If you’re not one of the six accountants who was criminally or civilly charged today, then you’re having a good Monday. And if you’re still not convinced, let’s peruse the details from the criminal indictment so you can feel better about yourself.
The allegations paint a pretty sad picture of some prominent audit professionals at KPMG, one of the world’s most prestigious accounting firms, going far, far out of their way to gain an edge on the PCAOB inspection process. The U.S. Attorney says they committed crimes, the SEC says they committed civil offenses, but hey, we’re not here to pass judgment, just to pick through the details of this amazing account.
To be clear, the details listed below are from the criminal indictment and not the SEC orders. If there are important details in the SEC orders that we’ve missed here, let us know and we’ll highlight them.
First, let’s set the stage. In 2013 and 2014 KPMG was struggling with PCAOB inspections. The indictment notes “approximately twice as many comments as the average number of comments received by KPMG’s competitors.” Naturally, it wanted to improve upon those results, so it took some action, including “recruit[ing] and hir[ing] former PCAOB personnel” retaining a “data analytics firm” to assist in predicting which audits would be selected for inspection and “implementing a financial incentive system that award bonuses to members of engagement teams that received no comments during an inspection.”
Next, the players: Brian Sweet and Cynthia Holder were two of the PCAOB employees that wound up at KPMG as a partner and executive director, respectively. A third PCAOB employee, Jeffrey Wada, wanted a job with KPMG, but the crap hit the fan before that could happen.
As for KPMG, partners in this story include:
- David Middendorf, the head of the firm’s Department of Professional Practice (DPP) and National Managing Partner for Audit Quality and Professional Practice Group;
- Thomas Whittle, an audit partner in DPP and wthe National Partner-in-Charge for Quality Measurement; and
- David Britt, an Audit Partner in DPP, Banking and Capital Markets.
Interesting sidebar: Whittle reported to Middendorf and Britt reported to KPMG’s Chief Auditor, who is not named in the indictment, but who also reported to Middendorf. Not named in the indictment is Scott Marcello, who was the firm’s Vice Chair of Audit and Middendorf’s boss. KPMG fired Marcello last year along with everyone else.
All right, now for this fine mess. The indictment is fascinating, so you read it for yourself, but here’s a good rundown:
- In 2015, when it looked like Sweet would be taking a role with the firm, he made his first mistake: “Sweet […] copied [PCAOB] Documents, as well as other confidential documents, from Sweet’s PCAOB computer to a personal hard drive.” These included “internal PCAOB manuals and guidance; […] comment forms issued in connection with inspections on which Sweet had worked; [and] a list of KPMG engagements to be inspected by the PCAOB in 2015.”
- During Sweet’s first week on the job, in early May 2015, Middendorf asked him at lunch “whether a particular Issuer would be the target of a PCAOB inspection; and […] more generally, which KPMG engagements would be subject to inspection that year.”
- Middendorf spoke to Sweet later that week, “[telling] Sweet to remember where Sweet’s paycheck came from and to be loyal to KPMG.”
- Just a few days later, “Whittle asked Sweet for the list of engagements to be inspected by the PCAOB in 2015, most of which had not yet been officially noticed for inspection by the PCAOB. Whittle told Sweet that Sweet was most valuable to KPMG at that moment and would soon be less valuable.”
- The next day, Whittle requested “the banking inspection list.” After discerning that Whittle meant the “inspection list,” Sweet sent it over and said, “Just so you know, it is actually the full list of anticipated inspections (including non-banks). I’d appreciate the team’s discretion to make sure it isn’t too widely disseminated.” Whittle said he understood “the sensitivity” but sent it to Middendorf anyway, writing in an email, “The complete list. Obviously, very sensitive. We will not be broadcasting this.”
- The next month, June 2015, Sweet discussed the list with David Britt and wrote in an email, “Please note there is some sensitivity with these, and some of the teams have not yet been officially notified by the PCAOB, so please, use your discretion with this info.” Sweet went on to share the 2015 list with at least one partner who was not yet aware that his/her engagement would be selected for inspection.
- That same month, Sweet used confidential PCAOB “risk factors” with a KPMG partner and the data firm that was helping the firm predict which audits would be selected for inspection.
- Immediately upon his start at KPMG, Sweet started angling to bring Cynthia Holder to the firm. He wrote to her in an email “I’ve got a meeting set up with the head of the group tomorrow, and pulled together a list of potential hires . . . and put you as the #1 target!!!!)”
- A couple weeks later, Holder told the PCAOB Ethics Office that she was “contacted today by a recruiter for KPMG asking if I would be interested in a job at the Firm. I told them that I was not interested . . .” Had she not lied about this to the Ethics Office, she would’ve been immediately removed from any work involving KPMG.
- While she was inspecting KPMG, Holder used her position to share confidential info with Brian Sweet, including this gem: “Sweet asked HOLDER to provide Sweet
with an internal, confidential PCAOB Part II deficiencies comment form. On or about May 12, 2015, Holder used her personal email address to email Sweet at his personal email address and provided the requested document. The subject line of the email read ‘Anonymous Email.’ The body of the email consisted solely of an image of a winking-smiley face, and attached the confidential document Sweet requested.”
- Also, in one instance Sweet talked Holder out of writing a comment on a KPMG inspection. When Sweet told Thomas Whittle about this, Whittle ” asked whether Sweet had opened his drawer, seen where his paycheck came from, and then advised the PCAOB employee not to write a comment.”
- Holder also gave Sweet advanced notice that the PCAOB would be canceling one of its inspections and not replacing it. Sweet shared this information with Whittle and “The PCAOB subsequently notified KPMG that’ it would not inspect Issuer-1.” Sweet also informed Whittle that Holder was the source of all this info to encourage the firm to hire her.
- Holder was offered a position with KPMG in July 2015. Before leaving the PCAOB, she copied confidential info to a thumb drive and copied it to her home computer. She then told Sweet about it after she started working at KPMG.
- In November 2015, Jeffrey Wada started giving confidential information to Cynthia Holder. Holder passed it to Sweet; Sweet passed it to “relevant KPMG personnel.”
Anyone need a breather? This is intense. Have some cute animal sounds:
- In February 2016, the SEC’s Office of the Chief Accountant called in KPMG for a scolding about their crappy inspection results. It was attended by “KPMG’s CEO, KPMG’s Vice Chair of Audit, and [Middendorf].” There were subsequent meetings as well.
- Around this same time, Jeffrey Wada was a little frustrated with this job at the PCAOB, specifically that he didn’t get a promotion. He forward the PCAOB-wide promotion list email that did NOT include his name to Cynthia Holder who forwarded it to Brian Sweet.
- About a week later, Wada emailed another PCAOB employee who didn’t get promoted, writing, “:I can’t believe we both got screwed last year.” The email, “[i]ncluded […] a cartoon depicting a man with a screw in his back.” That same month, Wada shared 12 issuers audited by KPMG that would be inspected with Holder.
- Meanwhile, back at KPMG, Middendorf, Britt, Whittle and Sweet used this list of 12 to initiate “stealth re-reviews” in order to, chiefly, “[protect] KPMG’s monitoring programs” because negative results would constitute a “systemic failure.” The group agreed that the true nature of the “stealth re-reviews” needed to be a secret.
- David Britt told a partner — Partner-3 in the indictment — that “Partner-3’s engagement would be inspected and that [he] could not tell Partner-3 the source of [his] knowledge. [He] also told Partner-3 not to tell any other members of Partner-3’s team.” Britt also lied to another partner — aka Partner-1 — about the reason for the re-reviews. According to the indictment: “Their inclusion in the access request was merely an effort to make the re-reviews look legitimate.”
- These re-reviews detected problems in some of KPMG audits and the firm was able to take action prior to inspection and to perform additional work well after audit opinions were issued.
- Back to the PCAOB leak — Wada read a preliminary list of audits that would be inspected to Holder in January 2017. Holder shared that info with Sweet, who subsequently took it to Whittle and Britt. They decided to notify partners on this list and to assign additional personnel to those engagements. Whittle asked Sweet to “alter an internal inspections list” to cover their tracks.
- Also during this time, Jeffrey Wada was passed over for a promotion again, and he was NOT happy about it. He emailed Cynthia Holder his displeasure and we’re blockquoting it here because it’s so fun:
It’s funny how I was on the fast track to partner and clearly recognized for my talents at [WADA’s previous employer] and then I end up in this [expletive] place with all the [expletive] politicking that I loathe and now I can’t get a [expletive] promotion to save my life just because I refuse to kiss people’s [expletive] and spread the political rhetoric. God this place sucks. Please let me know what else you need from me.
- In February 2017, Wada read Holder a list of “approximately 50 stock ticker symbols, representing the full confidential list of KPMG clients to be inspected by the PCAOB in 2017.” You can guess what happens next, right? Yep, she shared it with Sweet and he shared it with the three musketeers. They discussed “which engagement partners should be notified that their engagements had been selected for inspection.”
This is where, mercifully, things finally start to unravel:
On or about February 6, 2017, an engagement partner (“Partner-5”)/ who had been informed by Brian Sweet that Partner-5’s engagements would be inspected by the PCAOB, reported the conversation to Partner-5’s supervisor. Partner- 5’s supervisor reported the matter further and by February 13, 2017, the matter had been reported to KPMG’s General Counsel. Shortly thereafter, members of KPMG’s Office of the General Counsel (“OGC”) reached out to speak to both Sweet and CYNTHIA HOLDER, the defendant.
Holder and Sweet proceed to attempt an elaborate cover-up that included lies, deleted emails, and Sweet burning “the true copy” of the 2017 inspection list. OGC was monitoring their email activity so there was more deleting of files ” but not all of it, as that would appear suspicious.” Holder deleted all of her texts to Wada and suggested to Sweet that they get “burner telephones.” But there’s more!
HOLDER also suggested that she and Sweet could communicate through their spouses’ cellular telephones to avoid detection. Finally, HOLDER suggested that she and Sweet use a code to communicate. HOLDER and Sweet agreed that either one could communicate by posting a photo relating to a specified college football team on Instagram, following which they would each dial in to a designated KPMG conference call number.
As good as this indictment is, it raises even more questions about who at KPMG knew what and when? Why isn’t Scott Marcello named in the indictment? Does the firm have any criminal risk here? Will more heads roll? It’s all so ridiculous I don’t know what to think.