For a year we have known of a fiasco at KPMG in which the firm obtained a list of PCAOB’s plans for inspecting KPMG audit workpapers. That information was floated around at the senior levels of the firm. Multiple people were fired.
This week, the Department of Justice unsealed indictments against four former KPMG employees and one former PCAOB employee.
Let’s dive into the details.
- DM (age 53) was head of KPMG’s Department of Professional Practice and the National Managing Partner for the Audit Quality and Practice Group. (24).
- TW (age 54) was National Partner-in-Charge for Quality Measurement. TW reported to DM (25).
- DB (age 54) was an audit partner in Department of Professional Practice, Banking and Capital Markets. He reported to the KPMG Chief Auditor, who in turn reported to DM (26).
- BS was on the PCAOB staff from 2009 until April 2015. At that point he was hired by KPMG, after having been recruited by KPMG since 2014 (21)..
- CH (age 51) was on PCAOB staff from 2011 until July 2015, at which point she was hired by KPMG. CH was executive director, not a partner (22).
- JW (age 42) was on the PCAOB staff from 2004 until March 2017, when he resigned after this whole issue blew up (23).
- SM (age 54) was the Vice Chair of Audit at KPMG. He was in charge of all audits at KPMG. He was fired in April 2017, along with the other KPMG staff listed above. SM was not indicted.
Charges listed in the indictment include:
- Count one – conspiracy to defraud the United States – DM, TW, DB, CH, JW
- Count two – conspiracy to commit wire fraud – DM, TW, DB, CH, JW
- Count three – wire fraud-2015 – DM, TW, DB
- Count four – wire fraud-2016 – DM, TW, DB, CH, JW
- Count five – wire fraud-2017 – DM, TW, DB, CH, JW
That would be five counts for DM, TW, and DB. Dropping the 2015 inspection list out of the charges leaves four counts for CH and JW.
Please keep in mind those are accusations. None of the accused have admitted any of the charges or been convicted of anything. We also haven’t heard the other side of the story of any individual piece of information provided by BS.
A criminal information was released by DoJ, charging BS with two felony counts: conspiracy to defraud the United States and conspiracy to commit wire fraud. Included in the information’s allegation that he was involved in the 2015, 2016, and 2017 inspection tests.
It is interesting to me that the criminal information, as released, does not have his signature. The DoJ press release states BS has entered a guilty plea to two charges.
You can find the DoJ press release and copies of the criminal charges here:
- Department of Justice press release
- Criminal indictment of 5 individuals
- Criminal information against BS
There have been quite a few articles over the last few days about this fiasco. Here are a few to provide you more detail and comments:
- Going Concern – Craig Newquist – 1/22/18 – Former KPMG Employees Learn That Using Confidential PCAOB Inspection Info Has Its Drawbacks
- Wall Street Journal – Rebecca Davis O’Brien, David Michaels, Michael Rapoport – 1/22/18 – Former KPMG Executives Charged With Conspiracy
- Going Concern – Craig Newquist – 1/22/18 –All the Gory Details From the Indictment of Former KPMG Partners
- Going concern – Craig Newquist – 1/23/18 – A Running List of Unanswered Questions About the KPMG Audit Inspection Conspiracy
- MarketWatch – Francine McKenna – 1/24/18 – KPMG indictment suggests many who weren’t charged knew regulator data was stolen
- Wall Street Journal – Michael Rapoport – 1/24/18 – What the KPMG Conspiracy Case Revealed About Its Audits
Highlights of indictment
I will summarize the information in the indictment. Please remember that every piece of information to be mentioned is an allegation. None of this has been proved.
I will mention the paragraph number of the indictment, so you may see more details if you wish or double-check my comments.
Shortly before BS left PCAOB, he made a copy of various PCAOB documents (30). The pertinent document for further discussion was a copy of the engagements selected by PCAOB for inspection in 2015 (30).
In his first week of employment, BS was asked for a list of inspection targets by DM (32). BS was asked for the list three more times before he sent it to TW (33, 34, 35).
BS also shared the list of selected engagements to “certain KPMG partners” (40).
KPMG hired a data analytics firm to predict which engagements would be inspected. Fee for the contract is cited at $250,000 with the price contingent on attaining certain rate of success. (43).
Observation: It would be great to find out who the data analytics firm was, whether other CPA firms use such a tool, what services were provided, what could run the cost of such a project up to 250K, and what was done with information when it was obtained.
In June 2015, BS spoke with Partner-2, who was individual leading the data analytics project. In the call, BS gave Partner-2 a “a list of dozens of internal, confidential risk factors used by the PCAOB in making inspection selections.” Those factors were incorporated into the analysis by the contractor (45).
In September 2015, Partner-2 asked BS to distinguish which of the 2015 selections were random and which were targeted. The distinction is necessary because the random selections ought not enter into the prediction of engagements to be selected. BS provided Partner-2 with the info (46).
Observation: Stipulating that every word of the indictment is absolutely true, sure seems to me like Partner-2 is exposed to future criminal charges. What do you think?
CH sought BS’s assistance in getting a job at KPMG (47). During the recruiting efforts, CH advised BS to re-review a particular engagement since PCAOB was likely to inspect the workpapers (50b), BS talked CH out of writing a comment on one engagement which was going through inspection (50c), advised BS of dissension within an inspection team whether to write a particular comment (50d), and advised BS that one particular inspection was going to be canceled with no replacement selected (52).
During the recruitment process, BS told TW that CH was the source of additional confidential information that BS had reported (54).
Observation: By now are you getting the idea that all this information is coming from BS? Does look like he is the source of practically everything in the indictment? Much of this information from the context of indictment can be verified via emails. However many of the conversations suggest BS as the only source of the discussion.
Further observation: In my journey through life, I have learned there is always another side to a story. I wonder what the other part of the stories would be. If this goes to trial, we may find out.
After CH started with KPMG, CH was in frequent contact with JW, who passed on to CH that JW would be team leader of a particular company in Japan, with dates of the visit. That information is passed on to the “relevant KPMG personnel” (58a).
JW got very upset when he was passed over for a promotion at PCAOB (62).
In the same month he was passed over the first time, JW gave CH a list of 12 engagements to be inspected by PCAOB in 2016 (63).
Later that day, DM, TW, DB and BS had a conference call to discuss the list. They agreed to begin a re-review of the selected engagements. The priority goal, according to DM, was to protect the internal monitoring program, since a failed inspection of engagement that had gone through monitoring without identifying the deficiency would indicate “the monitoring programs are not working and would represent a systemic failure.” (67)
The re-review program was started (68 – 71).
The re-review revealed an unidentified number of documentation issues (72).
Observation: From context of indictment and my very limited knowledge of PCAOB rules I think that adding additional documentation at this point would have been acceptable, presuming it was exquisitely clear the documentation was added after the fact.
There were a few instances of additional audit work performed as result of the re-review. A testing issue on Issuer-2 led KPMG to withdraw an opinion before the firm was notified that the engagement would be inspected (72a, 72b). Subsequent year information was used to document a current year test on Issuer-3. While within the documentation timeframe, the firm performed additional substantive audit work (72d). For Issuer-4, CH asked the other team to do some additional testing “with respect to the point at which certain stress tests would meet the materiality threshold.” (Observation: if you understand that sentence you appreciate the subtle nuance of how a small error in the audit approach can create serious problems during a PCAOB inspection.) The engagement was still within the documentation timeframe, so additional changes were allowed, however the indictment points out a false reason was listed in the workpapers for the timing on this test (72e).
Observation: It seems to me the only incidents identified in the indictment that are clearly improper cleanup are for Issuer-3 and Issue-4. (I do wonder if there are more examples, or if these just the clearest illustrations, or if this is all PCAOB, the SEC, and FBI could find.) I don’t understand the very precise technical implications of those missed steps or what the exact impact would be on the assessment of a particular audit, since I don’t get anywhere near even thinking about auditing either banks or regulated issuers. Those two specific issues are clearly wrong but not earth-shatteringly severe by themselves. Seems to me the earth-shattering issue is using highly confidential information of the inspection targets to conduct a targeted re-review of those engagements, regardless of what was found or what ‘cleanup’ was done.
In January 2017 JW gave CH a list of possible inspection targets for 2017 (73). On the same day, CH relayed the list to BS (74). Still the same day BS relayed the information to TW and DB in person (observation: hot news travels fast!) (75). Staff of those engagements were advised their audits were on the internally developed prediction list of engagements likely to be selected (75). Those engagements were still in the field so any revisions of procedures or additional review would not violate the documentation rules (78).
JW realized in January 2017 he would again not get a promotion (79). In February 2017 JW read CH a “list of approximately 50 stock ticker symbols, representing the full confidential list of KPMG clients be inspected by PCAOB in 2017” and listed the specific focus areas for each engagement (81). Again, the information went up the chain of command fast (82, 83).
Observation: Watch the whole (alleged) conspiracy fall apart because one partner did the right thing.
Within three days of the final selection list arriving at KPMG, Partner-5 was told by BS that the partner’s engagement would be selected by PCAOB for inspection. Partner-5 reported this conversation to his/her supervisor. Supervisor of Partner-5 reported further up the chain. Within seven days the Office of General Counsel knew about the conversation and started an investigation (84)
BS and CH then worked on what can best be called a coverup (85 – 89).
Observation: at this point the indictment stops providing details, so we don’t know what additional investigations consisted of, at least based on the indictment.
Please, please remember that every piece of information in the indictment is alleged. Not one single fact has been proved in court.