As you would expect, Tammy Whitehouse has already put out some great pieces on the KPMG indictments. Yet, the scandal is so huge there are multiple angles to mine for the compliance practitioner. The confidential information stolen from the PCAOB and given to KPMG regarded the timing of PCAOB reviews of KPMG audits, which had come under fire from several clients and under scrutiny by the PCAOB. Three PCAOB employees were, apparently, offered jobs if they provided KPMG with information on the PCAOB’s planned reviews of certain KMPG audits of specific public companies. The confidential information was used to not only prepare for the PCAOB reviews, but also to change prior audits and work papers, which would be reviewed by the government as a part of their its review process.
The Man From FCPA wondered about a corporate culture where not only would the hiring of candidates be dependent upon criminal actions, but also the continued employment of those so hired. David Middendorf, KPMG’s then-national managing partner for audit quality and professional practice, apparently threatened the two former PCAOB hires with their continued employment at KPMG, allegedly saying “remember where his paycheck came from.”
There is no doubt that KPMG was under pressure from both its clients and regulators to improve the firm’s audit practices. Yet, how much pressure does it take for three national practice leaders to actively participate in an illegal scheme? If senior management in the firm was committed to illegally obtaining information and continuing to use it, what does that say about the culture of the organization? Moreover, if such leadership was susceptible to criminal conduct in changing audits to meet regulatory oversight, it seems but a small step to move to creating fraudulent audits for other reasons.
Every CCO needs to study this case and then think about the regulatory oversight of their organization. Are there pressure point (high-risk in FCPA parlance) where employees might be obtaining inside or confidential information that allows them to thwart government oversight. This is not the Uber, Greyball software program but other more innocuous types of conduct. Unfortunately, we have not heard the last of the KPMG scandal—but every compliance practitioner can learn from it going forward.