Protecting Investors through Enforcement

Thank you for that kind introduction. I am delighted to attend this gathering. Thank you again to the AICPA for inviting me again this year to speak. And you are probably going to be shocked to hear that I must begin my remarks today by stating that the views I express are my own and should not be attributed to the PCAOB as a whole or any other members or staff.

Today, I will be giving an overview about the Division of Enforcement and Investigations' work in 2016 and what we see on the horizon.

As a result of the hard work and determination of my Division colleagues, this past year has been very active for DEI. Thus far in 2016, the Board made public a record, 47 settled disciplinary proceedings, imposing sanctions including censures, monetary penalties, revocations of firm registration, and bars on individuals' association with registered firms. You can appreciate better these outcomes if you also focus on how often we revoked the registration of a firm or barred or suspended an associated person: since the beginning of the program we have revoked the registration of 83 firms and barred or suspended 124 associated persons. These sanction outcomes are important because they reflect the seriousness of the misconduct at issue.

A total of 150 registered firms and 153 individuals have been disciplined by the PCAOB. We continue to collaborate closely with our SEC enforcement colleagues to ensure that the waterfront of auditor misconduct is receiving appropriate attention and we are not duplicating efforts. The program, by virtue of the jurisdiction Congress gave us in the Sarbanes-Oxley Act, has a significant global component as well. While most of these respondents are based in the U.S., 17 of the firms and 30 of the individuals are located outside of the U.S. in countries including India, Hong Kong, Indonesia, Spain, Australia, Japan, Nicaragua, Brazil, Mexico, Italy, Denmark, Malaysia, and Israel.

On the litigation front, several contested disciplinary proceedings are currently working their way through our process. Thus far, we have had a successful year in our litigated proceedings. As you know, by law, we can't announce our enforcement proceedings unless and until either a settlement is reached or a party has had an opportunity to appeal a sanction to the SEC and the SEC has lifted the statutory stay on the sanction taking effect. You know how I believe that aspect of the law is detrimental to investors, the profession and others.

However, I can report that on October 21, 2016, the United States Securities and Exchange Commission lifted a stay on a PCAOB disciplinary proceeding — the first one in which a PCAOB disciplinary proceeding against a Big 4 audit partner has proceeded through an appeal to the Commission. In this matter the Board barred a former partner of Ernst and Young LLP from associating with a registered public accounting firm, with leave to petition to associate after two years, and imposed an $85,000 civil penalty.

The Board had found that the former EY partner acted recklessly in auditing the financial statements of the U.S. subsidiary of an Israeli-based pharmaceutical company. The former EY partner was the engagement partner with final responsibility for E&Y U.S.'s audit report on the company's U.S. subsidiary which was provided to E&Y Israel (Kost Forer Gabbay & Kasierer), which served as the principal auditor of the parent company. During his appeal to the SEC, the former EY partner solely raised constitutional and procedural challenges to the Board's proceedings. He did not challenge the Board's findings of liability or imposition of sanctions. The SEC sustained all of the Board's findings of violations of auditing standards and its corresponding imposition of sanctions against the former EY partner and rejected his constitutional and procedural challenges. The former EY partner has decided to appeal his matter to the District of Columbia Circuit Court of Appeals.

In 2016, we continued to focus our efforts on our higher priority areas which include:

  • Investigations involving a lack of professional skepticism
  • Audit matters related to the independence and integrity of the audit
  • Matters threatening or eroding the integrity of the Board's regulatory oversight processes

Today, I would like to spend the bulk of my time discussing another higher priority area for DEI: investigations focusing on the risks associated with cross border audits. Our enforcement efforts over the last several years to police the cross border area have resulted this year in several settlements which are significant both for the profession and investors.

Earlier this week, the Board announced two enforcement actions in which the PCAOB found audit failures and, at the same time, PCAOB enforcement staff uncovered evidence that registered firms and/or their associated persons improperly deleted, added to, or altered documents provided to PCAOB inspectors without informing the inspectors of the alterations. In one case, the audit leadership and personnel not only set a tone of disregard for compliance with PCAOB rules, standards, and oversight, but also actively thwarted PCAOB oversight.

The first enforcement action I would like to discuss involves Deloitte Touche Tohmatsu Auditores. This is a matter of many firsts for the PCAOB. In that matter, Deloitte Brazil agreed to pay an $8 million civil penalty, the largest ever imposed by the PCAOB, to settle charges including issuing materially false audit reports and attempting to cover up audit violations by improperly altering documents and obstructing a PCAOB investigation — all a first for global network firm member.

Here is another first: the Board also announced sanctions against 12 former partners and other audit personnel of the firm, including certain firm leaders, for violations including noncooperation with a PCAOB inspection and subsequent investigation. This is by far the largest number of individuals charged in a single PCAOB enforcement action. A former engagement partner also was charged with causing the firm to issue materially false audit reports.

Deloitte Brazil admitted that it violated quality control standards and failed to cooperate with a PCAOB inspection and investigation — the first admissions the PCAOB has obtained from a big 4 global network firm.

This matter centers on Deloitte Brazil knowingly issuing materially false audit reports for the 2010 financial statements and internal control over financial reporting of its client, a Brazilian airline, all in violation of Section 10(b) of the Exchange Act. There was simply a critical lack of audit work done in this matter. If the issuance of materially false audit reports was not enough, in advance of a 2012 PCAOB inspection, a Deloitte Brazil engagement partner, who also served as the firm's audit practice leader, directed junior personnel to alter work papers from the 2010 audit to conceal known audit deficiencies. The firm presented the improperly altered work papers, as well as other misleading documents and information, to PCAOB inspectors.

The PCAOB inspectors referred their findings of audit deficiencies to the Division. After the PCAOB began an investigation of the audit, Deloitte Brazil took additional steps to conceal its audit deficiencies and work paper alterations, with the knowledge and participation of senior firm leaders. And to top it all off, multiple firm partners provided false testimony under oath and made false representations to PCAOB staff about the 2010 audit in an attempt to obstruct the PCAOB investigation.

I think you know how the story ends: PCAOB staff uncovered the cover ups. The staff rolled up its sleeves and scoured the firm's productions to our inspectors and to the Division, identifying different versions of the same work papers and anomalies in the metadata of electronic work papers. PCAOB staff engaged in old school investigative tactics combined with technological savvy to get the wrongdoers.

I want to read to you a portion of a transcript of a recorded conversation during the investigation between a Deloitte Senior Manager and a Deloitte Senior Partner, an individual who was most responsible for ensuring regulatory compliance at the firm. The following conversation was recorded by the Senior Manager on his mobile phone:

Senior Partner: Any evidence that you have of this, remove it from your machine. Keep it in a — if you have that, keep it somewhere else, but not in your machine, not in the office. Okay?

Senior Manager: No. Okay.

Senior Partner: Okay? Another thing, considering that he [the Engagement Partner] will take the responsibility for all this, everything you told me, everything we discussed, never happened.

Senior Manager: Okay.

Senior Partner: Never! Whatever happens — I, if somebody says, "No, [Senior Manager] said to you —," I will say, "No, there must be a mistake!" I will never admit that it was said.

In this matter, the individuals involved included partners who held the senior leadership positions — such as the risk and reputation leader and former ethics leader, the national professional practice director, and the audit practice leader, in addition to six other partners and three other audit personnel. All but one were barred or suspended from associating with a registered public accounting firm. And the reason that person was not barred or suspended was due to the Board granting significant credit for extraordinary cooperation when the individual reported to the PCAOB staff that senior firm management was obstructing the PCAOB investigation. The lesson here is that no matter how far downstream we are in an investigation, individuals will always have the opportunity to earn cooperation credit, depending on the facts and circumstances.

In the second matter, the Board announced on Monday that Mexico-based Galaz, Yamazaki, Ruiz Urquiza, S.C. (Deloitte Mexico) was censured and will pay a $750,000 civil penalty for failing to effectively implement quality control policies and procedures for audit documentation.

From 2011 to 2015, Deloitte Mexico failed to archive audit documentation of numerous public company audits within 45 days of the audit report release date in violation of Auditing Standard No. 3, Audit Documentation. The firm also violated PCAOB quality control standards by failing to effectively implement policies and procedures to ensure the timely archiving of audit documentation by its engagement teams.

Two former Deloitte Mexico partners and another former auditor also were sanctioned for violations including audit deficiencies and improper alteration of work papers on a 2010 audit of a large U.S.-based mining company.

After the 2010 audit, the three individuals sanctioned — the engagement partner, a second partner, and another auditor on the engagement team — participated in the deletion and improper alteration of the archived audit documentation in advance of an internal audit practice review conducted as part of the firm's system of quality control.

The two partners then made available the improperly altered work papers to PCAOB staff during an inspection. During a subsequent PCAOB investigation, the engagement partner once again made available to PCAOB staff the improperly altered documents, as well as other misleading information. The practice of late archiving of audit documentation, as shown by this matter, may increase the risks associated with potential improper document alteration significantly.

The engagement partner for the 2010 audit also violated PCAOB rules and standards by failing to exercise due professional care and skepticism and failing to obtain sufficient audit evidence in several significant areas. The engagement partner in this matter failed to obtain sufficient evidence to support the company's tax treatment of unremitted earnings of a foreign subsidiary, perform sufficient procedures to test journal entries for the existence of fraud, and perform necessary procedures regarding the specialists used on the audit.

What do these matters signify?

While an overwhelming majority of auditors play by the rules, both of these matters demonstrate the ongoing need for a strong, robust, investigatory and disciplinary body over the profession to ensure no one acts above the law and to encourage quality audit work and high ethics. Nothing can substitute for a strong and effective cop on the beat to ensure that investors are adequately protected.

As large U.S. companies continue to have operations all over the world, and businesses from other jurisdictions come to the United States to access our capital markets, an effective and efficient audit enforcement regime becomes even more critically important. Foreign operations of U.S. issuers are often reviewed by foreign auditors, including the local affiliates of major global accounting networks — such as Deloitte Brazil and Deloitte Mexico.

U.S. investors rely on the work product of these foreign auditors when making investment decisions. And as I stated at this conference two years ago, while the benefits of globalization to capital formation and investment opportunities are significant, globalization introduces unique audit risks. These risks manifest themselves in differing corporate governance practices and business norms. These risks can also surface either in both the company's financial reporting and disclosure supply chain or in the execution of the audit by affiliated network firms — as they did in the Deloitte Brazil and Mexico matters.

As the Director of DEI, I often hear that some in the profession believe that there is sometimes an expectation gap among the everyday investing public regarding the scope and goals of audit. Some have often stated that the public expects accountants and auditors to prevent nearly every mistake. Many have also stated that auditing issues are often not black and white.

While we can always debate whether an auditor exercises appropriate professional judgment, I do not think anyone in this room would disagree with that notion that investors do not expect their auditors to improperly alter work papers. Improper document alteration is a black and white issue. And investors certainly do not expect their senior leaders of audit firms to engage in a cover up or effort to obstruct their regulator. There is nothing grey when it comes to this form of misconduct.

While these matters demonstrate that a critical part of the Board's enforcement program involves the protection of the integrity of the Board's regulatory oversight processes, keep in mind that both matters involve audit failures and failures to successfully conceal those failures. The intervention of our inspection and investigative processes got to the bottom of the audit and ethical issues before it resulted in more concrete investor harm.

And finally these matters also send an important message to the profession. Investors expect PCAOB registered firms and their associated persons to have a high degree of integrity, skepticism, and independence. Investors depend on auditors to be trustworthy. Auditors are trust guardians and trust is one of the critical pillars, if not the most critical pillar, of our capital markets. Investors come into and stay in our capital markets if the markets uphold integrity. As the guards over the guardians, the PCAOB stands on the front lines to insist that auditors give integrity their highest priority and if they do not they will be held accountable — as the matters earlier this week clearly demonstrate.

In 2017, I expect DEI to continue to be very active on the international front. And while I cannot specifically comment on our inventory of active investigations or on the non-public disciplinary proceedings we are litigating, I can tell you that our enforcement program continues to be very active in looking across borders. We continue to be looking closely at the roles played by the international affiliates of the global network firms in the audits of U.S. listed companies, including audits where the international affiliates may have played a substantial role. And you can expect continued growth in the level of enforcement activity involving auditors based outside the U.S., as well in our other higher priority areas.

As gatekeepers, the AICPA and its members have an opportunity to strengthen their commitment to protect investors, promote capital formation, and uphold the integrity of the capital markets. I urge all of you to read the settled disciplinary orders issued by the Board earlier this week.

Often, when an enforcement action occurs, the natural response for most individuals is to say that one's firm or network would never engage in such misconduct. I am relatively certain that many individuals in the global network involved in these matters had the same view. The maintenance of policies and procedures promoting integrity or the creation of colorful PowerPoint presentations describing a culture of integrity are simply not enough to promote a culture of integrity. It requires a thorough self examination and a daily commitment from everyone in the profession to place the values of integrity and honesty at the forefront of all decision making during an audit engagement as well as a PCAOB inspection and investigation.

It is my sincere hope that the profession will take heed of these recently announced disciplinary actions and will work diligently to ensure that this type of conduct does not happen in the future.

I thank you for having me here today, and I wish you a productive remainder of the conference.