The U.S. Securities and Exchange Commission (SEC) announced fraud charges against the former chairman and two former CEOs of staffing firm General Employment Enterprises, as well as audit firm BDO. According to the
FCPA Blog, General Employment told BDO during a 2009 audit that its bank had not repaid the company when a US$2.3 million nonrenewable certificate of deposit (CD) matured — the amount represented about half of the company's assets at the time. Despite an investigation that received conflicting reports from management and board members about the CD's status, BDO issued unqualified opinions on the company's financial statements for 2009 and 2010. The SEC alleges that during this time General Employment's board chairman, Mike Pence, acted as an agent of Wilber Huff, who had funded Pence's acquisition of a controlling stake in the company, in exchange for US$500,000. Huff was sentenced in June to 12 years in prison for bribery and fraud, including receiving the money purportedly used to purchase the CD. The SEC charged BDO with ignoring red flags and issuing false and misleading audit opinions. BDO has admitted to wrongdoing and settled with the SEC. The case against Pence is ongoing.
This story offers many lessons for auditors, audit firms, businesses, and banks. The most interesting aspect of this story is the role of the audit firm, BDO, in enabling fraud by ignoring the standards for audit opinions established by the U.S. Public Company Accounting Oversight Board (PCAOB), as well as the breadth and depth of sanctions imposed by the SEC as a consequence.
administrative cease and desist order (PDF) contains numerous constructive "dos and don'ts" to which I add a few of my own. The SEC's judgment can be summarized as follows: "BDO's conduct in the 2009 and 2010 audits of [General Employment] involved repeated instances of unreasonable conduct, each resulting in violations of PCAOB standards and indicating a lack of competence, and also satisfies the standard of highly unreasonable conduct resulting in violations of PCAOB standards in circumstances in which heightened scrutiny was warranted."
What should have happened, but didn't, is instructive to auditors in similar situations before issuing unqualified audit opinions on financial statements. These include:
- Full disclosure of source documents such as bank statements showing the flow of funds from the closing of special or unusual transactions through the date the funds were fully transferred, including for any related third-party situations. Although General Employment told BDO that the amount in the CD wasn't repaid by the bank upon the maturity date, the company eventually received a series of deposits totaling US$2.3 million from three entities unaffiliated with the bank. BDO never received "reasonable and coherent explanations" about why the US$2.3 million went missing and why an equivalent amount was later wired to the company under suspicious circumstances.
- Explanation of why the funds in the above situation were being transferred from entities other than those expected or defined in financial relationships with the company.
- Agreement that a meeting with officials at these other entities may be requested to corroborate this documentation, and to understand the nature of the transaction.
- A written report by management or others to fully explain the circumstances surrounding what steps management took to gain its understanding of what transpired.
What should not have happened, and are definite "red flags," include:
- The company CEO signing off on financial statements, rather than the treasurer, and indications that the treasurer was either unaware or not in agreement.
- Allowing the company to hold an audit committee meeting where BDO was prevented from being present for the discussion of the irregular financial transaction, on the recommendation of the company's general counsel and one audit committee member.
- The external auditor wavering on its responsibility to clearly interpret and adhere to audit standards. Despite the existence of multiple, unanswered questions, BDO ultimately agreed to drop its demand for an independent investigation, based on the rationale that the audit committee chair, who had initially supported the independent investigation, no longer believed that it was required. Moreover, the firm reasoned that a new CEO — in whom BDO apparently had confidence — had replaced the former one who had been involved in several dubious actions. As cited in the
SEC judgment (PDF, Paragraph 86), "PCAOB standards require auditors to exercise due professional care in the planning and performance of the audit and the preparation of the report. Auditors must maintain an attitude of professional skepticism, which includes 'a questioning mind and a critical assessment of audit evidence.' In addition, the auditor should 'consider the competency and sufficiency of the evidence.' Since evidence is gathered and evaluated throughout the audit, professional skepticism should be exercised throughout the audit process. The commission and courts have held that related-party transactions require heightened scrutiny."
Finally, the question of effective deterrence measures in cases where the auditor has failed to meet standards and expectations is particularly important. It's noteworthy that the SEC, in addition to imposing suspensions and fines of more than US$2 million, has ordered BDO to complete several actions, such as:
- Completing a review of the sufficiency and adequacy of BDO's quality controls set forth in its audit manual, including its policies and procedures for audit and interim reviews.
- Submitting a report to the SEC, signed by its CEO, on changes resulting from that review.
- Hiring an independent consultant to review whether BDO's policies are adequate and sufficient to provide reasonable assurance of compliance with all relevant SEC regulations and PCAOB standards and rules.
- Providing audit training to all BDO audit professionals who serve on public company audits that covers potential illegal acts and Section 10A of the Exchange Act, identification and disclosure of related-party transactions, and fraud detection.
- Annually certifying that BDO has assessed whether the firm's policies are adequate and sufficient to provide reasonable assurance of compliance with all relevant SEC regulations and PCAOB standards and rules by testing the firm's implementation of BDO's policies, among other things.
Are these enough to deter BDO and other audit firms from engaging in similar behavior in the future? Perhaps. For example, Canadian courts currently are looking at imposing a penalty on SNC Lavalin for bribery and corruption infractions that would see the company banned from bidding on public contracts for 10 years. Also, although the General Employment case involves an external auditor, I wonder what might happen if an internal auditor or organization were facing revocation of its certification in comparable circumstances or what other sanctions might be involved. What do you think?