Following the stock market crash of 1929, Congress effectively awarded a professional monopoly to CPAs in return for their promise to protect the public by acting as independent watchdogs over publicly traded corporations. With this duty paramount, auditors are required to report known or suspected illegal activity to the authorities or to compel their clients to do so. But rather than vigilance, there seems an endemic lethargy—and oftentimes something far more sinister—that sullies the accounting profession and threatens the public interest.
In one recent example, the SEC reached a $50 million settlement with KPMG and two former executives were sentenced to eight months in jail for their role in a long-running scheme to steal confidential information from the Public Company Accounting Oversight Board (PCAOB), the non-profit agency established by Congress to oversee the audits of public companies. With information on upcoming inspections, and cheating on internal training tests, KPMG could raise its marks on audit quality. While numerous professionals were aware of the scheme, only one KPMG partner performed his legal duty to blow the whistle.
The Big Four accounting firms collectively perform 95% of all public company audits. Yet, in its most recent inspection reports, the PCAOB described a widespread failure on the firms’ part to do what audits are meant to do: determine with reasonable certainty that clients’ financials are free of misstatements and that the clients maintain effective internal controls. Are auditors willfully ignoring what they see or legitimately missing the misconduct?
Consider that in the wake of the recent financial crisis, which involved the failure or near failure of numerous systemically critical institutions, auditors issued unqualified opinions on their financial statements just months prior. What’s more, auditors have missed virtually every major accounting scandal—beginning with Enron and continuing to the present day. There is no doubt that some schemes are impossible to detect. Some will be missed. But to miss most? It doesn’t add up.
Or perhaps it does. In 2017, two external and independent financial analysts—my whistleblower clients—triggered an SEC enforcement action against Orthofix, a U.S.-based medical device manufacturer, because something didn’t look right. Accessing only publicly available information, the analysts detected and tipped the Commission to a large-scale accounting fraud. To the outsiders, something in the earnings reports seemed fishy. Not so for the company’s big-time auditor, with years of unfettered access to those same earnings reports and everything else under the tent. The analysts’ whistleblower award pales in comparison to the auditor’s fees. And the company’s shareholders, employees, customers and its reputation are far better for the analysts’ work.
Conflicts are a large part of the problem. In the United States, clients are responsible for hiring, firing, and paying for audit services. It’s big business and at the center of it is a client pay model with substantial conflicts of interest that auditor independence standards and related enforcement initiatives have not and cannot solve. In 2018, the Big Four raked in more than $50 billion for their assurance practices and far more providing the same clientele other consulting services. Status quo favors the powerful. And for auditors and issuers, theirs is a most powerful marriage of mutual enrichment.
The marriage is lasting. A City University of New York study found that for the first 21 companies in the Dow 30, the average auditor tenure is 66 years. The same study also found that even though less work is required to audit long-standing clients, the Big Four charge a premium linked to tenure. And the clients pay it!
Let me be clear: Of course frauds are complex and hard to detect, and bad actors are increasingly sophisticated. Of course audit firms have thousands and thousands of employees, nearly all of whom set out each morning to do the right thing. However, audit professionals are regularly the first to spot inconsistencies and too often the last to report them. At some point, auditors are learning that professional responsibility is first owed to bosses and clients, a lesson that is dead wrong. Auditors’ primary allegiance is to the public interest, a duty that is made clear both in federal law and their professional code of conduct.
Earlier this year, I testified before the U.S. House of Representatives as it considered a legislative proposal to strengthen the PCAOB’s ability to spot auditing deficiencies. Just last month, the House passed the PCAOB Whistleblower Protection Act of 2019, which will create a whistleblower program modeled after the SEC whistleblower program. This is a good start because it is always in the public interest to empower individuals to come forward.
But I fear the program isn’t strong enough. And we aren’t being forthright in calling out the systemic pathology: an audit structure that is, if not rigged, then at the very least, broken. Across the pond, the UK is far ahead in addressing the inherent conflicts and sub-standard performance of the Big Four—and we have much to emulate. Indeed, it is time for Congress and the SEC to reassess the exclusive auditing franchise awarded to CPAs more than 85 years ago. Big Four auditing firms are all recidivists and they’ll continue to gladly pay their fines and move on to the next audit failure. The public spankings, unfortunately, are a tolerable cost of doing business. Until the federal government takes bold, decisive action, investors should view corporate financial statements and related “independent” audit opinions with great skepticism, while bracing themselves for the next front page corporate scandal.
Jordan A. Thomas is a partner and leads the Whistleblower Representation Practice at Labaton Sucharow, and previously served as an Assistant Director in the Enforcement Division of the SEC.
Disclaimer
The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity of any statements made on this site and will not be liable for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with the author.