This is violation of trust, and it matters!
Auditors must design their audits to look for fraud, and failure to do so may cause massive losses for stakeholders, investors, creditors and retirees. Neglecting to detect fraud can be truly life-altering — especially for retirees.
While teaching a business ethics class in Jackson, Mississippi, I was approached by an employee of the former fraud-ridden company Worldcom. “Emily Simmons” (an alias) and her husband, “Jim”, both of retirement age, had worked at Worldcom and its predecessor companies for over 30 years. Their combined retirement plans (all in Worldcom stock) previously had a value of $3 million. After the fraud was discovered, the plans were worthless.
With tears running down her face, Emily said to me, “Jim and I cannot retire. I was looking forward to a comfortable retirement and helping my daughter raise my grandchildren. Now I can only visit them twice a year. I hope that one day I’ll have some sort of retirement – although I am not optimistic – where we can spend a little time together before Jim and I die.”
Time Magazine’s 2002 “Woman of the Year” Cynthia Cooper and her team of internal auditors at Worldcom blew the whistle on Worldcom CFO Scott Sullivan and CEO Bernie Ebbers. The fraud unraveled, the perpetrators went to jail and Worldcom – along with its value – ceased to exist. Because of the Worldcom fraud, Section 404 of the Sarbanes Oxley Law was written, requiring companies to have much stronger internal controls and for those controls to be tested by auditors. But these requirements did not help Emily and Jim.
The Sarbanes Oxley Law (SoX) was enacted in 2002 by Congress in response to the massive fraud schemes that occurred at Worldcom, Enron and HealthSouth, among others. In SoX, Congress established the Public Company Accounting Oversight Board (PCAOB) as the government watchdog to oversee and regulate public accounting firms who audit and report on publicly traded companies. Previously, these firms were self-regulated. The leadership of PCAOB consists of a five-member board, appointed by the Securities and Exchange Commission, whose duty is to oversee audits of public companies with yearly exams to protect investors and the public interest.
A recent case has brought into question the integrity of both auditor (KPMG) and government watchdog (PCAOB). KPMG has been under intense scrutiny for years for failing to find problems at audit clients such as General Electric and Wells Fargo. When the PCAOB recently issued long-awaited reports on examinations of KPMG, it was disclosed that almost half of the audits had serious deficiencies. Two previous PCAOB inspections of KPMG were compromised by the firm’s advance access to the information. When the PCAOB replaced some KPMG audits it previously reviewed with new ones, the new audits had a much higher rate of problems. This illustrates the extent to which the advance access helped KPMG.
So, does it matter that “Big Four” accounting firm, KPMG, knew in advance which of its audits would be inspected by the PCAOB? You bet it does, because SoX was enacted to regulate a former self-regulated industry when it comes to publicly traded companies. Now the watchdog has been compromised.
KPMG fired David Middendorf and other KPMG partners accused of being involved when the PCAOB information leak was revealed in 2017. Middendorf was directly responsible for dealing with the PCAOB. He is now a defendant in a federal criminal trial that started February 11, 2019, in Manhattan. He faces charges of wire fraud and conspiracy. Former inspections leader at PCAOB, Jeffrey Wada, is a second defendant in the trial.
Three other defendants have pled guilty and are expected to testify against Middendorf and Wada. One of the now-convicted felons is a former KPMG partner who helped oversee audit quality at the firm and another partner who formerly worked at PCAOB before joining KPMG.
This story is important because the individuals who are supposed to be guardians of innocent people like Emily, Jim and thousands more have been let down. Auditors are supposed to ferret out frauds and protect stakeholders, creditors, investors and retirees. Unfortunately, we are now left to question those who have a duty to protect – both the auditor and the watchdog.
Last week, it was gratifying to read a post on LinkedIn by Richard Chambers, CEO of the Institute of Internal Auditors. Richard reminded internal auditors of the important role they play, and reminded them that, “I am respected and admired, because I am a guardian of trust!”
I heartily commend Richard Chambers for imparting this message to auditors, and I suggest that all auditors adopt this moniker. “Guardians of Trust” instills a sense of pride, because all business and individuals in the private and public sectors want assets safeguarded, and to know that someone is watching over the operation to see that those assets are protected. Sometimes, unfortunately, unscrupulous individuals and firms will be tempted to put their hand in the cookie jar – we call them thieves and fraudsters.
The story of the criminal trial involving the KPMG partner and PCAOB inspector is extremely relevant to those in our industry. This is a high-profile scandal which may have helped a “Big Four” accounting firm look better to its regulator — and hurt average people like Emily and Jim. It is up to the rest of us to do better, and take up the mantel of “guardians of trust.” If we fail to do this, the vicious cycle of fraud will undoubtedly continue on for years to come.