Oh, remember that post about the SEC considering a $50M fine against KPMG? Initial report suggested it was for gaining access to the list of engagements which were going to be inspected by PCAOB.
It is much worse.
The firm is fined for altering workpapers based on the inspection list. In addition, there was a lot of cheating on the tests for CPE courses, including a class required by the SEC.
The SEC says KPMG has agreed to settle and pay $50M.
If you want to read the gory details for yourself, you can do so:
This is for real. Seriously.
By the time you finish reading this post or other reports on the SEC’s action, you may be wondering whether there needs to be an assertion the source of information for this post was neither The Onion nor Babylon Bee.
Reports of setting your own passing score for an ethics test could make you wonder if it is very early April. “Cooperate and graduate” exchanges of test answers with the engagement partner and your audit team makes one wonder whether we have entered some sort of alternate reality.
You may want to glance at the linked documents and verify for yourself they are for real.
I assure you the above documents are from the SEC.gov website.
In part II of the administrative action/cease & desist order, KPMG admits the facts described in part III.
Here are some highlights of part III.
First cause of action
The first cause of action by the SEC is the firm obtained the list of engagements which were going to be inspected by PCAOB and then altered workpapers which had not yet hit the lock-down date.
At the point of knowing the inspection targets, there were 7 banking clients for which the 45 day lock-down period had not passed. This means additional documentation could be added to the workpapers (para 41). Those workpapers were pulled in for review by the national office along with 28 other banking engagements (para 42). The extras were pulled in to give cover for the real reason for looking at the workpapers.
The national office staff gave engagement teams ‘suggestions’ on edits to make in the workpapers. Para 43 says
National Office engaged in a review of the audit workpapers of the seven banks in the monitoring program that were on the list Wada provided. The National Office professionals suggested edits and proposed revisions to the engagement teams, which then decided what revisions to incorporate into the final audit workpapers.
This workpaper cleanup apparently paid off, based on the SEC’s comments.
Paragraph 44 says there were no comments on ALLL in the 2015 inspection cycle, which was a change from prior years. PCAOB has some sort of process called “positive quality events.” The agency wanted to find out what was driving the high quality on two particular audits.
The firm had the list of engagements for the 2016, but with the news breaking of advance knowledge by the firm, the inspection list was revised. Of the 10 replacement audits of financial clients, 6 were identified as deficient on ALLL (para 45).
The grim results are:
- Before 2015 cycle – many comments on ALLL
- 2015 cycle – no deficiencies in ALLL testing
- 2016 cycle – 6 of 10 banking clients had deficiencies in ALLL testing
Second cause of action
The second cause of action by SEC is firm staff cheating on CPE exams.
To get credit for an internally developed course, staff and partners were required to pass within three tries. Significant consequences started falling on people who failed a test three times.
As a result of a previous audit issue, the SEC required all staff and partners of KPMG to complete an additional 12 hours of CPE on specific audit issues (para 51).
A number of partners and staff shared answers to various tests. Para 53 has a grim summary:
On numerous occasions, KPMG audit professionals who had passed training exams sent their answers to colleagues to help them pass those exams. They sent colleagues images of their answers primarily by email or printed their answers and gave them to their colleagues. This conduct was committed by audit professionals at all levels of seniority, including lead audit engagement partners who were responsible for compliance with PCAOB standards in auditing their clients’ financial statements. A number of lead audit engagement partners not only sent exam answers to other partners, but also solicited answers from and sent answers to their subordinates
An investigation of the cheating was conducted by an external law firm with the results that..
The investigation has revealed extensive sharing of exam answers, with the bulk of this misconduct occurring among junior personnel. While many of those who shared and/or received exam answers engaged in misconduct only once, others sent or received answers to multiple exams. (para 54).
Until November 2015, a number of CPE courses were hosted on the KPMG’s internal servers. Staff were given a hyperlink to the course. Unfortunately, the hyperlink had a code in it which identified the required passing score. The coding could be changed by the person taking the class. How? According to para 57, just find the comment “MasteryScore=70” in the hyperlink and change the 70 to whatever score you wanted.
An unspecified number of staff and at least one partner changed the required passing score. Para 58 says 28 auditors changed the required passing score on 4 or more courses.
The firm agrees to a long list of specific compliance steps.
One step calls for KPMG to identify all professionals who cheated on CPE testing in the last three years and identify recommended disciplinary actions.
Firm also agrees to a $50,000,000 penalty, which is to be treated as a penalty for tax purposes, meaning no tax deduction by any partners for their share of the fine.
Firm also agrees to cease and desist from the unethical behavior and acknowledges it has been censured.
First news I heard was a re-tweet from Jefferey Johanns (@johannsaudit).
First article was from Francine McKenna at MarketWatch: SEC fines KPMG $50 million for illegal use of regulatory data and cheating on internal exams.