With the EY cheating scandal making headlines even outside of our precious little accountosphere we decided to take a look at the full SEC order to answer the question — how and why were EY auditors cheating on CPE exams? This post will be long so we’ll get deeper into the CPA ethics portion of the cheating debacle in another article.
The long and short of it is, EY auditors trying to shortcut CPE took advantage of a software exploit. Explains the SEC [full order PDF here]:
From 2012 to 2015, over 200 EY audit professionals across the country exploited a software flaw in EY’s CPE testing platform to pass exams while answering only a low percentage of questions correctly. Following EY’s discovery of that earlier cheating scheme, the firm took disciplinary actions and repeatedly warned its audit professionals not to cheat on exams. Still, the cheating continued.
OK we lied, that was only the short of it. Here’s the long:
In December 2014, an internal EY whistleblower reported a flaw in the firm’s software that allowed professionals to pass CPE exams without the required number of correct responses. This vulnerability allowed exam takers to achieve a passing score while answering as little as one question correctly. The firm’s investigation of this matter determined that from 2012 to 2015, over 200 EY audit professionals in multiple offices exploited this flaw to pass CPE exams.
What’s the saying? Work smarter, not harder.
When the firm caught on they “took a variety of disciplinary actions against the audit professionals who engaged in this misconduct” and added prominent warnings to CPE exams to remind exam-takers they should complete their work on their own. Failure to do so reflected a lack of integrity, the warnings said.
The firm repeatedly reminded its personnel that cheating on exams was highly improper and violates EY’s Code of Conduct, which requires professionals to act with integrity and requires those who become aware of misconduct to report any deviations or violations of the Code to the firm.
However, EY learned that, despite these warnings, certain audit personnel were continuing to cheat. For example, in 2016, EY learned that professionals in its Denver office improperly shared answer keys. In response, the office’s managing partner warned staff that these actions constituted a serious violation of the firm’s Code of Conduct and underscored the importance of ethical behavior in connection with CPE. After the firm learned of two employees who had cheated on a CPA ethics exam in 2017, EY issued the following warning to U.S. personnel:
“Cheating” on internal or external tests, assessments or evaluations can result in disciplinary action, including termination. You must complete them without assistance from others. Assessments will further your professional development. Not completing a test on your own or sharing or soliciting answers from others during an assessment, is CHEATING. This conduct is contrary to our Global Code of Conduct and our values. Take it seriously!
Guys, the exclamation point and CHEATING in all caps means they are serious. Perhaps two would have gotten the point across more effectively. Maybe an emoji.
Another warning read:
You must complete the assessment without assistance from others. Adherence to that requirement is part of your acceptance of and commitment to the EY Global Code of Conduct which includes acting with integrity in connection with professional education.
Acting with integrity also means that you should not share or discuss the contents of the assessment, or your responses, with anyone who has yet to complete it. Failure to adhere to these requirements may result in disciplinary action.
And how did all those warnings work out?
These recurring instances of cheating reflected that the problem was persisting notwithstanding the firm’s warnings. Though EY continued to warn its personnel not to cheat, it did not implement any additional controls to detect this misconduct during the relevant period.
And what specifically were they cheating on?
They cheated on a wide variety of CPE courses, including courses on ethics and other topics, such as the Summary of Audit Differences, which are designed to ensure that audit professionals can properly evaluate whether clients’ financial statements are presented fairly in all material respects and comply with Generally Accepted Accounting Principles.
The best part about the entire order is that cheaters admitted they knew their behavior was wrong, they did it because they didn’t have time to do it the right way (that’s what they said, anyway).
Many professionals acknowledged during the firm’s investigation that they knew their conduct violated EY’s Code of Conduct, but they cheated because of work commitments or an inability to pass training exams after multiple attempts.
Also interesting to note, on June 19, 2019 U.S. Chair and Managing Partner Kelly Grier — who is not named in the order but come on, context clues — sent out a firmwide email reminding EYers that reputation is everything in this business. “No client or external relationship and no metric is more important than the ethics, integrity and reputation of EY,” the email read. “We all play a vital role in instilling confidence in capital markets. We must always be committed to each other as colleagues, holding ourselves and each other accountable and maintaining zero tolerance of those who do not live our values. As stated in our Global Code of Conduct, we are people who demonstrate integrity, respect and always doing the right thing.”
This email came just two days after we learned the SEC hit KPMG with a $50 million penalty for their cheating problems which included using confidential information that was being fed to them by a PCAOB insider to improve the firm’s performance on public company audit inspections and — as with EY — audit professionals sharing exam answers with one another.
On the same day Kelly sent the above email out, the SEC’s Division of Enforcement sent EY a formal request asking whether EY had received any ethics or whistleblower complaints regarding testing associated with any EY training program or continuing professional education course.
In a June 20, 2019 response to the SEC, EY provided a narrative submission that described five matters “related to cheating or other misconduct on training programs and assessments.” One of those matters was the 2017 tip about two employees cheating on a CPA ethics exam. None of the matters in EY’s submission involved potentially ongoing misconduct by current employees or misconduct that the firm did not appear to have appropriately addressed.
EY’s June 20 submission created the impression that EY did not have current issues with cheating – either on training programs and assessments or CPA ethics exams. However, on June 19, the day before EY made its submission, an employee reported to a manager that a professional in the firm’s audit group had emailed the employee answers to a CPA ethics exam. That afternoon, the manager informed an EY human resources employee of the tip, which was then relayed to others in EY’s human resources group.
Alright so mostly caught up now? We’ll finish with the rest of this sordid tale soon, there’s more to discuss believe it or not. Before we go, if you are an EYer with something to add to this story or in possession of exam keys you want to share with us, get in touch. You can use your burner email if you want, we don’t care.