It’s difficult for me to imagine a new generation of systemically important financial services company CEOs without strong risk management experience. Independent board members with risk management experience will also be in demand. The current generation of CROs is gaining the experience to lead as CEOs and board members in today’s challenging market and regulatory environment.

Stewart Goldman, a senior client partner at executive search firm Korn/Ferry International, tells me there’s a ‘’scarcity” of candidates with the ”ideal skill set” to be chief risk officers, so institutions are considering people with a broader range of backgrounds to fill the post.

A Chief Risk Officer who does a good job mitigating risk while optimizing opportunities can now have significant stature and sway. But, conversely, that new prominence gives shareholders, regulators, and the media an easy target for ridicule after a corporate stumble or failure.

I’ve written quite a bit about some additional cases of Chief Risk Officers getting the heave-ho when something goes wrong. These additional examples – all outside of the US – didn’t make it to the American Banker column. It was a case of space as well as an “American” banker focus. But, I wonder out loud if there’s something different going on in Europe – something that forces accountability – or if the executives given the shove-off in Europe were just easy scapegoats.

Société Générale had its own “rogue trader” scandal in January 2008. Société Générale  lost $7 billion in spite of service from dual auditors under French law, Ernst and Young and Deloitte, and myriad policies, procedures, organizations and systems they, theoretically, had in place to manage risk.

However, words alone do not insure sufficient risk management. In 2009 Benoît Ottenwaelter replaced Group Chief Risk Officer Didier Hauguel. Hauguel had served as Group CRO and a member of the Executive Committee and Group Management Committee of Société Générale since 2000.

Paul Moore, HBOS’ former head of regulatory risk and a former KPMG partner told the Treasury Committee of the UK’s Parliament that Sir James Crosby, HBOS former chief executive, fired him after he warned the HBOS board in 2004 about its potentially dangerous “sales culture”. KPMG, external auditors for HBOS, ended up front and center in the 2004 controversy because the audit firm “independently” investigated Moore’s firing at the request of the Board after Moore blew the whistle. KPMG got the job in spite of its long and very lucrative relationship with HBOS management including significant fees for work done for the bank’s bid for Abbey National that same year.

The role of chief risk officer at Anglo Irish Bank, a tough job, has not been filled on a permanent basis since May of 2009. AIB was nationalized by the Irish Government in January 2009. In December AIB lost its second acting chief risk officer in less than a year when Stephen Bell, a PricewaterhouseCoopers Director, announced he was leaving to become Chief Risk Officer at Ulster Bank. AIB had hired PwC to help run the bank. Bell took over from Mary Phibbs, an associate at restructuring firm Alvarez and Marsal, who had been on the job since the previous October.

One interesting additional US example can be found at Countrywide, now ignominiously owned by Bank of America. I wrote about it in January of 2008.

At the end of 2004, Sherry Whitley, then the Executive Vice President of the Enterprise Risk Assessment Group for Countrywide, wrote this article for the Institute of Internal Auditors FSA Times Publication.

Countrywide’s strategic-planning process includes a companywide focus on managing risks.

In the wake of headline-grabbing corporate financial scandals, management and boards of directors of public companies are under intense pressure to increase their involvement in the strategic and operational activities of the companies they oversee. Executives at Countrywide Financial Corporation, a diversified financial services provider, reviewed various ways to provide a more focused, comprehensive approach to help their leadership teams identify and better manage business risk across the organization.Approaching risk with the goal of increasing shareholder value, in mid-2002 Countrywide incorporated comprehensive enterprise risk-management techniques into its leadership strategy, focusing board participation on a more global, disciplined decision-making process than has historically been used in the past.

In 2007, the Institute of Internal Auditors and their Research Foundation, lauded Countrywide’s Risk management initiative.

Countrywide Financial Corporation, the subject of our first case study, has the most comprehensive ERM program we have seen. Readers who want to know how a state-of-the art ERM program operates will see it illustrated through Countrywide’s example.

A writer for Internal Auditor magazine, an IIA publication, wrote in April of 2007 about this model initiative.

The largest independent originator and servicer of mortgage loans in the United States, Countrywide has the most comprehensive ERM program of the organizations in the study. Under the leadership of Senior Managing Director Walter Smiechewicz, Countrywide is currently building Sarbanes-Oxley functionality into an internally developed enterprise risk assessment software application…Countrywide’s Enterprise Risk Assessment division has 45 professionals with risk assessment responsibilities. They are supplemented by 112 internal auditors within the Enterprise Risk Assessment division and the risk management specialists in another division who manage credit and market risk for Countrywide…Enterprise risk assessment at Countrywide has both a bottom-up and top-down governance structure. It has led to a major restructuring of committees from the board level down through operating units. This restructuring has improved the flow of risk information throughout the organization…Countrywide’s program is truly “best practice…”

Things didn’t get any better when Bank of America tried to close the deal on Countrywide. In March of 2008, I reported that Bank of America was staring down a very dark tunnel on Countrywide exposure:

Just who is doing the due diligence for Bank of America on the acquisition?

Countrywide’s Mortgage Woes Deepen
Countrywide Financial Corp.’s mortgage portfolio continues to deteriorate rapidly as defaults increase and home prices fall, a securities filing shows…But if losses on the loans exceed certain levels, Countrywide isn’t reimbursed immediately and may never be reimbursed unless income from the loans outstanding is sufficient to meet obligations to investors in the securities.

Countrywide said the likelihood of such a situation was “deemed remote” until late 2007. It blamed a “sudden deterioration” in the housing market. As a result, it recorded a $704 million loss to cover the estimated costs of its obligations on the lines of credit…A Countrywide computer model used to gauge risks on these securities didn’t take into account the possible effects of exceeding the loss levels that cut off reimbursements, according to a Dec. 28, 2006 internal report reviewed by The Wall Street Journal.

I can’t find any mention of Sherry Whitley, former Executive Vice President of the Enterprise Risk Assessment Group for Countrywide, working at Bank of America or anywhere. Walter Smiechewicz, who implemented Countrywide’s ERM program, moved to Audit Analytics in 2008 and is now Chief Risk Officer at First Niagara Bank in California.

Bob English, an independent trader and contributing editor to the blog, Economic Policy Journal, wrote earlier Monday about some filings funny business over at the SEC.

On January 3, 2012, a copy of the missing audit reappeared under a different index number (the original, as of the time of writing, remains here). While it seems the replacement simply corrects what is an obviously wrong stamped receipt date on the face page of the original, there are a few curious annotations that we will explore. More importantly, after researching the SEC’s public database for scanned paper filings, which includes private offering Form D’s, exchange filings, firm advertising literature, and other filing types (including broker dealer audits themselves), we are left with more questions than answers.

It seems that sloppy scanning and filing standards combined with preferential treatment for certain large brokers has substantially reduced the value of this part of the SEC’s public filing system…a look into all of 2011’s scanned paper filings reveals that only 45% of the sequentially indexed PDF files that were scanned from hard copies by the SEC remain public (7,949 out of 17,718). [The SEC has kindly left the source code to its PDF scrubbing program here, also archived here on Scribd.]

Journalists throw in terms like tobashi to sound knowledgeable. There’s talk about the potential complicity of other parties without understanding or seeking to understand the theory and practice underlying the fraud.

How are we to prevent future frauds if we focus only on the sensational?

Japan is ripe for fraud. PwC seems to be the only Big Four auditor – well, they are not that big in Japan any more – not implicated by the fraud. PwC was hired by the Olympus ex-CEO Woodford to support his side of the story after he blew the whistle on the fraud after being fired.

PwC, who seem to be getting a lot of investigation whitewash jobs lately, was almost kicked out of Japan a few years ago for their own involvement in a major fraud. Some of the firm’s partners went to jail along with the executives.

The old Pwc Japan (Misuzu, formerly ChuoAoyama Pricewaterhouse) calls it quits. The new PwC Japan still going, although in a small way. Even they were not excited to take on any of their former colleagues accounts, for fear of the ghosts hidden behind the walls.

Misuzu operations formally halt in Japan
The 2,400 remaining employees to go to KPMG, Deloitte and Ernst & Young

“Operations of the Japanese firm, Misuzu Audit Corp, formally terminated yesterday after a 39-year-history which included several major accounting scandals involving its own employees.

Deloitte has its own scandal in Japan with Daio Paper.

And, like PwC experienced in Russia with the Yukos scandal, Olympus’ most recent and former auditors, Ernst & Young and KPMG, now have to worry about what might be found after a raid of their client’s offices by government officials.

Japanese prosecutors raided offices of Olympus Corp. (7733) inTokyo, more than a month after the camera maker admitted to a $1.7 billion accounting fraud that hid investment losses over more than a decade.

Officials from the Tokyo District Public Prosecutors Office and police entered Olympus offices in Tokyo today, the company confirmed in a statement. Footage from public broadcaster NHK showed investigators entering the building of three companies Olympus used in its scheme.

Olympus last week restated more than five years of earnings to avoid being automatically delisted from the Tokyo Stock Exchange after admitting to the 13-year cover-up.

I will keep following the story, along with Jim Ulvog, and bring you updates as they emerge.

James L. Ulvog, CPA, is a sole practitioner located in the Los Angeles area providing audits and reviews to the nonprofit community.  In 2011 he started providing peer reviews of CPA firms.  He has over 25 years experience in public accounting.

Ulvog blogs on nonprofit issues at Nonprofit Update and on issues of interest to CPAs at Attestation Update.  He also discusses the radical change taking place all around us at Outrun Change. His company website is Ulvog CPA. www.ulvogcpa.com

How Do You Hide a $1.7 Billion Loss?

Summary of the Olympus Scandal in Journal Entry Format

Olympus’ investigative committee’s report on the fraud at Olympus was released December 6. The description of the fraud, causes, and recommendations in the report are a scathing indictment of the company.

This post is a thumbnail description of the fraud based on my reading of the investigative committee’s report.  The summary report is available here.

My goal is to provide more accounting detail than shows up in the general news reports.

The report’s conclusion on page 30 compares management to a cancer:

Olympus had originally been a sound company, with diligent employees and high technical strength. Not all part (sic) of the company was involved in this misconduct. Olympus should remove its malignant tumor and literally renew itself.

Ouch. That’s gotta’ hurt.

Here are just a few of the news articles discussing the company’s report:

• The Wall Street Journal, Panel Calls Olympus ‘Rotten’ at Core. (article behind paywall),
• Bloomberg, Olympus faces Tokyo delisting after management hid $1.7 billion of losses.,
• New York Times, The Culture Was Corrupt at Olympus, Panel Finds.

What is the amount of the fraud and time frame?

According to the report, the company had incurred substantial losses on financial investments by 1990. The report indicates that through 1998 very large losses were incurred, but the investments were never written down.

The whole project got started as 2000 approached and new accounting rules would require writing down the investments from book value to market  value.

In 1998 through 2000, approximately ¥96B (~$US1.2B by my calculation) of unrealized investment losses were moved off the books. In 2003 approximately ¥118B (~$US1.5B) of unrealized losses were moved off the books. The scheme blew up this year. Losses are reported at ¥137B (~$US1.7B).

There was ¥214B/ $2.7B moved off the books according to the report, which represents the book value of the investments that were underwater.  The current loss being reported is $1.7B.  If I get the picture right, the difference between those amounts represents the market value of the investments that were moved out, plus some smaller losses incurred while the investments were held in subsidiaries.

For perspective, the March 31, 2011 audited financial statements report total assets are $US13.3B, equity is $US2.08B, net sales are $US10.59B, net income is $US92M.

The WSJ article says the losses were apparently off the books by March 31, 2010, so those amounts are after $1.7B had all been written off.

Sure seems to me that $1.7B of hidden losses is rather material.  I doubt anyone will be advancing the immateriality argument.  Compared to March 31, 2011 amounts (which is after write-off, I believe), the loss is equal to 13% of total assets, 81% of net worth, 16% of total revenue, and 18 times net income. Some amount of the loss was hidden off the books from 2010 back to at least 1998.

Also, since those losses were primarily hidden in goodwill according to the report , that loss constitutes 78% of goodwill, after the write-off.

I think several audit firms are going to be on the receiving end of some tough questions.

Arthur Andersen was the external auditor through 3-31-02. Then KPMG AZSA LLC was the auditor through 3-31-09.  The 2010 and 2011 fiscal years were audited by Ernst & Young ShinNihon LLC.

Just to complicate the picture, the report lists staff persons as assistant commissioners, which includes lots of attorneys plus 18 staff from Deloitte Tohmatsu FAS Co., Ltd. and 17 staff from Deloitte Touche Tohmatsu LLC.

On the other hand, the report also mentions the fraud was hidden quite well. Three banks were also involved by hiding information from the auditors. The summary report says all three of them agreed not to tell auditors the information that would normally be provided on an audit confirmation.

How do you hide a $1.7B loss?

Now I’d like to discuss the debits and credits.

Since reading the first reports, I’ve been wondering how you can hide investments that are underwater by $1.7B.

Here is a one paragraph summary from page 5 of the report:

The lost disposition scheme is featured in that Olympus sold the assets that incurred loss to the funds etc. set up by Olympus itself, and later provided the finance needed to settle the loss under the cover of the company acquisitions. More specifically, Olympus circulated money either by flowing money into the funds etc. by acquiring the entrepreneurial ventures owned by the funds at the substantially higher price than the real values, or by paying a substantially high fees to the third party who acted as the intermediate in the acquisition, resulting in recognition of large amount of goodwill, and subsequently amortized goodwill recognized impairment loss, which created substantial loss.

(Grammar issues are in the original, which is understandable because this is the English translation from the Japanese report.)

Here’s my understanding in one sentence:

Olympus indirectly loaned money to an off-the-books subsidiary and then sold the investments that had the huge losses to the subsidiary at historical cost, eventually paying a huge premium to buy some other small companies and writing off the underwater investments as if they were goodwill impairments.

Journal entries

I’m going to walk through what I think the summary journal entries would be. Think of the old t-account analysis you learned in school. This will be in accounting shorthand, so only accountants will likely appreciate it.

If you want the long version, the last two pages of the report have diagrams showing the flows of money. Be forewarned that there are 17 different entities on each graph with lots of arrows, so it’s a bit complicated.

So, here goes the simple version. Let’s look at the Olympus entries in highly condensed form. I’ll condense the story into 8 journal entries.

• DR Certificate of deposit that was in turn loaned to unconsol sub
• CR Cash
• Transfer cash to new, unconsolidated sub

This is a summary of a complex move – it involved making a CD deposit at several banks, who were asked to loan the money back to an apparently unrelated entity, with the CD as collateral, so the sub can buy investments from Olympus.

According to the investigative committee’s report and the New York Times article, three banks were involved through the course of the whole project:  Commerzbank, LGT, and Société Générale  The committee’s report and NYT article both indicate that all three banks  agreed to Olympus’ request to not tell the auditors  about the CDs being collateral for a loan.

• DR Cash
• CR Financial assets that are seriously underwater (probably not the actual general ledger account they used)
• Proceeds from selling underwater investments to new, unconsolidated sub

Eventually the CDs would have to be rolled over and brought back. In addition, the unrealized losses would have to be written down eventually, so the second phase was launched.

Olympus bought some tiny companies. They paid humongously more than they were worth and paid big dollars for consultants for their service as finders and intermediaries.

The effect of these transactions was to transfer money into the newest consolidated subsidiary, which used the money to buy the bad investments from the older, unconsolidated subsidiary. The unconsolidated sub then repaid the note payable to the bank and Olympus pulled back their CD.

The investment in the consolidated subsidiary shows huge goodwill, which could then be either written off over time or written down completely when it was determined to be impaired.

Here’s my understanding of the journal entries on Olympus’ books for phase 2:

• DR Investments in startup subsidiary
• DR Goodwill – tons of it, since the subs have minimal FMV that can be identified, so there must be lots of goodwill
• CR Cash
• Make several investments in new subs – note these have minor revenue and assets

• DR Cash
• CR Certificate of deposit (that had in turn been loaned to unconsol sub)
• This is for the cash coming back from the unconsol sub repaying their loan, which was used to transfer out the underwater investments

Here’s the entries on the newly formed consolidated subsidiary:

• DR Cash
• CR Common stock
• Cash investment from Olympus used to buy 3 little companies

• DR Financial assets that are seriously underwater (bought from unconsol sub)
• CR Cash
• Buy underwater investments from unconsol sub at book value

Here’s the entries on the older, unconsolidated subsidiary:

• DR Cash (from consolidated sub)
• CR Financial assets that are seriously underwater
• Proceeds from selling underwater investments to newly formed consol sub

• DR Note payable to intermediary bank
• CR Cash
• Repay loan to European and Asian banks

Therefore the net effect is the bad investments were moved into a new subsidiary, converted into goodwill, then written off as a goodwill impairment. You can guess what the press releases could then say: That investment in new technology or start-up or cutting edge idea or other-excuse-given-for-unsuccessful-subsidiary just didn’t work out and those accounting rules required the goodwill to be written off.

And thus the tanked investments would be off the books with the unrecognized loss written off as goodwill amortization or impairment.

Hiding losses was legal and normal

Apparently, moving underwater investments off the books was so common in Japan that it had a nickname, tobashi. The investigative committee’s report uses the phrase but does not explain it.  The Wall Street Journal article reports that senior leaders:

…devised a plan to transfer the bad assets off Olympus’s books to firms that weren’t officially connected with the company and so wouldn’t appear in Olympus’s accounts, the report said. The intention was to unwind those transactions gradually, allowing Olympus to take the losses secretly, over time. This type of operation had been employed by so many Japanese companies in the 1990s that it was widely known in Japanese as tobashi, meaning, to send something flying away.

KPMG did tumble to one of the tobashi schemes carried out through one of the three different routes that had been set up. I’m not sure if this is the only scheme through that particular bank or just one of several.  The WSJ article continues:

Not everything was going smoothly. The report said that in 1999, Olympus’s then-auditor, KPMG AZSA LLC, came across information that indicated the company was engaged in tobashi, which recently had become illegal in Japan. Messrs. Mori and Yamada initially denied KPMG’s assertion, but the auditor pushed them that same year to admit to the presence of one fund and unwind it, booking a loss of ¥16.8 billion. The executives assured KPMG that was the only such deal, the report said.

Looks like there was quite a nasty fight over that write-down.  Notice that tobashi was finally made illegal sometime before the 1999 audit. That means it was an acceptable approach previously.

A few thoughts here on the auditors’ actions:

How do you perform an audit for a global investor audience in a local economy where intentionally hiding losses is legal? How do you function in a business environment where that is acceptable and normative?

On the other hand, notice how one audit team, from KPMG in 1999, did find one part of the scheme.  Management lied bv denying it even existed. After agreeing to write it off, Olympus senior management lied again and said it was the only one.

On the other hand, the scheme expanded, without detection, for another 6 years or so and was in place, without detection, until the last component was unwound at the end of fiscal year 2010.

I’ve run out of hands, so back to the story.

When did the scheme finally get unwound?

The last part of the bad investments was finally written off in March 2010, according to the WSJ article. That month, by the way, would have been the last month of the fiscal year when Ernst & Young took over the audit from KPMG :

Messrs. Mori and Yamada decided to unwind and write off the whole thing, using three small Japanese companies: …. Olympus bought the trio in 2008 for the highly inflated price of ¥73.2 billion and wrote the bulk of that amount off the next year, an arrangement that allowed it to repay the loans it had borrowed from LGT and close down the European route in 2008, the report said.

Note: LGT is one of the three banks used to hide the money flow.

That left only the funds in the Singapore route still operating, the report said. Olympus internal documents said Messrs. Mori and Yamada wrote off those losses using $687 million in fees attached to Olympus’s acquisition of U.K. medical-technology firm Gyrus Group PLC as cover. The last bit of that deal was completed in March 2010. Those fees were paid to the company run by Mr. Sagawa, one of the brokers who first proposed the loss-covering operation to Olympus 12 years earlier.

Note: There were three different ‘routes’ set up to get the bad investments off the books.

When did this mess get started?

A bit more detail on the front end of this mess. The WSJ article points out the fiasco started back in about 1985 with management pushing aggressive investments that didn’t work out too well.

Exchange rates started generating losses on those investments in the late 80s. Thus the fraud was running from about 1985 through 2010, when it was all written off. The fraud blew up in October of this year.

That is why you will see comments that this fraud was running for 20 years. That is also why the WSJ article leads with:

The secret held for a quarter-century, quietly passed among senior executives.

Causes of the fraud

The report was harsh in identifying the causes, starting at page 23. Just a few causes that were mentioned:

• Collusion and intentional fraud by management
• Very poor corporate culture which punished dissent
• No document trail (this is something to remember in the long discussion of auditors’ work that we will have later)
• Poor corporate governance
• Poor follow-up by the CPA – this obviously requires lots more follow-up by the committee and others.
• Outside collaborators (this could eventually include three banks and a host of attorneys, intermediaries, finders, and consultants)

The New York Times article comments about cooperation from the outside banks who did not give full answers to the audit confirmations:

The report says that Olympus had persuaded several banks, including Société Générale of France, to submit incomplete financial statements to auditors, apparently in an effort to conceal financial maneuvers that the report says involved at least $1.7 billion and were meant to hide failed investments during the 1990s. There is no indication the banks knew of Olympus’s cover-up, the report said.

According to the report, Olympus told the banks that they did not need to respond to KPMG queries about collateral, which was used to finance loans to investment funds involved in the loss cover-up.

Keep that bit of trivia in mind as we read the soon-to-arrive avalanche of articles saying it was all the auditors’ fault.

Recommendations

The recommended changes are extensive and harsh. Here are a few of the committee’s recommendations, starting on page 27:

• Replace management who did nothing about the issues identified by the auditor in 2009 and 2010. Replace the board members who addressed those issues in a mere 15 minutes.
• Remind the current auditor, who missed things in their first audit in 2010, of “…the importance of its duties…” Ouch. Think that will be a painful meeting with the board?
• Don’t hire the president’s buddies or business partners.
• Change the attitude and mindset of management. Also, make sure management, directors, and auditors know they have a responsibility to society in carrying out their duties. Ouch. Slam in the last sentence – new members of management should have “…moral value and sense of compliance”.

Ouch again.

• Change corporate culture to one that is focused on compliance with policy, not just following orders.
• Reform many of the systems of the company. Corporate culture overhaul, HR system reform, periodic rotation of duties, and lack of whistleblower system all need to be addressed.

Like I said, a rather harsh report.

One final idea. Think about the sheer size of the fraud.

Picture a company that can absorb $1.7B of losses and keep going as if nothing happened. Then they have enough cash ($2.7B) to fund some round-about loans to buy the assets and return the cash to Olympus.  That leaves $2.7B sitting on the books as an unusable CD.

After that, they have enough cash sitting around to float $2.7B again, but this time it’s sent to the consolidated sub, which passes the money to the unconsolidated sub, on to the various banks, and then back to Olympus.

Imaging having enough spare cash after absorbing the loss, enough cooperation from enough people, and sufficient skill to discretely push $2.7B in a meandering trip through the world’s banking system, twice.

Finally, in what will generate lots of discussion, picture that the whole thing was hidden well enough that dozens of audit teams from three different audit firms over 25 years stumbled onto only one part of the fraud in only one year, and that was toward the beginning.

I think we will be talking about this a lot. I hope my comments in this post move the discussion forward.

Many thanks to Francine for the opportunity to be a guest blogger!

Main page photo is cropped image of  Daedalus Print “Mt Olympus” by Cecil Kim.

These disclosures were a result of pressure brought to bear by Congresswoman Maxine Waters and several other congressional members who sent a letter to the OCC and the Fed on October 28. This letter expressed the legislators’ displeasure with the way the OCC and the Federal Reserve Bank had so far run the “independent” foreclosure review process that is intended to overhaul mortgage-servicing processes and controls and to compensate borrowers harmed financially by wrongdoing or negligence.

Congresswoman Waters cited my October 6 column for American Banker in this letter to the OCC and Fed when demanding that the regulators manage conflicts of interest in the foreclosure review process as well as make a full disclosure of vendors and their engagement letters with the banks.

On December 6, I wrote again in American Banker after I reviewed the engagement letters that were posted by the OCC. I had several concerns. Congresswoman Waters did, too.

“[The OCC] issued a report on the actions of a dozen national bank and federal savings association mortgage servicers aimed at complying with the consent orders issued in April 2011 to correct deficient and unsafe or unsound foreclosure practices. (The two remaining consent order recipients — GMAC/Ally and SunTrust — have not yet finalized their terms with vendors and as a result their overseers, Fed Chairman Bernanke and the Federal Reserve Bank, have not yet responded to the request for full disclosure, according to the Water’s office.)

Waters was less than impressed with what she saw and so am I.  She told me, “My letters specifically asked for information on conflicts of interest between the banks and the consultants — which is precisely what the OCC redacted in the information they released last week. A cursory look into the banks and their consultants indicates that in some cases, there are substantial pre-existing relationships between the firms.”

Redacted is an understatement.

Here’s what was redacted, according to OCC spokesman Bryan Hubbard:

Limited proprietary and personal information has been redacted from the engagement letters including, but not limited to:

• Names,titles and biographies of individuals;
• Proprietary systems information;
• References to specific bank policy;
• Fees and costs associated with the engagement;
• Specific descriptions of past work performed by the independent consultants.

So what’s left? It’s interesting enough, as a start, to look at which consultants and law firms were selected by which servicers. It’s also interesting to look at the scope of services to be performed and the time and volume estimates for project activities where they were not redacted.

From my December 6 American Banker column:

The disclosure of the consultant engagement letters for each servicer has already had a huge impact. The Financial Times reports that the New York Attorney General “launched an investigation into possibly unlawful foreclosureson the mortgages of active-duty members of the US military.” The foreclosure review engagement letters posted by the OCC included estimates prepared by the banks and their consultants suggesting, according to the Financial Times, that 10 leading lenders may have seized the homes of about 5,000 service members in violation of the Servicemembers Civil Relief Act, which restricts foreclosures on the homes of active duty members of the U.S. armed forces.

There’s also the issue of attorney-client privilege:

Some of the engagement letters invoke attorney-client privilege and attorney work product privilege over the whole process and confidential treatment of engagement letter itself. It appears all the servicers used their general counsel’s office to engage the consultants and outside counsel and some name their general counsel as project lead. Some servicers engaged additional outside legal counsel for the review directly rather than through the primary consultant.

OCC spokesperson Hubbard says, “although some of the engagement letters make claims of attorney-client privilege, these claims are by statute inapplicable to the OCC and FRB, which have complete access to all documents produced by the independent consultants and servicers as part of the independent foreclosure reviews required by the Consent Orders.

I certainly hope so.

I was the first to report on December 6 the irony of Deloitte having been selected by, of all banks, JP Morgan Chase. The high likelihood of a conflict between the bank and the audit firm, and possibly the individual Deloitte partners assigned to the JP Morgan Chase review, should have been obvious to anyone at the OCC. I said on December 6 that it would be great if we could see the names of the partners and staff assigned to the engagements and check their credentials and prior client work for conflicts.

It would be enlightening, for example, to see whether any of the Deloitte partners proposed as consultants as part of the foreclosure solution at JP Morgan/EMC, were previously part of the mortgage origination/securitization problems as auditors at Bear Stearns or Washington Mutual.

Bear and Washington Mutual, both former Deloitte audit clients, are now part of JP Morgan Chase, and Deloitte is defending lawsuits over alleged audit failures at those firms.

Lo and behold, partner Ann Kenyon of Deloitte, who testified at a December 13th Senate hearing on the issue, said under oath that she is the engagement partner on the JP Morgan Chase foreclosure review. An internet search revealed a conference biography that suggests that amongst Kenyon’s representative clients was Washington Mutual, now owned by JP Morgan Chase and a significant part of the review. This would be a clear conflict with her role as engagement partner for the review.

Ms. Kenyon [who leads Deloitte's Securitization Advisory practice] works with issuers, comprised of both attest and non-attest clients, who have encountered difficulties in accounting for and reporting on their securitizations.

At the 126:20 mark of the archived webcast of the Senate hearing Kenyon describes the organizational structure, level of experience and source of professionals for the Deloitte JP Morgan Chase review team. (She says it’s all Deloitte staff.) She also says that a large team of Deloitte partners who are subject matter experts report to her and are leading each team.

Someone should check their conflicts, too.

Two of the other three Big Four audit firms were selected for multiple review assignments. KPMG, auditor of Citigroup, New Century, Countrywide, Wells Fargo, and Wachovia, is conspicuously but thankfully absent from the list of consultants.

Examples of firms involved in multiple reviews include Ernst & Young (involved in three reviews as both a primary consultant and subcontractor), PricewaterhouseCoopers (involved in two reviews as a primary consultant), and Promontory Financial Group (involved in three reviews as primary consultant). Law firm Gibson Dunn is legal counsel for three reviews (retained by the consultant in two cases and by the bank directly in one).

For example, one firm could be charging different rates to different banks for what is supposed to be a consistent review across servicers. That not only indicates banks can leverage their influence with vendors to get the review they want (and the monetary exposure estimate) at the price they want to pay, but that we may not get consistent results for borrowers that were harmed by multiple servicers.

Some of the concerns I mentioned in my December 6 column were pursued by Senators at the December 13 Senate Committee on Banking, Housing, and Urban Affairs hearing: Helping Homeowners Harmed by Foreclosures: Ensuring Accountability and Transparency in Foreclosure Reviews.

Some additional interesting interchanges during the hearing:

At the 45:30 mark of the archived webcast, Senator Reed asks the OCC’s Julie Williams why the OCC and Fed could not select and contract with the consultants directly. Williams says that would have been difficult because it would have necessitated the regulators to use a “procurement process” that included consistent “standards” for selection.

That sounds to me like a Request for Proposal process and a vendor selection process that is in place  - for many of these same vendors already – as a result of the finical crisis. Instead the OCC and Federal Reserve bank abdicated the vendor selection process to the services and, therefore, will reap the numerous potential conflicts they have sown.

At the 49:00 mark, Senator Reed asks a critical question, perhaps thinking about the Deloitte/Bear Stearns-EMC/Washington Mutual issue with regard to a JP Morgan Chase review. If a consultant runs across a set of transactions that the firm or those consultants had direct involvement in is the consultant obligated to report that conflict to the regulator?  Williams says that they would expect to hear about such a conflict.

Reed presses to ask if there is an “obligation” versus an “expectation”.  Williams sounds evasive in her answer, implying that this specific obligation is not explicit in the engagement letters.  I sure didn’t see it.

My December 6 column, in particular the parts regarding the Deloitte conflict and the attorney-client privilege issue were mentioned in the written and oral testimony by Alys Cohen, Staff Attorney  at the National Consumer Law Center.

With regard to the attorney-client privilege potential issue, the OCC and the Federal Reserve Bank should make sure all legal counsel that is intended to be part of the foreclosure review team should be retained by the consultant not the bank.  Otherwise, I see an assertion of attorney-client privilege by the outside legal counsel for the reviews as inevitable.

Some additional areas where strong monitoring by Congress and the OCC/Fed might be helpful going forward include:

• Checking consistency of level of effort estimates across project plans for each consultant’s proposal. Estimated hours for each task may vary based on the size and complexity of servicer, difficulty of obtaining information, and level of cooperation in resolving issues. But consultants will bill on a “time and materials” basis and variations in length of time estimated, for example, for each initial loan review and the quality assurance process could make millions of dollars of difference in fees given the tens of thousands of documents to be reviewed.

• The complaints process, managed as a coordinated approach for all servicers by Rust Consulting, needs to be synchronized with each servicer’s plan for their reviews. Although the OCC strongly influenced the design and implementation of the “coordinated” process, Rust Consulting signed a contract each servicer, risking the possibility of some servicers skimping on the effort or being unprepared based on their lack of progress in other dependent activities.

The PCAOB, the audit industry regulator, shamed global audit firm Deloitte recently when they exposed the private portion of the inspection report of the firm’s 2006 audits. It was the first time that had happened to one the Big Four audit firms, the largest firms that audit the vast majority of publicly listed firms in and out of the U.S..

I’m sure Deloitte, and the rest of the Big Four, thought the PCAOB would never have the nerve.

re: The Auditors has seen a confidential, internal Deloitte training document, prepared this past summer, that reveals the firm expects the worst when the inspection reports for their 2009, 2010, and 2011 audits are published by the PCAOB. The 2009 report should be out by the end of this year. The training document also shows how difficult it is for Deloitte leadership to steer the largest global firm away from the “audit failure” iceberg.

It seems audit competence and capacity to audit complex topics are in short supply at all the firms, based on PCAOB inspection results for audits conducted during the financial crisis period and the reports for 2010 audits at PwC and KPMG released recently. Deloitte has been particularly hard pressed to maintain audit quality since the firm lost several engagements that would have helped to grow specialized knowledge and retain experts. Big clients like Merrill Lynch, Bear Stearns, and Washington Mutual helped pay the bills for subject matter experts and quality control but those revenues were lost to financial crisis failures and forced combinations with better capitalized, non-audit client banks.

I think the PCAOB decided to publicly criticize Deloitte for two reasons.

• The firm has been piling on the negatives via a $1,000,000 fine/disciplinary sanction as a firm for a previous issue, two high level insider trading scandals (Flanagan and McClellan), the failures and frauds of Deloitte China clients CCME, Longtop and now Focus Media, and the specific failures of major clients during the crisis (Bear Stearns, Merrill Lynch, WaMu, Taylor Bean & Whitaker, American Home, and Royal Bank of Scotland, to name a few).
• Deloitte was resistant to the inspections, resistant to the criticisms, and unwilling to make changes based on the PCAOB’s requests. If you can’t fix something that’s one thing. If you won’t and thumb your nose at the regulator, you are getting close to Arthur Andersen-like behavior.

We know how that story ended.

If they did nothing, the PCAOB risked having a new major failure of a Deloitte client expose their lack of push on the firm to even respond, let alone improve.

I wrote in American Banker about the special risks to financial services firms when the regulated, like Deloitte, resists the regulator:

The PCAOB’s decision to make the Deloitte 2006 quality control criticisms public, and the fact that the Securities and Exchange Commission allowed it to do so, tell me Deloitte is still fighting the regulators. The deadlines for Deloitte to fix or sufficiently respond to criticisms in the 2007 and 2008 inspection reports have passed. We could soon see previously nonpublic information from those reports, too.

The risk for banks in a situation like this is that an auditor that brazenly irritates its regulator may draw unwanted attention to its clients from their regulators. For example, PCAOB spokeswoman Colleen Brennan reminds me that the SEC knows the names of every company whose audit deficiencies are mentioned in a PCAOB auditor inspection report.

These risks apply to all of Deloitte’s clients and to all public companies if the rest of the firms – KPMG, PwC, and Ernst & Young – are also playing chicken with the regulator.

A little more than a month after releasing the Deloitte private report, the PCAOB released the inspection reports for audits performed by PwC and KPMG in 2009. The Financial Times’ Kara Scannell summarizes the findings:

The Public Company Accounting Oversight Board’s findings from an annual inspection revealed that years after the financial crisis both auditing firms were not adequately challenging companies’ valuations of certain assets when the market for them dried up…

The board reviewed 71 audits completed by PwC in 2010 and 52 audits done by KPMG in 2010.

The Wall Street Journal’s Michael Rapoport tells us how bad the results really were:

The government’s auditing regulator found deficiencies in 28 audits conducted by PricewaterhouseCoopers LLP and 12 audits by KPMG LLP in its annual inspections of the Big Four accounting firms.

The Public Company Accounting Oversight Board said many of the deficiencies it found in its 2010 inspection reports of the two firms, released Monday, were significant enough that it appeared the firms didn’t obtain sufficient evidence to support their audit opinions.

The regulator hasn’t yet issued its yearly reports on its inspections of the other Big Four firms, Ernst & Young LLP and Deloitte LLP.

KPMG’s response to the PCAOB was not quite as belligerent as Deloitte’s persistent irritation at having their “professional judgment second-guessed”. But, it was not exactly conciliatory.

Floyd Norris of the New York Times:

Normally these letters say something like what KPMG wrote:

“We conducted a thorough evaluation of the matters identified in the draft report and addressed the engagement-specific findings in a manner consistent with PCAOB auditing standards and KPMG policies and procedures.”

You may note that said nothing about whether the firm accepted the board’s conclusions or not. That is better than what Deloitte did a few years ago, when it essentially said the board did not know what it was talking about.

PwC, on the other hand, met the regulator more than half way according to Norris:

PwC’s letter addressed that issue, saying that while there were cases where it differed with the board’s conclusions, “they generally related to the significance of the finding in relation to the audit taken as a whole, and not to the substance of the finding.”

“Accordingly,” wrote the PWC officials, “the overall PCAOB inspection results, as well as the results of our internal inspections, were important considerations in formulating our quality improvement plan,” which it then describes.

PwC’s spokesperson sent me this additional statement:

“PwC is built on our reputation for delivering quality. We also recognize that the role we play in the capital markets requires consistent, high-quality audit performance. We therefore are focused on the increase in the number of deficiencies in our audit performance reported in the 2010 PCAOB inspection over prior years. We are working to strengthen and sharpen the firm’s audit quality, including making investments designed to improve our performance over both the short- and long-term.”

Did the quality of the auditing really deteriorate for KPMG and PwC or is the PCAOB getting tougher, and maybe better, at what they do?

We’ll have to see what the upcoming Ernst & Young and Deloitte reports show. Ernst & Young has been criticized for the Groupon multiple S-1 issue, as well as questions about accounting at future IPOs Zynga and Facebook. Now we have Olympus, too. And, of course, the jury is still out on the firm’s role in Repo 105 and Lehman Brothers.

And what about the Deloitte improvement plan for prior years? Has Deloitte accepted the PCAOB’s criticisms and moved on or are they still fighting the regulator? Is Deloitte working hard to get ahead of their 2009, 2010, and 2011 results and avoid the embarrassment or worse – sanctions – if the PCAOB has to publish another private report?

The confidential internal training report, intended to brief Subject Matter Resources (SMR), is called, “FY 2012 Engagement Quality Activities”.

The Audit Quality Activity Plan for FY2012 has been socialized with:

1. –  The OAQ Steering Committee
2. –  The Audit Quality Council
3. –  The RMPs
4. –  The NPPDs
5. –  The RILs
6. –  Leaders in the PPN
7. –  Extended Leadership Team
8. –  CFO / CEO

Yeah, that’s a lot of acronyms. And I’m not sure anymore – maybe I’ve been out of the firms too long or maybe I was never in them enough – what “socializing” a quality plan means. Suffice to say, the document, one hundred and eight-one very dense PowerPoint pages, has tons of information for the SMRs to absorb and pass on to engagement teams like now.

But, by this summer, it was too late to make a difference in the inspection reports for the 2009 and 2010 audits.

2009

• Response submitted on May 4

2010

• Total of 98 comments (56 engagements inspected)
• Expect about 25 engagements to appear in Part I
• Draft report has not yet been issued

2011

• 33 engagements selected to date
• Focus areas
  – Continue to include: fair value and impairment determinations; internal controls – Also focusing more on revenue recognition
• 16 completed
  – 5 with no written comments
• Total of 24 comments on 11 completed inspections

If Deloitte sent their response to the PCAOB for the 2009 audits on May 4th, why are we still waiting for the final report? Given the PCAOB’s decision to release Part 2 of the inspection report for Deloitte’s 2006 audits last month, I believe Deloitte was still treating PCAOB comments as an affront to partners’ professional judgments.

What are the root causes for so many negative PCAOB comments, according to Deloitte?

When evaluating “what didn’t work” for the various engagement activities, the consistent refrains outlined in the training document are “started too late”, “not enough time”, and “greater discipline and consistency needed”.

But there’s a bigger problem when it comes to audit failures around complex topics like goodwill, deferred tax asset impairment, fair value determination of thinly traded securities, and management estimates of loan loss reserves. There’s a huge intellectual divide between the audit teams and the subject matter specialist teams.

Professionals who are experts in tax or valuation of complex derivatives, for example, are not experts in auditing standards. The auditors, and the education they receive in universities and in the firms, focuses on the technical aspects of accounting – they know GAAP chapter and verse but not GAAS. That’s how we ended up with a defense of Repo 105 from Ernst & Young that the treatment meets the GAAP requirements with no appreciation for the more subtle GAAS disclosure expectations. Until recently, the firms didn’t think the PCAOB would push them to meet such high standards for auditing as long as the accounting was, subject to “professional judgment”, right enough.

But that’s how the auditors missed, or justified looking the other way, as so many banks failed or had to be bailed out during the crisis. This attitude is evident when you read in the training document how many of Deloitte’s policies and methodologies have to be revised to now absolutely require certain tests and additional steps. The steps weren’t performed unless the firm considered them explicitly required. Unfortunately, there’s still a difference of opinion between Deloitte and the PCAOB about what the PCAOB auditing standards explicitly require.

Here’s one example from the Deloitte training document:

Auditing Standard No. 12 – Identifying and Assessing Risks of Material Misstatement

Understanding the company and its environment

Change to our Methodology: We shall consider reading public information about the company (e.g., analyst reports), observing or reading transcripts of earnings calls, obtaining an understanding of compensation arrangements with senior management, and obtaining information about trading activity in the company’s securities. (AS 12.11)

Key Takeaway: This is a more specific requirement for audits performed in accordance with the standards of the PCAOB. Previously, while we may have been considering these items in our audits, their consideration was not explicitly required by our policies or by professional standards.

How does Deloitte intend to meet this higher standard in a quick and dirty, cost effective way?

Run a report using “OneSource” that includes a company summary, corporate overview, strategic initiatives, strengths & weaknesses, competitors report, significant developments), News, Articles and Financial Statements.

Zippity doo da.  You now know everything you need to know about the company.

It doesn’t help that the audit firms business model accepts high turnover of staff during the first 5 years. It’s a model that auditors got away with when issues were not as complex as they are now, especially within financial services firms.

For example, how can a senior, someone with 2-4 years experience, test a complex structured derivative for potential fraud (i.e. think of the Abacus deal) which is, in reality, an embedded derivative with multiple tranches and economic and risk characteristics that may not be aligned with the host, sitting off balance sheet, after having been passed thru an SPV sponsored by a “too big to fail” bank?

The manager, senior manager, and partner typically have no idea what the subject matter expert, a member of Deloitte’s Financial Instrument Valuation Risk Analytic team, is talking about when he says the client’s models and assumptions are insufficient, outdated, or flawed. The audit team probably doesn’t even know what a synthetic CDO is.

The most egregious recent example of a subject matter being ignored  - it happened in Enron, too – is the case of KPMG’s expert on mortgage securitizations and repurchase risk being told, “We’re done here” when he warned at New Century Financial that the client’s models had obsolete assumptions. That ugly episode only came to light because of the New Century bankruptcy and a robust bankruptcy examiner’s report.

In the recently disclosed Part 2 of the 2006 Deloitte inspection report, the PCAOB told the firm that partners were ignoring experts, too.

The inspection team identified six engagements where there were deficiencies in the procedures relating to the use of the work of specialists. These deficiencies included five engagements where there was no evidence in the audit documentation, and no persuasive other evidence, that the Firm had tested certain data or assumptions that the issuer had provided to the specialist (beyond, in one instance, inquiry of management).

In the sixth engagement, as part of their tests of the issuer’s annual goodwill impairment test, the Firm’s internal valuation specialists performed various sensitivity analyses to resolve concerns the specialists had raised regarding the issuer’s method for evaluating goodwill. For some of the issuer’s reporting units, the sensitivity analyses indicated the fair value of the unit might be considerably lower, or considerably higher, than the unit’s carrying value. The Firm failed to perform further, more precise sensitivity analyses, or other procedures, to determine whether the goodwill associated with these units was impaired.

Deloitte did not use its specialized SEC reporting and GAAP/IFRS consultation group well either.

The inspection team identified complex fact patterns in significant accounting and auditing areas, which were associated with deficiencies noted in seven engagements,35/ including five engagements36/ discussed in Part I.A, where the engagement teams did not consult with the Firm’s National Accounting Research or Quality Assurance departments. In addition, * * * * engagement teams consulted in three instances at below “Level A,” and neither the engagement team nor the National Accounting Research personnel raised the issue to a higher level as allowed by the policies.

Is Deloitte truly committed to a sea change in tone as well as technique? Seems to me the firm puts an enormous burden on the “soldiers” on the front lines and not enough on the “generals”, the partners who sign the opinions.

I’m not convinced they’re committed. Based on this document, and insider reports, I believe the the firm is still resistant. The firm’s big hope is probably that the spotlight moves away from Deloitte when something happens at another firm. Perhaps it will be a new development in the New York Attorney General’s case against Ernst & Young for Lehman.

But I do think the PCAOB is getting bolder and won’t be letting up on the audit firms.  The recent inspection reports on PwC and KPMG 2009 audits are proof of this.

Here in Chicago, everyone is mad and no one knows who has the answers.

MF Global’s auditor is PricewaterhouseCoopers, who inherited the client when Man Financial, also a client, spun off the brokerage firm in 2007.

Almost everyone wondering where the missing MF Global customer assets have gone thinks they will show up eventually.

I believe the assets are long gone.

Unlike the shell game, there is no bean under the MF Global dixie cup. The mixed bag of marketable securities taken from customer segregated accounts, used most likely to meet margin calls and satisfy “important” customers closing accounts during the last days, will, in my opinion, never be seen again.

Too much time has passed for anyone to still reasonably expect that the “discrepancy” is just a timing difference or a misallocation between accounts, according to several sources who prefer to remain anonymous because of the sensitivity of the situation. All of the statements made on the record by those in a position to know point to assets taken out of the firm and now gone for good.

CFTC in bankruptcy filing October 31 according to The Financial Times: The CFTC, in a court filing, revealed MF Global’s general counsel Laurie Ferber emailed the regulator at 7.18pm Monday – hours after the bankruptcy filing – to say that it had “discovered a significant shortfall in its segregated funds account”.

Joint statement of CFTC and SEC on November 1: “Early this morning, MF Global informed the regulators that the transaction had not been agreed to and reported possible deficiencies in customer futures segregated accounts held at the firm.”

The CME Group on November 2: “CME completed its on-site review last week. [Reportedly Monday.] At that time, the results of our review indicated that MF Global was in compliance with its segregation requirements.  It now appears that the firm made subsequent transfers of customer segregated funds in a manner that may have been designed to avoid detection insofar as MF Global did not disclose or report such transfers to the CFTC or CME until early morning on Monday, October 31, 2011.”

Read the rest at Forbes.com, MF Global Assets Have Left The Building: How, When, Where.

Other stories of mine about this issue include:

At Forbes:

October 31, 2011 MF Global : 99 Problems And Auditor PwC Warned About None

At American Banker:

Auditor PwC Should Have Been on Top of MF Global
November 4, 2011 If MF Global commingled client funds, it would be PwC’s fault as much as Jon Corzine’s.

Are Cozy Ties Muzzling S&P on MF Global Downgrade?
October 28, 2011 Jon Corzine’s old ways got his firm into trouble. Now he’s hoping old ties will bail it out.

Main page image, “Elvis has left the building” by Simon Crubellier.

Section 304 of the Sarbanes-Oxley Act of 2002, which covers clawbacks, is, on its face, a strict liability provision but the SEC has been exercising “prosecutorial discretion” when applying the statute.

The Dodd-Frank Act will expand the population of those potentially liable for clawbacks and the time period used to calculate the paybacks. The new law also drops the prerequisite under Sarbanes-Oxley that there has to be misconduct before paybacks are expected.

I covered this, and other provisions of Dodd-Frank that expand, retract, or revise Sarbanes-Oxley statutes, in a recent OpEd at Boston Review.

John White, a partner with law firm Cravath, Swaine & Moore LLP and a former Director of the SEC’s Division of Corporation Finance, believes the public and the media should focus on Dodd-Frank’s new Section 954 clawback provisions, not the SEC’s enforcement record under Sarbanes-Oxley:

“Dodd-Frank is much broader than SOX 304 and it’s mandatory. All listed companies will have to have clawback policies and enforce them. No misconduct is required — just an accounting error and a restatement. All present and former officers are covered. This could have a big impact and alter how incentive compensation is structured.”

As long as there’s a mismatch between what an executive should have earned under restated financial results and what they got based on errors or fraud, Dodd-Frank says they’re supposed to give back the excess to their companies. If not, the SEC can litigate to force them to return it. Although there is no private cause of action under Section 304 – only the SEC can bring a claim – under Dodd-Frank companies or shareholders could potentially sue a present or former officer to recoup compensation based on employment contracts that stipulate compliance with new mandatory company policies and procedures.

What both the Sarbanes-Oxley Act of 2002 and Dodd-Frank’s clawback provision do require is a restatement. The restatement of financial results to correct material errors – whether those errors occurred by default or by design – is a necessary condition for enforcing both the Sarbanes-Oxley Section 304 provision and the new Dodd-Frank law.

The Sarbanes-Oxley Section 304 law is very specific, according to attorney Stephen Quinlivan of Leonard Street and Deinard:

Morgenson uses the term “clawback” in a broad, non-technical sense to cover any recovery of compensation from a public company’s executives. As written, Sarbanes-Oxley includes only a narrow statutory disgorgement provision. It applies only to a CEO and CFO, and only where there has been “misconduct” that resulted in a “restatement.”

Morgenson doesn’t mention the impact of the Dodd-Frank law on clawbacks in her piece. Her point is: The bark of Sarbanes-Oxley’s clawback provision has been much worse than its bite.

But the Sarbanes-Oxley enforcement numbers are much worse than Morgenson cites. Morgenson supports her argument by citing unattributed statistics. She also incorrectly interprets the Sarbanes-Oxley Section 304 law. As a result, Morgenson credits three cases by name as Sarbanes-Oxley 304 enforcement that are not. She also neglects to mention a key one that is.

It appears Morgenson may have based her numbers on a review of the SEC initial complaints that included a Section 304 allegation, amongst many other allegations, when they started their enforcement journey. If Morgenson took the SEC’s word for what constituted a case and what did not, it’s not surprising that the regulator might have padded grim numbers with cases that are still pending or that, in the end, didn’t meet the strict Section 304 requirements.

That approach overstates the SEC’s efforts and certainly misstates their enforcement effectiveness.

It’s a long road, sometimes years, from complaint to settlement or adjudication. Only a few cases that the SEC filed with Section 304 amongst the litany of allegations have survived all the motions to dismiss and legal maneuvers from both sides. Along the way, the Section 304 allegation is often dropped.

Sometimes it’s pure expediency. The SEC wants to close the case, notch their gun and move on. A negotiated settlement is the fastest and easiest way to get some money back from the executives. Sometimes the facts don’t fit the law’s requirements. That happens when there’s no restatement, a necessary condition for taking credit for a Section 304  – or a Dodd-Frank – clawback enforcement.

Dorsey & Whitney’s Tom Gorman, who authors the blog, SEC Action, sympathizes with Morgenson. It’s not easy to verify the SEC’s record of enforcement of this statute.

The article does make a point. The SEC is inconsistent in how it applies the statute. It does not apply it in every case where it might. Nor does there seem to be any logic to how and when they apply it.

In those cases where the SEC chooses to apply the statute they seem to want the full measure of repayment as written by the statute.

For example, one key case Morgenson does not mention, SEC v. Jenkins, was the first “innocent executive” case brought under Section 304. The complaint admits the CEO was not involved in the wrongful conduct. The SEC sought recovery of bonuses and incentives from Jenkins, the CEO of CSK, but he was not the one who committed the misconduct that caused the restatement. However, the SEC’s Commissioners recently rejected a recommendation from SEC enforcement staff to settle for less than half the amount claimed in Jenkins complaint. The SEC enforcement staff was ready to settle for less than, presumably, the full Section 304 measure of repayment.

In other cases, the SEC realizes, after additional investigation and the passage of time, that the case doesn’t fit the strict requirements of Section 304. Maybe there’s no restatement or maybe misconduct can’t be easily proved. The result is a settlement and a negotiated recovery of some money from the CEO, CFO, maybe a controller, that may or may not be reimbursed to the company – it’s not always clear – and is no longer identified as a Section 304 enforcement.

Morgenson mentions the very first Section 304 case in 2007 but not by name. SEC v. McGuire was settled not litigated and the SEC considers it their first enforcement of the law.

One case that figures prominently in Morgenson’s piece is SEC v. Morrice. The original complaints filed against Morrice the CEO, the company’s CFO, and its controller included Section 304 allegations. Maybe it was hard to resist including this case in the story because it refers to the failure of New Century Financial, the second largest mortgage originator at the time. This failure was one from the “subprime crisis”, which led to the credit crisis in early 2008 and, finally, to the full blown financial crisis that was precipitated by the failure of Lehman Brothers in September of 2008.

But New Century Financial is not a Section 304 clawback case because there was never a restatement of financial results. New Century began to implode after the company announced the necessity of a restatement. But that restatement never happened. The company filed bankruptcy two months later.

Many of the early backdating cases that may be pumping up the statistics Morgenson cites are most likely the SEC’s attempt to “have their cake and eat it too”. The cases may have resulted in some type of financial recovery or disgorgement from CEOs and CFOs. But some, like SEC v. Mercury Interactive, were no longer Section 304 cases when they settled – CFO Abrams voluntarily repaid the stock option proceeds to the company.

Or the Section 304 claim was dismissed because there was no restatement, even if the SEC claimed there should have been one. That’s the point the defendant argued – and won – in SEC v. Shanahan. Or the cases are “administratively closed” pending resolution of criminal charges like SEC v. Brooks. By the time these cases get to the finish line, the SEC can drop the Section 304 claim or the entire civil case altogether.

SEC v Brooks raised another interesting issue that will become even more important under Dodd-Frank’s “clawback” provisions.

Brooks, CEO of DHB Industries, and Schlegal, the CFO, sought indemnification for any Section 304 claims from the company. In their settlement of a shareholder’s derivative suit brought as a result of the fraud, insider trading, and accounting violations at DHB Industries, the company agreed to pay any penalties imposed by the SEC on the CEO and CFO.

A judge told DHB Industries that Section 304 did not allow that.

The SEC’s decision to pursue Section 304 relief is not solely intended to reimburse a company; it also furthers important public purposes. The Section 304 remedy is an enforcement mechanism that ensures the integrity of the financial markets… In sum, companies themselves do not have the authority effectively to exempt persons from § 304 liability.

The new Dodd-Frank “clawback” provisions are “listing standards”. That means the SEC will write rules to comply with the new law but the rules will be enforced by exchanges who must write their own rules. The exchange rules will be used by companies to develop internal policies and procedures that will address reimbursement issues as they arise.

The SEC’s most recent published schedule for Dodd-Frank rule writing says that a proposal on Dodd-Frank Section 954 clawback rules is expected by the end of the year and a final rule to exchanges by the end of the second quarter of 2012. It’s going to be even longer before companies are ready to enforce these provisions. In the meantime, companies and their lawyers are raising significant objections to them.

Dorsey & Whitney’s Gorman would like to see Dodd-Frank Section 954 applied in a manner which encourages corporate executives to strictly adhere to their duty to monitor.

The point in applying the statute should be to encourage executives to prevent wrong doing in the first instance by carefully monitoring and having “best practices” systems.

Ideally, the new Dodd-Frank provisions, and Sarbanes-Oxley Section 304 in the meantime, can and should be enforced more often and more consistently.

My analysis of the Section 304 cases mentioned in Morgenson’s piece and others of note, as of September 15, 2011, is here.

Main page image from this site of Lady Gaga in Alexander McQueen’s lobster claw shoes.

Here in the U.S. the PCAOB has been busy. I’ll give them – mostly Chairman James Doty and the Investor Advisory Group led by Board Member Steve Harris – credit for that. The Investor Advisory Group – rather, the boldest amongst them – recently sent a letter to the PCAOB to provide comments on the PCAOB’s June 21, 2011 Concept Release entitled Possible Revisions to PCAOB Standards Related to Reports on Audited Financial Statements and Related Amendments to PCAOB Standards.

It is worth noting that a number of other parties agree that the current form of the auditor’s report fails to meet the legitimate needs of investors.  First, the U.S. Treasury Advisory Committee on the Auditing Profession (ACAP) called for the PCAOB to undertake a standard-setting initiative to consider improvements to the standard audit report.  The ACAP members support “… improving the content of the auditor’s report beyond the current pass/fail model to include a more relevant discussion about the audit of the financial statements.”

Second, surveys conducted by the CFA Institute in 2008 and 2010 indicate that research analysts want auditors to communicate more information in their reports.

Finally, even leaders of the accounting profession have acknowledged that the audit report needs to become more relevant.  In testimony before ACAP, Dennis Nally, Chairman of PwC International stated, “It’s not difficult to imagine a world where the … trend to fair value measurement — lead one to consider whether it is necessary to change the content of the auditor’s report to be more relevant to the capital markets and its various stakeholders.”

Finally, leaders of the accounting profession have previously stated that changes to the audit report should reflect investor preferences.  In their 2006 White Paper, the CEOs of the six largest accounting firms stated, “The new (reporting) model should be driven by the wants of investors and other users of company information …” (their emphasis).

Before we turn to a discussion of the IAG investor survey, we believe it is important to underscore the fundamental but often overlooked fact that the issuer’s investors, not its audit committee or management team or the company itself, are the auditor’s client. It is therefore not only appropriate, but essential, that investors’ views and preferences take center stage as the PCAOB considers possible changes to the format and content of the audit report.

In the meantime, I’ve written two articles about the proposals on auditor regulation before the European Commission.

In Forbes, I told you not to count on Europe to reform the audit model or auditors, in general.

The audit industry is reportedly under siege in Europe and on the verge of being broken up, restrained, and rotated until all the good profit is spun out.

This is neither a foregone conclusion nor highly likely.

The European Commission’s internal markets commissioner Michel Barnier is talking tough, but the rhetoric should be no surprise to those who have been following the European response to the financial crisis closely…

Please read the rest at Forbes.com, “Don’t Count On Europe To Reform Auditors And Accounting”.

In American Banker, I focused on the impact of auditor reforms on financial services. Why is the European Commission taking such strong action now? Why is the U.S. lagging so far behind?

The clamor for accountability from the auditors for financial crisis failures and losses has been much louder, much stronger, and going on much longer in the U.K. and Europe, than in the United States. Barnier’s most dramatic proposals are viewed by most commenters as a reaction to the bank failures. “Auditors play an essential role in financial markets: financial actors need to be able to trust their statements,” Barnier told the Financial Times. “There are weaknesses in the way the audit sector works today. The crisis highlighted them.”

There’s is a concern on both sides of the Atlantic over long-standing auditor relationships.

The average auditor tenure for the largest 100 U.S. companies by market cap is 28 years. The U.S. accounting regulator, the PCAOB, highlighted the auditor tenure trap in its recent Concept Release on Auditor Independence and Auditor Rotation. According to The Independent, quoting a recent House of Lords report, only one of the FTSE 100 index’s members uses a non-Big Four firm and the average relationship lasts 48 years. Some of the U.S. bailout recipients — General Motors, AIG, Goldman Sachs, Citigroup — and crisis failure Lehman had as long or longer relationships with their auditors…

Please read the rest at American Banker, “Bank Debacles Drive Europe to Raise the Bar on Audits”.

Most media enable him.

His latest stunt, ostensibly meant to save Bank of America while closing a savvy deal for Berkshire Hathaway, garnered laudatory headlines. Bank of America spun Buffett’s $5 billion investment for maximum effect.

Buffett supposedly came up with the idea in the bath. Several journalists added to his repertoire of folkways by reporting it.

Unfortunately, Bank of America is going to need more than $5 billion and temporary use of Warren Buffett’s aura to solve their problems.

The Wall Street Journal, September 2, 2011: U.S. regulators have pushed Bank of America Corp. to show what measures it could take if conditions worsen for the Charlotte, N.C., lender, according to people familiar with the situation.

Executives of the bank recently responded to the unusual request from the Federal Reserve with a list of options that includes the issuance of a separate class of shares tied to the performance of its Merrill Lynch securities unit, these people said. Bank of America purchased Merrill Lynch in 2009, and it has become the bank’s most profitable division.

It’s easy to forget that Buffett is the CEO and Chairman of a publicly held company when he’s seen scurrying around like Mighty Mouse, nibbling at failing banks and pulling billions from his fanny pack. Berkshire is a big company with some shareholders that aren’t him, his family, or his ego-stroking entourage otherwise known as the Board of Directors.

Buffett’s Bank of America move is not the kind you see most fiduciaries, bound by duty and good faith, make. It’s a public relations coup as performance, designed to leave a refreshing aftertaste.

Instead, investors are often stuck with a bitter one.

The next time something goes terribly wrong at a Berkshire Hathaway company, there’s a strong possibility no one will hear about it. Warren Buffett and Charlie Munger won’t be held directly responsible either. That’s the beauty of Buffett’s version of a conglomerate corporate structure, decentralized to such an obscene level such that its minimalism is brandished as a feature not a bug.

As our first owner-related principle tells you, Charlie and I are the managing partners of Berkshire. But we subcontract all of the heavy lifting in this business to the managers of our subsidiaries. In fact, we delegate almost to the point of abdication: Though Berkshire has about 260,000 employees, only 21 of these are at headquarters.

Buffett judges the investments he makes ruthlessly, but allows his operating companies to run on autopilot. It’s a wonder such financial, legal, and regulatory issues as the Salomon Brothers slip-up, Berkshire’s non-prosecution agreement with the Department of Justice over its dealings with AIG from 2000-2004, the James River lawsuit, and Sokol’s usurpation ever saw the light of day. It’s a testament to a few diligent folks who pushed those rocks, like Sisyphus, up transparency hill.

None of the issues mentioned above has tarnished Buffett’s halo for long, but the list of missteps grows longer. The Berkshire chairman claims plausible deniability. That’s made possible by the insatiable appetite of investors for gurus and sages rather than sirens.

The most frequent rebuttal to any attempt to burst Buffett’s bubble of infallibility is that “proof is in the performance”. Lots of long-term investors swear by Berkshire Hathaway stock and hang on every word from Buffett and Charlie Munger for investment insight.

But, as Aaron Task at Yahoo’s Daily Ticker recently reminded us, all that glitters is not gold:

“…investors who’ve followed Buffett into investments like Goldman Sachs and GE got burned, assuming they adhered to Buffett’s dictum about “forever” being the best holding period. The rest of us didn’t get the big dividends Buffett earned and both stocks are currently trading below the levels when Buffett made his “confidence-boosting” investments in 2008, Goldman by 12% and GE by 37%.

Finally, shares of Buffett’s own company, Berkshire Hathaway, have underperformed the S&P 500 in the past year and the company recently split its B-shares, violating yet another of Buffett’s not-so-sacred tenants.”

Buffett himself has admitted that being too big now affects his ability to capture outsize returns for the primary business of producing cash from other companies.

From the Berkshire Hathaway 2010 Annual Report:

The past growth rate in Berkshire’s book value per share is not an indication of future results.

In the years since our present management acquired control of Berkshire, our book value per share has grown at a highly satisfactory rate. Because of the large size of our capital base (shareholders’ equity of approximately $157.3 billion as of December 31, 2010), our book value per share will very likely not increase in the future at a rate even close to its past rate.

Buffett’s reluctance to sell loser portfolio operating companies or fire under performing managers means he has to make repetitive $5 billion Bank of America and Goldman Sachs preferred stock plays to compensate for tragic flaws like misplaced loyalty and day-to-day conflict avoidance.

And then there’s the numbers.

Berkshire Hathaway is a publicly traded company, listed on the New York Stock Exchange and regulated by the Securities and Exchange Commission. The integrity of Berkshire Hathaway’s external financial reporting should be ensured by the strictures of the Sarbanes-Oxley Act of 2002. Berkshire Hathaway and Warren Buffett, however, pay no more than lip service to the requirements and reject many other recommended corporate governance practices.

What’s left – of the financial reporting process, the internal audit organization, and the external audit relationship – is not enough, in my opinion, to prevent someone from spinning straw into gold.

Questionable corporate political campaign finance practices and foreign corrupt practices in the mid -1970s prompted the U.S. Securities and Exchange Commission and the U.S. Congress to enact campaign finance law reforms and the 1977 Foreign Corrupt Practices Act (FCPA) which criminalized transnational bribery and required companies to implement internal control programs. The Treadway Commission, a private-sector initiative, was formed in 1985 to inspect, analyze, and make recommendations on fraudulent corporate financial reporting. The original chairman of the Treadway Commission was James C. Treadway, Jr., Executive Vice President and General Counsel, Paine Webber and a former Commissioner of the U.S. Securities and Exchange Commission.

The accounting industry regulator, the PCAOB, tells us that existing auditing standards are neutral regarding the internal control framework that auditors use for obtaining an understanding of internal controls over financial reporting (ICFR), testing and evaluating controls, and, in integrated audits, reporting on ICFR. For integrated audits, PCAOB standards state that auditors should use the same internal control framework that management uses.

Since the Committee Of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control-Integrated Framework (IC-IF) was published in 1992, many companies and auditors have used IC-IF as their framework in considering internal control over financial reporting. Also, since companies and auditors began reporting on the effectiveness of ICFR pursuant to §404 of Sarbanes-Oxley Act of 2002, many of those companies and auditors have used IC-IF as the framework for evaluating and reporting on ICFR.

Before leading the Treadway Commission, before the savings and loan scandals of the 1980’s, before Enron and the rest of the scandals of the 90’s such as WorldCom, Tyco, Adelphia, HealthSouth, and many others, James Treadway, SEC Commissioner, made a speech about financial fraud. His remarks specifically mentioned corporate structure, in particular a decentralized organizational structure, as a common characteristic of companies involved in financial fraud.

An excerpt of remarks by James Treadway to the Third Annual Southern Securities Institute, Miami Beach, Florida, April 8,1983

I refer to a decentralized corporate structure, with autonomous divisional management. Such a structure is intended to encourage responsibility, productivity, and therefore profits—all entirely laudable objectives. But the unfortunate corollary has been a lack of accountability.

The situation has been exacerbated when central headquarters has unilaterally set profit goals for a division or, without expressly stating goals, applied steady pressure for increased profits. Either way, the pressure has created an atmosphere in which falsification of books and records at middle and lower levels became possible, even predictable. This atmosphere has caused middle and lower level management and entire divisions to adopt the attitude that the outright falsification of book and records on a regular, on going, pervasive basis is an entirely appropriate way to achieve unrealistic profit objectives, as long as the falsifications get by the independent auditors, who are viewed as fair game to be deceived.

Treadway goes on to describe a company that’s almost an exact replica of Berkshire Hathaway. What’s most troubling is that nearly thirty years later there’s no excuse – lack of technology, real time communications, or specific regulatory requirements – for these conditions to still exist in a company of the size and systemic importance of Berkshire Hathaway. The weaknesses remain by design, not by default, which begs the question of whether they could serve an illegal or unethical purpose at any time.

Treadway’s speech goes on to describe eight characteristics of decentralized companies that promote lack of accountability and, potentially, the existence of financial fraud. I repeat them here, in italics, with a few comments after each related to Berkshire Hathaway.

1.The divisions and subsidiaries were autonomous, with little or no oversight by headquarters, particularly in the areas of auditing, accounting, and internal controls.

Berkshire Hathaway’s divisions and subsidiaries are, by Buffett’s admission, run with little or no oversight by Omaha headquarters. Each year he sends the CEOs a general letter outlining high-level goals and requires very few reports or status updates. One-way communication of monthly and quarterly financial results is the primary method used by most of the business units to report to headquarters.

From Warren Buffett’s annual letter to shareholders this past February, 2011:

At Berkshire, managers can focus on running their businesses: They are not subjected to meetings at headquarters nor financing worries nor Wall Street harassment. They simply get a letter from me every two years and call me when they wish. And their wishes do differ: There are managers to whom I have not talked in the last year, while there is one with whom I talk almost daily. Our trust is in people rather than process. A “hire well, manage little” code suits both them and me.

Berkshire’s CEOs come in many forms. Some have MBAs; others never finished college. Some use budgets and are by-the-book types; others operate by the seat of their pants. Our team resembles a baseball squad composed of all-stars having vastly different batting styles. Changes in our line-up are seldom required.

2. Constant pressure was strongly exerted by distant top management on subsidiaries and divisions to achieve profit goals set unilaterally and arbitrarily by corporate headquarters.

I don’t know to what extent pressure is brought to bear on subsidiaries by headquarters to meet specific numeric goals. What we have seen, in the Sokol scandal most recently, is that joining the Berkshire family may give some CEOs the impression they can break rules as long as they deliver expected results. In fact, they may even be touted as a possible Buffett successor.

Sokol’s Ways Questioned in Past Suits, The New York Times, April 4, 2011: Lawsuits involving David L. Sokol after he joined Berkshire Hathaway suggest that management had some warnings about his rules-pushing nature long before his resignation last week for buying stock in a company shortly before Berkshire acquired it. The most serious lawsuit centered on the accounting of an irrigation project by MidAmerican Energy, where Mr. Sokol was chief executive when Berkshire bought it in 1999.

In a rebuke last year, the judge ruled in that case that MidAmerican had improperly changed its accounting on the project and criticized Mr. Sokol directly. The change in accounting was “intended to eliminate the minority shareholders’ interests,” the judge wrote, awarding more than $32 million to the minority shareholders. The case had taken more than five years to work its way through the courts. During that time, Warren E. Buffett, the chief executive of Berkshire, expressed confidence in Mr. Sokol by broadening his portfolio beyond MidAmerican to include Netjets, a company that sells fractional use of private aircraft.

After Mr. Sokol took over Netjets in July 2009, some critics complained about his management style and his strategy for shrinking the company, which had been ailing even before the financial crisis did more severe damage.

3.  Communications between divisions and headquarters about the practicability of reaching established profit goals ranged from limited to non-existent.

From the 2010 Berkshire Hathaway Annual Report:

Berkshire’s operating businesses are managed on an unusually decentralized basis. There are essentially no centralized or integrated business functions (such as sales, marketing, purchasing, legal or human resources) and there is minimal involvement by Berkshire’s corporate headquarters in the day-to-day business activities of the operating businesses.

4. Headquarters and top management created an atmosphere in which sales and marketing functions in the divisions we reviewed as more important than accounting and auditing.

To say that there’s a strong focus on sales and marketing at Berkshire Hathaway would be a significant understatement. Buffett himself calls the company’s annual meeting “Woodstock for Capitalists”. Reports of the proceedings describe a carnival like atmosphere. Some of the highlights of the weekend are a showcase for the portfolio companies highlighting their products and services, a Q&A for international journalists held in the dazzling Borsheim’s jewelry showroom, and a BBQ at their Nebraska Furniture Mart.

But for a taste of the performance art purveyed in service to the Buffett cult, take a look at this excerpt from Michael de la Merced’s live blog for The New York Times Deal Book:

9:41 A.M. A brief commercial break

Because this is a haven for capitalism, there’s a brief commercial break. There’s Coca-Cola, one of Mr. Buffett’s most famous investments, and there’s Geico’s commercial about woodchucks chucking wood.

9:38 A.M. The Gekko arrives, and the day is saved

The Geico Gekko is one of several Berkshire employees to appear — along with Charlie Munger and Mr. Buffett’s assistant Debbie Bosanek — offering the MBA cyborg insurance. The MBA responds: “I’m self-insured.”

Of course, Ah-nuld and Mr. Buffett show up to save the day.

9:35 A.M. Buffett, action movie star

The movie begins with an animated segment about the “MBAs,” ruthless trading machines who plan to destroy the world.

The only hope is Warren Buffett.

We’ve already got a couple of celebrity cameos. Arnold Schwarzenegger is suiting up as “The Governator,” shortly after having stepped down as governor of California. (And there’s Larry King asking him a question!)

9:30 A.M. The lights have dimmed

After a brief introduction from Mr. Buffett, explaining the movie and asking shareholders not to record it (in part to assuage the famous people — who, “surprise, surprise” work for Berkshire for free), the movie begins.

It’s a time-lapse video of the prepping of the Qwest Center for the Berkshire annual meeting, set to U2’s “Beautiful Day.” It’s really amazing to see just how people flow into the arena and fill it to the brim.

It’s also amazing how the crowd, so noisy just minutes ago, has turned silent in the dimness.

9:26 A.M. Ladies and gents, take your seats

It’s almost showtime. A gravelly announcer — who sounds awfully similar to that guy from all the movie trailers — tells of those who have gathered for “one gloriously capitalistic weekend.” He further intones, “All roads led them to Omaha” before the big finish: “You’ve arrived at the Berkshire Hathaway shareholders meeting. The movie will begin in 10 minutes.”

5. That atmosphere caused divisional managers and personnel to believe that falsifying or “cooking the books” was the only way to achieve the profit demands, and that this was acceptable to headquarters. The divisional personnel engaged in the improper activities as part of an admitted” team effort.” In some instances, divisional employees stated that they believed it a “mortal sin not to meet the profit goals.

Here’s an excerpt from Buffett’s letter to his CEOs (“The All-Stars”) in July of 2010:

Somebody is doing something today at Berkshire that you and I would be unhappy about if we knew of it. That’s inevitable: We now employ more than 250,000 people and the chances of that number getting through the day without any bad behavior occurring is nil. But we can have a huge effect in minimizing such activities by jumping on anything immediately when there is the slightest odor of impropriety. Your attitude on such matters, expressed by behavior as well as words, will be the most important factor in how the culture of your business develops. Culture, more than rule books, determines how an organization behaves.

In other respects, talk to me about what is going on as little or as much as you wish. Each of you does a first-class job of running your operation with your own individual style and you don’t need me to help. The only items you need to clear with me are any changes in post-retirement benefits and any unusually large capital expenditures or acquisitions.

6. No employee involved received any direct personal benefit from theft, bribes, kickbacks, or diversion of assets.

What was so disturbing to so many about the Sokol scandal at Berkshire Hathaway last spring was the sheer audacity of David Sokol putting himself first, not the company. That was surprising to observers and seemed to take Warren Buffett by surprise, also. But it’s not so clear that Buffett had made Sokol, and by implication perhaps his other CEOs, understand where he truly draws the line and when, and if, failure and bad behavior would be subject to punishment or banishment.

Warren Buffett, Unplugged, The Wall Street Journal, November 12, 2005: Mr. Buffett tends to stick to investments for the long haul, even when the going gets bumpy. Mr. Sokol recalls bracing for an August 2004 meeting at which he planned to break the news to Mr. Buffett that the Iowa utility needed to write off about $360 million for a soured zinc project. Mr. Sokol says he was stunned by Mr. Buffett’s response: “David, we all make mistakes.” Their meeting lasted only 10 minutes. “I would have fired me if I was him,” Mr. Sokol says. “If you don’t make mistakes, you can’t make decisions,” Mr. Buffett says. “You can’t dwell on them.” Mr. Buffett notes that he has made “a lot bigger mistakes” himself than Mr. Sokol did.

7. The falsifications were large, simple, and direct. Expenses were improperly shifted from one accounting period to another. Goods ready for shipment, sometimes not even manufactured, were accounted for as sales in the current period, even though not actually shipped or manufactured until a succeeding period. False statements were made to auditors. Multiple sets of expense records were kept. Shipping invoices and bills were altered, with third parties sometimes enlisted to assist.

Buffett once criticized derivatives, for which there are particularly complicated rules and often difficult to determine values, as “financial weapons of mass destruction”.  Now he likens them to insurance and counts on the contracts to juice his earnings.

From Warren Buffett’s annual letter to shareholders this past February, 2011:

Two years ago, in the 2008 Annual Report, I told you that Berkshire was a party to 251 derivatives contracts (other than those used for operations at our subsidiaries, such as MidAmerican, and the few left over at Gen Re). Today, the comparable number is 203, a figure reflecting both a few additions to our portfolio and the unwinding or expiration of some contracts.

Our continuing positions, all of which I am personally responsible for, fall largely into two categories.

We view both categories as engaging us in insurance-like activities in which we receive premiums for assuming risks that others wish to shed. Indeed, the thought processes we employ in these derivatives transactions are identical to those we use in our insurance business. You should also understand that we get paid up-front when we enter into the contracts and therefore run no counterparty risk. That’s important.

But for the benefit of you, the investor, he tries to “keep it simple, stupid.”

On Reporting and Misreporting: The Numbers That Count and Those That Don’t

Earlier in this letter, I pointed out some numbers that Charlie and I find useful in valuing Berkshire and measuring its progress.

Let’s focus here on a number we omitted, but which many in the media feature above all others: net income. Important though that number may be at most companies, it is almost always meaningless at Berkshire.

Regardless of how our businesses might be doing, Charlie and I could – quite legally – cause net income in any given period to be almost any number we would like… If we really thought net income important, we could regularly feed realized gains into it simply because we have a huge amount of unrealized gains upon which to draw. Rest assured, though, that Charlie and I have never sold a security because of the effect a sale would have on the net income we were soon to report. We both have a deep disgust for “game playing” with numbers, a practice that was rampant throughout corporate America

in the 1990s and still persists, though it occurs less frequently and less blatantly than it used to.

Operating earnings, despite having some shortcomings, are in general a reasonable guide as to how our businesses are doing. Ignore our net income figure, however. Regulations require that we report it to you. But if you find reporters focusing on it, that will speak more to their performance than ours.

Contrast that tough talk with their actions when questioned by the S.E.C. about the declining values of some of their equity investments. Warren Buffett and Berkshire Hathaway had to be dragged kicking and complaining to recognize those significant unrealized losses. They resisted taking others.

They hate to admit a loser.

Berkshire Wrote Down Stocks After SEC Query, The Wall Street Journal, March 29, 2011: Warren Buffett’s Berkshire Hathaway Inc. took an accounting charge to reflect the declines of three stocks in its portfolio after regulators asked about the company’s policy for writing down investment losses.

But Berkshire pushed back when securities regulators asked about two of its largest holdings, including its $11.1 billion stake in Wells Fargo & Co., saying it didn’t plan to write down losses on those investments… Chief Financial Officer Marc Hamburg complained…Despite Mr. Hamburg’s objection, the company recorded $938 million in impairment charges in the fourth quarter to reflect declines in shares of Swiss Reinsurance Co., U.S. Bancorp and pharmaceutical firm Sanofi-Aventis SA….

“Berkshire management,” Mr. Hamburg wrote, “does not believe that the validity of the efficient market hypothesis as suggested by the Commission can either be proven or disproven. Information made available by the issuer of a security including current results and expectations regarding the future will likely be interpreted differently by individual investors.”

Berkshire also told the SEC it wouldn’t write down its $413 million in unrealized losses in Wells Fargo or a smaller loss on its investment in Kraft Foods Inc. The two companies are among the largest holdings in Berkshire’s stock portfolio.

8. The falsifications were undetected by top management, not for brief periods of time, but for years and years. In short, the break-down was systemic.

If systemic breakdowns in accounting and financial reporting in Berkshire Hathaway companies, or via “top-side” journal entries made at headquarters, ever surface, they will have gone undetected for years. The revelations may not come until Warren Buffett no longer sets the high water mark.

After Enron, Buffett criticized “toadie” auditors and lackadaisical audit committees.

But perhaps the best place to focus attention is on the audit committee of boards of directors. Warren Buffett proposes that the audit committee have a Q&A session with auditors.

“You can’t meet on an audit committee for two hours twice a year and really know what’s going on,” says Buffett. “Auditors most of the time will know–put them on the spot.” And Buffett wants these questions and answers to go into the minutes unfailingly.

However, Berkshire’s own audit committee was seriously understaffed last year when the Sokol debacle played out and met only five times in 2010, mostly without its third member. When the audit committee launched an investigation of the Sokol scandal, they used the house law firm, Munger, Tolles rather than an independent one, even though a Munger, Tolles partner is the company’s ad-hoc General Counsel and was already being sued, along with the rest of the directors including audit committee members, over their handling of the issue.

James Treadway goes on to discuss, in his 1983 speech, the role of the auditor in finding fraud. What’s sad is that the examples he cites – auditors abdicating their duty to shareholders -are eerily similar to the ones cited recently by PCAOB Chairman Jim Doty. Doty has been emphasizing the need for more auditor skepticism. PCAOB inspectors see an appalling lack of it and the deficiencies cited in their reports are increasing rather than decreasing.

Preventing “cooked books” requires careful attention to sound accounting controls and procedures, and a corporate atmosphere and structure that emphasizes the significance of such controls and procedures — at all levels. But that lesson of attention to detail and the need for verification and sometimes tough-minded questioning seems difficult to learn.

To draw a parallel, let me quote from a few Accounting Series Releases over the last four decades.

“The time has long passed, if it ever existed, when the basis of an audit was restricted to the material appearing in the books and records …. [T]he partner in charge.., was not sufficiently concerned with the basic problems of internal check and control to make the searching review which an engagement requires.”

ASR-19, 1940. In the Matter of McKesson & Robbins, Inc.

“We have also found that in certifying such financial statements the respondents failed to comply with generally accepted auditing standards … by their reliance upon the unsupported and questionable representations of the Seaboard Management …. ”

ASR-78, 1957. In the Matter of Touche, Niven, Bailey & Smart, et al. (Seaboard Commercial Corporation.)

“A major deficiency of the Stirling Homex audit was Peat, Marwick, Mitchell & Co.’s reliance on the unsupported, undocumented representations of management.”

ASR-173, 1975. Mitchell & Co.

In the Matter of Peat, Marwick, (Stirling Homex.)

“Throughout the years, it appears that no auditor ever asked for supporting documentation for this asset account, nor did the auditors ever confirm with outside sources the existence of the balances.”

ASR-196, 1976. In the Matter of Seidman & Seidman. (Equity Funding.)

I’ll write next about Berkshire Hathaway’s relatively small spend for internal audit, external audit, and internal controls over financial reporting. (Berkshire Hathaway’s external auditor is Deloitte.) If something goes sideways at Berkshire Hathaway,there’s very little besides “culture, not rule books” to regulate behavior and insure financial reporting integrity.

Here’s an Andy Kaufman performance treat. The late comedian was famous for his put-ons. Or were they?

I can’t be there tomorrow in person so I thought I would answer a few of the questions for you and for them.

I’ve provided comments to some of the questions below in Bold. I’ve written on these topics many, many times. Instead of repeating those remarks, I’m directing you to some of the most relevant posts.  If you’d like to add your comments please add the appropriate question number for the PCAOB Board.

Ernst & Young Lehman Litigation: It’s No Victory If You’re Going To Trial (Judge Kaplan was damning in his criticism of vague and subjective auditing standards and found it impossible to hold Ernst & Young liable for not complying with them.)

New At Forbes: My Comments On The Latest Sanctions Against Ernst & Young

Going In Circles: A Few Remarks On Audit Reform (On auditor rotation and auditor signing of audit reports.)

The State of Sarbanes-Oxley Compliance: The Protiviti Survey Results

Say Anything: The Big 4 Defense of Overtime Exemptions

McKenna At The Georgia Southern Fraud And Forensic Accounting Conference (With a link to my presentation, “The Skeptical Professional: Requirements and Case Studies”)

Being Expedient: PwC Settles US Class Action

McKenna Speaks At The American Accounting Association Public Interest Section

Not Over Until It’s Over: Price Waterhouse India Settles Satyam (The Satyam case is a classic one regarding auditor independence and auditor skepticism.  Price Waterhouse India demonstrated not much of either.  The PwC US and International firms lack the authority to force them to.  The regulators are not doing anything about this and the courts are impotent, in many cases, to correct this fault.)

Price Waterhouse India Settles With Regulators But Satyam Saga Not Over

Will Auditors Be Held Accountable? The PCAOB Has A Plan

Auditors Abandon Investors On Liability Limits

Auditors Under Pressure In The UK. Or Are They?

Dear PCAOB Board: Your Job Is To Serve And Protect Investors

Top Ten Things Lawyers Should Know About Auditors

Asking The Difficult Questions: An Article About Audit Committees For IIA’s Internal Auditor Magazine

Questions in PCAOB Concept Release on the Auditor’s Report

Content of the Auditor’s Report

Questions

1. Many have suggested that the auditor’s report, and in some cases, the auditor’s role, should be expanded so that it is more relevant and useful to investors and other users of financial statements.

a. Should the Board undertake a standard-setting initiative to consider improvements to the auditor’s reporting model? Yes

Why or why not? Investors pay billions worldwide for an audit report that is universally panned. Investors have been vocal In the UK and in the US regarding the uselessness of the ‘pass/fail” approach to the auditor’s opinion. The current report provides little information about the judgments and decision processes taking place behind the scenes.  Auditors failed during the financial crisis to warn investors of trouble, let alone provide the realistic guaranty of safety for even a limited period of time that shareholders expect.  If this is an “expectations gap” we must close it, either by removing the requirement for an audit opinion from exchange rules – and admitting its futility like the US SEC did with ratings agencies – or improving it so it has a useful purpose for investors. They deserve to get their money’s worth from the effort.

b. In what ways, if any, could the standard auditor’s report or other auditor reporting be improved to provide more relevant and useful information to investors and other users of financial statements? Two places where the current report could be improved are:

1. Development of a clearing house of auditor names attached to public company audit engagements worldwide with their biographies and information about sanctions, suspensions and litigation against them.  I’m not so concerned about seeing a name on a printed report as knowing who is responsible for that audit over time and their qualifications and professional history.

2. The addition of an auditor’s “Disclosure and Analysis” would be priceless. It should be addressed directly to shareholders, not the Audit Committee, and be written in the style of Warren Buffet’s letter to shareholders.  It should state where the auditors and management disagreed and which one prevailed.  It should focus on judgments, estimates, and the range of practices especially regarding interpretation of key accounting standards amongst that issuer’s peer group.

c. Should the Board consider expanding the auditor’s role to provide assurance on matters in addition to the financial statements? If so, in what other areas of financial reporting should auditors provide assurance? Auditors should provide explicit assurance on MD&A. They are already required by standards to communicate with the Audit Committee regarding the adequacy of required disclosures. Interim Auditing Standard AU 380 requires auditors to determine whether all audit-related matters are communicated to the committee:

The auditor’s responsibility under Generally Accepted Auditing Standards (GAAS)

• Significant accounting policies
• Management judgments and accounting estimates
• Audit adjustments
• The auditor’s judgments about the quality of the entity’s accounting principles
• The quality of the management discussion and analysis (MD&A)
• Disagreements with management
• Consultation with other accountants
• Major issues discussed with management before retention
• Difficulties encountered in performing the audit

An Auditor’s Discussion and Analysis should repeat the substance of these communications and highlight where the Audit Committee and/or management disagree with auditors.

2. The standard auditor’s report on the financial statements contains an opinion about whether the financial statements present fairly, in all material respects, the financial condition, results of operations, and cash flows in conformity with the applicable financial reporting framework. This type of approach to the opinion is sometimes referred to as a “pass/fail model.”

a.    Should the auditor’s report retain the pass/fail model? No If so, why?

b.    If not, why not, and what changes are needed? The auditor’s report requires more detailed grading with an explanation of the grades.  Perhaps the grades can be assigned based on whether the failings are individually material or material in aggregate and whether they relate to adherence to standards, aggressive use of estimates and models, lack of disclosure, or poor internal controls.  I am in favor of the separate opinion on internal controls and question a company that could have an adverse opinion on internal controls (material weaknesses) and yet receive a clean opinion on their financial statements.

c.     If the pass/fail model were retained, are there changes to the report or supplemental reporting that would be beneficial? If so, describe such changes or supplemental reporting.

3. Some preparers and audit committee members have indicated that additional information about the company’s financial statements should be provided by them, not the auditor. Who is most appropriate (e.g., management, the audit committee, or the auditor) to provide additional information regarding the company’s financial statements to financial statement users? I am skeptical that most Audit Committees are sufficiently detached and independent of management that communications from them would be any more useful to shareholders.  That is a problem in and of itself.  If auditors were required to provide their own discussion or analysis, they may be reminded of their own need for independence from management.  However, the problem we have, and which is not solved by revisions to the audit report itself, is the problem of auditor independence as long as the auditors are paid by and contract for their services with an Audit Committee controlled by and in service to management.

At the PCAOB’s public meeting in March I heard some object to the auditor providing information to shareholders directly because that might harm the “relationship” between auditors and management.  Yes.  And that is exactly why auditors should be forced to face shareholders directly. Even the SEC’s Chief Accountant and the PCAOB Chairman have admitted auditors are too cozy with management, a non-independent Audit Committee encourages and enables that, and many auditors have forgotten who their true clients are – shareholders.  Auditors should respond directly to shareholders, not to the management-controlled proxy – a potentially non – independent Audit Committee.

4. Some changes to the standard auditor’s report could result in the need for amendments to the report on internal control over financial reporting, as required by Auditing Standard No. 5. If amendments were made to the auditor’s report on internal control over financial reporting, what should they be, and why are they necessary?

We should go back to a separate auditors report on internal controls over financial reporting. If an issuer receives an adverse opinion on internal controls it should be rare or impossible for that issuer to receive any “passing” grade on the financial statements.

Potential Alternatives for Changes to the Auditor’s Report

A. Auditor’s Discussion and Analysis

Questions

5. Should the Board consider an AD&A as an alternative for providing additional information in the auditor’s report? Yes

a. If you support an AD&A as an alternative, provide an explanation as to why. See above 1.b.

b. Do you think an AD&A should comment on the audit, the company’s financial statements or both? Both. Provide an explanation as to why. Should the AD&A comment about any other information? The quality of management’s D&A and any disagreements in that regard over sufficiency or quality of disclosures.

c. Which types of information in an AD&A would be most relevant and useful in making investment decisions? I think information about how the issuer compares in key metrics, disclosures, aggressive interpretation of standards, and use of models and estimates to their peers would be very useful.  In some industries, one auditor has an audit relationship with several major companies, addresses similar issues, evaluates similar approaches and either sees consistent or inconsistent results. This type of discussion and comparison would be very useful to identify outliers and anomalies as well as instances of collusion amongst companies with significant business alliances or who act as counterparties to each other.

d. If you do not support an AD&A as an alternative, explain why.

e. Are there alternatives other than an AD&A where the auditor could comment on the audit, the company’s financial statements, or both? What are they?

6. What types of information should an AD&A include about the audit? What is the appropriate content and level of detail regarding these matters presented in an AD&A (i.e., audit risk, audit procedures and results, and auditor independence)?

7. What types of information should an AD&A include about the auditor’s views on the company’s financial statements based on the audit? What is the appropriate content and level of detail regarding these matters presented in an AD&A (i.e., management’s judgments and estimates, accounting policies and practices, and difficult or contentious issues, including “close calls”)?

8. Should a standard format be required for an AD&A? Why or why not?

9. Some investors suggested that, in addition to audit risk, an AD&A should include a discussion of other risks, such as business risks, strategic risks, or operational risks. Discussion of risks other than audit risk would require an expansion of the auditor’s current responsibilities. What are the potential benefits and shortcomings of including such risks in an AD&A? The auditor is required to be aware of and knowledgeable about these areas per the standards. The auditor must take them into consideration in planning the scope of the audit. I see no additional work to disclose them and to give investors information about how this issuer compares to peer group.

10. How can boilerplate language be avoided in an AD&A while providing consistency among such reports? Regulators should forbid it and enforce accordingly.  All shareholders will, hopefully, start demanding meaningful information.

11. What are the potential benefits and shortcomings of implementing an AD&A?

12. What are your views regarding the potential for an AD&A to present inconsistent or competing information between the auditor and management? I’m not troubled by this.  In fact, I look forward to it. What effect will this have on management’s financial statement presentation? Management will be required to defend it. They should be prepared to do so or to back down.

B. Required and Expanded Use of Emphasis Paragraphs

Questions

13. Would the types of matters described in the illustrative emphasis paragraphs be relevant and useful in making investment decisions? If so, how would they be used?

14. Should the Board consider a requirement to include areas of emphasis in each audit report, together with related key audit procedures?

a. If you support required and expanded emphasis paragraphs as an alternative, provide an explanation as to why.

b. If you do not support required and expanded emphasis paragraphs as an alternative, provide an explanation as to why.

15. What specific information should required and expanded emphasis paragraphs include regarding the audit or the company’s financial statements? What other matters should be required to be included in emphasis paragraphs?

16. What is the appropriate content and level of detail regarding the matters presented in required emphasis paragraphs?

17. How can boilerplate language be avoided in required emphasis paragraphs while providing consistency among such audit reports? 18. What are the potential benefits and shortcomings of implementing required and expanded emphasis paragraphs?

C. Auditor Assurance on Other Information Outside the Financial Statements

Questions

19. Should the Board consider auditor assurance on other information outside the financial statements as an alternative for enhancing the auditor’s reporting model?

a. If you support auditor assurance on other information outside the financial statements as an alternative, provide an explanation as to why.

b. On what information should the auditor provide assurance (e.g., MD&A, earnings releases, non-GAAP information, or other matters)? MD&A, 10Qs.  Auditors should distance themselves from non-GAAP disclosures. Earnings releases should not be inconsistent with 10Qs.

c. What level of assurance would be most appropriate for the auditor to provide on information outside the financial statements?

d. If the auditor were to provide assurance on a portion or portions of the MD&A, what portion or portions would be most appropriate and why?

e. Would auditor reporting on a portion or portions of the MD&A affect the nature of MD&A disclosures? If so, how?

f. Are the requirements in the Board’s attestation standard, AT sec. 701, sufficient to provide the appropriate level of auditor assurance on other information outside the financial statements? If not, what other requirements should be considered?

g. If you do not support auditor assurance on other information outside the financial statements, provide an explanation as to why.

20. What are the potential benefits and shortcomings of implementing auditor assurance on other information outside the financial statements?

D. Clarification of the Standard Auditor’s Report

Questions

21. The concept release presents suggestions on how to clarify the auditor’s report in the following areas:

• Reasonable assurance
• Auditor’s responsibility for fraud
• Auditor’s responsibility for financial statement disclosures
• Management’s responsibility for the preparation of the financial statements
• Auditor’s responsibility for information outside the financial statements
• Auditor independence

a. Do you believe some or all of these clarifications are appropriate? If so, explain which of these clarifications is appropriate? How should the auditor’s report be clarified?

b. Would these potential clarifications serve to enhance the auditor’s report and help readers understand the auditor’s report and the auditor’s responsibilities? Provide an explanation as to why or why not.

c. What other clarifications or improvements to the auditor’s reporting model can be made to better communicate the nature of an audit and the auditor’s responsibilities?

d. What are the implications to the scope of the audit, or the auditor’s responsibilities, resulting from the foregoing clarifications?

22. What are the potential benefits and shortcomings of providing clarifications of the language in the standard auditor’s report?

Questions Related to all Alternatives

23. This concept release presents several alternatives intended to improve auditor communication to the users of financial statements through the auditor’s reporting model. Which alternative is most appropriate and why?

24. Would a combination of the alternatives, or certain elements of the alternatives, be more effective in improving auditor communication than any one of the alternatives alone? What are those combinations of alternatives or elements?

25. What alternatives not mentioned in this concept release should the Board consider?

26. Each of the alternatives presented might require the development of an auditor reporting framework and criteria. What recommendations should the Board consider in developing such auditor reporting framework and related criteria for each of the alternatives?

27. Would financial statement users perceive any of these alternatives as providing a qualified or piecemeal opinion? If so, what steps could the Board take to mitigate the risk of this perception?

28. Do any of the alternatives better convey to the users of the financial statements the auditor’s role in the performance of an audit? Why or why not? Are there other recommendations that could better convey this role?

29. What effect would the various alternatives have on audit quality? What is the basis for your view?

30. Should changes to the auditor’s reporting model considered by the Board apply equally to all audit reports filed with the SEC, including those filed in connection with the financial statements of public companies, investment companies, investment advisers, brokers and dealers, and others? What would be the effects of applying the alternatives discussed in the concept release to the audit reports for such entities? If audit reports related to certain entities should be excluded from one or more of the alternatives, please explain the basis for such an exclusion.

IV. Considerations Related to Changing the Auditor’s Report

A. Effects on Audit Effort

B. Effects on the Auditor’s Relationships

C. Effects on Audit Committee Governance

D. Liability Considerations

E. Confidentiality

Questions

31. This concept release describes certain considerations related to changing the auditor’s report, such as effects on audit effort, effects on the auditor’s relationships, effects on audit committee governance, liability considerations, and confidentiality.

a. Are any of these considerations more important than others? If so, which ones and why?

b. If changes to the auditor’s reporting model increased cost, do you believe the benefits of such changes justify the potential cost? Why or why not?

c. Are there any other considerations related to changing the auditor’s report that this concept release has not addressed? If so, what are these considerations?

d. What requirements and other measures could the PCAOB or others put into place to address the potential effects of these considerations?

32. The concept release discusses the potential effects that providing additional information in the auditor’s report could have on relationships among the auditor, management, and the audit committee. If the auditor were to include in the auditor’s report information regarding the company’s financial statements, what potential effects could that have on the interaction among the auditor, management, and the audit committee?