Remarks before the 2011 AICPA National Conference on Current SEC and PCAOB Developments
Chief Accountant, Division of Enforcement
U.S. Securities and Exchange Commission
December 6, 2011
Good afternoon everyone and thank you to the AICPA for having me back again this year. As the Enforcement guy, you never know if you’ll get that repeat invite, so I’m honored to have made the cut and for the opportunity to address you today. As required, I need to state that my remarks are my views and not necessarily the views of the Commission or its staff.
As you may recall, last year was my first opportunity to address the profession at this conference as the new Chief Accountant for Enforcement. My goal was to provide a framework for how I approach accountant and auditor liability issues in SEC matters. I made a point to state that I believed that most accountants practicing before the Commission operate with objectivity and integrity and in compliance with professional standards in preparing and auditing financial statements. I’m happy to report that after being in the job another year that I still hold this view.
One measure or corroboration of this is that the number of restatements has been trending down for several years and the severity measures for these restatements have also been declining. This likely reflects, in part, that Sarbanes Oxley has been working and that issuers’ compliance programs and auditors’ oversight have improved financial reporting. So, I’d like to officially thank you for your efforts in preventing, deterring and detecting fraud. I ask you to please keep it up, as investors are literally and figuratively counting on you.
That said, I view my job to point out areas for improvement and to identify things that concern me from an enforcement standpoint. You should know that we continue to see a steady stream of allegations relating to accountants from our non-public tips, complaints and referrals system. And we continue to see troubling fact patterns involving accountants and auditors in the investigations that are underway.
Therefore, even if the vast majority of practitioners may be doing things right, there are — CFO’s, Controllers, Chief Accounting Officers, independent auditors and accountants in other roles — who appear to be failing in their role as gatekeepers.
I think we all have an interest as a profession to ensure that investor harm does not result from accountants conduct. So, if you are aware of instances where accountants have violated professional standards or have rationalized inaccurate financial reporting, please take appropriate corrective action. Also consider letting SEC ENF know as we value self-reporting and cooperation in our efforts to protect investors and the Commission’s processes.
Today I will focus on 3 topics:
- First, I’ll go through some areas where auditors have failed in their professional duties.
- Second, I’ll discuss my views relating to Section 10A
- Third, I’ll close on my views on what it means to be a gatekeeper
I won’t have time to go into detail the cases, but the overview of the fiscal 2011 metrics resulted in the SEC instituting 102(e) proceedings against 20 external auditors and 35 internal public company accountants. Each of these 102(e) proceedings involved different facts and circumstances and a variety of accounting shenanigans and most resulted in suspensions from practicing before the SEC — something that none of us wants associated with our resumes.
As you may know, all our accounting and auditing-related enforcement actions are available on the SEC website, and I would ask that you not only become familiar with them yourselves, but that you encourage the accountants that you supervise to read them as well. Teaching your colleagues, especially any junior accountants that report to you, what could happen when improper accounting is rationalized and auditors are not sufficiently skeptical can, be a useful tool in educating them about their professional responsibilities.
Some specific areas of concern from our fiscal 2011 cases include failures relating to:
- Section 10A of the Securities Exchange Act
- Independence requirements
- Supervision and oversight — including by concurring partners
- Fundamental auditing requirements relating to a lack of skepticism, documentation and record retention
I think these areas will continue to pose risk for audit firms and engagement team members from an enforcement standpoint — particularly Section 10A, which I’ll talk more about shortly. Other issues of importance that continually crop up in auditing matters include:
- Audit failures relating to foreign-based issuers.
- Insufficient challenges to dubious immateriality conclusions
- Failure to require clients to disclose material information.
- Inadequate audit responses to identified fraud risks
I’ll go into a little more detail on the first two points, foreign-based issuers, which Rob Khuzami has mentioned, and materiality.
Specifically, we launched our risk-based inquiry into foreign based issuers in June 2010, by gathering information from audit firms about their capabilities in carrying out foreign–based audits. We asked about supervision of other auditors, language skills, auditing practices for high risk areas, and information about compliance with auditing standards. We also reviewed audit workpapers for certain issuers.
Although I cannot discuss specific matters because our investigations are nonpublic and ongoing, it became clear that certain issuers, including many reverse-merger companies had potentially fictitious cash and accounts receivable and revenue balances
Specifically, numerous companies with foreign-based operations disclosed in 8K’s that banks had no record of certain cash transactions reported on their books; actual cash balances held by the banks were significantly less than reported by the issuers; and that banks had made loans that were undisclosed. The 8K’s also reported issues suggesting that accounts receivables and sales may be inflated and possibly fictitious.
The 8K’s also reported, auditor resignations; auditors withdrawing their audit reports; auditors unable to rely on management representations; auditors disassociating themselves from issuers’ communications; issuers placing scope limitations on auditors; and issuers interfering with audits, among other things.
One thing that I think was particularly effective in bringing these issues to the surface, was that we did not limit our request for workpapers to completed audits, but instead called for workpapers for 2010, even though they had not yet been completed. I guess there is something to be said for providing incentives to be skeptical and to rethink prior approaches.
We also achieved success through effective coordination with other SEC Divisions, including formation of our Cross-Border-Working Group and via our interactions with the PCAOB and SRO’s. So far there have been 5 trading suspensions, 2 stop orders, over 3 dozen halts by the exchanges and a number of 12(j) proceedings I expect that we will initiate other risk-based inquires relating to accounting and auditing matters going forward — so stay tuned for these and further actions on the cross-border front.
Another area that I want to highlight is the “check the box materiality analysis”, which we continue to see in certain cases. Please be aware that in March 2011, the Supreme Court reaffirmed in its Matrix decision that a fact is material when there is a substantial likelihood that a reasonable investor would view it as having significantly altered the “total mix” of information.
This total mix” test for materiality is principles based and it requires that issuers and auditors exercise professional judgment. However, we are seeing instances where materiality analyses are mechanical and the so-called “SAB 99” memos are often just a perfunctory walk-through of the examples provided in Staff Accounting Bulletin 99. We are not looking to second guess good faith efforts at determining whether something is material. But we are troubled when we later discover fraudulent reporting, and it appears to have been whitewashed by means of a SAB 99 memo that fails to address key factors known by both the internal accountants and auditors and that clearly altered the significant mix of information.
With this in mind, it is a good segue into my second topic, relating to Section 10A of the Securities Exchange Act. As you know:
- Section 10A(a) requires an audit firm to have procedures to detect illegal acts
- Section 10A (b) requires an audit firm that detects or otherwise becomes aware of an illegal act (or potential illegal act) to ensure that the company has taken appropriate remedial measures; and report to the SEC in certain situations.
Several cases the SEC filed last year alleged 10A violations and there are other cases under investigation involving 10A issues.
In one case, the Commission alleged that the audit firm violated Section 10A by failing to conduct appropriate procedures after receiving confirmations that conflicted with management representations and that did not conform to the format requested by the engagement team. The audit firm also did not undertake additional procedures after it discovered “significant deficiencies” in the company’s internal controls relating to accounts receivable.
In another case, the prior auditor informed the auditor that management representations may not be reliable; that management had provided unsigned contracts as audit evidence; and that management had resisted making audit adjustments. The auditor also learned from an informant that certain transactions with customers may be fictitious; and the audit revealed red flags relating corroborating the informant. Nonetheless, the auditor accepted management explanations and failed to take appropriate action.
In another 10A case, the auditor learned about certain guarantees promised by the issuer, but failed to inquire about the guarantees or consider the potential impact on the company’s revenue recognition.
These cases raise questions, in my mind, as to whether auditors fully understand what it takes to fulfill their 10A obligations. I suspect that in most cases they do, and that firms are taking their 10A obligations seriously; have reasonable procedures in place to detect illegal acts, that they are monitoring the client’s handling of allegations when they arise — and are reporting to the SEC, if required. However, a series of things need to occur before an auditor is required to report to the SEC, and there are two primary areas where things could breakdown and could result in investor harm and these involve the quality of the investigation; and how the auditor monitors and responds to potential issues.
The decision of an issuer or audit committee to use internal OGC and internal audit, for example, to conduct internal investigations — could impact the results. Similarly, if audit engagement team decides to handle an issue on its own without providing a notification to their risk function or national office, it could likewise impact the results. I’m not suggesting that an internal investigation run by the company’s OGC would not be appropriate or that engagement partners have to run every little thing by National Office or risk. The facts and circumstances of each situation should drive the approach and there are a range of reasonable responses to allegations of accounting errors. It may be that a company’s internal OGC with the help of internal audit have the experience, expertise and objectivity to assess whether management cooked the books or overrode controls. It may be that the engagement team could evaluate a company’s hotline allegation and conclude that no error or illegal act occurred without needing to consult others within the firm. The situation, however, may call for an independent audit committee investigation with the hiring of outside counsel that is not the company’s regular counsel and the hiring of forensic accountants. The situation may also call for a robust shadow investigation by the auditor to ensure that appropriate remedial measures, including a restatement, occur — and that the firms’ National office, risk, or forensic functions are in the loop.
We recognize that these determinations all have costs associated with them — and some could be significant — however, investor protection should be paramount and any tendencies to rationalize inaccurate financial reporting need to be resisted. We also recognize that every accounting error may not result from an illegal act and that when allegations arise, it is often difficult, especially in the initial stages, to assess qualitative materiality factors and management’s state of mind, both of which are relevant to fraud charges. However, illegal acts also encompass non-fraud federal securities laws violations including the reporting, books and records and internal controls provisions of the Exchange Act. In my view there does not need to be clear indicia of fraud before auditors’ 10A radar should kick in.
At the risk of stating the obvious, please understand that whenever we investigate alleged accounting fraud, not only will we assess audit deficiencies, but we will be assessing Section 10A compliance. In particular, we will evaluate what the auditor learned about, and what they did, after discovering a potential accounting error (or other illegal act). Specifically, we will be looking at how the auditor monitored the company’s response to potential illegal acts including whether the auditor has brought necessary subject matter, forensic, legal and risk expertise to bear on the particular issues. We will be asking questions that bear on the credibility of management’s investigation and raising questions that we believe the auditors should be asking, including:
- Whether potential conflicts of interest exist of those conducting the investigation and their expertise;
- Whether there were scope limitations relating to accounting issues, accounting periods, and audit evidence, including electronic evidence; and
- The basis for not restating, if accounting errors or disclosure issues were found, but not corrected.
In particular, as I previously mentioned, we will be looking closely at issuers’ SAB 99 materiality analyses and assessing how qualitative materiality factors were considered by companies and their auditors. Finally, I would note that the adopting release of the Commission’s whistleblower rules indicates that accounting firm personnel could seek to recover whistleblower awards by alleging that their firm failed to comply with Section 10A.
Now I’ll move to my final theme for today relating to gatekeepers. We all hear the term gatekeeper being bandied about all time and in various contexts, but what does it mean for accountants?
I looked up gatekeeper in the dictionary to see if I could find anything useful, but the definition that I found — a person in charge off a gate, usually to count and supervise traffic flow — did not shed much light. My thesaurus was more useful as it brought me to the terms watchman and sentry. I like both of these because of the imagery of an accountant being a policeman or soldier protecting investors’ nest eggs — not with guns of course, but with their skepticism, experience and judgment.
I also found comments by one former Enforcement Director — Dick Walker — instructive. He stated at an AICPA conference back in 1998 the following:
What is it that lies at the heart of the investor confidence we have built up? The answer is simple. It is the fact that when investors bet their money in our markets, they can reasonably count on a company's numbers being good. This is true in large measure because of the role that independent auditors play. Where there is a problem, independent auditors report it. Where a company is in serious trouble, independent auditors appropriately qualify their opinion.
He cited the importance of the independence requirement and that it was well summarized by the U.S. Supreme Court when it said, "Public faith in the reliability of a corporation's financial statements depends upon the public perception of the outside auditor as an independent professional. ... If investors were to view the auditor as an advocate for the corporate client, the value of the audit function itself might well be lost." [United States v. Arthur Young & Co., 465 U.S. 805, 819 n.15 (1984)
So, in conclusion I ask you to continue fulfilling your role as sentries for investors. Recognize the practical reality that although SEC ENF folks like myself may be the ones conducting actual investigations and making enforcement recommendations on specific cases — that it is all of you in private practice that are the sentries on the front lines in the battle against fraudulent financial reporting.
You are the ones initially deciding in real time how to apply GAAP, what should be disclosed, whether the financial statements are fairly presented — or whether appropriate remedial measures are taken when issues have surfaced. You are the ones exercising professional skepticism by pushing back on sketchy management representations, disclosures that lack transparency or transactions that may appear to lack economic substance.
Keep in mind how important your role is in helping the Division of Enforcement police the thousands of public companies that trade in the U.S. Understand how much your daily compliance efforts could help to expose accounting fraud and keep our nation’s IRA’s, 401K’s and 529 plans safe so that families can achieve their investment objectives. Please continue your efforts to prevent, deter and detect fraudulent financial reporting.
Thank you and hope to see you next year.