In early 2015, before the Public Company Accounting Oversight Board typically dispatches inspectors to begin their annual regulatory inspections, audit leadership at KPMG obtained and acted upon illicit information that gave them an advantage in up to two inspection cycles, according to federal authorities. Yet no one is speaking of unraveling or rectifying any tainted inspection findings.
Those audit leaders have been cleaned out at KPMG, along with at least one staff member at the PCAOB, after the firm uncovered the operation and reported it to authorities in early 2017. Five individuals are facing charges from both the U.S. Department of Justice and the Securities and Exchange Commission, and one has already settled with both authorities.
The unsealed indictment from the DOJ and the enforcement order from the SEC describe a multi-year operation at KPMG to recruit PCAOB inspections staff to join the firm and bring with them confidential information that would help the firm improve on its brutal inspection findings. Information landed in the hands of audit leadership at KPMG as early as May 2015, just about the time inspectors at the PCAOB are typically heading into the field to begin their annual dig into audit work papers searching for mistakes.
The indictments and enforcement orders say audit leaders obtained the list of audit files that the PCAOB planned to inspect, along with planning information indicating what areas the PCAOB inspectors planned to scrutinize. The documents describe communications among KPMG professionals aimed at reviewing audit work papers in those relevant files in advance of inspections. They also describe attempts to covertly alert engagement partners whose audits would be inspected.
Ultimately, that’s how the operation was discovered, the documents say. In early 2017, a partner hearing such alerts became suspicious that they were based on illegally obtained information and reported it to the firm’s general counsel for investigation. The orders even describe a hasty effort by a few of the collaborators to cover their actions with false documents and testimony.
The DOJ and SEC say the whistle was blown early enough in 2017 that the PCAOB had time to alter its inspection plan and perform unfettered inspections. They do not say, however, what the PCAOB may have done or might still be doing to address inspections that have already been completed after the firm acted on the inside information.
KPMG has turned out some of the worst deficiency rates among major firms in recent years. In 2012, the PCAOB identified deficiencies in 34 percent of KPMG’s inspected audits, and that jumped to 46 percent in 2013 and 54 percent in 2014.
In 2015, when authorities say KPMG possessed and acted upon the PCAOB’s confidential inspection plan, KPMG’s deficiency rate fell to 38 percent, still the highest among the Big 4 that year but an improvement over its rate the prior year. For 2016, when the firm still had an active pipeline for ill-gotten inspection information, the PCAOB has not yet published the findings of its inspections.
The board has been slow to publish any if its 2016 inspection findings, in fact. The earliest reports on major firms made their first appearance in December 2017 with the publishing of Deloitte’s report, followed by reports for Grant Thornton, then EY and PwC by mid-January. At a year-end accounting conference in December, then-chairman James Doty offered no explanation when asked why reports had been delayed, except that it was taking time.
The SEC declined to comment on what, if any, action may be taken to address tainted inspection results at KPMG. The PCAOB’s newly installed chairman, William Duhnke, said through a statement that the new board would continue to investigate its protocols for information technology, security, compliance, and ethics to assess their effectiveness.
As to the specific question of whether the PCAOB will rectify or somehow restate polluted inspection findings, a spokesman only reiterated what the board has already said: “Once we learned of the allegations, we adjusted our inspection procedures, including re-selection of engagements, to safeguard the integrity of our process.” KPMG has not responded to a request for comment.
Inspection reports are meant to give investors and others with a stake in the audit process a view into the regulatory process and measures being taken to address lapses in compliance. The PCAOB even published a primer in 2015 advising audit committees on how to use inspection reports to hold their auditors accountable for the findings.
If inspection reports were financial statements, and published reports had been tarnished by the kind of fraud and conspiracy that the DOJ and SEC now allege, any public company would be compelled to at least address the question of whether to issue a restatement. Yet there is no comparable process for restating regulatory inspection results. The current scenario is unprecedented in the PCAOB’s brief history since its formation under the Sarbanes-Oxley Act.