Ignoring Red Flags​

An external audit firm pays a high price for not pursuing evidence of financial wrongdoing.​

Comments Views

​The U.S. Securities and Exchange Commission (SEC) announced fraud charges against the former chairman and two former CEOs of staffing firm General Employment Enterprises, as well as audit firm BDO. According to the FCPA Blog, General Employment told BDO during a 2009 audit that its bank had not repaid the company when a US$2.3 million nonrenewable certificate of deposit (CD) matured — the amount represented about half of the company's assets at the time. Despite an investigation that received conflicting reports from management and board members about the CD's status, BDO issued unqualified opinions on the company's financial statements for 2009 and 2010. The SEC alleges that during this time General Employment's board chairman, Mike Pence, acted as an agent of Wilber Huff, who had funded Pence's acquisition of a controlling stake in the company, in exchange for US$500,000. Huff was sentenced in June to 12 years in prison for bribery and fraud, including receiving the money purportedly used to purchase the CD. The SEC charged BDO with ignoring red flags and issuing false and misleading audit opinions. BDO has admitted to wrongdoing and settled with the SEC. The case against Pence is ongoing.

Lessons Learned

This story offers many lessons for auditors, audit firms, businesses, and banks. The most interesting aspect of this story is the role of the audit firm, BDO, in enabling fraud by ignoring the standards for audit opinions established by the U.S. Public Company Accounting Oversight Board (PCAOB), as well as the breadth and depth of sanctions imposed by the SEC as a consequence.

The SEC's administrative cease and desist order (PDF) contains numerous constructive "dos and don'ts" to which I add a few of my own. The SEC's judgment can be summarized as follows: "BDO's conduct in the 2009 and 2010 audits of [General Employment] involved repeated instances of unreasonable conduct, each resulting in violations of PCAOB standards and indicating a lack of competence, and also satisfies the standard of highly unreasonable conduct resulting in violations of PCAOB standards in circumstances in which heightened scrutiny was warranted."

What should have happened, but didn't, is instructive to auditors in similar situations before issuing unqualified audit opinions on financial statements. These include:

  • Full disclosure of source documents such as bank statements showing the flow of funds from the closing of special or unusual transactions through the date the funds were fully transferred, including for any related third-party situations. Although General Employment told BDO that the amount in the CD wasn't repaid by the bank upon the maturity date, the company eventually received a series of deposits totaling US$2.3 million from three entities unaffiliated with the bank. BDO never received "reasonable and coherent explanations" about why the US$2.3 million went missing and why an equivalent amount was later wired to the company under suspicious circumstances.
  • Explanation of why the funds in the above situation were being transferred from entities other than those expected or defined in financial relationships with the company.
  • Agreement that a meeting with officials at these other entities may be requested to corroborate this documentation, and to understand the nature of the transaction.
  • A written report by management or others to fully explain the circumstances surrounding what steps management took to gain its understanding of what transpired.

What should not have happened, and are definite "red flags," include:

  • The company CEO signing off on financial statements, rather than the treasurer, and indications that the treasurer was either unaware or not in agreement.
  • Allowing the company to hold an audit committee meeting where BDO was prevented from being present for the discussion of the irregular financial transaction, on the recommendation of the company's general counsel and one audit committee member.
  • The external auditor wavering on its responsibility to clearly interpret and adhere to audit standards. Despite the existence of multiple, unanswered questions, BDO ultimately agreed to drop its demand for an independent investigation, based on the rationale that the audit committee chair, who had initially supported the independent investigation, no longer believed that it was required. Moreover, the firm reasoned that a new CEO — in whom BDO apparently had confidence — had replaced the former one who had been involved in several dubious actions. As cited in the SEC judgment (PDF, Paragraph 86), "PCAOB standards require auditors to exercise due professional care in the planning and performance of the audit and the preparation of the report. Auditors must maintain an attitude of professional skepticism, which includes 'a questioning mind and a critical assessment of audit evidence.' In addition, the auditor should 'consider the competency and sufficiency of the evidence.' Since evidence is gathered and evaluated throughout the audit, professional skepticism should be exercised throughout the audit process. The commission and courts have held that related-party transactions require heightened scrutiny."

Finally, the question of effective deterrence measures in cases where the auditor has failed to meet standards and expectations is particularly important. It's noteworthy that the SEC, in addition to imposing suspensions and fines of more than US$2 million, has ordered BDO to complete several actions, such as:

  • Completing a review of the sufficiency and adequacy of BDO's quality controls set forth in its audit manual, including its policies and procedures for audit and interim reviews.
  • Submitting a report to the SEC, signed by its CEO, on changes resulting from that review.
  • Hiring an independent consultant to review whether BDO's policies are adequate and sufficient to provide reasonable assurance of compliance with all relevant SEC regulations and PCAOB standards and rules.
  • Providing audit training to all BDO audit professionals who serve on public company audits that covers potential illegal acts and Section 10A of the Exchange Act, identification and disclosure of related-party transactions, and fraud detection.
  • Annually certifying that BDO has assessed whether the firm's policies are adequate and sufficient to provide reasonable assurance of compliance with all relevant SEC regulations and PCAOB standards and rules by testing the firm's implementation of BDO's policies, among other things.

Are these enough to deter BDO and other audit firms from engaging in similar behavior in the future? Perhaps. For example, Canadian courts currently are looking at imposing a penalty on SNC Lavalin for bribery and corruption infractions that would see the company banned from bidding on public contracts for 10 years. Also, although the General Employment case involves an external auditor, I wonder what might happen if an internal auditor or organization were facing revocation of its certification in comparable circumstances or what other sanctions might be involved. What do you think?​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

 

 

Comment on this article

comments powered by Disqus
  • IIA Global 3LOD Exposure_July 2019_Premium 1
  • IIA_Sawyer_July 2019_Premium 2
  • IIA Sepcialty Centers_July 2091_Premium 3