The final session of the conference featured a discussion of litigation and enforcement issues relevant to auditors. The panelists included Ben Campbell, General Counsel, Deloitte; Mike Maloney, President, Credibility International; and Claudius Modesti, Partner, Akin Gump Strauss Hauer & Feld LLP. The panel was moderated by Doug Carmichael, Professor, Baruch College, City University of New York.

***

Enforcement Expectations

Doug Carmichael asked the panel how they thought the regulatory environment would change under the Biden administration. “A lot of what we can expect under the Biden administration will be driven by personnel choices,” Claudius Modesti stated. “We have to see who the president elect appoints as an SEC chair and what priorities, she or he will put in place.” [Editor’s Note: President Biden nominated Gary Gensler for the position; as of press time, Senate approval was still pending.] “I expect there’ll be an assessment of how resources are being allocated by the SEC. They’ll look to see what the Commission has been learning and what information they obtained in the course of the last administration. I think it’s conventional wisdom that you’d expect generally have greater scrutiny of public companies, especially larger public companies.”

“I expect that you’ll see some movement quickly,” Ben Campbell replied, “to identify a new chair and hopefully the Senate will move expeditiously to confirm. I also think that will lead to a flow down of other appointments in the building, including the head of enforcement, which I think can have a profound impact.” He continued, “You’ve seen differences over the last decade or so between the current administration and the enforcement focus under the prior administration, and I think you can expect to see some changes.”

“One of the perspectives I took from my time at the SEC,” Mike Maloney added, “was that enforcement is always aggressive, and I think there is some conventional wisdom that things will get more aggressive under a Democratic administration. The person in the chair actually has a huge impact on how enforcement cases end up going.”

“To me, the biggest impact of a Democratic administration at the SEC is resources,” Maloney continued. “Enforcement’s aggressiveness, in my experience, is driven by resources, and generally in the last year I was there, resources were tight and budgets were tight. To the extent that a Democratic administration will lead to more funding for the SEC—some of that will flow to enforcement. That makes all the difference in the world. It basically means more attorneys, it means more accountants, and they have the ability to pursue more cases.”

The conversation turned to potential changes at the PCAOB. “I think it was very unique last time to have the entire board turn over,” Claudius Modesti said. “I personally think that’s not necessarily a good thing; I think there’s some institutional carryover that’s needed. Having board members straddle administrations is helpful and constructive, and I think there’s a way for a new chair to have her or his agenda fulfilled.” He noted that the process of confirming a new SEC chair and then finding a new PCAOB chair could be a long process.

“I think it’s a moment where you could have a holdover and a continuation, and I think continuity is not a bad thing,” Campbell added. “I actually think that the chances are high that there’ll be some degree of continuity. The PCAOB has gone through a lot of changes recently; from a staff point of view, I think it’s good for that change to be modest for the time being, because the PCAOB is emerging from a period of change. I think the staff feels more confident at what they’re doing and more committed, because they’re less distracted by what’s going on internally.”

Claudius Modesti

“I think there’s some institutional carryover that’s needed. Having board members straddle administrations is helpful and constructive.”

“If there is a new chief accountant under a new chairman,” Maloney stated, “this also plays a pretty big role; the chief accountant’s office deals with the PCAOB and assists the commission.”

“We all know the inspections program for the PCAOB has the vast majority of resources and the most significant oversight function for the organization,” Modesti noted. “I would expect that once we have another PCAOB chair, that individual will look very closely at the inspection program and help shape decisions around how those resources are applied.”

Quality Control

Claudius Modesti discussed the concept release on quality control [QC], which is still in the early stages. “I think one of the things that people are focused on is how prescriptive the proposed QC standards will be,” he said. “Right now, they’re fairly principles based; they’re not written like some of the audit standards in terms of their specificity, particularity about procedures to be performed. The more prescriptive they are, the more they’ll probably assign responsibility to firm personnel QC, which then can lead to potential liability for those personnel.”

“Being prescriptive is a double-edged sword,” Campbell observed. “Sometimes it provides benefits, because you get a fair amount of guidance and a pretty clear path forward. But it also means that you might have more situations where you trip over inspection issues or, as Claudius pointed out, expose the firm to a claim when individuals don’t meet the standards that are laid out.”

Maloney discussed how the SEC and PCAOB’s enforcement activities intersect with the quality control standards. “When systemic issues are raised by the staff of either regulator, it’s really important for the firm to try to get ahead of those issues,” he said. “Many discussions I was involved were where the firm comes in proactively and says, ‘We understand that we had a problem in XYZ area in our system of QC, and here’s what we have done to fix that.’ It doesn’t mean you always fall on your sword. But if it’s clear that that’s where things are heading, firms can help themselves by getting ahead of it and taking steps to remediate.”

Modesti delved deeper in the PCAOB’s perspective: “If there’s a nexus between a potential audit failure on a particular audit engagement and its system of QC, it needs to understand how the system succeeded or not in that instance, and how those deficiencies are going to be investigated and potentially used as a basis for liability.” He continued: “As the board thinks about this QC standard proposal, I think you have to think about how it’s going to dovetail with that ‘failure to supervise’ requirement. There’s an opportunity to have some clarity there, but there’s also opportunity to make that murky and confusing.”

Ben Campbell

“Whenever there’s an independence issue, it triggers a conversation about QC because the two things kind of go together.”

“It is definitely pertinent to litigation,” Campbell said with regard to enforcement. “In many ways, it allows us to focus the litigation on a particular audit failure and to also bring in other folks who will explain the other procedures that we have in place in order to protect against a failure. And it helps us articulate reasons why we believe that the audit adhered to professional standards and was not deficient or negligent. … If they don’t have a QC program, that is something that you can rest assured the plaintiffs’ expert will focus on and will argue is an indication that the firm should be held more widely accountable.”

“The question I have for the board to think about, as they’re putting together this new QC standard, is: Can they give the profession a better idea about where this threshold might be for violating the standard?” Modesti asked. He believed enforcement actions focused on QC are often unclear with regard to when a line has been crossed.

“I don’t know that enforcement goes in with the QC standard front of mind when they’re assessing whether or not to charge a firm,” Maloney added. “It’s a broader analysis and there’s some internal constructs used to do that evaluation. Certainly a big part of that is the system of QC. But once there is a determination that the staff believes that the firm should be charged, then the QC standards come into play.”

“You can tell from the questions that regulators are asking whether they’re thinking about a QC violation and the tipping point. In our experience, it has typically been whether or not this is pervasive; has it happened more than once, or has it happened in other engagements?” Campbell reported from his experience. “It’s the first question that occurs to us when there’s an audit failure: ‘Is this an anomaly?’ And, ‘Do we have a bad team that made a mistake, or do we have something here that indicates that we’ve got an area of improvement in our QC?’” He noted that identifying the problem and making changes in advance of talking to the regulator represents an “ideal relationship between a regulator in a regulated entity.”

Recent Enforcement Cases

The panel turned toward a discussion of notable enforcement cases and the lessons that could be drawn from them. One common theme was the importance of communication and documentation when conducting audits.

“Whenever there’s an independence issue, it triggers a conversation about QC because the two things kind of go together,” Campbell opined. “It’s hard to have a discussion about independence without the conversation bleeding into, ‘How did this happen in the first place?’ which then is a discussion about the QC systems in place to safeguard against it.”

Mike Maloney

“I think there is some conventional wisdom that things will get more aggressive under a Democratic administration. The person in the chair actually has a huge impact on how enforcement cases end up going.”

Modesti reiterated the importance of auditors having systems that talk to each other. “The idea is whether a firm network does not have the ability to capture what they’re doing for a client,” he said, “especially a global client, hasn’t been tolerated based on some of these cases.”

Carmichael asked the panel to discuss trends and best practices in the area of Section 10A. Campbell said that “from an auditor’s perspective, I think it gave us a tool, a degree of leverage, that was very helpful in our ability to interact with clients who are recalcitrant and reluctant to share information.”

Maloney added that “you have 10A, and then you have the separate standards around the consideration of fraud and illegal acts. From an enforcement perspective, all those things need to work together. They’re all interrelated.”

With respect to an auditor’s responsibility to detect fraud, Maloney said, “I think there’s a little bit of an inherent bias amongst the SEC to say, ‘If assets are leaving the organization, the auditors better have had some kind of sense for that through their procedures.’ … They’re looking throughout the process to see whether, as you learned things in the audit, you adjusted your plan.”

“We always looked through the lens of ‘How did the auditor consider the fraud risks?’ from assessment to identification to responding with audit procedures,” Modesti said of his time at the PCAOB. “I think auditors tend to plan these audits really well, but if they’re going to skip a procedure, they should have a really good reason why, and they should explain how they came up with alternative procedures to identify and address fraud risk. Where there’s heightened fraud risk, the assignment of personnel and supervision by engagement partners is really important. That’s where we’ve seen all types of firms get tripped up, where they assign inexperienced staff in in fairly sensitive areas which have heightened fraud risk, and then they don’t supervise the work.” Campbell added that he recognizes clients expect auditors to help companies ferret out fraud, and they take that responsibility seriously.