Independent auditors have been placed on notice to tighten internal fraud investigations following an October 11 statement by the U.S. Securities and Exchange Commission's (SEC) chief accountant, which can be found here. This statement follows several 2022 enforcement actions taken against auditors accused of ignoring red flags during audits, likely due to pressure from clients. Paul Munter, who heads the SEC's Office of the Chief Accountant, referenced several "deeply concerning" reports that suggest auditors are not acting skeptical enough when conducting investigations of suspected fraud. Considering the SEC's increased scrutiny, corporate attorneys foresee a potential rise in delayed filings of periodic reports resulting from auditors becoming more protective.

Enforcement cases against auditors are not new, however, and have been a longstanding staple of the SEC's enforcement actions. Since the 1980s, companies have been charged with various allegations for issuing false and misleading audit reports containing unqualified opinions, inaccurate pre-tax income claims, and manipulative accounting practices. These actions, among others, contributed to the creation of the Sarbanes-Oxley Act of 2002, creating the Public Company Accounting Oversight Board (PCAOB). The SEC's cases against auditors generally fall within two categories — audit failures for deviation from applicable professional standards in a way that indicates a false opinion in the audit report, and auditor independence violations for noncompliance with SEC and PCAOB independence requirements.

The SEC has highlighted several key issues that continue to lead to inadequate auditing. One systematic issue involves auditing firms taking on clients beyond their capacity. A firm's lack of resources to accommodate the size of issuers, failure to understand applicable rules, and failure to tailor audit guidelines to individual clients may also result in inadequate auditing. Beyond management, other actions that signal red flags include insufficiencies in evaluation of representations by management, insufficient audit documentation, infrequent audit conduction, and nonroutine review of valuation estimates. To address these red flags, corporations can implement various safeguards, such as:

• Hiring independent consultants to review auditing policies and procedures. Then, coming up with a plan to address any issues discovered;

• Conducting a rigorous review of external auditors regularly, at least every five years;

• Utilizing forensic accountants and data analytics to quickly scan data for red flags;

• Training employees at all levels to identify fraud and how to properly report it;

• Creating and fostering a compliance culture that encourages internal reporting of suspected errors and wrongdoing;

• Updating and enforcing policies that support internal investigations, such as employee communication and data retention policies; and

• Conducting swift and responsive investigations of any reports or identified red flags to determine the scope and severity of potential fraud. Then, utilizing risk-mapping procedures to identify potential patterns and areas of vulnerability.

The SEC's recent actions signal the agency's continued focus on the role of gatekeepers in protecting investors and reducing fraud. While auditors serve a crucial role, independent counsel is necessary for adequate corporate compliance.