KPMG Investigation Highlights Growing Risks for Auditors
By John Bostwick, Managing Editor, Radius
In 2014, the UK introduced rules dictating that an annual audit report must include auditor disclosures about specific risks the company faces and steps it’s taking to address those risks, along with other information such as the extent of the audit and materiality thresholds. (The US has no such requirements.) That year, The New York Times addressed the new rules in a story involving the British manufacturer Rolls Royce and its auditor KPMG.
Until 2014, annual company reports had included perfunctory auditor comments that were of little use to investors. While the recent UK rules do allow room for rote auditor responses, the Times piece says that KPMG’s comments about Rolls Royce in its 2014 audit report went farther than most. The comments indicated for example that the company “used estimates and assumptions in its financial results that resulted in ‘mildly cautious profit recognition’ in an important part of its business.” According to the Times, KPMG’s report states that Rolls Royce had been “mildly optimistic” in some of its assumptions, “resulting in a somewhat lower liability being recorded than might otherwise have been the case.” While hardly a barrage of regulatory invective, an investor might read KPMG’s comments as essentially saying Rolls Royce was being dishonest.
When it was published, Rolls Royce’s 2014 annual company report — and the related Times article — probably generated little interest outside narrow auditing and investing circles. But in retrospect, KPMG’s auditing disclosures about Rolls seem like a foreshadowing, or perhaps evidence that the auditing behemoth knew bigger problems were coming and wanted to establish a tone of disinterestedness with regard to its Rolls Royce dealings.
In January 2017, the UK’s Serious Fraud Office (SFO), which handles large economic corruption cases, announced that it had conducted a four-year investigation into Rolls Royce “for criminal conduct spanning three decades in seven jurisdictions and involving three business sectors.” The investigation led to a deferred prosecution agreement in which the company agreed to pay UK authorities nearly £500 million plus interest, along with about £13 million in legal fees. Rolls Royce also settled with US and Brazilian authorities for a grand total in fines of some £671 million.
The Financial Times reported a couple of days after the SFO announcement that Rolls Royce employed numerous schemes “to cover up payments that were destined to line the pockets of customers and government officials” in efforts to win business. The corrupt behavior, moreover, was not confined to rogue employees in the field, but rather “went right up the ranks of senior management.” The article concludes by quoting the SFO’s joint head of bribery and corruption, who vows to “bust” the “complete circle” of those involved in corrupt practices at Rolls Royce, specifically (according to the article) “the company, the executives, the intermediaries who channeled the bribes, and the recipients.” One aspect of this “complete circle” that’s conspicuously absent is Rolls Royce’s auditor, KPMG.
KPMG would not remain in the background of the scandal for long. This month, the Financial Reporting Council (FRC), a UK body that (in part) monitors and enforces auditing standards, announced that it had launched an investigation into KPMG’s conduct “in relation to the audit of the financial statements of” Rolls Royce. The announcement notes (unsurprisingly) that the decision to investigate was precipitated by the SFO’s investigation and the SFO’s eventual deferred prosecution agreement with Rolls Royce.
Reuters reports that KPMG will break ties with Rolls Royce after serving as its auditor for 26 years, adding that under new rules enforced by the FRC, companies must consider engaging new auditors every 10 years. (New rules stipulate that companies must change auditors every 20 years.) An FRC rep told Reuters that the Council “is expected to now start gathering evidence before drafting any formal complaint.”
The KPMG investigation appears to be part of a trend of holding auditing firms accountable for policing their clients’ financial behavior. A May 4 Financial Times article says that the FRC reported in March that one third of recently reviewed audits were deficient, and that the Council “is taking an increasingly tough stance on accounting misconduct, and earlier this year called on the government to give it additional powers to discipline company directors.” (The FRC rep declined to tell Reuters if the FRC would target specific KPMG employees in its investigation.) In 2016, the FRC fined auditing firms (including two from the Big Four) a total of over than £6 million.
The May 4 Financial Times article indicates that the extent of KPMG’s culpability — or whether it engaged in any misconduct at all — in the Rolls Royce case isn’t clear at the moment. KPMG, for example, did indicate in a 2013 report that bribery was a risk at the company. In addition, the profits that resulted from Rolls’ bribes are estimated to be about £250 million — or only “about 0.029 per cent of group revenues during the years under investigation” — so arguably not material as far as audits are concerned. And the judge who oversaw the SFO case wrote in his judgement that the “auditors who were best placed to detect misconduct were not provided with a complete picture” by Rolls Royce.
On the other hand, a governance expert quoted by The Financial Times is quoted as saying that ferreting out accounting fraud “gets to the heart of what an auditor is supposed to do.” Or, as Simon Jack writes in an opinion piece for BBC.com: “KPMG said it was cooperating and was ‘confident in the quality’ of its work but surely, a detailed and professional audit should have turned up this widespread, recurrent and illegal activity? If it didn't what the hell are auditors for anyway?” Jack echoes the judge’s point about auditors being at the mercy of the companies they serve when it comes to gathering information. He also emphasizes that auditors are indeed serving clients and as a result have a financial stake in pleasing them, which is “not an ideal backdrop for taking a tough, arms-length view of a company's activities.”
Jack concludes by noting that while auditors do get penalized, the largest fines in the US and the UK have been $8 million and £3 million respectively. These, he writes, “are tiny sums compared to both the fines levied on companies that misbehave and the huge size of the big accounting firms.”
So not digging too deep during an audit can be a low-risk, high-reward proposition for large firms. Depending in part on the outcome of the FRC’s investigation into KPMG, however, that calculus may change.