Directors and Officers Liability and Insurance : The D & O Diary : Kevin LaCroix : Securities Laws, Corporate Fraud, D & O Litigation

Under Section 104(b) of the Sarbanes-Oxley Act, the Public Company Accounting Oversight Board (PCAOB) is required to inspect audit firms that regularly provide audit reports for fewer than 100 public companies "not less frequently than once every 3 years." On October 22, 2007, the PCAOB released a Report regarding its inspections of these so-called "triennial firms" entitled "Report on the PCAOB's 2004, 2005 and 2006 Inspections of Domestic Triennially Inspected Firms." (here). The Report is significant because even though many of the 497 triennial firms inspected are small and may audit as few as a single public company, as a group the triennial firms "audit thousands of public companies." Because the triennial firms audit so many public companies, the PCAOB's Report detailing its concerns regarding the firms' audits has significant implications for those who rely on those audits.

• Print
• Comments
• Trackbacks

The Public Company Accounting Oversight Board (PCAOB) has been the target of extensive criticism for the timing and content (or lack thereof) of the public reports for its inspections of the Big Four accounting Firms. (Prior D & O Diary posts on this issue can be found here and here.) This issue is reviewed at length in a January 26, 2007 CFO.com article entitled "Why The Big Four Are Still a Mystery" (here), and the article is supplemented by an email interview (here) with PCAOB board member Charles Niemeier.

The article reviews the frequent criticisms that the public inspection reports reflect a "lack of context," because the PCAOB does not publicly reveal how many inspections it conducts on each firm. Without this kind of quantitative data, there is no way to assess how widespread the concerns are. The absence of this information means that the inspection process "is not producing the kind of results that it should for people who are using the results and trying to understand what this means," according to the former head of Deloitte, who is now the chair of four public company audit committees, and who is quoted in the article.

The delay in reporting the results is also a concern. For example, the reports for the 2005 inspections of Ernst & Young (here) and KPMG (here) were not released until January 2007. The audits inspected were obviously completed substantially before the inspections. The delay gives analysts and others "little leeway in being able to gauge the current performance of an audit firm."

Niemeier's response to the concern about the lack of disclosure concerning the number of audits inspected is that it is "not a relevant figure" and "could encourage misleading, superficial comparisons between firms." Niemeier also is opposed to supplying further details about the audit concerns noted in the inspection reports, even information designed to convey how serious the problems noted were; Niemeier feels this would be inconsistent with PCAOB's statutory confidentiality obligations.

Niemeier is also opposed to any overall qualitative evaluation of the firms audited, on the theory that this would "divert attention" from the PCAOB's efforts to identify risks in the audit firm's processes. With respect to the timeliness of the inspection reports, Niemeier says that the "timing of the reports has been due to internal operational processes" and that "the time between completion of an inspection and issuance of a report should be shorter in the future."

What to make of all of this depends on the purpose of the PCAOB's public inspection reports. If, as with Niemeier, you believe the public reports are designed to provide the audit firms with appropriate incentive to remedy noted concerns, then the current process is adequate. But if that is the sole purpose, why bother with public reports at all? Why not simply reserve public disclosure for those concerns the audit firms fail to address during the 12-month cure period? But the reports clearly are made public (at least to the extent they are made public) for a separate purpose, which is to inform. On that score, as the CFO.com article notes, the inspection reports "don't paint a clear enough picture about what the auditor overseer was probably trying to say in its reports."

Niemeier's comments that added information, such as the number of audits inspected, might be misued amounts to an assertion that investors and others can't be trusted with the information. Clearly, the policy decision to withhold the information is calculated for the audit firms' protection, to the detriment of the investing public. These competing interests ought to militate that the PCAOB should go as far as it could to disclose information consistent with its statutory constraints - and subject only to the statutory constraints. The numerical and evaluative information critics argue that the inspection reports lack are not barred by the statutory constraints. The audit firm's best protection against vulnerability to adverse information is in their power to control, through their own audit execution.

A good summary of the shortcomings of the PCAOB's public inspection reports, with links to other sites, can be found on the White Collar Fraud blog, here and here.

Audit Liability Caps: In a prior post (here), The D & O Diary took a look at various proposals to cap auditors' liability. In a January 25, 2007 speech (reported here), Conrad Hewitt, the SEC's Chief Accountant, came out in favor of protecting the "major accounting firms" from legal liability if their audit clients become embroiled in accounting-related scandals. Hewitt is concerned about auditor liability because there are only four major accounting firms left. "It's a concern to us if something should happen to any of the four firms."

So The D & O Diary wonders - is the PCAOB's policy on its public reports of the Big Four firm's audit inspections the product of a similar concern for the survival of the "remaining four?"

• Print
• Comments
• Trackbacks

Based on the accumulated observations of its inspections of public company audits, the Public Company Accounting Oversight Board is concerned that auditors may not be doing all they could (or even all that is required) to detect the possibility of fraud at the companies they are auditing. In a January 22, 2007 release entitled "Observations on Auditors' Implementation of PCAOB Standards Relating to Auditors' Responsibilities with Respect to Fraud" (here), the PCAOB issued a report detailing its recurring observations in order to "focus auditors on being diligent about their responsibilities as they relate to fraud." The report is not intended to create new standards, but rather to "remind all auditors of what the Board's standards require of them in these areas."

The report emphasizes that one of the key purposes of the audit, and an important point of concern of the PCAOB, is to "detect material misrepresentations caused by fraud." The report reviews at considerable lengths the steps that auditors should be taking in planning and performing the audit to test for the possibility of fraud.

Among the more interesting discussion points is the PCAOB's concern based on its recurring inspection observations that some audit teams are not designing their audit procedures based on an audit team "brainstorming session" to identify possible company-specific fraudulent practices. Essentially, the auditors are required to put themselves in the shoes of the would-be fraudsters, and imagine how they might go about defrauding the company, so that the auditors can then design tests to see if any of these things are actually happening. The report identifies a number of other procedural and substantive shortcomings that the PCOAB has observed (for example, failing to test for the possibility that management is overriding financial controls), but the failure to design audit tests based on company-specific fraud-imagination brainstorming is one of several apparently serious concerns.

Consistent with the PCAOB's prior practices and statutory constraints, the PCAOB does not identify the auditors or audits on which its observations are based. As The D & O Diary has previously observed (here), the PCAOB could (and arguably should) consistent with its statutory constraints provide numerical information that would afford greater insight into how serious these problems are. For example, in connection with how many audit inspections were these concerns noted? On what percentage of the PCAOB's inspections did these kinds of concerns arise? And, even more specifically, were there any inspections on which these concerns were noted where fraud was later found to have occurred but was not detected by the auditors? Without this kind of information, it is basically impossible to assess how serious these concerns are, and whether or not there might be fraud (and if so, how much) that is going undetected by the auditors. That said, the PCAOB is to be commended for compiling the observations and issuing the release, as it undoubtedly will have the salutary effect of focusing auditors' attention on the need for targeted fraud detection procedures.

Hat tip to the AAO Weblog (here) for the link the to the PCAOB release.

To Catch a Thief?: Anyone who doubts the need for creative application of audit procedures actively designed to detect fraud may want to read the story (here) from the front page of today's Cleveland Plain Dealer. This story might not have made the national press but here in snowy Cleveland it is pretty big news. According to the story, the former head of the international lending unit of KeyCorp will plead guilty to embezzling $40 million from the bank over the course of 9 years.

The official fabricated loans in the name of real European banks and then took the money himself. He used subsequent loans to cover earlier loans. He got caught when he used one of the European lines of credit to pay his personal credit card bill, and it came to the attention of another bank employee. (Coincidentally, the WSJ.com Law Blog has an account, here, of a separate embezzlement scam involving the former NBC Treasurer that was also detected because the bad guy used the embezzled funds to pay a personal credit card bill.)

According to the news report, the KeyCorp embezzlement scheme escalated in 2004 when the official developed a relationship with a younger woman he met while traveling, for whom he purchased multi-million dollar homes and a 12-carat engagement ring. (The official was married to another woman at the time; unsurprisingly, they divorced after the embezzlment and the use of the embezzled funds came to light.)

Auditors who want to jumpstart their brainstorming session about possible fraud may want to contemplate the apparent ease with which this individual evaded detection for 9 years and scammed his (publicly traded) employer.

• Print
• Comments
• Trackbacks

When the Committee on Capital Markets Regulation (popularly known as the Paulson Committee) in its Interim Report (here) recommended "setting a cap on auditor liability," the Committee relied for support on the steps in that direction that have been taken by the European Commission. In its latest effort along those lines, the European Commission on January 18, 2007 launched a "public consultation on whether there is a need to reform the rules on auditor liability in the EU." A copy of the Commission's press release can be found here. A copy of the Staff Working Paper can be found here.

In the Working Paper, the Commission's staff offered four alternative proposals to cap the liability accounting firms potentially face when auditing public companies. (The Commission is asking for comment on the four proposals by March 15, 2007.) The four proposals are: a fixed monetary cap on damages that could be sought from auditors; a cap based on the audited company's market capitalization; a cap based on a multiple of the audit fees charged; or the introduction of proportionate liability , which would hold the auditor responsible only for the damages that could be specifically attributed to them.

The initiative to afford accountants some form of liability protection is being led by Charlie McCreevy, the European Commissioner for Internal Market and Services. The initiative would potentially extend protections across the EU's 27 member countries, although the member countries would not be required to enact them. However, the Working Paper notes that "auditor's liability is currently capped in five Member States (Austria, Belgium, Germany, Greece and Slovenia)."

The Commission's motivation for exploring auditor liability caps is essentially the same as that noted by the Paulson Committee in its Interim Report. That is, the Commission is concerned that as the number of audit firms capable of auditing the largest companies has dwindled down to four, the potential consequences from the failure of one of the remaining firms would be harmful to investors. In an October 27, 2006 interview in the Financial Times (here), McCreevy expressed his concern that "further reduction in the number of global firms would make it very hard for companies to get accounts signed off and published - dealing a blow to investors." McCreevy himself advocates a cap on auditor liability.

A January 19, 2007 Wall Street Journal article entitled "EU Offers Plans for Accounting Firms' Audit-Liability Caps" (here, subscription required) suggests that the EU proposals "could help a push by the largest firms for similar protection in the U.S." The article goes on to note that the "adoption of a European auditor-liability shield, even if the member countries weren't required to enact it, would potentially add to a sense that U.S. markets are increasingly at a competitive disadvantage to those in Europe, and, in particular, London."

The competitiveness of the U.S. capital markets will be the theme of a conference that will convened in the spring by Treasury Secretary Henry Paulson. (For a description of the planned conference, announced on January 17, 2007, refer here.) The accounting industry will be one of the three major topics to be discussed at the conference, along with regulation and corporate governance. Robert Steel, the Treasury's undersecretary for domestic finance, in describing the conference's anticipated topics, said that (unnamed) officials are "concerned about the accounting industry," and that the conference will look at whether there are "structural issues" that hurt the industry, such as an "unattractive liability construction." Steel, along with Paulson, recently joined the Treasury Department from Goldman Sachs.

Is the PCAOB Shielding the Big Four?: With the anxiety surrounding the possible investor consequences to investors were another of the Big Four accounting firms to fail, could it be that regulators are treading softly around the "remaining Four?" As The D & O Diary noted in a prior post (here), the Public Company Accounting Oversight Board (PCAOB) does not reveal much about its inspections of the Big Four accounting firms. For example, the PCAOB does not reveal the number of Big Four audits it inspects as part of its annual inspection process, or the percentage of audits inspected that proved to have concerns - even though it releases this information for smaller firms.

A January 18, 2007 post on CFO Blog (here) reports on a recent speech by PCAOB founder and board member Bill Gradison, in which Gradison suggests that the PCAOB considers itself a supervisory body rather than an enforcement agency, and so the agency wants to work with firms to restore "integrity" and even "luster" to the profession. For that reason, the PCAOB prefers to give the audit firms a 12-month grace period to fix problems, rather than to make them public when they happen, since "reputation is so important in a field like auditing."

While I am sure the accounting firm's appreciate this deference to their reputation, investors' interests are definitely forced into the back seat by this ordering of priorities. As my prior post linked above notes, the PCAOB's annual inspection report disclosure leaves a great deal to be desired from the investors' point of view. First and foremost, the PCAOB ought to inform investors what percentage of audits inspected produced inspection concerns. In addition, the PCAOB ought to tell the investing public how many of the audit concerns were material, which audit concerns were material, and what order of magnitude the material concerns represent.

• Print
• Comments (2)
• Trackbacks

On January 11, 2007, the Public Company Accounting Oversight Board (PCAOB) released its annual inspection reports of Ernst & Young LLP and KPMG LLP. The reports can be found here and here. The PCAOB is required by law to annually inspect each accounting firm that audits more than 100 public companies. The agency's reports on E & Y and KPMG are based on inspections done in 2005 of the firm's audits of companies' 2004 financial results. (The PCAOB previously released its reports of PWC and Deliotte & Touche.) If this seems like a long time ago to you, you are not alone.

As noted in a January 12, 2007 Wall Street Journal article (here, registration required), there have been "criticisms from investors and members of corporate audit committees that the agency is taking too long in getting the reports out and [the board] has pledged to try and speed up the process this year."

The E & Y and KMPG reports cite multiple audit failures by both firms. The PCAOB identified 10 E & Y public company audits and 11 KPMG public company audits for criticisms. The E & Y report says that in "some cases" the errors appeared "likely to be material to the issuer's financial statements" and the KPMG report says that in "one case" the result was likely to be material. However, according to its policies, the PCAOB does not identify the companies that had their audits cited. The PCAOB also does not make their entire inspection reports available publicly. The PCAOB's statement of policy about issuing its reports, here, explains the statutory constraints on its ability to publicly release portions of the inspection reports that deal with criticisms that the audit firm has addressed within 12 months of the inspection. The statutory constraints also prohibit disclosure of information obtained from accounting firms and their clients.

While the PCAOB's restrictions on its reports are statutorily compelled, the constraints produce a report that reveals relatively little, particularly with respect to the deficiencies noted. In the reports, each deficiency is separately identified and described, but only in the most general terms. The brevity of the descriptions prevent the reader from making any meaningful assessment about the deficiency, including any assessment of the deficiency's seriousness or its impact on the reported financial condition of the audit client. The disclosure constraints are statutory, but the resulting reports are of relatively little use to investors and others (e.g., D & O insurance underwriters) who would certainly like to know more about the problems that were cited. For example, which problems were the ones that were likely to have been material? How material? What does it mean to say that in "some cases" the deficiencies in the E & Y reports were material -- how many of the 10 E & Y audits cited, and which ones?

In addition, the PCAOB's constraints on individual accounting firm's inspections may be statutory, but arguably there are no statutory constraints on aggregate statistical information about the PCAOB's inspections. The White Collar Fraud blog (here) has an interesting post about his unsuccessful efforts to obtain aggregate statistical information from the PCAOB, including the percentage of inspections that result in audit deficiencies by each firm. For example, the KPMG report says only that PCAOB inspectors visited 14 of 89 KPMG offices. That doesn't tell us how many KPMG audits they reviewed; the inspectors found 11 KPMG audits with concerns, but did they review 11, 110 or 1100 audits to find the 11 violations? It clearly makes a difference. The D & O Diary agrees that the PCAOB should provide more statistical information about its inspections. There may be statutory constraints on its disclosures about individual inspections, but where the PCAOB is not constrained, it should make more information available, including specifically aggregate statistical information. I also wonder whether it would be possible for the PCAOB, consistent with its statutory constraints, to provide sufficient information for inspection report readers to be able to assess the seriousness and impact of deficiencies noted.

A January 12, 2007 CFO.com article entitled "Failing Grades for E & Y, KPMG" can be found here.


Specter Reintroduces Thompson Memo Bill: As The D & O Diary previously noted (here), even though the McNulty Memo has replaced the Thompson Memo, there are still calls for a legislative remedy to the attorney-client privileges of employees who find themselves subject to criminal allegations. According to a January 10, 2007 CFO.com article entitled "Specter Re-Ups Thomspon Memo Battle" (here), Senator Arlen Specter has reintroducted the proposed bill he had previously advanced to try to circumvent the Thompson Memo. The CFO.com article quote Specter as saying that even though the McNulty Memo reflects "some improvement," it still allows prosecutors to seek privilege waivers, which he says will "erode the attorney-client relationship."

Senator Spector's bill, originally entitled The Attorney-Client Privilege Protection Act of 2006, can be found here.

The Blogosphere Gets Respect: Amid the media coverage (for example, here) surrounding the lawsuit that Cisco Systems has filed against Apple over the use of the iPhone name, one particular detail caught my eye. That is, Cisco Systems declared its public position with respect to the lawsuit in a blog post (here), by its General Counsel, Mark Chandler. (Full disclosure: Chandler coincidentally happens to be a family friend.) As others have previously noted, blog posts increasingly are an important component of corporate media communication.

The public dignity accorded the blogosphere got a boost earlier this week when SEC Chairman Christopher Cox acknowledged during a speech that he "uses blogs to gauge public reaction to securities issues." (Refer here.) Not only that, but Cox previously posted a comment (here) on the blog of Sun Microsystems CEO Jonathan Schwarz. The SEC is also looking at whether blogs can be used to satisfy the disclosure requirements of Reg. FD.

As Professor Stephen Bainbridge noted with respect to Cox's comments on his (Bainbridge's) Business Associations blog (here), blogs represent increasingly important means "to communicate with lawyers, judges, and, it would seem, regulators" and that academics (or, I would assert, anyone) who wants to reach those audiences should have or have access to a blog. Cisco Systems clearly feels the same way.

Commissioner Cox, if you are reading this, you should know that you are cordially invited to guest post on my blog, anytime. Seriously. You don't even need to call ahead.

PLUS D & O Symposium: The 2007 Professional Liability Underwriting Society (PLUS) D & O Symposium is only days away. The 2007 Symposium will take place on January 31 and February 1, 2007, at the Marriott Marquis in New York City. I will be co-Chairing this year's Symposium with my good friends Ivan Dolowich and Jeffrey Lattman. Among the many panelists and speakers will be such luminaries as Linda Thomsen, the head of the SEC Enforcement Division; Nell Minow, the founder and editor of the Corporate Library; and Charles Elson, Director of the John L. Weinberg Center for Corporate Governance at the University of Delaware, as well as many other distinguished speakers and guests. The keynote speaker will be former Senator and Secretary of Defense George Mitchell. The entire program schedule can be found here. The Registration materials are here. I look forward to seeing everyone there.

• Print
• Comments
• Trackbacks

On Thursday December 21, 2006, the parties to a case pending in the United States District Court for the District of Columbia will argue whether the Sarbanes-Oxley Act's provisions establishing the Public Company Accounting Oversight Board (PCAOB) are unconstitutional. Although the case focuses on only a narrow part of the Act, it has the potential to bring down the entire statute.

The lawsuit was filed on February 7, 2006 by the Free Enterprise Fund against the PCAOB in the United States District Court for the District of Columbia, and is pending before Judge James Robertson. The FEF essentially contends that the Sarbanes-Oxley Act's provisions establishing the PCAOB violate the separation of powers established in the U.S. Constitution. According to a December 16, 2006 Wall Street Journal op-ed piece by the FEF's counsel, Kenneth Starr, entitled "A Verdict on Sarbanes-Oxley: Unconstitutional" (here, subscription required), the FEF contends that the PCAOB's statutory enabling language is constitutionally defective because "unelected commissions should not have the power to regulate, tax and even punish companies and individuals." (Kenneth Starr is now a professor at Pepperdine Law School, but the former federal appellate judge and U. S. Solicitor General is perhaps best known for his service as the Independent Counsel whose investigation of the Whitewater scandal ultimately led to the impeachment of President Bill Clinton.)

Even though the FEF's suit is addressed only to Sarbanes-Oxley's PCAOB enabling provisions, the case has the potential to preclude enforcement of the entire Act, at least according to University of Illinois Law School professor Larry Ribstein. In a December 16, 2006 post (here) on his Ideoblog, Ribstein states, "it is a tribute to the haste and sloppiness of the Act's creation that it contains no clause saving the rest of the Act if a particular provision is declared unconstitutional." So, according to Ribstein, if the FEF's arguments against the PCAOB's enabling provisions are found unconstitutional, the ruling would "bring down SOX."

At Thursday's hearing, the parties will present their oral arguments on FEF's motion for summary judgement. Oddly, the Court is hearing argument on the summary judgment motion without having first ruled on the PCAOB's motion to dismiss the case for lack of jurisdiction. A ruling on the summary judgment motion is not likely until early next year.

According to Wikipedia, the Free Enterprise Fund is a free market advocacy group that promotes economic growth, lower taxes, and limited government. The group was founded by economist and policy analyst Stephen Moore. (The Wall Street Journal, in printing Starr's op-ed advocacy piece on behalf of the FEF, neglected to mention that Moore, the FEF's founder, is a member of the Wall Street Journal Editorial Board.) The current chairman of the FEF is Mallory Factor, founder of the merchant bank, Mallory Factor, Inc. The website whitehouseforsale.org has a lengthy decription of Factor's business and political activities, here. (Readers should judge the reliability of the site's information for themselves.)

Update: A December 22, 2006 Washington Post article describing oral argument on the summary judgment motion may be found here.

The Peekaboo Cloak of Secrecy: The PCAOB comes in for criticism from a completely different direction in a December 15, 2006 Washington Post article entitled "Auditing Reform: Mission Accomplished!" (here, registration required). The article is critical of the PCAOB (which, according to the article, is known as "'Peekaboo' to its friends in the industry") because of the Board's reliance on a scheme of "prudential regulation" to supervise the Big Four accounting firms. According to the article, prudential regulation "rests on behind-the-scenes collaboration between regulator and regulated." The biggest problem with this "industry friendly" approach, according to the article, is that

by its nature, it overlooks the worst kind of abuses - those that become so commonplace that everyone thinks they're acceptable. Recent examples range from "managing" quarterly earnings to doling out hot stock offerings to favored customer. At some level, the lawyers, auditors and regulators understood that they violated basic principles of fair dealing. And yet few thought to question these practices.

In the end, it took whistleblowers and outsiders like journalists and states attorneys general to expose these abuses and force new rules. But in the closed loop of a prudential regulator system, none of that would have happened. The whole idea is to keep the heathens out and work things out behind the scenes, without lawsuits, public sanctions or disclosure of embarrassing details....

I have trouble believing that, as the PCAOB asks us to believe, the Big Four have miraculously transformed their corporate cultures, pushed out the bad apples and fixed all their quality-control problems...as long as the PCAOB shrouds its every action involving the Big Four under a cloak of prudential secrecy, we'll never know, will we?

The source of these kinds of criticisms may perhaps be seen in the PCAOB's December 14, 2006 release of its "2005 Inspection Report of Pricewaterhouse Coopers LLP" (here). According to a December 16, 2006 Wall Street Journal article entitled "PCAOB Finds Problems at Pricewaterhouse Coopers" (here, subscription required), the PCAOB found deficiencies in the accounting firm's audit of nine companies, noting that the firm "failed in some cases to catch or address errors in the way the companies applied accounting rules or lacked sufficient evidence to back up some of its decisions."

However, according to the Journal article, "in keeping with the Board's policies, the report doesn't identify the companies that had their audits cited." In addition, only a portion of the Board's report is made public; the report section detailing criticisms of the accounting firm's quality-control systems is "kept secret and never made public if the firm is able to show that it has corrected the problems cited within 12 months of the report's issuance."

The PCAOB must issue annual inspection reports for any accounting firm that audits 100 or more public companies. According to the Journal article, the PCAOB "has been criticized for the length of time it is taking to issue annual reports" and the Board has "yet to issue 2005 inspection reports for Ernst & Young LLP and KPMG LLP."

The Ultimate Solution to Accounting Misconduct: While the U.S. accounting profession may chafe under the current regulatory scheme and bemoan its liability exposure, they should at least be relieved to know that the Chinese method of regulatory enforcement has not caught on here. According to a December 15, 2006 CFO.com article (here), a Chinese court has affirmed the death penalty for an accountant who was involved in defrauding bank customers out of millions of dollars. Liu Yibang is accused of conspiring with Zhou Limin, the head of the China Construction Bank branch in Xi'an, by collecting up to $61 million from organizations and individuals by offering fake accounts with high interest rates. The two defendants have now exhausted their death sentence appeals, and the criminal sentence will be enforced.

• Print
• Comments
• Trackbacks