There is very little publicly traded companies can do to prevent external auditors from abusing the information to which they have inside access – and that puts statements of financial results at risk.
When your auditor works against you, all is lost. Herbalife and Skechers USA, among other firms, recently learned that the hard way, when Scott London, their KMPG auditor at the time, allegedly sold inside information about the companies, whose financial results he reviewed and approved, over the course of several years.
According to the US Attorney’s Office in Los Angeles and the SEC, London was paid tens of thousands of dollars in cash and received a $12,000 Rolex watch and other gifts from a friend, Bryan Shaw, who used the information he received from London to generate more than $1.2 million in profits on illegal trades. Shaw agreed to inform investigators about London’s activities, and this led to a confession.
Unfortunately, experts say, there is very little publicly traded companies can do to prevent external auditors from abusing the information to which they have inside access, as London did – and that puts statements of financial results at risk.
Zero tolerance?
‘The best thing that can be done here is for the law enforcement agencies and KPMG to hold the individual fully accountable,’ suggests Lynn Turner, a former chief accountant at the SEC and now a managing director of litigation research firm LitiNomics. He notes that auditors such as KPMG employ tens of thousands of individuals, so it is highly unlikely that anything KPMG could do to tighten its training or supervision would prevent such a thing from happening again.
‘The companies should try to have zero tolerance regarding the behavior this partner engaged in,’ Turner acknowledges, adding that he expects KPMG and other audit firms to conduct training sessions to re-emphasize their rules. ‘But the reality is that when you have that many people involved, the likelihood that one of them is going to go off the reservation is fairly high.’
Charged with one count of conspiracy to commit securities fraud through insider trading, London, who had worked for KMPG for 30 years and headed its Southern California audit practice prior to his firing in April, faces a maximum of five years in prison and a $250,000 fine (or twice the gross gain or loss from the offense). The SEC has also filed civil charges against him and Shaw.
London has admitted to wrongdoing in a statement issued through his lawyer. The 50-year-old auditor said that he was ‘embarrassed’ and that he regretted his actions ‘in leaking non-public data to a third party regarding the clients I served for KPMG.’
In the wake of the revelations, KPMG did the right thing and resigned as auditor for Herbalife and Skechers. According to Herbalife, KPMG said its independence had been impaired and that it had no option but to withdraw its audit reports on Herbalife for the fiscal years ended December 31 for 2010, 2011 and 2012. Skechers said KPMG had withdrawn its audit reports for the last two fiscal years.
‘The actions of this rogue individual were in blatant disregard of KPMG’s policies and training, not to mention our values,’ says Manuel Goncalves, a spokesman for KPMG. But he adds that ‘KPMG’s internal controls are always subject to assessment and continuous improvement, and we will certainly review all our processes as a result of this incident.’
KPMG chairman Michael Andrew downplayed the scandal in an interview with the Financial Times on April 23, calling it ‘a one-day wonder’ during ‘a slow news week’ and asking: ‘What other controls could you have in place?’
In fact, the entire audit industry is asking that very same question. KPMG and others in the industry are now said to be reviewing their procedures to make sure such an incident doesn’t happen again. With London having already admitted guilt and KPMG at risk of losing more clients until it can rehabilitate its image, experts say that’s about the best companies that fear they might be similarly victimized can hope for.
When asked what auditors’ clients can do to ensure they don’t become the victims of another Scott London, Turner replies: ‘Realistically? Nothing.’
Finding solutions
Press reports following London’s admission noted that the Public Company Accounting Oversight Board (PCAOB) could potentially respond to the case by pursuing a proposed rule that would require individual auditors to sign their names on 10K reports and other SEC documents attesting to the accuracy of companies’ financial statements.
The proposal received stiff pushback from the audit industry when it was first unveiled two years ago, but after London’s admission, Colleen Brennan, a spokeswoman for the PCAOB, told the New York Times that the board planned to review the proposed rule within the next three to six months. Brennan confirmed that report in an email to Corporate Secretary but declined a request to specify what if any other steps the PCAOB might be considering as a result of the case.
Bob Herz, a former chairman of FASB who teaches ethics at Columbia University and serves as an adviser to the PCAOB, says the proposal wasn’t on the agenda for the advisory committee meeting in May, but he doubts such a rule would serve as much of a deterrent to another Scott London anyway.
Herz observes that London, by his own admission, operated ‘outside the rules of engagement’, so signing his name to SEC documents wouldn’t have stopped him. He also says that this case seems to be isolated, although Thomas Flanagan, a former partner at Deloitte, received a 21-month prison sentence last year after admitting to making more than $400,000 from illegal trading in the shares of Deloitte clients, including Best Buy and Walgreens. ‘This is very rare,’ Herz says. ‘It’s not systemic.’
His views are echoed by Charles Elson, a professor of corporate governance at John L Weinberg Center for Corporate Governance the University of Delaware. ‘It’s very unusual,’ he says. Like Herz, he points out that if an audit partner goes rogue, as London apparently did, requiring him to sign off on SEC documents would be unlikely to inhibit him from engaging in illegal behavior.
Turner explains that he favors the rule simply because it would allow investors to compare individual auditors’ track records. ‘If an auditor turns out not to be so good, then one can quickly identify which companies that audit partner is working on,’ Turner explains. He agrees, however, that the rule would have been unlikely to influence Scott London’s behavior.
Other commentators fear the rule would have the unintended consequence of chasing away risk-averse audit professionals while attracting those more likely to do what London did.
As unusual as insider trading involving auditors would appear to be, Elson cautions that were something similar to come to light again soon at KPMG, the auditor would have little choice but to tighten its training procedures. ‘If it happens again, KPMG will have to take a look at it,’ he says – noting that a second such occurrence would dispel any doubt that the firm had an issue with its internal controls.