SEC, KPMG and Auditor Independence

by Dorsey & Whitney LLP
Contact

The Commission, as part of its retooled enforcement program, is, in part, focusing on gatekeepers such as attorneys and accounts in an effort to achieve omnipresence. This has resulted in a number of proceedings against primarily small audit firms and/or individual auditors for what were essentially audit failures – situations where little or no real audit work was done. The Enforcement staff refers to this as Operation Broken Gate.

Now the Commission brought a settled administrative proceeding against audit giant KPMG, charging independence violations. In the Matter of KPMG LLP, Adm. Proc. File No. 3-15687 (Jan. 24, 2014). In connection with that proceeding the SEC also issued an Exchange Act Section 21(a) Report of Investigation to clarify a key question regarding auditor independence centered on loaned staff. SEA Release No. 71390, Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: KPMG, LLP (Jan. 24, 2014).

The proceeding

The proceeding naming KPMG as a Respondent centers on questions of independence. Specifically, uner Rule 2-01 of Regulation SX auditors must be independent of their SEC audit clients in fact and appearance. The Rule contains a non-exhaustive list of non-audit service which an auditor cannot provide to its audit clients. It also specifies that an auditor is prohibited from acting temporarily or permanently “as a director, officer, or employee of an audit client, or performing any decision-making, supervisory, or ongoing monitoring function of the audit client.”

Here the proceeding centers on the relationship of the audit firm with three unidentified audit clients. First, with respect to Company A, and SEC audit client, beginning in late 2008 and continuing through the end of 2009, KPMG hired an employee who recently retired from a senior position with a company affiliate and loaned that person back to the same affiliate.

In April 2007 the affiliate of Company A offered early retirement packages to certain employees. A package was accepted by an employee who worked as Senior Tax Counsel in the affiliate’s Office of Tax Affairs’ Trade & Customs Group. Subsequently, KPMG retained the employee after discussions with the affiliate about its staffing needs. The person was retained to do essentially the same work that had been performed for the affiliate. The audit firm then loaned the employee to the affiliate where essentially the same work was done.

This arrangement violated the independence rules. The violation arose because “the affiliate’s former employee acted as both a manager and an employee of Company A’s affiliate and provided advocacy services for the affiliate.” In addition, because the employee was permitted to hold stock in Company A while service in this capacity it further violated the independence rules.

Second, the Order alleges that with respect to Company B the audit firm provided prohibited non-audit services to an affiliate. KPMG was the outside auditor to Company B from 2005 through December 2011. In September 2006 Company B became an affiliate of a large financial services firm when one of that firm’s subsidiaries acquired all the shares of a controlling affiliate of Company B. At the same time the financial services firm became the owner of Company B’s General Partner which owned and controlled Company B.

The financial services firm was a non-audit client of KPMG from 2006 through the end of 2011. The firm provided a variety of services. Those included management functions, restructuring services and the loaning of staff services for bookkeeping and expert services.

Beginning in September 2006 Company B disclosed its relationship to the financial services firm in every annual report filed with the Commission. Nevertheless, the KPMG audit engagement team for Company B did not recognize the financial services firm as a controlling affiliate for independence purposes until late 2011. At that time the firm identified the issue and reported it to the audit committee. In December the audit firm was terminated by the audit committee.

In addition, six partners in the KPMG chain of command, and two partners in the firm’s office that conducted the audits of Company B, owned stock in the financial services firm. Both incidents were violations of the independence rules.

Finally, with respect to Company C, KPMG also provided prohibited non-audit services to an audit client such as bookkeeping and payroll services. In late 2007 KPMG submitted a proposal to provide audit services to Company C. During the client acceptance process the audit engagement team learned that their firm was providing certain non-audit services to an affiliate of Company C.

Subsequently, a plan was created under which it was determined that KPMG could continue to provide the non-audit services. Specifically, KPMG concluded that its overall independence would not be impaired by providing bookkeeping and payroll services to the affiliate in 11 different countries based on the nature of the matters, the countries in which they were provided and the fact that the services would shortly terminate.

In fact those non-audit services “constituted prohibited services in violation of the auditor independence rules (which do not provide for limited duration transition periods or include any exceptions based on the nature of the services provided),” according to the Order.

The Order alleges violations of Rule 2-02(b) of Regulation S-X which requires that the audit report state that the audit was made in accord with GAAS, which includes an independence requirement. A violation occurred each time KPMG issued an audit report for the three audit clients. As a result of the conduct detailed above, the firm also violated Rule 10A-2 of the Exchange Act each time it provided non-audit services that are prohibited to the three audit clients. The conduct with respect to the three clients also resulted in violations of Exchange Act Section 13(a) and the related rules which require that financial statements filed with the Commission be audited by independent auditors. Finally, the firm engaged in improper professional conduct within the meaning of Rule 102(e)(1)(ii) of the Commission’s Rules of Practice.

To resolve the matter the audit firm agreed to implement certain undertakings it proposed which include enhancing its ability to educate and monitor compliance by its personnel with respect to independence requirements and the retention of an independent consultant which whom the firm will fully cooperate. KPMG also consented to the entry of a cease and desist order based on the Sections and Rules cited in the Order and a censure. In addition, the firm will pay disgorgement of $5,266,347, prejudgment interest and a civil money penalty of $1,775,000.

The Report

The related Report focuses on the question of loaned staff by audit firms. Specifically, the investigation found that from 2007 through 2011 KPMG entered into loaned staff engagements with multiple SEC audit clients. Those arrangements involved loaned staff of non-management level KPMG professionals who performed junior level tasks related to tax compliance.

Auditor independence can be impaired in a number of ways, according to the Report. In the context here an auditor who provides services to an audit client in a way which is the functional equivalent of accepting an appointment as an employee of that client cannot expect to be independent.

With respect to the issues raised by the actions of KPMG, the Report makes three points: First, an auditor “may not provide otherwise permissible non-audit services . . . to an audit client in a manner that is inconsistent with other provisions of the independence rules . . .” Second, an auditor is not independent when a current “professional employee of the accounting firm is employed by the audit client.” Third, the provisions of Rule 2-01 regarding “acting as an employee” require careful consideration of “whether the relationship or service in question would cause the accounting firm’s professionals to resemble, in appearance and function . . . the employees of the audit client.”

Finally, each case must be viewed based on the specific facts and circumstances, according to the Report. The question of independence is not just a legal issue but also an ethical duty. Thus in certain situations, even if the legal requirement is not implicated, in view of the ethical requirements the “best course may be for the accountant to recuse himself or herself from an audit engagement” or, alternatively decline the non-audit engagement. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dorsey & Whitney LLP | Attorney Advertising

Written by:

Dorsey & Whitney LLP
Contact
more
less

Dorsey & Whitney LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.