About the Panelists
Ron Hauben, JD, vice chair and general counsel at Ernst & Young LLP; Claudius B. Modesti, JD, partner at Akin Gump Strauss Hauer & Feld LLP; and Carolyn Welshhans, JD, associate director of the enforcement division at the SEC, were the panelists. Douglas Carmichael, PhD, CPA, the Claire and Eli Mason Professor of Accountancy at Baruch College, moderated the panel. The following is an edited and condensed summary of the panel discussion. The views expressed are the panelists’ own personal views and not necessarily those of their employers or those employers’ boards, management, or staff.
Carmichael began the panel by asking about critical audit matters (CAM) and whether there were any problems with them from a legal perspective. Hauben said that the questions asked in the previous CAM panel demonstrated the problem: “People don’t really understand all that well what CAMs are.” Hauben recalled the time when it was commonplace for auditors to report on “prospective financial information,” which led to “a boom of litigation around audits of prospective financial information, because the one thing you can predict with confidence about prospective financial information is it will be wrong.” He connected this to CAMs by saying, “If you’re predicting the future of a company based on CAMs, you probably also have a high level of confidence that you will be wrong in some way, and auditors obviously don’t want to be held accountable for the future of the company.”
Hauben did clarify that accountants and auditors support the PCAOB’s efforts to increase transparency in audit reports. “The relevance of auditor reporting,” he said, “is significantly enhanced by having expanded reports like the CAMs.” He also praised the board for “striking a balance” between providing users with more information and not undermining management’s role as a source of original information. Auditors were concerned about the enhanced risk involved in becoming sources of original information themselves, Hauben said.
Welshhans added that, as with all new standards, “it’s just a little too early to tell” what issues may or will arise from CAMs.
Modesti addressed another point about original information, saying, “If the audit committee, in consultation with management, comes to the conclusion that they have to materially change their disclosure in light of a CAM, that’s a big problem.” He did stress that he does not see this happening now, and that management controls and processes should identify material problems in disclosures before auditors are thinking about CAMs.
Hauben then said that there has been no litigation so far, which was not surprising, given the newness of the standard. He noted that there is tension between the new requirements and auditors’ confidentiality obligations under state and AICPA rules. A larger concern, however, is the possibility of shareholder claims. “The securities laws really contemplate liability for auditors,” he said. “And I think people are anxious about whether the expanded nature of the auditor’s report, and potentially the significantly expanded scope of what the auditor’s reporting on, will create opportunities for aggressive litigants to claim perhaps something was omitted, was misstated, or was predictive.” He cited the Supreme Court’s 2015 decision in Omnicare, Inc. v. Laborers District Council Construction Industry Pension Fund. “The concept of subjective falsity—did you believe what you were saying in your opinion?—is under some pressure,” Hauben said. “Embedded facts, using the Omnicare language, in an auditor’s opinion on CAMs will undoubtedly be fodder for plaintiffs.” He did note, however, that similar concerns were expressed regarding section 404 of the Sarbanes-Oxley Act of 2002 (SOX), but that “we have not seen the flood-gates open” regarding lawsuits around internal control disclosures.
Carmichael then turned to auditor independence. Welshhans focused on three recent enforcement actions, the first being the SEC’s action against PricewaterhouseCoopers, which it accused of violating PCAOB Rule 3525 by “failing to provide audit committees with the information needed to determine whether or not there was an independence issue, and on some occasions … mischaracterizing nonaudit services as audit work.” The settlement involved PricewaterhouseCoopers paying a penalty of $3.5 million and prejudgment interest of more than $3.8 million. An individual partner paid a penalty of $25,000 and was suspended from practice for at least four years.
The other matter involved Crowe LLP, two partners of which were charged—along with two partners at another, now-defunct firm—with failing to take necessary steps after identifying pervasive risks of fraud when auditing a company that eventually went bankrupt after the discovery of approximately $100 million in unpaid payroll tax liabilities. The SEC also found that Crowe had a direct ongoing business relationship with the company, thereby violating independence. Crowe ultimately paid $1.5 million and had to retain an independent compliance consultant; the four individuals paid monetary penalties and were suspended from practice.
Finally, Welshhans talked about the SEC’s case against RSM US LLP, which it charged with independence violations in connection with at least 15 clients. RSM ultimately paid a $950,000 penalty and retained an independent compliance consultant.
Carmichael asked whether the SEC’s enforcement has deliberately focused more on independence of late, to which Welshhans said, “We go where the facts are and where the cases are.” The number of independence actions in 2018 was higher than in some previous years, she said, but not indicative of a trend.
Asked how the SEC decides when to sanction individuals as opposed to firms, Welshhans said that several factors play a role, such as evidence that the individual had direct knowledge of the wrongdoing or violation at issue. Individuals who fail to ensure that planned work and services comply with independence rules or the firm’s quality controls may also find themselves individually sanctioned.
Carmichael also asked about instances when the SEC requires a firm to retain an independent compliance consultant. According to Welshhans, it depends on the facts and circumstances. “How widespread was it? How long did it go on? How high up in the organization were people involved? What were the compliance and internal controls that existed at the time of the misconduct? Have those been changed?” she asked.
Modesti wondered whether timing is a factor, suggesting that when firms find problems early and self-report them, they have a greater opportunity for self-remediation. Welshhans clarified that while this can be a factor, there are instances where the violation is “so pervasive or so high up … that there needs to be somebody else to go in.”
Carmichael then asked about how the PCAOB and SEC coordinate their work. “There’s regular information sharing,” Welshhans said. “When the PCAOB does make referrals to the SEC, which happens, we often find those very helpful. They are able to identify issues or underlying conduct or point to concerns, including in the independence realm, which can help further the SEC’s investigation,” she said. Modesti added that the two agencies have “a very good deconflicting process so that there isn’t duplication of effort.”
Carmichael characterized the PCAOB staff guidance on independence as helpful. Welshhans replied by saying that a dialogue between auditor and client surfaces the issues rather than buries them. “Independence is a shared responsibility,” commented Hauben, saying that it is part of the increasing focus on the effectiveness of the overall system of internal controls.
Carmichael then asked the panel about the role of quality control in minimizing risk. Hauben said that quality control is a “constantly evolving” goal. He believes that the root cause analysis has been a beneficial outcome of the PCAOB inspection process. Hauben also observed that, notwithstanding some large high-profile cases, the overall trendline on auditor litigation has been positive over the past decade. There has been some increase in cases at the state level, but Hauben hasn’t seen overlap between private litigation and federal enforcement.