Wells Fargo and KPMG – did KPMG fail the investors?
My friend Francine McKenna recently had a piece (she is co-author) published by MarketWatch.
Where was KPMG, Wells Fargo’s auditor, while the funny business was going on? Is scathing in its discussion of the role played by KPMG.
I doubt that anybody would speak up in active support of KPMG, but is it fair to blame them and say they have failed investors?
This is how MarketWatch described the underlying fiasco:
The record of management failures at Wells started with revelations last year that millions of accounts had been opened illicitly. It got longer after the admission last month that the bank had also forced unneeded auto insurance on customers and neglected to refund optional guaranteed asset protection, so-called GAP, coverage for auto loan borrowers.
Politicians and regulators see the misbehavior as a pattern that should have been caught — and stopped. And there have been consequences for the bank. One CEO was forced to step down and forfeit millions of dollars in incentive compensation. Thousands of workers, including several executives, have been fired. Most recently the bank reshuffled its board, replacing its chairman and adjusting board committee memberships including on its audit and examination committee.
However, the authors continue:
But external auditors should serve as another line of defense. Each year, auditors offer an opinion on whether their clients’ financial statements are truthful. To do so, the auditors have to determine whether they have enough confidence in the company’s internal controls to offer that blessing.
In November, KPMG was questioned by a Senate committee. MarketWatch reports:
KPMG’s response to the senators in November acknowledged that its audits of Wells Fargo’s financial statements included procedures to identify instances of unethical and illegal conduct.
Those procedures included interviews with the company’s chief auditor, members of the bank’s Corporate Investigations Unit, bank financial executives, and attorneys inside and outside the bank, the auditor wrote. KPMG also reviews regulatory reports and reporting to executive management, the audit committee and the rest of the board from the chief compliance officer regarding investigations that related to accounting, internal accounting controls, auditing, and whistleblower claims and claims of retaliation.
KPMG wrote it did become aware, as early as 2013, of “instances of unethical and illegal conduct by Wells Fargo employees, including incidents involving these improper sales practices.” But the firm said it was “satisfied that the appropriate members of management were fully informed with respect to such conduct.”
Yet the auditor said nothing about these issues to investors, either in its audit opinion, its opinion on the bank’s internal controls, or elsewhere.
Instead, KPMG told the senators, its view is that “not every illegal act has a meaningful impact on a company’s financial statements or its system of internal controls over financial reporting. From the facts developed to date, including those set out in the CFPB settlement, the misconduct described did not implicate any key control over financial reporting and the amounts reportedly involved did not significantly impact the bank’s financial statements.”
The MarketWatch article is accurate but is it fair?
Sorry, Francine, it is not.
What is omitted from the article is that:
- The external auditors are engaged to audit and provide opinions on (a) the financial statements and (b) the system of internal control over financial reporting.
- The external auditors are obliged to assert in their audit report (included on Form 10K) whether the financial statements are free from material error and whether the system of internal control provides reasonable assurance that material errors will be prevented or detected.
- When it comes to fraud, the PCAOB’s Standard Number 5 directs the external auditor to consider only fraud that might lead to a material error in the financial statements.
- The external auditor’s responsibility beyond that is to disclose significant matters to the audit committee of the board.
- There is no requirement that the external auditor share any issues unrelated to material errors in the financial statements to investors.
- It is not the fault of the external auditors if the board fails to act on fraud that is not material to the financial statements. They do not assess the effectiveness of the board beyond where it may unacceptably raise the level of risk of material error in the financials.
Rather than blame KPMG, I would have preferred that Francine and her co-author suggest that the rules and standards that direct the work of the external audit firms be changed.
Should they disclose non-material fraud? I am not in favor.
Should they disclose concerns with the effectiveness of corporate governance? That is something worth debating.
What do you think?
I welcome your views.
Leave a comment
Norman Marks on Governance, Risk Management, and Internal Audit 
When I was Chairman of a larger Board I always had a private conversation with the auditors after rather work without the presence of any of the Executive. I would expect to be informed by the auditors of any fraud they have discovered, plus any ‘robust’ discussions they had with those who they contacted during the audit. Whether they need to include in their report fraud which is not material to accounts is a separate issue and I tend to agree with Norman. The Wells Fargo case is something the Board and Executive need to have attended to. The change of the Board was correct and maybe insufficient. But do not blame external auditors.
Thanks for affording auditors direct hearing. Audit committees do take time to process and Allow management to act before reporting their conclusion in detail or brief to the main board by which time the board would have passed the decision.
The Board would have to rely on management intergrity in the absence of internal and external audit consultation.
Sometimes, management integrity is in short supply intertionallly or otherwise
Norman, I do not think you are looking at the bigger picture:
KPMG said it “Did not impact the financial statements”, but it did impact market value, the very thing they are hired to help protect investors with. I would say 10% market cap loss is very material. How naive is KMPG? I am sure Warren Buffet was not happy?
“Oct 1, 2016 – Wells Fargo has lost $25 billion in market cap in six days. Where does the bank go from here? … of other infractions, and the bank could lose many more government relationships, and perhaps some with large corporations.”
247wallst.com/banking-finance/2016/10/…/well-fargo-loses-25-billion-in-market-cap/
Fraud need not be material to affect the market price, some news act as a final push over the cliff, market price can hold if investors have strong confidence in the affected entity, or the market as a whole. That does not mean the fraud caused misstatements. There is no guidance to auditors as to fraud causing loss to the client or investors and fraud not doing so the standard is fraud and impact on mistatement of financial statements
In terms of the technical requirements for conduct of an audit, your points cover KPMG’s professional responsibilities very well, as the profession has influenced those rules for ourselves. Auditors, financial reporting professionals, and senior executives understand the concept of materiality very well. Members of the general public and Congress don’t understand the technical application of materiality in financial reporting so well, especially when the frauds not reported by the auditors are in the hundreds of millions or even tens of billions of dollars. Unfortunately, the way the materiality concept is formulated and applied gives the hopefully small number of less than ethical senior executives plenty of leeway in taking advantage of opportunities to engage in frauds that may not be “material” for a single reporting period, no matter how much the accumulated frauds may aggregate to. The materiality rules can also be handled in ways that provide protection to any audit partner who is more interested in retaining clients than in reporting significant, albeit not technically “material”, issues that could have a material impact on investors and the public.
Additionally, there are the issues of Boards, external auditors, and internal auditors not being sufficiently conscientious in applying proper professional skepticism and auditors applying a checklist mentality to their work. These are concerns that you and others have written about repeatedly. I am reminded of the 2003 Congressional hearings related to Sarbanes-Oxley enforcement issues regarding numerous corporate frauds, many of which were not considered to be “material” during the applicable reporting years. Documents subpoenaed by Congress included audit planning documents for Health South for the 2002 audit. Although the audit firm was aware that the SEC had begun an investigation of insider trading three months before the audit planning, that there had been numerous whistle-blower reports, and that the planning checklist indicated red flags regarding governance practices and control system integrity indicating risk of fraud, the final planning memo stated that “…management has designed an environment for success.” and “…that management is ethical, competent, and fully aware of all potential business developments.” and “We believe the board of directors and audit committee oversight provides adequate control of management as well as provides adequate direction of the Company.” It isn’t possible to determine the state of mind and intent of the audit management at that time, but it seems clear that professional skepticism was in short supply. With the multiple large scale, although not technically material, frauds at Wells Fargo, it appears that professional skepticism is still in short supply, particularly where there seem to have been whistleblower reports well before the frauds were identified officially. Review of whistleblower procedures established by the Board’s Audit Committee and the handling of whistleblower reports is a required audit procedure, I believe, in determining the effectiveness of internal controls and assessing the risk of fraud. To be effective as an audit procedure, that review should consist of doing more than simply reading a fraud policy document and asking questions of management, whose answers are then accepted at face value.
As the auditing standards currently exist, KPMG most likely complied technically with the minimum standards necessary to enable them to avoid issuing a qualified or adverse opinion on either the financial statements or internal control system. That means they should be able to avoid legal liability. I agree with your conclusion regarding the MarketWatch article. However, that doesn’t mean that the authors of the article or other critics of both the auditing profession and corporate governance and financial reporting don’t have a basis for asking the question that comes up every time a new round of frauds is reported: “Where were the auditors?”
At a minimum, a call for strengthening rules and standards that direct the work of the external audit firms should be made, as you recommend. Where the issue relates to repeated instances of significant fraudulent activity, the changes should address:
– Determining materiality based on the aggregate impact of the frauds on both topline revenues or gross assets and on net profit, not primarily on net profit impact.
– With respect to both financial statement reporting and audit of internal controls, a requirement increasing the fraud risk assessment rating for both probability and impact where multiple instances of frauds or illegal activities have occurred over a multi-year time frame. Multiple instances of frauds or illegal activities, by themselves, should be a huge red flag indicator of a corrupted, ineffective corporate governance system and internal control environment.
– Change the executive compensation claw back rules so that multiple instances of management frauds or illegal activities having any impact on financial position, whether material to the financial statements or not, trigger the claw back. The events should be included in the claw back trigger determination whether or not there is a criminal conviction. Large civil settlements, including NANDY and deferred prosecution agreements, should be included on the same basis as an actual criminal conviction. With settlements being treated as little more than a cost of doing business and executives engaged in the frauds avoiding personal financial liability unless the impact is material enough to require restatement of past financial reports, there is little incentive for an executive who is unethical or criminal to not engage in fraud under the current system.
Michael, many things can impact market value including reputation, loss of market share, loss of a CEO, and so on. KPMG doesn’t report on them either. The bigger picture indicates a problem, but wouldn’t it be a bigger problem if KPMG arbitrarily decided to disclose non-material fraud? How would they decide what level of fraud merits disclosure?
This market loss was clearly a result of the revelation of the magnitude and gravity of the sales practices. Not sure what model or test external auditors use to price the impact of not disclosing unethical or fraudulent behavior. Obviously market and firm analysts do this in real time, auditors on a quarterly or annual basis.
I would challenge more where the internal auditors were. After the first round with the opening of bogus accounts I would think they would be turning over a few rocks.
Anybody know the answer?
Yes, read the report. It is a fascinating read and movie forthcoming.
http://documents.latimes.com/read-wells-fargo-sales-practices-report
Page 91 cover Internal Audit Role – IA relied on others who knew of issues to resolve and report. They evaluated process, but perhaps did not independently connect the dots to reputational risk, customer fraud and dissatisfaction and shareholder value destruction.
As I mentioned in a very long twitter thread on the evening of August 18 @retheauditors (and in earlier articles I linked to) when someone else made same points, disclosure materiality is a qualitative as well as quantitative judgment. KPMG focused only on the latter when deciding in the 2Q whether disclosures were complete. WFC did not disclose a fine and legal proceedings to investors in that Q that their subsequent announcement of fine in September said they had already accrued for in full, to the exact penny, at the time of issuing the 2Q. And KPMG said in its letter to Senators it knew about the investigations, firings, issues, and the regulatory scrutiny from at least 2013. In addition, auditors have a 10A responsibility. KPMG was satisfied with how WFC board was handling situation and did not report to SEC, as far as we know. That was huge error of judgment and potentially a violation of standards.
Thanks for the clarification. Of course, KPMG might have considered the qualitative aspect but personally if think that if the numbers are not materially incorrect the facts around the fraudulent behavior would be considered nonfinancial information and KPMG’s responsibilities for including mention of this in their opinion is at best murky. Their responsibility with respect to the 10Q is more to ensure the audit committee is informed than to go around them to the public.
I stand by my opinion that your article is accurate but the allocation or inference of KPMG being to blame is not entirely fair.
The author’s reveal an example of expectations gap involving variables that include entities such as investors, directors, management, staff, regulators, external auditors and the authors themselves. Other variables to consider are relationships among the above entities, requirements of the law and regulations, audit standards.
The authors need to redo their article or completely abandon it for lack of completeness of analysis and evaluation thus creating incongruent conclusions.
dankkalwiji