The PCAOB, the audit industry regulator, shamed global audit firm Deloitte recently when they exposed the private portion of the inspection report of the firm’s 2006 audits. It was the first time that had happened to one the Big Four audit firms, the largest firms that audit the vast majority of publicly listed firms in and out of the U.S..

I’m sure Deloitte, and the rest of the Big Four, thought the PCAOB would never have the nerve.

re: The Auditors has seen a confidential, internal Deloitte training document, prepared this past summer, that reveals the firm expects the worst when the inspection reports for their 2009, 2010, and 2011 audits are published by the PCAOB. The 2009 report should be out by the end of this year. The training document also shows how difficult it is for Deloitte leadership to steer the largest global firm away from the “audit failure” iceberg.

It seems audit competence and capacity to audit complex topics are in short supply at all the firms, based on PCAOB inspection results for audits conducted during the financial crisis period and the reports for 2010 audits at PwC and KPMG released recently. Deloitte has been particularly hard pressed to maintain audit quality since the firm lost several engagements that would have helped to grow specialized knowledge and retain experts. Big clients like Merrill Lynch, Bear Stearns, and Washington Mutual helped pay the bills for subject matter experts and quality control but those revenues were lost to financial crisis failures and forced combinations with better capitalized, non-audit client banks.

I think the PCAOB decided to publicly criticize Deloitte for two reasons.

• The firm has been piling on the negatives via a $1,000,000 fine/disciplinary sanction as a firm for a previous issue, two high level insider trading scandals (Flanagan and McClellan), the failures and frauds of Deloitte China clients CCME, Longtop and now Focus Media, and the specific failures of major clients during the crisis (Bear Stearns, Merrill Lynch, WaMu, Taylor Bean & Whitaker, American Home, and Royal Bank of Scotland, to name a few).
• Deloitte was resistant to the inspections, resistant to the criticisms, and unwilling to make changes based on the PCAOB’s requests. If you can’t fix something that’s one thing. If you won’t and thumb your nose at the regulator, you are getting close to Arthur Andersen-like behavior.

We know how that story ended.

If they did nothing, the PCAOB risked having a new major failure of a Deloitte client expose their lack of push on the firm to even respond, let alone improve.

I wrote in American Banker about the special risks to financial services firms when the regulated, like Deloitte, resists the regulator:

The PCAOB’s decision to make the Deloitte 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.

The risk for banks in a situation like this is that an auditor that brazenly irritates its regulator may draw unwanted attention to its clients from their regulators. For example, PCAOB spokeswoman Colleen Brennan reminds me that the SEC knows the names of every company whose audit deficiencies are mentioned in a PCAOB auditor inspection report.

These risks apply to all of Deloitte’s clients and to all public companies if the rest of the firms – KPMG, PwC, and Ernst & Young – are also playing chicken with the regulator.

A little more than a month after releasing the Deloitte private report, the PCAOB released the inspection reports for audits performed by PwC and KPMG in 2009. The Financial Times’ Kara Scannell summarizes the findings:

The Public Company Accounting Oversight Board’s findings from an annual inspection revealed that years after the financial crisis both auditing firms were not adequately challenging companies’ valuations of certain assets when the market for them dried up…

The board reviewed 71 audits completed by PwC in 2010 and 52 audits done by KPMG in 2010.

The Wall Street Journal’s Michael Rapoport tells us how bad the results really were:

The government’s auditing regulator found deficiencies in 28 audits conducted by PricewaterhouseCoopers LLP and 12 audits by KPMG LLP in its annual inspections of the Big Four accounting firms.

The Public Company Accounting Oversight Board said many of the deficiencies it found in its 2010 inspection reports of the two firms, released Monday, were significant enough that it appeared the firms didn’t obtain sufficient evidence to support their audit opinions.

The regulator hasn’t yet issued its yearly reports on its inspections of the other Big Four firms, Ernst & Young LLP and Deloitte LLP.

KPMG’s response to the PCAOB was not quite as belligerent as Deloitte’s persistent irritation at having their “professional judgment second-guessed”. But, it was not exactly conciliatory.

Floyd Norris of the New York Times:

Normally these letters say something like what KPMG wrote:

“We conducted a thorough evaluation of the matters identified in the draft report and addressed the engagement-specific findings in a manner consistent with PCAOB auditing standards and KPMG policies and procedures.”

You may note that said nothing about whether the firm accepted the board’s conclusions or not. That is better than what Deloitte did a few years ago, when it essentially said the board did not know what it was talking about.

PwC, on the other hand, met the regulator more than half way according to Norris:

PwC’s letter addressed that issue, saying that while there were cases where it differed with the board’s conclusions, “they generally related to the significance of the finding in relation to the audit taken as a whole, and not to the substance of the finding.”

“Accordingly,” wrote the PWC officials, “the overall PCAOB inspection results, as well as the results of our internal inspections, were important considerations in formulating our quality improvement plan,” which it then describes.

PwC’s spokesperson sent me this additional statement:

“PwC is built on our reputation for delivering quality. We also recognize that the role we play in the capital markets requires consistent, high-quality audit performance. We therefore are focused on the increase in the number of deficiencies in our audit performance reported in the 2010 PCAOB inspection over prior years. We are working to strengthen and sharpen the firm’s audit quality, including making investments designed to improve our performance over both the short- and long-term.”

Did the quality of the auditing really deteriorate for KPMG and PwC or is the PCAOB getting tougher, and maybe better, at what they do?

We’ll have to see what the upcoming Ernst & Young and Deloitte reports show. Ernst & Young has been criticized for the Groupon multiple S-1 issue, as well as questions about accounting at future IPOs Zynga and Facebook. Now we have Olympus, too. And, of course, the jury is still out on the firm’s role in Repo 105 and Lehman Brothers.

And what about the Deloitte improvement plan for prior years? Has Deloitte accepted the PCAOB’s criticisms and moved on or are they still fighting the regulator? Is Deloitte working hard to get ahead of their 2009, 2010, and 2011 results and avoid the embarrassment or worse – sanctions – if the PCAOB has to publish another private report?

The confidential internal training report, intended to brief Subject Matter Resources (SMR), is called, “FY 2012 Engagement Quality Activities”.

The Audit Quality Activity Plan for FY2012 has been socialized with:

1. –  The OAQ Steering Committee
2. –  The Audit Quality Council
3. –  The RMPs
4. –  The NPPDs
5. –  The RILs
6. –  Leaders in the PPN
7. –  Extended Leadership Team
8. –  CFO / CEO

Yeah, that’s a lot of acronyms. And I’m not sure anymore – maybe I’ve been out of the firms too long or maybe I was never in them enough – what “socializing” a quality plan means. Suffice to say, the document, one hundred and eight-one very dense PowerPoint pages, has tons of information for the SMRs to absorb and pass on to engagement teams like now.

But, by this summer, it was too late to make a difference in the inspection reports for the 2009 and 2010 audits.

2009

• Response submitted on May 4

2010

• Total of 98 comments (56 engagements inspected)
• Expect about 25 engagements to appear in Part I
• Draft report has not yet been issued

2011

• 33 engagements selected to date
• Focus areas
  – Continue to include: fair value and impairment determinations; internal controls – Also focusing more on revenue recognition
• 16 completed
  – 5 with no written comments
• Total of 24 comments on 11 completed inspections

If Deloitte sent their response to the PCAOB for the 2009 audits on May 4th, why are we still waiting for the final report? Given the PCAOB’s decision to release Part 2 of the inspection report for Deloitte’s 2006 audits last month, I believe Deloitte was still treating PCAOB comments as an affront to partners’ professional judgments.

What are the root causes for so many negative PCAOB comments, according to Deloitte?

When evaluating “what didn’t work” for the various engagement activities, the consistent refrains outlined in the training document are “started too late”, “not enough time”, and “greater discipline and consistency needed”.

But there’s a bigger problem when it comes to audit failures around complex topics like goodwill, deferred tax asset impairment, fair value determination of thinly traded securities, and management estimates of loan loss reserves. There’s a huge intellectual divide between the audit teams and the subject matter specialist teams.

Professionals who are experts in tax or valuation of complex derivatives, for example, are not experts in auditing standards. The auditors, and the education they receive in universities and in the firms, focuses on the technical aspects of accounting – they know GAAP chapter and verse but not GAAS. That’s how we ended up with a defense of Repo 105 from Ernst & Young that the treatment meets the GAAP requirements with no appreciation for the more subtle GAAS disclosure expectations. Until recently, the firms didn’t think the PCAOB would push them to meet such high standards for auditing as long as the accounting was, subject to “professional judgment”, right enough.

But that’s how the auditors missed, or justified looking the other way, as so many banks failed or had to be bailed out during the crisis. This attitude is evident when you read in the training document how many of Deloitte’s policies and methodologies have to be revised to now absolutely require certain tests and additional steps. The steps weren’t performed unless the firm considered them explicitly required. Unfortunately, there’s still a difference of opinion between Deloitte and the PCAOB about what the PCAOB auditing standards explicitly require.

Here’s one example from the Deloitte training document:

Auditing Standard No. 12 – Identifying and Assessing Risks of Material Misstatement

Understanding the company and its environment

Change to our Methodology: We shall consider reading public information about the company (e.g., analyst reports), observing or reading transcripts of earnings calls, obtaining an understanding of compensation arrangements with senior management, and obtaining information about trading activity in the company’s securities. (AS 12.11)

Key Takeaway: This is a more specific requirement for audits performed in accordance with the standards of the PCAOB. Previously, while we may have been considering these items in our audits, their consideration was not explicitly required by our policies or by professional standards.

How does Deloitte intend to meet this higher standard in a quick and dirty, cost effective way?

Run a report using “OneSource” that includes a company summary, corporate overview, strategic initiatives, strengths & weaknesses, competitors report, significant developments), News, Articles and Financial Statements.

Zippity doo da.  You now know everything you need to know about the company.

It doesn’t help that the audit firms business model accepts high turnover of staff during the first 5 years. It’s a model that auditors got away with when issues were not as complex as they are now, especially within financial services firms.

For example, how can a senior, someone with 2-4 years experience, test a complex structured derivative for potential fraud (i.e. think of the Abacus deal) which is, in reality, an embedded derivative with multiple tranches and economic and risk characteristics that may not be aligned with the host, sitting off balance sheet, after having been passed thru an SPV sponsored by a “too big to fail” bank?

The manager, senior manager, and partner typically have no idea what the subject matter expert, a member of Deloitte’s Financial Instrument Valuation Risk Analytic team, is talking about when he says the client’s models and assumptions are insufficient, outdated, or flawed. The audit team probably doesn’t even know what a synthetic CDO is.

The most egregious recent example of a subject matter being ignored  - it happened in Enron, too – is the case of KPMG’s expert on mortgage securitizations and repurchase risk being told, “We’re done here” when he warned at New Century Financial that the client’s models had obsolete assumptions. That ugly episode only came to light because of the New Century bankruptcy and a robust bankruptcy examiner’s report.

In the recently disclosed Part 2 of the 2006 Deloitte inspection report, the PCAOB told the firm that partners were ignoring experts, too.

The inspection team identified six engagements where there were deficiencies in the procedures relating to the use of the work of specialists. These deficiencies included five engagements where there was no evidence in the audit documentation, and no persuasive other evidence, that the Firm had tested certain data or assumptions that the issuer had provided to the specialist (beyond, in one instance, inquiry of management).

In the sixth engagement, as part of their tests of the issuer’s annual goodwill impairment test, the Firm’s internal valuation specialists performed various sensitivity analyses to resolve concerns the specialists had raised regarding the issuer’s method for evaluating goodwill. For some of the issuer’s reporting units, the sensitivity analyses indicated the fair value of the unit might be considerably lower, or considerably higher, than the unit’s carrying value. The Firm failed to perform further, more precise sensitivity analyses, or other procedures, to determine whether the goodwill associated with these units was impaired.

Deloitte did not use its specialized SEC reporting and GAAP/IFRS consultation group well either.

The inspection team identified complex fact patterns in significant accounting and auditing areas, which were associated with deficiencies noted in seven engagements,35/ including five engagements36/ discussed in Part I.A, where the engagement teams did not consult with the Firm’s National Accounting Research or Quality Assurance departments. In addition, * * * * engagement teams consulted in three instances at below “Level A,” and neither the engagement team nor the National Accounting Research personnel raised the issue to a higher level as allowed by the policies.

Is Deloitte truly committed to a sea change in tone as well as technique? Seems to me the firm puts an enormous burden on the “soldiers” on the front lines and not enough on the “generals”, the partners who sign the opinions.

I’m not convinced they’re committed. Based on this document, and insider reports, I believe the the firm is still resistant. The firm’s big hope is probably that the spotlight moves away from Deloitte when something happens at another firm. Perhaps it will be a new development in the New York Attorney General’s case against Ernst & Young for Lehman.

But I do think the PCAOB is getting bolder and won’t be letting up on the audit firms.  The recent inspection reports on PwC and KPMG 2009 audits are proof of this.

Here in Chicago, everyone is mad and no one knows who has the answers.

MF Global’s auditor is PricewaterhouseCoopers, who inherited the client when Man Financial, also a client, spun off the brokerage firm in 2007.

Almost everyone wondering where the missing MF Global customer assets have gone thinks they will show up eventually.

I believe the assets are long gone.

Unlike the shell game, there is no bean under the MF Global dixie cup. The mixed bag of marketable securities taken from customer segregated accounts, used most likely to meet margin calls and satisfy “important” customers closing accounts during the last days, will, in my opinion, never be seen again.

Too much time has passed for anyone to still reasonably expect that the “discrepancy” is just a timing difference or a misallocation between accounts, according to several sources who prefer to remain anonymous because of the sensitivity of the situation. All of the statements made on the record by those in a position to know point to assets taken out of the firm and now gone for good.

CFTC in bankruptcy filing October 31 according to The Financial Times: The CFTC, in a court filing, revealed MF Global’s general counsel Laurie Ferber emailed the regulator at 7.18pm Monday – hours after the bankruptcy filing – to say that it had “discovered a significant shortfall in its segregated funds account”.

Joint statement of CFTC and SEC on November 1: “Early this morning, MF Global informed the regulators that the transaction had not been agreed to and reported possible deficiencies in customer futures segregated accounts held at the firm.”

The CME Group on November 2: “CME completed its on-site review last week. [Reportedly Monday.] At that time, the results of our review indicated that MF Global was in compliance with its segregation requirements.  It now appears that the firm made subsequent transfers of customer segregated funds in a manner that may have been designed to avoid detection insofar as MF Global did not disclose or report such transfers to the CFTC or CME until early morning on Monday, October 31, 2011.”

Read the rest at Forbes.com, MF Global Assets Have Left The Building: How, When, Where.

Other stories of mine about this issue include:

At Forbes:

October 31, 2011 MF Global : 99 Problems And Auditor PwC Warned About None

At American Banker:

Auditor PwC Should Have Been on Top of MF Global
November 4, 2011 If MF Global commingled client funds, it would be PwC’s fault as much as Jon Corzine’s.

Are Cozy Ties Muzzling S&P on MF Global Downgrade?
October 28, 2011 Jon Corzine’s old ways got his firm into trouble. Now he’s hoping old ties will bail it out.

Main page image, “Elvis has left the building” by Simon Crubellier.

I’m surprised there hasn’t been more speculation about who the issuers are in all of Deloitte’s inspections reports. Wouldn’t it be nice if all the issuers in all the inspection reports were disclosed?

Every once and a while someone accuses me of being harder on one firm than another. Typically he/she thinks I’m being too hard on PwC, since I worked there last.  Someone even swore I must have worked for RSM McGladrey given the one or two times I wrote critically about that firm. And there’s a host of folks that think I alternately hate KPMG or Ernst & Young more than the rest.

Deloitte has a special place in my heart. Their office here in Chicago is a really big one. The firm bought my beloved BearingPoint Public Services practice when my employer from my Latin America days went bankrupt. And Deloitte generated probably the most active commenter forums on my blog during their recurring layoffs between 2007-2009.

Right now Deloitte may look like the worst of the Big Four but only because Deloitte is the most publicly incorrigible. That could change at any time. It would be easy to make a case that any of the four largest global firms was on the brink of being put out of their misery, not by an SEC or DOJ charge, but by a preponderance of private legal actions that have become a time and money sinkhole. Deloitte is the current example of a firm – like Ernst & Young is because of Lehman – that’s preoccupied with litigation. They’ve taken their eye off the audit quality ball.

Enron was the catalyst for the U.S. Department of Justice to criminally indict global audit firm Arthur Andersen causing its collapse. But it wasn’t Enron alone that forced DOJ to act. Arthur Andersen made a number of promises to regulators to improve and never sin again that were, over and over, not kept.

In October of 2008, the SEC and FINRA – not Deloitte – caught a Deloitte Vice Chairman trading on insider information in several Fortune 500 clients, including audit clients. Each of those Deloitte audit clients – Berkshire Hathaway among them – was forced to conduct an internal investigation to confirm Deloitte’s independence before Deloitte could continue as the auditor.

The same specific audit engagement criticisms as 2006 show up in subsequent inspection reports for Deloitte’s 2007 and 2008 audits.

• In 2007, application of generally accepted accounting principles and generally accepted auditing standards pertaining to hedge accounting for interest rate swaps, including the failure to identify two related departures from generally accepted accounting principles
• In 2007 and 2008, application of generally accepted accounting principles and generally accepted auditing standards pertaining to the accounting for deferred tax assets, including in one case a failure to identify a departure from generally accepted accounting principles
• In 2008, failure to identify a material weakness in an issuer’s internal controls over its allowance for doubtful accounts

The Deloitte U.S. CEO admitted in its “2010 Advancing Quality Through Transparency Inaugural Report”, that the PCAOB again privately criticized similar quality control issues during inspections of 2007 and 2008 audits. In addition, internal Deloitte reports described more than 475 reprimands to staff and partners in 2009 for infractions such as not following policies regarding auditor independence.

In December of 2010 another Deloitte partner was accused of insider trading.

Many of the audit risk issues described in earlier Deloitte inspection reports show up again in a summary prepared by the PCAOB of its inspectors’ observations during the financial crisis. (The PCAOB says the inspection report for Deloitte’s 2009 audits should be issued by the end of 2011.)

In April of 2011, Navistar – a client for almost 100 years until it fired Deloitte in 2005 – sued Deloitte for fraud, fraudulent concealment, negligent misrepresentations, and professional malpractice amongst other claims. The suit, for 2002-2005 audits, is pending and its merits have not yet been judged. But it raises some interesting issues about the use of the PCAOB’s inspection reports in private litigation, including the non-public portion once it is disclosed.

According to Navistar, the PCAOB selected the company as one of the Deloitte audits to review in 2003 and found several deficiencies. Deloitte audit partners for a Navistar subsidiary,  Christopher Anderson and  Thomas Linden, were sanctioned by the PCAOB. Navistar’s lawsuit claims that Deloitte had a duty to disclose to their audit committee the full scope of what the company says were the PCAOB’s concerns about the auditor’s quality controls. The lawsuit refers to the private portion of Deloitte’s inspection report for 2004 audits.

Why does it take so long for the PCAOB to publish the inspection reports and the public portion of the private report after the firm’s time to respond is up? It’s been five years since the 2006 audits, three years since the inspection report was published, two years since the twelve-month window for Deloitte to make corrections closed.

SEC Rule 104(h)(1), adopted quietly with no comment or press release in the fall of 2010, builds in an additional delay before publishing potentially controversial reports. Although the rule keeps the SEC process private, and the PCAOB is not allowed to discuss whether any particular audit firm appealed to the SEC over its report, the delay allows time for an audit firm to seek SEC redress.

Sources close to the issue tell me Deloitte definitely appealed the PCAOB’s threat to go public.

Keep in mind that while Deloitte bickers with the PCAOB, the audit firm charges hundreds of millions to produce auditor opinions for banks and systemically important companies that were bailed out, forcibly acquired on the brink of failure, or effectively nationalized.

Deloitte was the auditor for Bear Stearns, Merrill Lynch, Washington Mutual, Taylor Bean & Whitaker, American Home, and Beazer. None of these, except Beazer, is still standing. Deloitte has been sued for its audits of all of them.

Deloitte is still the auditor for Fannie Mae, GM and GMAC, and Morgan Stanley. All of these companies received bailouts.

Deloitte also audits the entire Federal Reserve system, and Berkshire Hathaway and BlackRock – two of the major players that supported the recovery of financial system during and after the crisis.

Jim Doty, Chairman of the PCAOB since January, said in a recent speech that the Board was disappointed in the audit firms’ approach to disclosing the results of PCAOB inspection reports to clients. “We hear that auditors are often less than forthcoming with audit committees that try to elicit information about inspection results…”

Here’s a short excerpt from my column on Tuesday at American Banker, “Bankers, Beware An Auditor That Blows Off Its Regulator”.

The PCAOB’s decision to make the 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.

The risk for banks in a situation like this is that an auditor that brazenly irritates its regulator may draw unwanted attention to its clients from their regulators. For example, PCAOB spokeswoman Colleen Brennan reminds me that the SEC knows the names of every company whose audit deficiencies are mentioned in a PCAOB auditor inspection report.

Please read the rest at American Banker.

Section 304 of the Sarbanes-Oxley Act of 2002, which covers clawbacks, is, on its face, a strict liability provision but the SEC has been exercising “prosecutorial discretion” when applying the statute.

The Dodd-Frank Act will expand the population of those potentially liable for clawbacks and the time period used to calculate the paybacks. The new law also drops the prerequisite under Sarbanes-Oxley that there has to be misconduct before paybacks are expected.

I covered this, and other provisions of Dodd-Frank that expand, retract, or revise Sarbanes-Oxley statutes, in a recent OpEd at Boston Review.

John White, a partner with law firm Cravath, Swaine & Moore LLP and a former Director of the SEC’s Division of Corporation Finance, believes the public and the media should focus on Dodd-Frank’s new Section 954 clawback provisions, not the SEC’s enforcement record under Sarbanes-Oxley:

“Dodd-Frank is much broader than SOX 304 and it’s mandatory. All listed companies will have to have clawback policies and enforce them. No misconduct is required — just an accounting error and a restatement. All present and former officers are covered. This could have a big impact and alter how incentive compensation is structured.”

As long as there’s a mismatch between what an executive should have earned under restated financial results and what they got based on errors or fraud, Dodd-Frank says they’re supposed to give back the excess to their companies. If not, the SEC can litigate to force them to return it. Although there is no private cause of action under Section 304 – only the SEC can bring a claim – under Dodd-Frank companies or shareholders could potentially sue a present or former officer to recoup compensation based on employment contracts that stipulate compliance with new mandatory company policies and procedures.

What both the Sarbanes-Oxley Act of 2002 and Dodd-Frank’s clawback provision do require is a restatement. The restatement of financial results to correct material errors – whether those errors occurred by default or by design – is a necessary condition for enforcing both the Sarbanes-Oxley Section 304 provision and the new Dodd-Frank law.

The Sarbanes-Oxley Section 304 law is very specific, according to attorney Stephen Quinlivan of Leonard Street and Deinard:

Morgenson uses the term “clawback” in a broad, non-technical sense to cover any recovery of compensation from a public company’s executives. As written, Sarbanes-Oxley includes only a narrow statutory disgorgement provision. It applies only to a CEO and CFO, and only where there has been “misconduct” that resulted in a “restatement.”

Morgenson doesn’t mention the impact of the Dodd-Frank law on clawbacks in her piece. Her point is: The bark of Sarbanes-Oxley’s clawback provision has been much worse than its bite.

But the Sarbanes-Oxley enforcement numbers are much worse than Morgenson cites. Morgenson supports her argument by citing unattributed statistics. She also incorrectly interprets the Sarbanes-Oxley Section 304 law. As a result, Morgenson credits three cases by name as Sarbanes-Oxley 304 enforcement that are not. She also neglects to mention a key one that is.

It appears Morgenson may have based her numbers on a review of the SEC initial complaints that included a Section 304 allegation, amongst many other allegations, when they started their enforcement journey. If Morgenson took the SEC’s word for what constituted a case and what did not, it’s not surprising that the regulator might have padded grim numbers with cases that are still pending or that, in the end, didn’t meet the strict Section 304 requirements.

That approach overstates the SEC’s efforts and certainly misstates their enforcement effectiveness.

It’s a long road, sometimes years, from complaint to settlement or adjudication. Only a few cases that the SEC filed with Section 304 amongst the litany of allegations have survived all the motions to dismiss and legal maneuvers from both sides. Along the way, the Section 304 allegation is often dropped.

Sometimes it’s pure expediency. The SEC wants to close the case, notch their gun and move on. A negotiated settlement is the fastest and easiest way to get some money back from the executives. Sometimes the facts don’t fit the law’s requirements. That happens when there’s no restatement, a necessary condition for taking credit for a Section 304  – or a Dodd-Frank – clawback enforcement.

Dorsey & Whitney’s Tom Gorman, who authors the blog, SEC Action, sympathizes with Morgenson. It’s not easy to verify the SEC’s record of enforcement of this statute.

The article does make a point. The SEC is inconsistent in how it applies the statute. It does not apply it in every case where it might. Nor does there seem to be any logic to how and when they apply it.

In those cases where the SEC chooses to apply the statute they seem to want the full measure of repayment as written by the statute.

For example, one key case Morgenson does not mention, SEC v. Jenkins, was the first “innocent executive” case brought under Section 304. The complaint admits the CEO was not involved in the wrongful conduct. The SEC sought recovery of bonuses and incentives from Jenkins, the CEO of CSK, but he was not the one who committed the misconduct that caused the restatement. However, the SEC’s Commissioners recently rejected a recommendation from SEC enforcement staff to settle for less than half the amount claimed in Jenkins complaint. The SEC enforcement staff was ready to settle for less than, presumably, the full Section 304 measure of repayment.

In other cases, the SEC realizes, after additional investigation and the passage of time, that the case doesn’t fit the strict requirements of Section 304. Maybe there’s no restatement or maybe misconduct can’t be easily proved. The result is a settlement and a negotiated recovery of some money from the CEO, CFO, maybe a controller, that may or may not be reimbursed to the company – it’s not always clear – and is no longer identified as a Section 304 enforcement.

Morgenson mentions the very first Section 304 case in 2007 but not by name. SEC v. McGuire was settled not litigated and the SEC considers it their first enforcement of the law.

One case that figures prominently in Morgenson’s piece is SEC v. Morrice. The original complaints filed against Morrice the CEO, the company’s CFO, and its controller included Section 304 allegations. Maybe it was hard to resist including this case in the story because it refers to the failure of New Century Financial, the second largest mortgage originator at the time. This failure was one from the “subprime crisis”, which led to the credit crisis in early 2008 and, finally, to the full blown financial crisis that was precipitated by the failure of Lehman Brothers in September of 2008.

But New Century Financial is not a Section 304 clawback case because there was never a restatement of financial results. New Century began to implode after the company announced the necessity of a restatement. But that restatement never happened. The company filed bankruptcy two months later.

Many of the early backdating cases that may be pumping up the statistics Morgenson cites are most likely the SEC’s attempt to “have their cake and eat it too”. The cases may have resulted in some type of financial recovery or disgorgement from CEOs and CFOs. But some, like SEC v. Mercury Interactive, were no longer Section 304 cases when they settled – CFO Abrams voluntarily repaid the stock option proceeds to the company.

Or the Section 304 claim was dismissed because there was no restatement, even if the SEC claimed there should have been one. That’s the point the defendant argued – and won – in SEC v. Shanahan. Or the cases are “administratively closed” pending resolution of criminal charges like SEC v. Brooks. By the time these cases get to the finish line, the SEC can drop the Section 304 claim or the entire civil case altogether.

SEC v Brooks raised another interesting issue that will become even more important under Dodd-Frank’s “clawback” provisions.

Brooks, CEO of DHB Industries, and Schlegal, the CFO, sought indemnification for any Section 304 claims from the company. In their settlement of a shareholder’s derivative suit brought as a result of the fraud, insider trading, and accounting violations at DHB Industries, the company agreed to pay any penalties imposed by the SEC on the CEO and CFO.

A judge told DHB Industries that Section 304 did not allow that.

The SEC’s decision to pursue Section 304 relief is not solely intended to reimburse a company; it also furthers important public purposes. The Section 304 remedy is an enforcement mechanism that ensures the integrity of the financial markets… In sum, companies themselves do not have the authority effectively to exempt persons from § 304 liability.

The new Dodd-Frank “clawback” provisions are “listing standards”. That means the SEC will write rules to comply with the new law but the rules will be enforced by exchanges who must write their own rules. The exchange rules will be used by companies to develop internal policies and procedures that will address reimbursement issues as they arise.

The SEC’s most recent published schedule for Dodd-Frank rule writing says that a proposal on Dodd-Frank Section 954 clawback rules is expected by the end of the year and a final rule to exchanges by the end of the second quarter of 2012. It’s going to be even longer before companies are ready to enforce these provisions. In the meantime, companies and their lawyers are raising significant objections to them.

Dorsey & Whitney’s Gorman would like to see Dodd-Frank Section 954 applied in a manner which encourages corporate executives to strictly adhere to their duty to monitor.

The point in applying the statute should be to encourage executives to prevent wrong doing in the first instance by carefully monitoring and having “best practices” systems.

Ideally, the new Dodd-Frank provisions, and Sarbanes-Oxley Section 304 in the meantime, can and should be enforced more often and more consistently.

My analysis of the Section 304 cases mentioned in Morgenson’s piece and others of note, as of September 15, 2011, is here.

Main page image from this site of Lady Gaga in Alexander McQueen’s lobster claw shoes.

Here in the U.S. the PCAOB has been busy. I’ll give them – mostly Chairman James Doty and the Investor Advisory Group led by Board Member Steve Harris – credit for that. The Investor Advisory Group – rather, the boldest amongst them – recently sent a letter to the PCAOB to provide comments on the PCAOB’s June 21, 2011 Concept Release entitled Possible Revisions to PCAOB Standards Related to Reports on Audited Financial Statements and Related Amendments to PCAOB Standards.

It is worth noting that a number of other parties agree that the current form of the auditor’s report fails to meet the legitimate needs of investors.  First, the U.S. Treasury Advisory Committee on the Auditing Profession (ACAP) called for the PCAOB to undertake a standard-setting initiative to consider improvements to the standard audit report.  The ACAP members support “… improving the content of the auditor’s report beyond the current pass/fail model to include a more relevant discussion about the audit of the financial statements.”

Second, surveys conducted by the CFA Institute in 2008 and 2010 indicate that research analysts want auditors to communicate more information in their reports.

Finally, even leaders of the accounting profession have acknowledged that the audit report needs to become more relevant.  In testimony before ACAP, Dennis Nally, Chairman of PwC International stated, “It’s not difficult to imagine a world where the … trend to fair value measurement — lead one to consider whether it is necessary to change the content of the auditor’s report to be more relevant to the capital markets and its various stakeholders.”

Finally, leaders of the accounting profession have previously stated that changes to the audit report should reflect investor preferences.  In their 2006 White Paper, the CEOs of the six largest accounting firms stated, “The new (reporting) model should be driven by the wants of investors and other users of company information …” (their emphasis).

Before we turn to a discussion of the IAG investor survey, we believe it is important to underscore the fundamental but often overlooked fact that the issuer’s investors, not its audit committee or management team or the company itself, are the auditor’s client. It is therefore not only appropriate, but essential, that investors’ views and preferences take center stage as the PCAOB considers possible changes to the format and content of the audit report.

In the meantime, I’ve written two articles about the proposals on auditor regulation before the European Commission.

In Forbes, I told you not to count on Europe to reform the audit model or auditors, in general.

The audit industry is reportedly under siege in Europe and on the verge of being broken up, restrained, and rotated until all the good profit is spun out.

This is neither a foregone conclusion nor highly likely.

The European Commission’s internal markets commissioner Michel Barnier is talking tough, but the rhetoric should be no surprise to those who have been following the European response to the financial crisis closely…

Please read the rest at Forbes.com, “Don’t Count On Europe To Reform Auditors And Accounting”.

In American Banker, I focused on the impact of auditor reforms on financial services. Why is the European Commission taking such strong action now? Why is the U.S. lagging so far behind?

The clamor for accountability from the auditors for financial crisis failures and losses has been much louder, much stronger, and going on much longer in the U.K. and Europe, than in the United States. Barnier’s most dramatic proposals are viewed by most commenters as a reaction to the bank failures. “Auditors play an essential role in financial markets: financial actors need to be able to trust their statements,” Barnier told the Financial Times. “There are weaknesses in the way the audit sector works today. The crisis highlighted them.”

There’s is a concern on both sides of the Atlantic over long-standing auditor relationships.

The average auditor tenure for the largest 100 U.S. companies by market cap is 28 years. The U.S. accounting regulator, the PCAOB, highlighted the auditor tenure trap in its recent Concept Release on Auditor Independence and Auditor Rotation. According to The Independent, quoting a recent House of Lords report, only one of the FTSE 100 index’s members uses a non-Big Four firm and the average relationship lasts 48 years. Some of the U.S. bailout recipients — General Motors, AIG, Goldman Sachs, Citigroup — and crisis failure Lehman had as long or longer relationships with their auditors…

Please read the rest at American Banker, “Bank Debacles Drive Europe to Raise the Bar on Audits”.

Three posts that followed soon after the piece below include a nice quote in BusinessWeek and Part One and Part Two of my discussion of the Ernst & Young response to the release of the Lehman bankruptcy examiner’s report.  The firm’s first move was to send a letter to an Audit Committee members group – always selling – before they made any full response to the media about the bankruptcy examiner’s report. I was the first media outlet to publish the letter.

Finally, in September 2010, on the second anniversary of the bankruptcy, I had the honor of sitting on a panel at the New York County Lawyers Association with Jenner & Block’s Anton Valukas, the Lehman bankruptcy examiner, and Floyd Norris of the New York Times.

I prepared a post, “Top Ten Things Lawyers Should Know About Auditors,” for that occasion.

******************************************************************************************

The release of Anton Valukas’ Lehman Bankruptcy Examiner’s Report on March 11, 2010 threw a fresh match on the still smoldering remains of the 2008 failure. The mainstream media, regulators, legislators and the business community blamed everything but fraud for the financial crisis and everyone but the audit firms for preventing, warning, or mitigating the devastating impact of the crisis.

If you’ve been reading the stories on this site, however, you may have come to the conclusion that I did a long time ago:

There was widespread fraud at the highest levels and the Big 4 auditors will eventually be accused of malpractice and complicity for doing nothing to prevent it, to warn us, or mitigate the impact on stakeholders.

I’ve published several stories since 2007 on the mortgage originators that failed or were taken over and the lawsuits against their executives and auditors. This is not the first bankruptcy examiner’s report to provide a detailed litigation roadmap in a subprime/crisis era fraud and to point to auditor malpractice. The New Century Bankruptcy Examiner’s report made quite a splash, too, when it came out. It also provided a litigation roadmap and included a smoking gun set of emails that pointed to alleged complicity and malpractice by auditors KPMG.

From Kevin LaCroix’s D&O Diary site:

“…the new lawsuits follow more than a year after the February 29, 2008 581-page report of Michael Missal, the KPMG bankruptcy examiner, in which the examiner concluded that KPMG had “contributed” to certain of New Century’s “accounting and reporting deficiencies by enabling them to persist in, and in some instances, precipitating the Company’s departure from, applicable accounting standards.” A detailed review of the examiner’s report, including a link to the report itself, can be found here.

The examiner’s exhaustive review, which among other things specifically suggested the possibility of negligence claims against KPMG, was effectively a road map for the April 1 lawsuits. While the lawsuits might well have been filed even without the examiner’s report, few other prospective claimants considering “gatekeeper” litigation will have such a detailed script from which to compose their complaint.

The  collapse of Refco is another ongoing case that will become quite relevant to the Lehman case. In Refco, the Bankruptcy Examiner did a thorough job of dissecting the fraud, including the nature of “roundtrip” transactions orchestrated for the sole purpose of temporarily manipulating the Refco balance sheet.

Sound familiar?

Refco is actually a much closer case to Lehman than the Enron case, notwithstanding the strong role of the long auditor relationship in all three. The nature of the Lehman transactions used to commit the alleged fraud, the likelihood of early guilty pleas by corporate executives in Lehman like Refco, the difficulty of success with claims against third party advisors such as law firms and audit firms for aiding and abetting the fraud are more similar to Refco than Enron.

My most recent stories about Lehman and Ernst & Young began a month ago with a prediction that fraud allegations would center around standard accounting manipulation techniques such as round trip transactions, channel stuffing, and parking.

“…premised on some of the oldest tricks in the book for manipulating revenue recognition and, therefore, reported profits and incentive compensation payouts including stock options - roundtrips, parking, and channel stuffing. In another variation on the theme, global trading company Refco used a round trip loan to repeatedly hide a related-party transaction incurred to delay disclosure of significant uncollectible accounts.  It’s not like these techniques haven’t been used before (by AIG, for example) to offload risk and smooth earnings at quarter- and year-end.”

Although most media reports tended to pull out the tired tropes of Enron, off-balance sheet, and Sarbanes-Oxley, one journalist did pick up on my theory and analysis instead.

Without giving credit.

Some journalists questioned the wisdom of criminally prosecuting the Lehman executives. Without denying the potential for and the legal basis for prosecutions, John Carney of Clusterstock asked what purpose criminal prosecutions would serve.

I ask the opposite.

Whose interests would it serve to avoid criminal prosecutions?

My response to John Carney and a scathing indictment of his point of view by Ryan Chittum in The Audit, a Columbia Journalism Review (CJR) blog, earned me a substantial mention in a later post by Ryan at CJR.  I also was linked to by Aaron Task in a summary of the controversy on his Tech Ticker site.

I posted two stories in early 2008 discussing Erin Callan and Ian Lowitt, the last two non-accountant CFOs of Lehman, and the vilification of David Einhorn for questioning Lehman’s accounting.

A post on March 9th anticipated a defense which may be used by Ernst and Young in the Lehman case, in particular given its status as a bankruptcy trustee’s case.

In Pari Delicto: Are Auditors Equally At Fault In The Big Fraud Cases?

In addition to my Going Concern column written to comment on the John Carney/Ryan Chittum debate, I also wrote here on the major accusations against Ernst & Young in the Examiner’s Report.

Liberté, Egalité, Fraternité: Big Lehman Brothers Troubles For Ernst & Young

I have also posted a letter Ernst & Young sent to Audit Committee members defending themselves against the numerous allegations in the Lehman Examiner’s Report.

An Ernst & Young Response: Dear Audit Committee Member…

Update:

The Financial Times FTAlphaville blog links to the Audit Committee Letter this morning.

Reuters Emily Chasan picked up on this and linked to me today in her story on the Lehman whistleblower.

Blogger extraordinaire Zero Hedge follows up Emily Chasan’s story with his own including a shoutout to Emily and I.

The Times of London in the UK wrote a story this morning on the Audit Committee Letter with a link to re: The Auditors.

Accounting Web has the story here.

The UK’s Financial Reporting Council has begun an investigation into EYs role in the Lehman fraud. Expect to see much much more on this in the weeks to come. I wrote a short piece for Accounting Web UK to summarize the issues for their European audience.

Nowhere to hide: Accounting firms face increased scrutiny after Lehman report

I will be writing much more on this in the next few weeks. Topics I plan to address include looking more deeply into the valuation issues, which were barely touched on, the impact on the other large audit firms, the role of Lehman’s internal audit function, the specific accounting for the Repo 105 transactions, the relationship of this bankruptcy to the Lehman bankruptcy case in the UK, my prior theory about the fraud and additional theories for litigation.

A few things need to be cleared up regarding the SEC’s actions against Deloitte Shanghai, in particular because of inaccurate reporting at Reuters and superficial reporting at the other major media outlets.

• Having ‘Deloitte’ ‘KPMG’ PwC’ ‘EY’ in your name will not generate additional liability or obligation for a non-US audit firm beyond reputational risk.
• The SEC/PCAOB will not pull the registration of a major non-US member firm because of inability to inspect or lack of cooperation with subpoenas. The SEC/PCAOB left reckless Price Waterhouse India of Satyam fame open. Crippled, but still pumping out audits. Fortune 500 multinationals are too dependent on the auditors to use their member firms to get full scope audit coverage even if it’s a sham. As the story below demonstrates, the regulators are at risk of capture by the Big Four audit firms.
• There is no scenario where the SEC asks ‘Microsoft’ for their Chinese audit workpapers, as described by the Chinese academic source that Reuters quoted. The companies don’t have them. The SEC could tell “Microsoft” that their audit opinion is invalid, however, if they believe that a material consolidated portion of the company has been audited by a sham firm and the US firm does not adequately supervise, review, re-test or otherwise make up for this weakness. No valid audit means no exchange listing and the company also violates securities laws.
• Nor is there a scenario where auditors voluntarily give up doing Chinese audits. The business and its potential, like in India, is too lucrative.

To understand the level of regulatory capture in Deloitte’s case, you have to understand how close All the audit firms but especially Deloitte right now are to the SEC. I talked about it in my column: “File Under Regulatory Capture: Deloitte’s Fireside Chats”. Deloitte sponsors a program at the SEC Historical Society where they can launder their image and pretend they had nothing to do with the crisis-era crash of Bear Stearns, Washington Mutual, Merrill Lynch, Fanne Mae, Taylor Bean and Whitaker, and Royal bank of Scotland, to name only the big ones.

On the way to looking for something else – a list of all the S.E.C. Chairmen, Chief Accountants, and Directors of Enforcement since 2000 – I found this. It’s a calendar entry for a program this fall at the U.S. Securities and Exchange Commission (S.E.C.) Historical Society:

Someone will say, “But that’s history. They’re not talking about the day-to-day management of the agency.”

Except…

• The current S.E.C. Chief Accountant is a former Deloitte partner, Jim Kroeker.
• Deloitte is the top Big Four audit firm donor to the Society.
• Deloitte is the only U.S. Big Four firm with a representative on the Society’s Board of Advisors.

According to the S.E.C. Historical Society website, “the Society is a 501(c)(3) non-profit organization, independent of the U.S. Securities and Exchange Commission.”

The S.E.C. Historical Society website has a page describing the Deloitte series. It includes the Deloitte logo and a link to their website.

Deloitte Fireside Chats are interactive programs on current issues in financial regulation of interest to the accounting and auditing professions. The audience for each Fireside Chat is invited to submit questions for the program prior to broadcast.

The SEC Historical Society collaborates with Deloitte to broadcast the Fireside Chats. The Society is responsible for the selection of the academic moderator for each Chat; the Society and Deloitte work together to determine the topics and presenters for each program.

Previous topics in the series include:

• Responsibility for Preventing and Detecting Financial Reporting Fraud
• Regulation in the Audit Profession: Yesterday, Today and Tomorrow
• Exploring Principles vs. Rules-Based Accounting and Auditing Standards
• The Role of Professional Judgment in Accounting and Auditing

For more about how Deloitte, as a firm, views these topics on a day-to-day basis, all over the world, you can read:

No Audit At All: Deloitte And Bear Stearns

Chinese Reverse Mergers: The Auditor Angle (Recent Chinese alleged frauds China Media Express and Longtop were both audited by Deloitte.)

Two Wildly Different Stories About Deloitte: Or Are They?

Slippery People: Corporate Governance At Berkshire Hathaway(Deloitte is the relatively inexpensive auditor for Berkshire Hathway. When a Deloitte Vice Chairman was sanctioned for trading in several Fortune 500 audit clients’ shares, including Berkshire stock, while serving as a client relationship partner to the companies’ audit committees, Berkshire cleared Deloitte of independence violations and kept them on anyway. Better the devil you know…)

Deloitte’s Troubles Bubble To The Surface (Deloitte lost big clients during the financial crisis – Bear Stearns, Merrill Lynch, Washington Mutual, and American Home, to name a few – and is responding to significant litigation as a result of their audit opinions. They’ve kept a few clients too, like Morgan Stanley, Fannie Mae and Royal Bank of Scotland, where some say they shouldn’t have.)

Auditors And Consulting: Claims of No Conflict Strain Credibility

Deloitte, Delphi, and GM: Duped or Duplicitious

Deloitte: Good Corporate Citizen, Good Soldier

To his credit, Judge Kaplan does leave one important allegation for Ernst & Young to defend:

Ernst & Young had reason to know that Lehman’s 2Q 2008 financial statements could be materially misstated because of the extensive use of Repo 105 transactions.

John McDermott of FT Alphaville does a good job explaining why:

Kaplan dismisses the majority of the specific allegations against the auditors but writes that one particular incident means that the case against them cannot be thrown out [when] he stops to ask another question on Repo 105:

In other words, have plaintiffs sufficiently alleged that E&Y knew enough about Lehman’s use of Repo 105s to “window-dress” its period-end balance sheets to permit a finding that E&Y had no reasonable basis for believing that those balance sheets fairly presented the financial condition of Lehman?

The answer: yes, in one case.

Plaintiffs rely for this purpose on precisely the same alleged red flags discussed previously in connection with E&Y’s GAAS opinion – the “true sale” opinion, the netting grid, and the Lee interview. The first two are no stronger in this context than in that. The Lee interview, however, is a different matter.

The “Lee interview” pertains to warnings allegedly made by Matthew Lee, Lehman’s SVP for Global Balance Sheet and Legal Entity Accounting, that Ernst & Young were told of a $50bn repo 105 move in June 2008 but did not pass on the full information to Lehman’s board. Thus, it failed to fulfill GAAP requirements as part of its Q2 2008 auditing.

I’ve been saying for a while that there’s too much deflective focus on the accounting for Repo 105 and not enough on the disclosure.

Now they’ve got a public airing of some dirty laundry by the PCAOB.

From Compliance Week:

The Public Company Accounting Oversight Board has barred the now-former E&Y partner, Peter O’Toole, from associating with a PCAOB-registered firm for three years and fined him $50,000. The board barred the now former senior manager, Darrin G. Estella, from associating with a PCAOB-registered firm for two years. Both auditors can petition the board for reinstatement at the end of their penalty periods. In December, the PCOAB issued an earlier action against Jacqueline Higgins, an E&Y manager, in connection with the same incident.

The PCAOB says the three auditors created, backdated, and added documentation to an audit file when they learned it would soon be inspected by the board. The disciplinary orders say O’Toole was the engagement partner for an audit of an unnamed public company with a Sept. 30, 2009, year-end. The firm gave the company a clean audit opinion on Nov. 23, 2009, then learned the audit would be inspected in April 2010, with inspectors planning to study “securities valuation.”

Ernst & Young spokesman Charlie Perkins tells The Financial Times, “no harm, no foul,” as far as the firm is concerned.

“Our firm’s policy explicitly prohibits persons from supplementing or changing audit workpapers in circumstances like those present here,” said Charles Perkins, a spokesman for Ernst & Young, in a statement.

“When we determined that firm policy had been violated, we subsequently separated the partner and senior manager from the firm. We have co-operated fully with the PCAOB throughout its investigation of this matter. The conduct described in the order had no impact on our audit conclusions or on the client’s financial statements.”

Unless there are sanctions, we won’t know if more of this kind of thing is happening at U.S. firms. That’s becasue that part of the PCAOB inspection report is private.

We do know it’s happening at Ernst & Young in the U.K. Repeatedly.

From my post at Forbes.com, “By Any Means Possible: Auditors Try To Meet Standards By Faking It”:

The latest inspection report for Ernst & Young in the U.K., the same global firm that the PCAOB recently disciplined, cited specific deficiencies: (The AIU inspected thirteen engagements of a total of 295 eligible.)

Signing and dating of audit reports:

On two audits the auditor’s report was signed prior to the completion or evidencing of all necessary review procedures.

Completion of audit disclosure checklists:

…On two of the files that we reviewed it was unclear from the audit file whether the team had re‐performed the completion of the financial statements disclosure checklist.

Audit finalisation:

We found weaknesses in connection with audit finalisation procedures on seven of the audits we reviewed. The majority of these weaknesses related to undetected clerical drafting errors in the accounts including, in one case, an error in the disclosed audit fee.

That is, if there’s not a settlement first.

Yesterday I wrote up my analysis of the decision by Judge Kaplan for my column, “Accounting Watchdog”, at Forbes. In the interest of time and space, I stuck to commenting on the Ernst & Young portion of the decision.

Judge Kaplan dismissed the majority of the allegations against Ernst & Young. The same things auditors are always dismissed for. The only thing that’s new about the judge’s opinion is an indictment of the accounting standards themselves.

The Third Amended Complaint points to several General Standards (“GS”), interpretive Statements on Auditing Standards (“AU”), and Statements of Fieldwork that allegedly are part of GAAS and that E&Y allegedly violated. Many 288 of those standards are couched in rather general and in some cases inherently subjective terms. They require, for example, that the auditor plan the audit engagement properly, use “due professional care,” exercise “professional skepticism,” and “assess the risk of material misstatement due to fraud” – all matters as to which reasonable professionals planning or conducting an audit reasonably and frequently could disagree.

Bearing in mind that E&Y’s GAAS opinion, just like those rendered by all or substantially all accounting firms, is explicitly labeled as just that – an opinion that the audit complied with these broadly stated standards – more is necessary to make out a claim that the statement of opinion was false than a quarrel with whether these standards have been satisfied.

Or is this really news?

Judge Richard Posner during oral arguments in Fehribach v. Ernst & Young LLP, 2007 WL 2033734 (7th Cir. 7/17/07) (pdf),

“Posner: The auditor’s responsibility … so far as the company is concerned … is to make sure the [numbers] are accurate….  You don’t need an auditor to tell you your market is collapsing….  The auditors are not supposed to have business insight.  They’re counters.  They’re not supposed to make predictions about how your markets are doing.  They’re supposed to reconcile your books and indicate you’re not a going concern because your debt is too high and so on….

Do you think the auditor is supposed to know about market power?…  An auditor is not an economic consultant who goes out and figures out what the market trends in an industry are!…Your trends? That’s what the company knows. [Plantiff’s Attorney: You’re right. Here’s what the auditor’s responsibility under SAS 59...]

Posner: That is too vague for me…”

To his credit, Judge Kaplan does leave one important one allegation for Ernst & Young to defend:

Ernst & Young had reason to know that Lehman’s 2Q 2008 financial statements could be materially misstated because of the extensive use of Repo 105 transactions.

John McDermott of FT Alphaville does a good job explaining why:

Kaplan dismisses the majority of the specific allegations against the auditors but writes that one particular incident means that the case against them cannot be thrown out [when] he stops to ask another question on Repo 105:

In other words, have plaintiffs sufficiently alleged that E&Y knew enough about Lehman’s use of Repo 105s to “window-dress” its period-end balance sheets to permit a finding that E&Y had no reasonable basis for believing that those balance sheets fairly presented the financial condition of Lehman?

The answer: yes, in one case.

Plaintiffs rely for this purpose on precisely the same alleged red flags discussed previously in connection with E&Y’s GAAS opinion – the “true sale” opinion, the netting grid, and the Lee interview. The first two are no stronger in this context than in that. The Lee interview, however, is a different matter.

The “Lee interview” pertains to warnings allegedly made by Matthew Lee, Lehman’s SVP for Global Balance Sheet and Legal Entity Accounting, that Ernst & Young were told of a $50bn repo 105 move in June 2008 but did not pass on the full information to Lehman’s board. Thus, it failed to fulfill GAAP requirements as part of its Q2 2008 auditing.

I’ve been saying for a while that there’s too much deflective focus on the accounting for Repo 105 and not enough on the disclosure. And I took particular exception early on to Ernst & Young’s handling of the Matthew Lee “whistleblower” situation:

Ernst & Young failed to follow professional standards of care with respect to communications with Lehman’s Audit Committee.

Ernst & Young failed to follow professional standards of care with respect to an investigation of a whistleblower claim

Lehman’s own Corporate Audit group led by Beth Rudofker, together with Ernst & Young, investigated allegations about balance sheet substantiation problems made in a May 16, 2008 “whistleblower” letter sent to senior management by Matthew Lee. On June 12, 2008, during the investigation, Lee informed Ernst & Young about Lehman’s use of $50 billion of Repo 105 transactions in the second quarter of 2008. At a June 13, 2008 meeting, Ernst & Young failed to disclose that allegation to the Board’s Audit Committee. (Bankruptcy Examiner’s Report V3 page 945)

As the lawyers would say, the optics are bad here. The Audit Committee asks EY to support Lehman’s internal auditor in investigating a “whistleblower’s” allegations of balance sheet improprieties.  The auditors interview the “whistleblower” and then don’t say anything at any of the Audit Committee meetings. Turns out what Mr. Lee, the “whistleblower”, was alleging is what the examiner believes is the fundamental problem and grounds for “colorable claims” against top officers and EY.

The word “whistleblower” is tainted with tons of emotion post-Enron. We now look at those called “whistleblowers” and see heroes. But let’s look at what I think may have actually happened. Lehman’s Internal Audit department “naturally” asked their trusted, all-things-to-all-people advisor, EY, to help with the investigation of the “whistleblower’s” claims. The Internal Audit Department, not EY, was in charge of the investigation.

That was their first mistake. If I’ve said it once, I’ve said it a thousand times: The external auditor should not be conducting or assisting with internal investigations of potential fraud or illegal acts by top executives. I wrote about it atSiemens, subject of the largest ever FCPA settlement in history. KPMG, their auditor, got sued.

The external auditor should stay the hell away from internal investigations because they may get caught up in something they would rather not know. They may want to claim plausible deniability. And a company should not engage the external auditor to support internal investigations especially involving fraud or illegal acts by top management. Do they do it to be cheap or to keep dirty laundry inside? The external auditor is too often part of the problem, an enabler, instead of part of the solution.

If Lehman had hired another firm – a law firm or anyone except their external auditor – to perform the investigation, the investigation would have been covered end to end in privilege, the external auditor may or may not (in this case EY would have been better not to) have been included in the “circle of privilege,”  and the investigation would have been completed professionally.

However, by supporting this investigation, EY was essentially doing internal audit work, a prohibited service under Sarbanes-Oxley for independence reasons. It’s shocking to me that the EY audit partners did not at least turn over the investigation to EY’s Forensic Accounting and Investigations Practice in order to provide some semblance of independence and professionalism.

Even though EY may have been an unwilling party to knowledge of an ugly situation right before an audit committee meeting, they got stuck. They had an obligation under AU 380, as the external auditor  - not as an investigator – to inform the Audit Committee. They could have been on the other side being informed – or not – instead of being the one supposed to be doing the informing.

AU 380, the  rules for auditor communication with the Audit Committee, are very clear. But they relate to the auditors’ role as an auditor not the role  of an auditor who is lent as muscle to an internal investigation. By playing the “trusted advisor” they screwed themselves.

Stoplight?  Yellow. Looks bad, but EY may be able to talk their way out of this one once it gets to court. They need to explain how they were still looking into the issue, doing their “auditor” work and make sure their full but limited role and responsibilities for the process are explained. If they lose on this chalk it up to another case of audit partners wanting to be supermen to their clients, the corporation’s executives, rather than looking out for their own best interests. Unfortunately in this situation, the shareholders were probably going to lose either way.

For a few dollars more…  Or, more likely, no additional fee for helping with the internal investigation, Ernst & Young got stuck. Unfortunately, Berkshire Hathaway ignored this lesson in the Sokol case. They used a non-independent attorney and his law firm to investigate Sokol’s suspicious Lubrizol trades. And News Corp. is ignoring it, too. They also are using insiders to investigate the phone hacking allegations.

Despite what some columnists are saying…

Floyd Norris, The New York Times, July 28, 2011:

The company misled investors and its officers and directors may be held liable. But the company’s auditor seems likely to escape any responsibility for an audit that wrongly concluded the company’s financial statements were completely proper. That, anyway, is the conclusion a federal judge has reached regarding Lehman Brothers. The judge said this week that it appeared Lehman had violated Generally Accepted Accounting Principles, or GAAP, even if it was in technical compliance with accounting rules. But he threw out a claim against Ernst & Young, whose 2007 audit certified that Lehman had followed GAAP.

…I believe Ernst & Young has not escaped anything. Here’s what I emailed Lynn Turner, former Chief Accountant at the SEC, after he circulated Norris’ column to his newsletter subscribers:

They are on the hook for something, it allows discovery, and this is not the only case against them.

This Lehman suit over a securities offering is not Ernst & Young’s biggest worry. They are a bit player. The New York Attorney General’s case against them, the one about fraud, is where they star.

Nevertheless, this dangling allegation is serious – scienter regarding their client’s deliberate material misstatement of a quarterly financial statement filing and public disclosure.

Here’s an excerpt from what I wrote on March 31, 2010 after the Lehman Bankruptcy Examiner’s report came out and EY defended itself with a letter to Audit Committee members:

EY: General Comments

EY’s last audit was for the year ended November 30, 2007. Our opinion stated that Lehman’s financial statements for 2007 were fairly presented in accordance with US GAAP, and we remain of that view. We reviewed but did not audit the interim periods for Lehman’s first and second quarters of fiscal 2008.

Although technically correct, EY is not yet off the hook. In fact, EY did something that seems odd to me – issue an actual report of their review of the 10Qs in 2008 that were included in Lehman’s regulatory filings. I credit Jonathan Weil of Bloomberg for bringing this potential Achilles’ heel in EY’s defense to my attention. However, he incorrectly used the term “opinion” in his most recent commentary to refer to EY’s reports of their review that were included in Lehman’s 10Q’s. It’s an oddity that investment banks insist on a report for the 10Q review from their audit firms. A review is required. A report is not. I still don’t know why Lehman requested  reports to be included in quarterly filings. I certainly can’t, for the life of me, figure out why the auditors would do it.

Post- Private Securities Litigation Reform Act, auditors (and law firms) have escaped liabilities for misstatements in quarterly reports because they do not make “explicit” statements. That is, their review is done in the background, they provide no written report and their review is not technically, or in their opinion, an “opinion.”

But providing an actual report of the 10Q review, one that is included in the regulatory filing, may be what opens EY to liability for Lehman’s 2008 financials. Auditors also provide reports documenting their 10Q reviews for Goldman Sachs (PwC) and Morgan Stanley (Deloitte).

Deloitte also provided reports of their 10Q reviews for Merrill Lynch prior to their absorption by Bank of America and for Bear Stearns prior to their bankruptcy and absorption into JPM Chase. The auditor’s report of their review for Bear Stearns’ 10Q as of February 28, 2008 actually had a “going concern” warning. Bear Stearns agreed to be bought by JPM Chase in early March.That was crucial but too little too late. The actual 10Q was not issued until April, after the JPM purchase had been proposed.

Notably, EY does not provide these reports of their review of 10Qs for UBS, PwC does not do this for JPM Chase or Bank of America, and KPMG does not do so for Citigroup.

Cases such as Lattanzio v. Deloitte & Touche LLP, 476 F.3d 147, 154 (2d Cir. 2007) make it clear that an explicit statement by the auditors is necessary to hold them liable. I have not been able to find any cases where auditor reports of their 10Q reviews made the difference in auditor liability. It may difficult to find case like this since so many complaints of malpractice against the auditors settle rather than go to trial. I have the distinct impression Jonathan Weil thinks that provision of a report of the auditor’s 10Q review may strengthen the possibility of liability for EY.

I agree, but recognize I have nothing but hope to base this conclusion on.

In addition to the New York Attorney General’s case against Ernst & Young, they still have to worry about the SEC and Department of Justice. Serious sanctions against Ernst and Young by the SEC, or criminal charges from the Department of Justice for Lehman executives possibly fraudulent Section 302 certifications, are unlikely. However, the SEC and PCAOB would be remiss if they did not eventually sanction some individuals at least, if not the firm as a whole.

What I wrote October 31, 2010:

Ernst & Young, take my word for it, will never be indicted by the U.S. government, as a firm, for its role in any Lehman fraud that’s eventually proven. It’s also highly unlikely – 1000 to 1 odds I’d say – EY will be fined by the SEC or the PCAOB, as a firm, in a civil or disciplinary case.

The Ernst & Young partners named in the bankruptcy examiner’s report, and maybe a national practice partner, might be sanctioned by the PCAOB or SEC. Later. Much later. We can predict the timing based on the SEC’s handling of the Bally’s sanctions. Even with a slam dunk case, the SEC waited six years before they settled with EY.  The eventual sanctions against six Ernst & Young partners for the Bally’s fraud were too little and much too late to provide a deterrent or any real justice.

Ernst & Young, as a firm, and their individual partners are named as additional defendants in private lawsuits against Lehman executives. But the New York Court of Appeals, in a 4-3 opinion, refused to hold the auditors responsible for their role in frauds perpetrated by management in the Kirschner (Refco Trustee) v. KPMG and Teachers’ Retirement v. PwC (re: AIG 2002-2005 fraud) cases. The opinion reaffirmed the application of the in pari delicto doctrine and the principle of imputation in these cases.

The judges who disagreed with the majority opinion said it best:

These simplistic agency principles as applied by the majority serve to effectively immunize auditors and other outside professionals from liability wherever any corporate insider engages in fraud…it is unclear how immunizing gatekeeper professionals, as the majority has effectively done, actually incentivizes corporate principals to better monitor insider agents. Indeed, it seems that strict imputation rules merely invite gatekeeper professionals “to neglect their duty to ferret out fraud by corporate insiders because even if they are negligent, there will be no damages assessed against them for their malfeasance”

The more successful a fraud case is against Lehman’s executives, the less likely EY or any of its partners will suffer any consequences for their acquiescence to or complicity in the fraud. That’s not to say the firm won’t suffer slowly and painfully from the enormous amount of time and money devoted to defending themselves in Lehman litigation and the rest of the suits they face.

I have.

My latest column at Forbes.com highlights the bank’s latest worry – the Federal Home Loan Banks are joining the dispute over their record mortgage crisis settlement.

What’s the hedge when a long tail profitable relationship turns into fat tail risk?

Bet on both sides.

In 2010, PricewaterhouseCoopers had $141 million reasons to arbitrage their relationship between Bank of America and the Federal Home Loan Banks. As auditors of both, they play both sides in what looks to be a major battle brewing between Bank of America and some major investors, who include several of the Federal Home Loan Banks (FHLBs), over the Bank of New York Mellon (BONY) mortgage servicing settlement.

Bloomberg, July 21, 2011: Investors in Countrywide Financial Corp. mortgage bonds may be owed three times or more of what they’re being offered in an $8.5 billion settlement with Bank of America Corp. (BAC), a group of Federal Home Loan Banks said… The Federal Home Loan Banks of Boston, Chicago, Indianapolis, Pittsburgh, San Francisco and Seattle are seeking to intervene in the case and may oppose the settlement, according to court papers… The home loan banks criticized assumptions in an expert report completed for Bank of New York Mellon Corp. (BK), the trustee for the mortgage-bond trusts. The report’s estimate of a reasonable settlement would rise to $22 billion to $27.5 billion if it assumed that Bank of America would have to buy back all loans in default and which breached representations and warranties, instead of 40 percent.

The problem at Bank of America is inadequate reserves for repurchase risk borne of bad representations and warranties and it’s been stewing for a while. The first big crisis failure, mortgage originator New Century Financial, experienced just the kind of out of control death spiral Jonathan Weil is now warning about with Bank of America.

New Century Financial didn’t reserve adequately for repurchase risk. KPMG, their auditor, settled claims they allowed executives to fudge the models used to make the estimates. A “sudden” liquidity crisis ensued when all their warehouse lines were called at once.

KPMG was also auditor for Countrywide, the sharpest thorn in Bank of America’s side.

Read the rest here, “PwC Hedges Bet Between Bank of America And Federal Home Loan Banks.”