Audit committee members who fail to reasonably carry out their responsibilities, and auditors who unreasonably fail to comply with relevant auditing standards in their audit work, will find themselves in the crosshairs of the Securities and Exchange Commission’s Division of Enforcement.
That was the warning issued by SEC Enforcement Director Andrew Ceresney during a keynote speech last month at Directors Forum 2016. “In the financial reporting area, like in many others, gatekeepers are critical to helping ensure that issuers make timely, comprehensive, and accurate disclosure,” Ceresney said. “Audit committee members and external auditors, in particular, are among the most important gatekeepers in this process, and each has a responsibility to foster high-quality, reliable financial reporting.”
The SEC’s renewed focus on financial reporting is a continuation of “Operation Broken Gate,” an enforcement effort the agency launched in 2013 to hold gatekeepers accountable when they fail to protect investors from fraud or other financial misstatements. Since then, the SEC has “succeeded in significantly increasing the quality and number of financial reporting cases,” more than doubling its enforcement actions related to issuer reporting and disclosures—from 53 in fiscal year 2013 to 114 in 2015, Ceresney said.
Many of those enforcement actions have been brought against auditors, particularly under SEC Rule of Practice 102(e). Codified as part of the Sarbanes-Oxley Act, Rule 102(e) allows the SEC “to censure, sanction, or bar from practice accountants, including auditors, that don’t perform according to professional standards,” says Andrew Fuchs, an associate with law firm Skadden, Arps, Slate, Meagher & Flom. In the last four months of 2015, the SEC charged 22 individuals under Rule 102(e), an enforcement trend that financial law experts say will continue in 2016.
Auditors should be aware of the numerous missteps that often get them into trouble, including:
Insufficient testing of potentially material issues;
Failure to show skepticism and, instead, accepting management representations at face value;
Failure to properly document audit procedures;
Inappropriate supervision of audit staff; and
Ignoring or inappropriately responding to red flags.
“It’s safest for auditors to assume that every material issue that comes up in a company is subject to SEC scrutiny,” says Brian Hoffman, of counsel in the law firm Holland & Hart, and a former senior attorney in the SEC’s Enforcement Division. The overwhelming success of the SEC’s Whistleblower Program, which incentivizes whistleblowers to report securities law violations to the SEC, further increases the likelihood of a financial reporting enforcement action, he says.
“It’s safest for auditors to assume that every material issue that comes up in a company is subject to SEC scrutiny."
Brian Hoffman, of Counsel, Holland & Hart
During his remarks, Ceresney noted that the SEC has particularly renewed its focus in the areas of issuer reporting and disclosure. As part of that focus, the SEC is increasingly turning its attention to both audit committees and external auditors.
“Over the past few years, the staff has really put a lot of focus into financial reporting and auditing enforcement matters,” says Hoffman. “That means auditors are back front and center in the overall SEC enforcement program.”
By way of example, Ceresney cited two recent high-profile enforcement actions against external auditors: BDO USA and Grant Thornton. “These actions were the first cases against national audit firms for audit failures since 2009,” he said. “They also were the first actions in which the audit firm admitted to wrongdoing.”
BDO and five of its partners in September 2015 admitted wrongdoing and agreed to pay $2.1 million in disgorgement and penalties for dismissing red flags and issuing false and misleading unqualified audit opinions about the financial statements of staffing services company General Employment Enterprises. One important lesson from that case is that “like audit committee members, auditors need to demand objective evidence and investigation when they come across situations which suggest inaccuracies in the company filings,” said Ceresney.
Another lesson: “Audit firms must not retreat from demanding an internal investigation unless they obtain evidence that dispels the issues that led them to request such an investigation in the first place,” he warned.
In a second high-profile case, Grant Thornton and two of its partners in December 2015 admitted wrongdoing and agreed to pay a $4.5 million in disgorgement and penalties for failure to heed numerous warnings and red flags concerning alleged frauds occurring at two audit clients—Assisted Living Concepts and Broadwind Energy—both of which eventually became the subjects of enforcement action by the Commission for improper financial reporting.
The Importance of Gatekeepers
Below are the remarks of SEC Enforcement Director Andrew Ceresney at Directors Forum 2016 speaking about the importance of gatekeepers.
Let me now turn to gatekeepers in the financial reporting process. In the financial reporting area, like in many others, gatekeepers are critical to helping ensure that issuers make timely, comprehensive, and accurate disclosure. Audit committee members and external auditors in particular are among the most important gatekeepers in this process, and each has a responsibility to foster high-quality, reliable financial reporting. We recognize that audit committee members and auditors exercise a significant amount of judgment on a day-to-day basis and we are not in the business of second-guessing good faith judgments. However, audit committee members who fail to reasonably carry out their responsibilities, and auditors who unreasonably fail to comply with relevant auditing standards in their audit work, can expect to be in our focus.
Audit Committee Members
We have not frequently brought cases against audit committee members. That is because in my experience, audit committee members in most cases carry out their duties with appropriate rigor. But in the last couple of years, we have brought three cases against audit committee chairs that provide helpful guidance on the type of failures that will attract our attention. In each case, the audit committee member approved public filings that they knew, were reckless in not knowing, or should have known were false because of other information available to them.
In early 2014, for example, the Commission charged an animal feed company—AgFeed Industries—and top executives with allegedly conducting a massive accounting fraud in which they repeatedly reported fake revenues from their China operations in order to meet financial targets and prop up the stock price. We alleged that, while the company was engaged in efforts to raise capital for expansion and acquisitions, the audit committee chair learned facts from a high level employee who had visited China suggesting that Chinese sales were inflated. He then allegedly sought advice from a former director and company advisor, who noted that there was “not just smoke but fire” and recommended that AgFeed conduct a full internal investigation. However, the audit committee chair ignored the recommendation and the red flags of fraud, and signed off on the public filing of the financial statements.
In another recent case, we charged the issuer’s former audit committee chair for signing an annual report that she knew or should have known contained a false Sarbanes-Oxley certification with the digital signature of a purporting acting CFO when, in fact the person selected for that role had rejected the offer to serve in the position.
Finally, in a recent action, the Commission found that MusclePharm’s former audit committee chair signed several filings that did not disclose the full extent of executive perks. He then learned through an internal review that certain perks had not been disclosed. Yet, the audit committee chair substituted his wrong interpretation of SEC perk disclosure rules for the views of the independent consultant MusclePharm had hired, resulting in additional filings with incorrect perk disclosures.
The takeaway from these cases is straightforward: when an audit committee member learns of information suggesting that company filings are materially inaccurate, it is critical that he or she take concrete steps to learn all relevant facts and cease annual and quarterly filings until he or she is satisfied with the accuracy of future filings.
The firm had assigned a particular audit partner to oversee both audits and allowed the partner to continue on those audits despite having received numerous warnings of quality issues with her work. The firm also failed to ensure that the rest of the audit team compensated for weaknesses in that partners’ work, and that its audit procedures were rigorous enough to cover the key risk area.
“The lesson from the Grant Thornton matter is that engagement partners need to be actively monitored to ensure that they are fully capable of fulfilling their critical role as gatekeepers,” said Ceresney.
Financial law experts say that auditors can mitigate liability by taking the following steps:
Assess and address risks. Auditors should pay attention not only to general reoccurring issues, like revenues and related third-party transactions, but also specific risks relevant to the company. If the company does business abroad, for example, this might include potential foreign bribery issues. “Auditors should be aware of boilerplate risks and the strategies for dealing with them,” says Hoffman.
Pay attention to internal controls. “Good controls protect the company, the executives, and the auditors,” says Hoffman. “It’s the frontline line of defense against potential fraud.”
Be skeptical. Make sure you gather appropriate evidence for material issues and not just accept cursory management representations. “Show, don’t tell,” says Hoffman.
Check and recheck for conflicts-of-interest. “Auditors are supposed to be independent of their audit clients,” says Hoffman. Thus, auditors should check for conflicts-of-interest any time a change occurs in the audit-client relationship, he says. Such circumstances may include the merger or acquisition of an auditing firm, or when a new audit partner comes on board and brings a new client with them.
Keep good documentation. Work papers and e-mails are the best proof auditors have to later show the SEC the scope of the work performed. “The SEC will not give credit for audit evidence if it’s not documented in the workpapers,” says Michael Scudder, a partner with law firm Skadden, Arps, Slate, Meagher & Flom. “I cannot think of a Rule 102(e) proceeding where audit documentation has not been a significant issue.”
Address red flags. When red flags arise, companies often need outside counsel to do an internal investigation. “Auditors have a role here in making sure that gets done, to the extent that they’re informed of the potential issue,” says Hoffman. Auditors also should conduct shadow investigations for material issues, advises Hoffman. That means getting a forensic team and outside counsel involved to assess what needs to happen from the auditor’s point of view, he says.
In the event that auditors do find themselves in the crosshairs of the SEC, a timely response is everything. “It’s important for auditors to address the SEC’s concerns quickly and efficiently, to take them seriously, and—to the extent it makes sense—produce documents to the SEC, and to help explain to the SEC what it did and why it did what it did,” says Hoffman.
“Auditors often find themselves in an interesting role because they’re not always the focus of an SEC investigation. Sometimes they’re just fact witnesses,” says Hoffman. In that aspect, it’s important for auditors to engage in dialogue with SEC. Maybe they’re able to provide the SEC staff with information that will help with the underlying case against the company or the individuals or to just clarify the issues, he says.
“It’s often important to pledge your cooperation with the SEC staff early in its investigation,” says Scudder. The SEC affords cooperation credit to firms and individuals that provide substantial cooperation and do so in good faith, he says.
Rule 102(e) proceedings are administrative in nature, which means they ultimately end up before an administrative law judge of the SEC if challenged. Most end up settling before that point to minimize the sanctions imposed, “which could include permanent or temporary bars from practicing before the SEC, censures, cease-and-desist orders, fines and remedial actions,” says Fuchs.
“A practice bar can be lethal,” says Scudder. It doesn’t matter if you’re barred from practicing for one year or five years. “They’re often career-ending.”
Nevertheless, settlements in Rule 102(e) proceedings may be fewer and farther between if the SEC continues to aggressively pursue auditors in furtherance of Operation Broken Gate, says Scudder. “You may well start to see more auditors bring these matters all the way to an administrative trial.”