b) (3) and 7(A), 17 CFR § 200.80 (b) (3) and (7) (i).

The internal records which consist of material pertaining to Rule 240 10A-1 are protected form disclosure under FOIA Exemption 3. Exemption 3 permits the withholding of documents specifically exempted from disclosure by another Federal statute. Section 240.10A-1 states in part, that records submitted under this section, “shall be deemed to be an investigative record and shall be non-public and exempt for disclosure pursuant to the Freedom of Information Act to the same extent an for the same periods of time that the Commission’s investigative records are non-public and exempt for disclosure under among other applicable provisions, 5 U.S.C. 552 (b) (7) and 17 CFR 200.80 (b) (7).” See, 17 CFR § 240.10A-1.

In addition, with respect to on-going enforcement activities pertaining to any f the 10A submissions, the records are protected form release under Exemption 7(A), which protects form disclosure records compiled for law enforcement purposes, the release of which could reasonably be expected to interfere with enforcement activities.

(3)  Please provide the number and case numbers of SEC actions filed, by year, between January 1, 2007 and September 30, 2011 against auditors for alleged violations of Section 10A for failing to report likely illegal acts materially impacting on a company’s financial statements.

SEC Response: With respect to Item 3 of your request, based on the information you provided in your letter, a search was conducted of the Commission’s various systems of records, but did not locate or identify any information responsive to your request.

(4)  Please provide the number of 8-Ks filed for auditor changes each year 2007-2010 and the number of requests for additional information from the registrants as needed to clarify matters reported on 8-Ks for auditor changes.

During this period, did the Division of Corporation Finance identify any significant potential violations of SEC laws and regulations as a result of auditor changes, or forward any matters to the Division of Enforcement for further investigation? How many were identified or forwarded, by year January 1, 2007 to September 30, 2011?  Please include status reports of these investigations, if any.

SEC Response: Finally, with respect to Item 4 of your request, a significant portion of the information sought is publicly available on our website at www.sec.gov under the section “Filings and Forms.” Specifically, anyone can search the EDGAR database for Form 8-Ks filed during any year, and for staff comment letters and response letters for any filings filed during 2007-2010. The Commission does not maintain a retrieval system designed for culling data based on the information cited in your request.

[2] U.S. General Accounting Office, Securities Exchange Act: Review of Reporting Under Section 10A, GAO/AIMD-00-54R (Washington, D.C.: Feb. 4, 2000).

[3] The PCAOB was established pursuant to the Sarbanes-Oxley Act of 2002 (Act) to oversee the audits of public companies that are subject to the U.S. Federal securities laws. As provided for by the Act, the PCAOB will set professional standards (including auditing, attestation, quality control, ethics, and independence standards) to be used by public accounting firms registered with the PCAOB in the preparation and issuance of audit reports of public companies.

[4] See letter from SEC Chairman Mary Schapiro, dated April 27, 2011, to the Chairman of the House Subcommittee on TARP, Financial Services, and Bailouts of Public and Private Programs, Congressman Patrick McHenry, at http://s.wsj.net/public/resources/documents/BARRONS-SEC-050411.pdf.

[5] See the discussion in the section in the PCAOB Alert on illegal acts.

[6] See SEC Press Release, Stop Order Proceedings Instituted Against China Intelligent Lightning and Electronics, Inc., and China Century Dragon Media, Inc. (June 13, 2011) at: http://www.sec.gov/news/press/2011/2011-127.htm

[7] See, e.g., Longtop Financial Technologies Limited, Form 6-K (May 23, 2011), Exhibit 2 at: http://www.sec.gov/Archives/edgar/data/1412494/000095012311052882/d82501 exv99w2.htm.

[8] Blakey v. DOJ, 549 F. Supp. 362, 366-367 (D.D.C. 1982).

[9] Satterlee v. IRS, No. 05-3181, 2006 WL 3160963, at *3 (W.D. Mo. Oct. 30, 2006).

Main page photo source: Adventures of a Ghanian

The PCAOB, the audit industry regulator, shamed global audit firm Deloitte recently when they exposed the private portion of the inspection report of the firm’s 2006 audits. It was the first time that had happened to one the Big Four audit firms, the largest firms that audit the vast majority of publicly listed firms in and out of the U.S..

I’m sure Deloitte, and the rest of the Big Four, thought the PCAOB would never have the nerve.

re: The Auditors has seen a confidential, internal Deloitte training document, prepared this past summer, that reveals the firm expects the worst when the inspection reports for their 2009, 2010, and 2011 audits are published by the PCAOB. The 2009 report should be out by the end of this year. The training document also shows how difficult it is for Deloitte leadership to steer the largest global firm away from the “audit failure” iceberg.

It seems audit competence and capacity to audit complex topics are in short supply at all the firms, based on PCAOB inspection results for audits conducted during the financial crisis period and the reports for 2010 audits at PwC and KPMG released recently. Deloitte has been particularly hard pressed to maintain audit quality since the firm lost several engagements that would have helped to grow specialized knowledge and retain experts. Big clients like Merrill Lynch, Bear Stearns, and Washington Mutual helped pay the bills for subject matter experts and quality control but those revenues were lost to financial crisis failures and forced combinations with better capitalized, non-audit client banks.

I think the PCAOB decided to publicly criticize Deloitte for two reasons.

• The firm has been piling on the negatives via a $1,000,000 fine/disciplinary sanction as a firm for a previous issue, two high level insider trading scandals (Flanagan and McClellan), the failures and frauds of Deloitte China clients CCME, Longtop and now Focus Media, and the specific failures of major clients during the crisis (Bear Stearns, Merrill Lynch, WaMu, Taylor Bean & Whitaker, American Home, and Royal Bank of Scotland, to name a few).
• Deloitte was resistant to the inspections, resistant to the criticisms, and unwilling to make changes based on the PCAOB’s requests. If you can’t fix something that’s one thing. If you won’t and thumb your nose at the regulator, you are getting close to Arthur Andersen-like behavior.

We know how that story ended.

If they did nothing, the PCAOB risked having a new major failure of a Deloitte client expose their lack of push on the firm to even respond, let alone improve.

I wrote in American Banker about the special risks to financial services firms when the regulated, like Deloitte, resists the regulator:

The PCAOB’s decision to make the Deloitte 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.

The risk for banks in a situation like this is that an auditor that brazenly irritates its regulator may draw unwanted attention to its clients from their regulators. For example, PCAOB spokeswoman Colleen Brennan reminds me that the SEC knows the names of every company whose audit deficiencies are mentioned in a PCAOB auditor inspection report.

These risks apply to all of Deloitte’s clients and to all public companies if the rest of the firms – KPMG, PwC, and Ernst & Young – are also playing chicken with the regulator.

A little more than a month after releasing the Deloitte private report, the PCAOB released the inspection reports for audits performed by PwC and KPMG in 2009. The Financial Times’ Kara Scannell summarizes the findings:

The Public Company Accounting Oversight Board’s findings from an annual inspection revealed that years after the financial crisis both auditing firms were not adequately challenging companies’ valuations of certain assets when the market for them dried up…

The board reviewed 71 audits completed by PwC in 2010 and 52 audits done by KPMG in 2010.

The Wall Street Journal’s Michael Rapoport tells us how bad the results really were:

The government’s auditing regulator found deficiencies in 28 audits conducted by PricewaterhouseCoopers LLP and 12 audits by KPMG LLP in its annual inspections of the Big Four accounting firms.

The Public Company Accounting Oversight Board said many of the deficiencies it found in its 2010 inspection reports of the two firms, released Monday, were significant enough that it appeared the firms didn’t obtain sufficient evidence to support their audit opinions.

The regulator hasn’t yet issued its yearly reports on its inspections of the other Big Four firms, Ernst & Young LLP and Deloitte LLP.

KPMG’s response to the PCAOB was not quite as belligerent as Deloitte’s persistent irritation at having their “professional judgment second-guessed”. But, it was not exactly conciliatory.

Floyd Norris of the New York Times:

Normally these letters say something like what KPMG wrote:

“We conducted a thorough evaluation of the matters identified in the draft report and addressed the engagement-specific findings in a manner consistent with PCAOB auditing standards and KPMG policies and procedures.”

You may note that said nothing about whether the firm accepted the board’s conclusions or not. That is better than what Deloitte did a few years ago, when it essentially said the board did not know what it was talking about.

PwC, on the other hand, met the regulator more than half way according to Norris:

PwC’s letter addressed that issue, saying that while there were cases where it differed with the board’s conclusions, “they generally related to the significance of the finding in relation to the audit taken as a whole, and not to the substance of the finding.”

“Accordingly,” wrote the PWC officials, “the overall PCAOB inspection results, as well as the results of our internal inspections, were important considerations in formulating our quality improvement plan,” which it then describes.

PwC’s spokesperson sent me this additional statement:

“PwC is built on our reputation for delivering quality. We also recognize that the role we play in the capital markets requires consistent, high-quality audit performance. We therefore are focused on the increase in the number of deficiencies in our audit performance reported in the 2010 PCAOB inspection over prior years. We are working to strengthen and sharpen the firm’s audit quality, including making investments designed to improve our performance over both the short- and long-term.”

Did the quality of the auditing really deteriorate for KPMG and PwC or is the PCAOB getting tougher, and maybe better, at what they do?

We’ll have to see what the upcoming Ernst & Young and Deloitte reports show. Ernst & Young has been criticized for the Groupon multiple S-1 issue, as well as questions about accounting at future IPOs Zynga and Facebook. Now we have Olympus, too. And, of course, the jury is still out on the firm’s role in Repo 105 and Lehman Brothers.

And what about the Deloitte improvement plan for prior years? Has Deloitte accepted the PCAOB’s criticisms and moved on or are they still fighting the regulator? Is Deloitte working hard to get ahead of their 2009, 2010, and 2011 results and avoid the embarrassment or worse – sanctions – if the PCAOB has to publish another private report?

The confidential internal training report, intended to brief Subject Matter Resources (SMR), is called, “FY 2012 Engagement Quality Activities”.

The Audit Quality Activity Plan for FY2012 has been socialized with:

1. –  The OAQ Steering Committee
2. –  The Audit Quality Council
3. –  The RMPs
4. –  The NPPDs
5. –  The RILs
6. –  Leaders in the PPN
7. –  Extended Leadership Team
8. –  CFO / CEO

Yeah, that’s a lot of acronyms. And I’m not sure anymore – maybe I’ve been out of the firms too long or maybe I was never in them enough – what “socializing” a quality plan means. Suffice to say, the document, one hundred and eight-one very dense PowerPoint pages, has tons of information for the SMRs to absorb and pass on to engagement teams like now.

But, by this summer, it was too late to make a difference in the inspection reports for the 2009 and 2010 audits.

2009

• Response submitted on May 4

2010

• Total of 98 comments (56 engagements inspected)
• Expect about 25 engagements to appear in Part I
• Draft report has not yet been issued

2011

• 33 engagements selected to date
• Focus areas
  – Continue to include: fair value and impairment determinations; internal controls – Also focusing more on revenue recognition
• 16 completed
  – 5 with no written comments
• Total of 24 comments on 11 completed inspections

If Deloitte sent their response to the PCAOB for the 2009 audits on May 4th, why are we still waiting for the final report? Given the PCAOB’s decision to release Part 2 of the inspection report for Deloitte’s 2006 audits last month, I believe Deloitte was still treating PCAOB comments as an affront to partners’ professional judgments.

What are the root causes for so many negative PCAOB comments, according to Deloitte?

When evaluating “what didn’t work” for the various engagement activities, the consistent refrains outlined in the training document are “started too late”, “not enough time”, and “greater discipline and consistency needed”.

But there’s a bigger problem when it comes to audit failures around complex topics like goodwill, deferred tax asset impairment, fair value determination of thinly traded securities, and management estimates of loan loss reserves. There’s a huge intellectual divide between the audit teams and the subject matter specialist teams.

Professionals who are experts in tax or valuation of complex derivatives, for example, are not experts in auditing standards. The auditors, and the education they receive in universities and in the firms, focuses on the technical aspects of accounting – they know GAAP chapter and verse but not GAAS. That’s how we ended up with a defense of Repo 105 from Ernst & Young that the treatment meets the GAAP requirements with no appreciation for the more subtle GAAS disclosure expectations. Until recently, the firms didn’t think the PCAOB would push them to meet such high standards for auditing as long as the accounting was, subject to “professional judgment”, right enough.

But that’s how the auditors missed, or justified looking the other way, as so many banks failed or had to be bailed out during the crisis. This attitude is evident when you read in the training document how many of Deloitte’s policies and methodologies have to be revised to now absolutely require certain tests and additional steps. The steps weren’t performed unless the firm considered them explicitly required. Unfortunately, there’s still a difference of opinion between Deloitte and the PCAOB about what the PCAOB auditing standards explicitly require.

Here’s one example from the Deloitte training document:

Auditing Standard No. 12 – Identifying and Assessing Risks of Material Misstatement

Understanding the company and its environment

Change to our Methodology: We shall consider reading public information about the company (e.g., analyst reports), observing or reading transcripts of earnings calls, obtaining an understanding of compensation arrangements with senior management, and obtaining information about trading activity in the company’s securities. (AS 12.11)

Key Takeaway: This is a more specific requirement for audits performed in accordance with the standards of the PCAOB. Previously, while we may have been considering these items in our audits, their consideration was not explicitly required by our policies or by professional standards.

How does Deloitte intend to meet this higher standard in a quick and dirty, cost effective way?

Run a report using “OneSource” that includes a company summary, corporate overview, strategic initiatives, strengths & weaknesses, competitors report, significant developments), News, Articles and Financial Statements.

Zippity doo da.  You now know everything you need to know about the company.

It doesn’t help that the audit firms business model accepts high turnover of staff during the first 5 years. It’s a model that auditors got away with when issues were not as complex as they are now, especially within financial services firms.

For example, how can a senior, someone with 2-4 years experience, test a complex structured derivative for potential fraud (i.e. think of the Abacus deal) which is, in reality, an embedded derivative with multiple tranches and economic and risk characteristics that may not be aligned with the host, sitting off balance sheet, after having been passed thru an SPV sponsored by a “too big to fail” bank?

The manager, senior manager, and partner typically have no idea what the subject matter expert, a member of Deloitte’s Financial Instrument Valuation Risk Analytic team, is talking about when he says the client’s models and assumptions are insufficient, outdated, or flawed. The audit team probably doesn’t even know what a synthetic CDO is.

The most egregious recent example of a subject matter being ignored  - it happened in Enron, too – is the case of KPMG’s expert on mortgage securitizations and repurchase risk being told, “We’re done here” when he warned at New Century Financial that the client’s models had obsolete assumptions. That ugly episode only came to light because of the New Century bankruptcy and a robust bankruptcy examiner’s report.

In the recently disclosed Part 2 of the 2006 Deloitte inspection report, the PCAOB told the firm that partners were ignoring experts, too.

The inspection team identified six engagements where there were deficiencies in the procedures relating to the use of the work of specialists. These deficiencies included five engagements where there was no evidence in the audit documentation, and no persuasive other evidence, that the Firm had tested certain data or assumptions that the issuer had provided to the specialist (beyond, in one instance, inquiry of management).

In the sixth engagement, as part of their tests of the issuer’s annual goodwill impairment test, the Firm’s internal valuation specialists performed various sensitivity analyses to resolve concerns the specialists had raised regarding the issuer’s method for evaluating goodwill. For some of the issuer’s reporting units, the sensitivity analyses indicated the fair value of the unit might be considerably lower, or considerably higher, than the unit’s carrying value. The Firm failed to perform further, more precise sensitivity analyses, or other procedures, to determine whether the goodwill associated with these units was impaired.

Deloitte did not use its specialized SEC reporting and GAAP/IFRS consultation group well either.

The inspection team identified complex fact patterns in significant accounting and auditing areas, which were associated with deficiencies noted in seven engagements,35/ including five engagements36/ discussed in Part I.A, where the engagement teams did not consult with the Firm’s National Accounting Research or Quality Assurance departments. In addition, * * * * engagement teams consulted in three instances at below “Level A,” and neither the engagement team nor the National Accounting Research personnel raised the issue to a higher level as allowed by the policies.

Is Deloitte truly committed to a sea change in tone as well as technique? Seems to me the firm puts an enormous burden on the “soldiers” on the front lines and not enough on the “generals”, the partners who sign the opinions.

I’m not convinced they’re committed. Based on this document, and insider reports, I believe the the firm is still resistant. The firm’s big hope is probably that the spotlight moves away from Deloitte when something happens at another firm. Perhaps it will be a new development in the New York Attorney General’s case against Ernst & Young for Lehman.

But I do think the PCAOB is getting bolder and won’t be letting up on the audit firms.  The recent inspection reports on PwC and KPMG 2009 audits are proof of this.

Here in Chicago, everyone is mad and no one knows who has the answers.

MF Global’s auditor is PricewaterhouseCoopers, who inherited the client when Man Financial, also a client, spun off the brokerage firm in 2007.

Almost everyone wondering where the missing MF Global customer assets have gone thinks they will show up eventually.

I believe the assets are long gone.

Unlike the shell game, there is no bean under the MF Global dixie cup. The mixed bag of marketable securities taken from customer segregated accounts, used most likely to meet margin calls and satisfy “important” customers closing accounts during the last days, will, in my opinion, never be seen again.

Too much time has passed for anyone to still reasonably expect that the “discrepancy” is just a timing difference or a misallocation between accounts, according to several sources who prefer to remain anonymous because of the sensitivity of the situation. All of the statements made on the record by those in a position to know point to assets taken out of the firm and now gone for good.

CFTC in bankruptcy filing October 31 according to The Financial Times: The CFTC, in a court filing, revealed MF Global’s general counsel Laurie Ferber emailed the regulator at 7.18pm Monday – hours after the bankruptcy filing – to say that it had “discovered a significant shortfall in its segregated funds account”.

Joint statement of CFTC and SEC on November 1: “Early this morning, MF Global informed the regulators that the transaction had not been agreed to and reported possible deficiencies in customer futures segregated accounts held at the firm.”

The CME Group on November 2: “CME completed its on-site review last week. [Reportedly Monday.] At that time, the results of our review indicated that MF Global was in compliance with its segregation requirements.  It now appears that the firm made subsequent transfers of customer segregated funds in a manner that may have been designed to avoid detection insofar as MF Global did not disclose or report such transfers to the CFTC or CME until early morning on Monday, October 31, 2011.”

Read the rest at Forbes.com, MF Global Assets Have Left The Building: How, When, Where.

Other stories of mine about this issue include:

At Forbes:

October 31, 2011 MF Global : 99 Problems And Auditor PwC Warned About None

At American Banker:

Auditor PwC Should Have Been on Top of MF Global
November 4, 2011 If MF Global commingled client funds, it would be PwC’s fault as much as Jon Corzine’s.

Are Cozy Ties Muzzling S&P on MF Global Downgrade?
October 28, 2011 Jon Corzine’s old ways got his firm into trouble. Now he’s hoping old ties will bail it out.

Main page image, “Elvis has left the building” by Simon Crubellier.

I’m surprised there hasn’t been more speculation about who the issuers are in all of Deloitte’s inspections reports. Wouldn’t it be nice if all the issuers in all the inspection reports were disclosed?

Every once and a while someone accuses me of being harder on one firm than another. Typically he/she thinks I’m being too hard on PwC, since I worked there last.  Someone even swore I must have worked for RSM McGladrey given the one or two times I wrote critically about that firm. And there’s a host of folks that think I alternately hate KPMG or Ernst & Young more than the rest.

Deloitte has a special place in my heart. Their office here in Chicago is a really big one. The firm bought my beloved BearingPoint Public Services practice when my employer from my Latin America days went bankrupt. And Deloitte generated probably the most active commenter forums on my blog during their recurring layoffs between 2007-2009.

Right now Deloitte may look like the worst of the Big Four but only because Deloitte is the most publicly incorrigible. That could change at any time. It would be easy to make a case that any of the four largest global firms was on the brink of being put out of their misery, not by an SEC or DOJ charge, but by a preponderance of private legal actions that have become a time and money sinkhole. Deloitte is the current example of a firm – like Ernst & Young is because of Lehman – that’s preoccupied with litigation. They’ve taken their eye off the audit quality ball.

Enron was the catalyst for the U.S. Department of Justice to criminally indict global audit firm Arthur Andersen causing its collapse. But it wasn’t Enron alone that forced DOJ to act. Arthur Andersen made a number of promises to regulators to improve and never sin again that were, over and over, not kept.

In October of 2008, the SEC and FINRA – not Deloitte – caught a Deloitte Vice Chairman trading on insider information in several Fortune 500 clients, including audit clients. Each of those Deloitte audit clients – Berkshire Hathaway among them – was forced to conduct an internal investigation to confirm Deloitte’s independence before Deloitte could continue as the auditor.

The same specific audit engagement criticisms as 2006 show up in subsequent inspection reports for Deloitte’s 2007 and 2008 audits.

• In 2007, application of generally accepted accounting principles and generally accepted auditing standards pertaining to hedge accounting for interest rate swaps, including the failure to identify two related departures from generally accepted accounting principles
• In 2007 and 2008, application of generally accepted accounting principles and generally accepted auditing standards pertaining to the accounting for deferred tax assets, including in one case a failure to identify a departure from generally accepted accounting principles
• In 2008, failure to identify a material weakness in an issuer’s internal controls over its allowance for doubtful accounts

The Deloitte U.S. CEO admitted in its “2010 Advancing Quality Through Transparency Inaugural Report”, that the PCAOB again privately criticized similar quality control issues during inspections of 2007 and 2008 audits. In addition, internal Deloitte reports described more than 475 reprimands to staff and partners in 2009 for infractions such as not following policies regarding auditor independence.

In December of 2010 another Deloitte partner was accused of insider trading.

Many of the audit risk issues described in earlier Deloitte inspection reports show up again in a summary prepared by the PCAOB of its inspectors’ observations during the financial crisis. (The PCAOB says the inspection report for Deloitte’s 2009 audits should be issued by the end of 2011.)

In April of 2011, Navistar – a client for almost 100 years until it fired Deloitte in 2005 – sued Deloitte for fraud, fraudulent concealment, negligent misrepresentations, and professional malpractice amongst other claims. The suit, for 2002-2005 audits, is pending and its merits have not yet been judged. But it raises some interesting issues about the use of the PCAOB’s inspection reports in private litigation, including the non-public portion once it is disclosed.

According to Navistar, the PCAOB selected the company as one of the Deloitte audits to review in 2003 and found several deficiencies. Deloitte audit partners for a Navistar subsidiary,  Christopher Anderson and  Thomas Linden, were sanctioned by the PCAOB. Navistar’s lawsuit claims that Deloitte had a duty to disclose to their audit committee the full scope of what the company says were the PCAOB’s concerns about the auditor’s quality controls. The lawsuit refers to the private portion of Deloitte’s inspection report for 2004 audits.

Why does it take so long for the PCAOB to publish the inspection reports and the public portion of the private report after the firm’s time to respond is up? It’s been five years since the 2006 audits, three years since the inspection report was published, two years since the twelve-month window for Deloitte to make corrections closed.

SEC Rule 104(h)(1), adopted quietly with no comment or press release in the fall of 2010, builds in an additional delay before publishing potentially controversial reports. Although the rule keeps the SEC process private, and the PCAOB is not allowed to discuss whether any particular audit firm appealed to the SEC over its report, the delay allows time for an audit firm to seek SEC redress.

Sources close to the issue tell me Deloitte definitely appealed the PCAOB’s threat to go public.

Keep in mind that while Deloitte bickers with the PCAOB, the audit firm charges hundreds of millions to produce auditor opinions for banks and systemically important companies that were bailed out, forcibly acquired on the brink of failure, or effectively nationalized.

Deloitte was the auditor for Bear Stearns, Merrill Lynch, Washington Mutual, Taylor Bean & Whitaker, American Home, and Beazer. None of these, except Beazer, is still standing. Deloitte has been sued for its audits of all of them.

Deloitte is still the auditor for Fannie Mae, GM and GMAC, and Morgan Stanley. All of these companies received bailouts.

Deloitte also audits the entire Federal Reserve system, and Berkshire Hathaway and BlackRock – two of the major players that supported the recovery of financial system during and after the crisis.

Jim Doty, Chairman of the PCAOB since January, said in a recent speech that the Board was disappointed in the audit firms’ approach to disclosing the results of PCAOB inspection reports to clients. “We hear that auditors are often less than forthcoming with audit committees that try to elicit information about inspection results…”

Here’s a short excerpt from my column on Tuesday at American Banker, “Bankers, Beware An Auditor That Blows Off Its Regulator”.

The PCAOB’s decision to make the 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.

The risk for banks in a situation like this is that an auditor that brazenly irritates its regulator may draw unwanted attention to its clients from their regulators. For example, PCAOB spokeswoman Colleen Brennan reminds me that the SEC knows the names of every company whose audit deficiencies are mentioned in a PCAOB auditor inspection report.

Please read the rest at American Banker.

Section 304 of the Sarbanes-Oxley Act of 2002, which covers clawbacks, is, on its face, a strict liability provision but the SEC has been exercising “prosecutorial discretion” when applying the statute.

The Dodd-Frank Act will expand the population of those potentially liable for clawbacks and the time period used to calculate the paybacks. The new law also drops the prerequisite under Sarbanes-Oxley that there has to be misconduct before paybacks are expected.

I covered this, and other provisions of Dodd-Frank that expand, retract, or revise Sarbanes-Oxley statutes, in a recent OpEd at Boston Review.

John White, a partner with law firm Cravath, Swaine & Moore LLP and a former Director of the SEC’s Division of Corporation Finance, believes the public and the media should focus on Dodd-Frank’s new Section 954 clawback provisions, not the SEC’s enforcement record under Sarbanes-Oxley:

“Dodd-Frank is much broader than SOX 304 and it’s mandatory. All listed companies will have to have clawback policies and enforce them. No misconduct is required — just an accounting error and a restatement. All present and former officers are covered. This could have a big impact and alter how incentive compensation is structured.”

As long as there’s a mismatch between what an executive should have earned under restated financial results and what they got based on errors or fraud, Dodd-Frank says they’re supposed to give back the excess to their companies. If not, the SEC can litigate to force them to return it. Although there is no private cause of action under Section 304 – only the SEC can bring a claim – under Dodd-Frank companies or shareholders could potentially sue a present or former officer to recoup compensation based on employment contracts that stipulate compliance with new mandatory company policies and procedures.

What both the Sarbanes-Oxley Act of 2002 and Dodd-Frank’s clawback provision do require is a restatement. The restatement of financial results to correct material errors – whether those errors occurred by default or by design – is a necessary condition for enforcing both the Sarbanes-Oxley Section 304 provision and the new Dodd-Frank law.

The Sarbanes-Oxley Section 304 law is very specific, according to attorney Stephen Quinlivan of Leonard Street and Deinard:

Morgenson uses the term “clawback” in a broad, non-technical sense to cover any recovery of compensation from a public company’s executives. As written, Sarbanes-Oxley includes only a narrow statutory disgorgement provision. It applies only to a CEO and CFO, and only where there has been “misconduct” that resulted in a “restatement.”

Morgenson doesn’t mention the impact of the Dodd-Frank law on clawbacks in her piece. Her point is: The bark of Sarbanes-Oxley’s clawback provision has been much worse than its bite.

But the Sarbanes-Oxley enforcement numbers are much worse than Morgenson cites. Morgenson supports her argument by citing unattributed statistics. She also incorrectly interprets the Sarbanes-Oxley Section 304 law. As a result, Morgenson credits three cases by name as Sarbanes-Oxley 304 enforcement that are not. She also neglects to mention a key one that is.

It appears Morgenson may have based her numbers on a review of the SEC initial complaints that included a Section 304 allegation, amongst many other allegations, when they started their enforcement journey. If Morgenson took the SEC’s word for what constituted a case and what did not, it’s not surprising that the regulator might have padded grim numbers with cases that are still pending or that, in the end, didn’t meet the strict Section 304 requirements.

That approach overstates the SEC’s efforts and certainly misstates their enforcement effectiveness.

It’s a long road, sometimes years, from complaint to settlement or adjudication. Only a few cases that the SEC filed with Section 304 amongst the litany of allegations have survived all the motions to dismiss and legal maneuvers from both sides. Along the way, the Section 304 allegation is often dropped.

Sometimes it’s pure expediency. The SEC wants to close the case, notch their gun and move on. A negotiated settlement is the fastest and easiest way to get some money back from the executives. Sometimes the facts don’t fit the law’s requirements. That happens when there’s no restatement, a necessary condition for taking credit for a Section 304  – or a Dodd-Frank – clawback enforcement.

Dorsey & Whitney’s Tom Gorman, who authors the blog, SEC Action, sympathizes with Morgenson. It’s not easy to verify the SEC’s record of enforcement of this statute.

The article does make a point. The SEC is inconsistent in how it applies the statute. It does not apply it in every case where it might. Nor does there seem to be any logic to how and when they apply it.

In those cases where the SEC chooses to apply the statute they seem to want the full measure of repayment as written by the statute.

For example, one key case Morgenson does not mention, SEC v. Jenkins, was the first “innocent executive” case brought under Section 304. The complaint admits the CEO was not involved in the wrongful conduct. The SEC sought recovery of bonuses and incentives from Jenkins, the CEO of CSK, but he was not the one who committed the misconduct that caused the restatement. However, the SEC’s Commissioners recently rejected a recommendation from SEC enforcement staff to settle for less than half the amount claimed in Jenkins complaint. The SEC enforcement staff was ready to settle for less than, presumably, the full Section 304 measure of repayment.

In other cases, the SEC realizes, after additional investigation and the passage of time, that the case doesn’t fit the strict requirements of Section 304. Maybe there’s no restatement or maybe misconduct can’t be easily proved. The result is a settlement and a negotiated recovery of some money from the CEO, CFO, maybe a controller, that may or may not be reimbursed to the company – it’s not always clear – and is no longer identified as a Section 304 enforcement.

Morgenson mentions the very first Section 304 case in 2007 but not by name. SEC v. McGuire was settled not litigated and the SEC considers it their first enforcement of the law.

One case that figures prominently in Morgenson’s piece is SEC v. Morrice. The original complaints filed against Morrice the CEO, the company’s CFO, and its controller included Section 304 allegations. Maybe it was hard to resist including this case in the story because it refers to the failure of New Century Financial, the second largest mortgage originator at the time. This failure was one from the “subprime crisis”, which led to the credit crisis in early 2008 and, finally, to the full blown financial crisis that was precipitated by the failure of Lehman Brothers in September of 2008.

But New Century Financial is not a Section 304 clawback case because there was never a restatement of financial results. New Century began to implode after the company announced the necessity of a restatement. But that restatement never happened. The company filed bankruptcy two months later.

Many of the early backdating cases that may be pumping up the statistics Morgenson cites are most likely the SEC’s attempt to “have their cake and eat it too”. The cases may have resulted in some type of financial recovery or disgorgement from CEOs and CFOs. But some, like SEC v. Mercury Interactive, were no longer Section 304 cases when they settled – CFO Abrams voluntarily repaid the stock option proceeds to the company.

Or the Section 304 claim was dismissed because there was no restatement, even if the SEC claimed there should have been one. That’s the point the defendant argued – and won – in SEC v. Shanahan. Or the cases are “administratively closed” pending resolution of criminal charges like SEC v. Brooks. By the time these cases get to the finish line, the SEC can drop the Section 304 claim or the entire civil case altogether.

SEC v Brooks raised another interesting issue that will become even more important under Dodd-Frank’s “clawback” provisions.

Brooks, CEO of DHB Industries, and Schlegal, the CFO, sought indemnification for any Section 304 claims from the company. In their settlement of a shareholder’s derivative suit brought as a result of the fraud, insider trading, and accounting violations at DHB Industries, the company agreed to pay any penalties imposed by the SEC on the CEO and CFO.

A judge told DHB Industries that Section 304 did not allow that.

The SEC’s decision to pursue Section 304 relief is not solely intended to reimburse a company; it also furthers important public purposes. The Section 304 remedy is an enforcement mechanism that ensures the integrity of the financial markets… In sum, companies themselves do not have the authority effectively to exempt persons from § 304 liability.

The new Dodd-Frank “clawback” provisions are “listing standards”. That means the SEC will write rules to comply with the new law but the rules will be enforced by exchanges who must write their own rules. The exchange rules will be used by companies to develop internal policies and procedures that will address reimbursement issues as they arise.

The SEC’s most recent published schedule for Dodd-Frank rule writing says that a proposal on Dodd-Frank Section 954 clawback rules is expected by the end of the year and a final rule to exchanges by the end of the second quarter of 2012. It’s going to be even longer before companies are ready to enforce these provisions. In the meantime, companies and their lawyers are raising significant objections to them.

Dorsey & Whitney’s Gorman would like to see Dodd-Frank Section 954 applied in a manner which encourages corporate executives to strictly adhere to their duty to monitor.

The point in applying the statute should be to encourage executives to prevent wrong doing in the first instance by carefully monitoring and having “best practices” systems.

Ideally, the new Dodd-Frank provisions, and Sarbanes-Oxley Section 304 in the meantime, can and should be enforced more often and more consistently.

My analysis of the Section 304 cases mentioned in Morgenson’s piece and others of note, as of September 15, 2011, is here.

Main page image from this site of Lady Gaga in Alexander McQueen’s lobster claw shoes.

Here in the U.S. the PCAOB has been busy. I’ll give them – mostly Chairman James Doty and the Investor Advisory Group led by Board Member Steve Harris – credit for that. The Investor Advisory Group – rather, the boldest amongst them – recently sent a letter to the PCAOB to provide comments on the PCAOB’s June 21, 2011 Concept Release entitled Possible Revisions to PCAOB Standards Related to Reports on Audited Financial Statements and Related Amendments to PCAOB Standards.

It is worth noting that a number of other parties agree that the current form of the auditor’s report fails to meet the legitimate needs of investors.  First, the U.S. Treasury Advisory Committee on the Auditing Profession (ACAP) called for the PCAOB to undertake a standard-setting initiative to consider improvements to the standard audit report.  The ACAP members support “… improving the content of the auditor’s report beyond the current pass/fail model to include a more relevant discussion about the audit of the financial statements.”

Second, surveys conducted by the CFA Institute in 2008 and 2010 indicate that research analysts want auditors to communicate more information in their reports.

Finally, even leaders of the accounting profession have acknowledged that the audit report needs to become more relevant.  In testimony before ACAP, Dennis Nally, Chairman of PwC International stated, “It’s not difficult to imagine a world where the … trend to fair value measurement — lead one to consider whether it is necessary to change the content of the auditor’s report to be more relevant to the capital markets and its various stakeholders.”

Finally, leaders of the accounting profession have previously stated that changes to the audit report should reflect investor preferences.  In their 2006 White Paper, the CEOs of the six largest accounting firms stated, “The new (reporting) model should be driven by the wants of investors and other users of company information …” (their emphasis).

Before we turn to a discussion of the IAG investor survey, we believe it is important to underscore the fundamental but often overlooked fact that the issuer’s investors, not its audit committee or management team or the company itself, are the auditor’s client. It is therefore not only appropriate, but essential, that investors’ views and preferences take center stage as the PCAOB considers possible changes to the format and content of the audit report.

In the meantime, I’ve written two articles about the proposals on auditor regulation before the European Commission.

In Forbes, I told you not to count on Europe to reform the audit model or auditors, in general.

The audit industry is reportedly under siege in Europe and on the verge of being broken up, restrained, and rotated until all the good profit is spun out.

This is neither a foregone conclusion nor highly likely.

The European Commission’s internal markets commissioner Michel Barnier is talking tough, but the rhetoric should be no surprise to those who have been following the European response to the financial crisis closely…

Please read the rest at Forbes.com, “Don’t Count On Europe To Reform Auditors And Accounting”.

In American Banker, I focused on the impact of auditor reforms on financial services. Why is the European Commission taking such strong action now? Why is the U.S. lagging so far behind?

The clamor for accountability from the auditors for financial crisis failures and losses has been much louder, much stronger, and going on much longer in the U.K. and Europe, than in the United States. Barnier’s most dramatic proposals are viewed by most commenters as a reaction to the bank failures. “Auditors play an essential role in financial markets: financial actors need to be able to trust their statements,” Barnier told the Financial Times. “There are weaknesses in the way the audit sector works today. The crisis highlighted them.”

There’s is a concern on both sides of the Atlantic over long-standing auditor relationships.

The average auditor tenure for the largest 100 U.S. companies by market cap is 28 years. The U.S. accounting regulator, the PCAOB, highlighted the auditor tenure trap in its recent Concept Release on Auditor Independence and Auditor Rotation. According to The Independent, quoting a recent House of Lords report, only one of the FTSE 100 index’s members uses a non-Big Four firm and the average relationship lasts 48 years. Some of the U.S. bailout recipients — General Motors, AIG, Goldman Sachs, Citigroup — and crisis failure Lehman had as long or longer relationships with their auditors…

Please read the rest at American Banker, “Bank Debacles Drive Europe to Raise the Bar on Audits”.

Three posts that followed soon after the piece below include a nice quote in BusinessWeek and Part One and Part Two of my discussion of the Ernst & Young response to the release of the Lehman bankruptcy examiner’s report.  The firm’s first move was to send a letter to an Audit Committee members group – always selling – before they made any full response to the media about the bankruptcy examiner’s report. I was the first media outlet to publish the letter.

Finally, in September 2010, on the second anniversary of the bankruptcy, I had the honor of sitting on a panel at the New York County Lawyers Association with Jenner & Block’s Anton Valukas, the Lehman bankruptcy examiner, and Floyd Norris of the New York Times.

I prepared a post, “Top Ten Things Lawyers Should Know About Auditors,” for that occasion.

******************************************************************************************

The release of Anton Valukas’ Lehman Bankruptcy Examiner’s Report on March 11, 2010 threw a fresh match on the still smoldering remains of the 2008 failure. The mainstream media, regulators, legislators and the business community blamed everything but fraud for the financial crisis and everyone but the audit firms for preventing, warning, or mitigating the devastating impact of the crisis.

If you’ve been reading the stories on this site, however, you may have come to the conclusion that I did a long time ago:

There was widespread fraud at the highest levels and the Big 4 auditors will eventually be accused of malpractice and complicity for doing nothing to prevent it, to warn us, or mitigate the impact on stakeholders.

I’ve published several stories since 2007 on the mortgage originators that failed or were taken over and the lawsuits against their executives and auditors. This is not the first bankruptcy examiner’s report to provide a detailed litigation roadmap in a subprime/crisis era fraud and to point to auditor malpractice. The New Century Bankruptcy Examiner’s report made quite a splash, too, when it came out. It also provided a litigation roadmap and included a smoking gun set of emails that pointed to alleged complicity and malpractice by auditors KPMG.

From Kevin LaCroix’s D&O Diary site:

“…the new lawsuits follow more than a year after the February 29, 2008 581-page report of Michael Missal, the KPMG bankruptcy examiner, in which the examiner concluded that KPMG had “contributed” to certain of New Century’s “accounting and reporting deficiencies by enabling them to persist in, and in some instances, precipitating the Company’s departure from, applicable accounting standards.” A detailed review of the examiner’s report, including a link to the report itself, can be found here.

The examiner’s exhaustive review, which among other things specifically suggested the possibility of negligence claims against KPMG, was effectively a road map for the April 1 lawsuits. While the lawsuits might well have been filed even without the examiner’s report, few other prospective claimants considering “gatekeeper” litigation will have such a detailed script from which to compose their complaint.

The  collapse of Refco is another ongoing case that will become quite relevant to the Lehman case. In Refco, the Bankruptcy Examiner did a thorough job of dissecting the fraud, including the nature of “roundtrip” transactions orchestrated for the sole purpose of temporarily manipulating the Refco balance sheet.

Sound familiar?

Refco is actually a much closer case to Lehman than the Enron case, notwithstanding the strong role of the long auditor relationship in all three. The nature of the Lehman transactions used to commit the alleged fraud, the likelihood of early guilty pleas by corporate executives in Lehman like Refco, the difficulty of success with claims against third party advisors such as law firms and audit firms for aiding and abetting the fraud are more similar to Refco than Enron.

My most recent stories about Lehman and Ernst & Young began a month ago with a prediction that fraud allegations would center around standard accounting manipulation techniques such as round trip transactions, channel stuffing, and parking.

“…premised on some of the oldest tricks in the book for manipulating revenue recognition and, therefore, reported profits and incentive compensation payouts including stock options - roundtrips, parking, and channel stuffing. In another variation on the theme, global trading company Refco used a round trip loan to repeatedly hide a related-party transaction incurred to delay disclosure of significant uncollectible accounts.  It’s not like these techniques haven’t been used before (by AIG, for example) to offload risk and smooth earnings at quarter- and year-end.”

Although most media reports tended to pull out the tired tropes of Enron, off-balance sheet, and Sarbanes-Oxley, one journalist did pick up on my theory and analysis instead.

Without giving credit.

Some journalists questioned the wisdom of criminally prosecuting the Lehman executives. Without denying the potential for and the legal basis for prosecutions, John Carney of Clusterstock asked what purpose criminal prosecutions would serve.

I ask the opposite.

Whose interests would it serve to avoid criminal prosecutions?

My response to John Carney and a scathing indictment of his point of view by Ryan Chittum in The Audit, a Columbia Journalism Review (CJR) blog, earned me a substantial mention in a later post by Ryan at CJR.  I also was linked to by Aaron Task in a summary of the controversy on his Tech Ticker site.

I posted two stories in early 2008 discussing Erin Callan and Ian Lowitt, the last two non-accountant CFOs of Lehman, and the vilification of David Einhorn for questioning Lehman’s accounting.

A post on March 9th anticipated a defense which may be used by Ernst and Young in the Lehman case, in particular given its status as a bankruptcy trustee’s case.

In Pari Delicto: Are Auditors Equally At Fault In The Big Fraud Cases?

In addition to my Going Concern column written to comment on the John Carney/Ryan Chittum debate, I also wrote here on the major accusations against Ernst & Young in the Examiner’s Report.

Liberté, Egalité, Fraternité: Big Lehman Brothers Troubles For Ernst & Young

I have also posted a letter Ernst & Young sent to Audit Committee members defending themselves against the numerous allegations in the Lehman Examiner’s Report.

An Ernst & Young Response: Dear Audit Committee Member…

Update:

The Financial Times FTAlphaville blog links to the Audit Committee Letter this morning.

Reuters Emily Chasan picked up on this and linked to me today in her story on the Lehman whistleblower.

Blogger extraordinaire Zero Hedge follows up Emily Chasan’s story with his own including a shoutout to Emily and I.

The Times of London in the UK wrote a story this morning on the Audit Committee Letter with a link to re: The Auditors.

Accounting Web has the story here.

The UK’s Financial Reporting Council has begun an investigation into EYs role in the Lehman fraud. Expect to see much much more on this in the weeks to come. I wrote a short piece for Accounting Web UK to summarize the issues for their European audience.

Nowhere to hide: Accounting firms face increased scrutiny after Lehman report

I will be writing much more on this in the next few weeks. Topics I plan to address include looking more deeply into the valuation issues, which were barely touched on, the impact on the other large audit firms, the role of Lehman’s internal audit function, the specific accounting for the Repo 105 transactions, the relationship of this bankruptcy to the Lehman bankruptcy case in the UK, my prior theory about the fraud and additional theories for litigation.

A few things need to be cleared up regarding the SEC’s actions against Deloitte Shanghai, in particular because of inaccurate reporting at Reuters and superficial reporting at the other major media outlets.

• Having ‘Deloitte’ ‘KPMG’ PwC’ ‘EY’ in your name will not generate additional liability or obligation for a non-US audit firm beyond reputational risk.
• The SEC/PCAOB will not pull the registration of a major non-US member firm because of inability to inspect or lack of cooperation with subpoenas. The SEC/PCAOB left reckless Price Waterhouse India of Satyam fame open. Crippled, but still pumping out audits. Fortune 500 multinationals are too dependent on the auditors to use their member firms to get full scope audit coverage even if it’s a sham. As the story below demonstrates, the regulators are at risk of capture by the Big Four audit firms.
• There is no scenario where the SEC asks ‘Microsoft’ for their Chinese audit workpapers, as described by the Chinese academic source that Reuters quoted. The companies don’t have them. The SEC could tell “Microsoft” that their audit opinion is invalid, however, if they believe that a material consolidated portion of the company has been audited by a sham firm and the US firm does not adequately supervise, review, re-test or otherwise make up for this weakness. No valid audit means no exchange listing and the company also violates securities laws.
• Nor is there a scenario where auditors voluntarily give up doing Chinese audits. The business and its potential, like in India, is too lucrative.

To understand the level of regulatory capture in Deloitte’s case, you have to understand how close all the audit firms, but especially Deloitte right now, are to the SEC. I talked about it in my column: “File Under Regulatory Capture: Deloitte’s Fireside Chats”. Deloitte sponsors a program at the SEC Historical Society where they can launder their image and pretend they had nothing to do with the crisis-era crash of Bear Stearns, Washington Mutual, Merrill Lynch, Fanne Mae, Taylor Bean and Whitaker, and Royal Bank of Scotland, to name only the big ones.

On the way to looking for something else – a list of all the S.E.C. Chairmen, Chief Accountants, and Directors of Enforcement since 2000 – I found this. It’s a calendar entry for a program this fall at the U.S. Securities and Exchange Commission (S.E.C.) Historical Society:

Someone will say, “But that’s history. They’re not talking about the day-to-day management of the agency.”

Except…

• The current S.E.C. Chief Accountant is a former Deloitte partner, Jim Kroeker.
• Deloitte is the top Big Four audit firm donor to the Society.
• Deloitte is the only U.S. Big Four firm with a representative on the Society’s Board of Advisors.

According to the S.E.C. Historical Society website, “the Society is a 501(c)(3) non-profit organization, independent of the U.S. Securities and Exchange Commission.”

The S.E.C. Historical Society website has a page describing the Deloitte series. It includes the Deloitte logo and a link to their website.

Deloitte Fireside Chats are interactive programs on current issues in financial regulation of interest to the accounting and auditing professions. The audience for each Fireside Chat is invited to submit questions for the program prior to broadcast.

The SEC Historical Society collaborates with Deloitte to broadcast the Fireside Chats. The Society is responsible for the selection of the academic moderator for each Chat; the Society and Deloitte work together to determine the topics and presenters for each program.

Previous topics in the series include:

• Responsibility for Preventing and Detecting Financial Reporting Fraud
• Regulation in the Audit Profession: Yesterday, Today and Tomorrow
• Exploring Principles vs. Rules-Based Accounting and Auditing Standards
• The Role of Professional Judgment in Accounting and Auditing

For more about how Deloitte, as a firm, views these topics on a day-to-day basis, all over the world, you can read:

No Audit At All: Deloitte And Bear Stearns

Chinese Reverse Mergers: The Auditor Angle (Recent Chinese alleged frauds China Media Express and Longtop were both audited by Deloitte.)

Two Wildly Different Stories About Deloitte: Or Are They?

Slippery People: Corporate Governance At Berkshire Hathaway(Deloitte is the relatively inexpensive auditor for Berkshire Hathway. When a Deloitte Vice Chairman was sanctioned for trading in several Fortune 500 audit clients’ shares, including Berkshire stock, while serving as a client relationship partner to the companies’ audit committees, Berkshire cleared Deloitte of independence violations and kept them on anyway. Better the devil you know…)

Deloitte’s Troubles Bubble To The Surface (Deloitte lost big clients during the financial crisis – Bear Stearns, Merrill Lynch, Washington Mutual, and American Home, to name a few – and is responding to significant litigation as a result of their audit opinions. They’ve kept a few clients too, like Morgan Stanley, Fannie Mae and Royal Bank of Scotland, where some say they shouldn’t have.)

Auditors And Consulting: Claims of No Conflict Strain Credibility

Deloitte, Delphi, and GM: Duped or Duplicitious

Deloitte: Good Corporate Citizen, Good Soldier