Violations of Auditor Independence Rules

The independence rules are designed to ensure that auditors perform their work in an objective and impartial manner. By remaining independent in fact and appearance, auditors improve the reliability of information used for investment and credit decisions and strengthen public confidence in the financial markets.

In a speech, former SEC Enforcement Director Andrew Ceresney stressed that auditor independence “is an area of significant importance to the Commission.” He noted that in the past few years, the SEC has brought independence-related cases involving:

• the provision of bookkeeping and expert services to affiliates of audit clients (i.e., audit firms cannot loan their staff to audit clients in a manner that results in the staff’s acting as employees of those companies);
• audit personnel’s owning stock in audit clients or affiliates of audit clients (KPMG agreed to pay $8.2 million to settle the SEC’s charges);
• lobbying on behalf of audit clients (Ernst & Young (“EY”) agreed to pay more than $4 million to settle the charges);
• service by audit-firm employees or affiliates on boards of audit clients (Deloitte agreed to pay more than $1 million to settle the charges);
• preparation of financial statements of brokerage firms that were also audit clients (SEC sanctioned 8 audit firms for preparing the financial statements of brokerage firms that were their audit clients); and
• circumvention of the lead-audit-partner-rotation requirements (the lead partner is prohibited from performing lead-audit-partner services for the same issuer for more than 5 consecutive fiscal years).

In addition, the SEC has stepped up enforcement actions against inappropriately close personal relationships between auditors and clients.

On September 23, 2019, the SEC announced that PwC paid $7.9 million to settle charges of improper professional conduct in connection with 19 engagements on behalf of 15 SEC-registered issuers and violating auditor independence rules. The SEC found that “PwC violated the SEC’s auditor independence rules by performing prohibited non-audit services during an audit engagement, including exercising decision-making authority in the design and implementation of software relating to an audit client’s financial reporting, and engaging in management functions.”

In an SEC enforcement action, EY, a public accounting firm, agreed to pay $9.3 million to settle charges that two of the firm’s audit partners violated independence rules by getting too close to their clients on a personal level.

The SEC’s first complaint alleges that EY audit partner Gregory Bednar maintained an inappropriately close personal relationship with the chief financial officer (“CFO”) of an EY audit client. The relationship consisted of frequently attending social events together, exchanging gifts, and even taking numerous overnight, out-of-town trips together. The complaint notes that Bednar:

• gifted sports tickets to the CFO, the CFO’s family, or friends of the CFO’s son for use when Bednar was not present;
• took trips with the CFO;
• stayed at the CFO’s vacation home in Hilton Head, South Carolina;

exchanged hundreds of personal texts, emails, and voicemails with the CFO that did not include meaningful business-related discussion; and

• incurred significant entertainment, travel, and lodging expenses while entertaining the CFO and his family.

The SEC found that the extent and nature of their socializing impaired the audit partner’s independence under Regulation S-X.

The SEC’s second complaint alleges that EY audit partner Pamela Hartford had a romantic relationship with Robert Brehl, the Chief Accounting Officer (“CAO”) of an EY audit client. The main EY partner on the audit engagement, Michael Kamienski, was aware of facts that indicated a possible romantic relationship between Hartford and the CAO. Despite this, Kamienski failed to identify those facts as red flags, failed to perform a reasonable inquiry regarding the extent of the relationship, and failed to raise concerns to EY’s U.S. Independence group.

The SEC brought charges against EY, Hartford, Kamienski, and Brehl. By including Kamienski in the action, the SEC underscored that auditors will not be able to avoid liability by burying their heads in the sand.

Recently, Zuckerman Law was quoted in a Compliance Week article titled “Audit committees need to dig into personal relationships,” which covered this enforcement action. Matthew Stock, former external auditor and current associate at Zuckerman Law, highlighted the impact that independence violations can have on external audit firms and issuers. In addition, he noted that audit committees must judge the significance of these relationships through the lens of whether a reasonable investor would consider them important when making investment decisions.

Based on 780 issuer audits in 2016, the PCAOB identified the following audit deficiencies in a staff inspection brief:

• Assessing and responding to risks of material misstatement, including the fraud risk involving improper revenue recognition and the types of revenue, revenue transactions, or assertions that may give rise to such risks.
• Auditing internal controls over financial reporting, including “insufficient testing of the design and operating effectiveness of selected controls, particularly those controls that include a review element. Many of these deficiencies involved testing controls over management’s cash-flow forecasts or other assumptions that the issuer used in determining estimates related to revenue, business combinations, asset impairments, and reserves.”
• Auditing accounting estimates, including fair value measurements. “Audit deficiencies in this area have commonly related to evaluating impairment analyses for goodwill and other long-lived assets and the valuations of assets and liabilities acquired in business combinations. Other areas where deficiencies were identified include revenue-related estimates and reserves, the allowance for loan losses (“ALL”), inventory reserves, and financial instruments.”