The day of reckoning was here for KMPG and I do not think that anyone could have imagined how bad it would be for the firm. Last week the Wall Street Journal (WSJ) reported last week that KPMG was preparing to pay up to $50 million to settle the civil claims related to its fraudulent procurement of the Public Company Accounting Oversight Board (PCAOB) auditing schedule. As bad as that conduct was and it was exceedingly bad, it paled next to the additional conduct detailed by KPMG in today’s released Cease and Desist Order (Order) issued by the Securities and Exchange Commission (SEC).
How bad was KPMG’s conduct? It was so bad that I had to interrupt my previously started blog post series on continued allegations of bribery and corruption against US and other companies selling medical equipment into China, to blog about KPMG. In short, the conduct outlined in the Order is so egregious, detailing a culture which is completely unmoored from any ethical foundation, that any company using KPMG as an auditor must ask some very serious questions about not only the quality of the services they have received but also the very foundation of those services.
The conduct involving the bribery and corruption involving the PCAOB is detailed in the Order. I will leave a review and commentary of that conduct for another day. However it was the previously unreported conduct around professional standards that was the most startling part of today’s cataclysmic Order. In short, KPMG’s ethical failures were of an order not seen in even the FCPA enforcement arena. In the SEC Press Release Chairman Jay Clayton said, “KPMG’s ethical failures are simply unacceptable”. Steven Peikin, Co-Director of the SEC’s Enforcement Division was quoted that “The breadth and seriousness of the misconduct at issue here is, frankly, astonishing.”
This brazen and astonishing failure in ethics was around the professional standards licensing for KMPG auditors. As detailed in the Order, “As accountants licensed by state accountancy boards, many KPMG audit professionals are required to complete a minimum number of continuing professional education (“CPE”) courses periodically – typically 120 hours every three years. KPMG requires its audit professionals to complete additional training in excess of state requirements.” Additionally KPMG was under a prior SEC Order mandating “KPMG audit professionals to complete a minimum of 12 hours of training in specific audit areas as part of an August 2017 settlement of charges that KPMG failed to properly audit the financial statements of an oil and gas client.”
In addition to taking these mandatory CPE hours, the professionals are required to pass a proficiency examination, administered by KPMG. KPMG also provides internal training to help its professional prepare for this examination. Professionals get three chances to pass. If they fail three times, they are reported internally, cannot sign off on audit assignment and may receive a dock in pay.
However it turns out that KMPG employees, from senior partners including lead audit engagement partners who were responsible for compliance with PCAOB standards in auditing their clients’ financial statements, down to junior level employees were sharing the examination answers freely between themselves. They shared this information via email and even sent screen shots of pages with correct answers.
However this conduct did not simply end with the old fraternity ploy of sharing the exam questions (and answers) as KPMG employees took their cheating to an entirely new level of egregiousness. Certain employees actually lower the pass rate for their test scores so failing scores would become passing scores. They did this through manipulation of software program which scored the exam.
According to the Order, it went like this. “KPMG sent participants in training programs a hyperlink that directed them to the applicable exams. Embedded in the hyperlink was an instruction to the server that specified the score necessary to pass the exam. Thus, the characters “MasteryScore=70” meant participants were required to answer at least 70 percent of the answers accurately to pass the exam. By changing the number in the hyperlink, audit professionals could change the score required to pass.” This scam was apparently widely known and widely used. The Order stated, “For a period of time up to November 2015, certain audit professionals, including one partner, altered the URLs for their exams to lower the scores required to pass. Twenty-eight of these auditors did so on four or more occasions. Certain audit professionals lowered the required score to the point of passing exams while answering less than 25 percent of the questions correctly.”
The Order did not state how this unethical behavior became known to the Board of Directors. It only stated, “Upon learning of the potential cheating, KPMG leadership alerted the Commission staff and began an internal investigation.” The Order did specifically note that in the several years the conduct occurred, “Prior to the firm’s investigation, no one reported the improper sharing of exam answers to the firm’s Ethics and Compliance Hotline.” That is no one, nada, zero, zilch; not one person thought this was an illegal action or even an ethical violation.
When you step back to ask how could this happen for a company charged with protecting investors and the marketplace through their professional standards? The only answer can be a total failure of culture to not only make these practices acceptable but keep everyone (and I mean literally everyone at the firm) from reporting it as unethical conduct. Was it simply the financial incentive or was it pressure to never speak up at all?
From a client perspective, how could you even begin to trust the work of KPMG? If they are willing to lie, cheat and steal to keep the accounting licenses, what else would they do to keep your business? Do you really want that type of company assessing your financial statements? What about those professionals who lowered the pass rate so they could maintain their licenses, is their signature on any audited financial statements valid?
As a professional service provider ALL you have is your professional reputation. If your ethical behavior is so low that your work simply cannot be trusted, there is no reason for companies to believe your work product is valid. Dan Goelzer, a former SEC general counsel and former acting chairman of the accounting board, was quoted in another WSJ article about today’s Order. He said the claims are “extremely troubling” because they call into question the integrity of auditors.
Something like this is a serious hit to the reputation of a firm that depends on its reputation.”
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2019