Please ensure Javascript is enabled for purposes of website accessibility

Take It Easy, KPMG Didn’t Pass GAAS in Its Audit of FIFA

Everybody leave KPMG the fuck alone. Sure the Department of Justice busted FIFA for taking more than $150 million in bribes and kickbacks after KPMG gave them 16 consecutive years of unqualified opinions. But KPMG’s hands are clean. That’s my unqualified opinion.
It’s clear that FIFA was a shitty client full of shitty people. But KPMG is arguably one of the top four accounting firms in the world, and I’m 100 percent sure KPMG followed GAAS closer than shit follows Nachos Bell Grande, despite what all the haters are saying.
MarketWatch quotes a hater who has a kickass LinkedIn profile saying,
KPMG absolutely should have caught, and called out, these alleged illegal activities.
And later the article reports…
[An attorney whose firm specializes in suing big accounting firms] is surprised that after all this time working so closely with FIFA, KPMG would not have uncovered evidence of the illegal acts the DOJ is now alleging. … “With all the prior allegations of corruption and bribery leveled against FIFA and some of its member associations over the years, KPMG should have been on high alert to the potential for corruption,” he said. “Auditors are supposed to do more and be more vigilant when there’s clearly higher risk.” 
No shit. Nobody can honestly think that KPMG had its collective head up its corporate ass so far that it didn’t know that FIFA was full of crooks. For Christ’s sake, The Simpsons devoted an entire episode to it.
At the beginning of an engagement, the audit firm is required to brainstorm ways in which the client could be committing fraud and “be more vigilant” by adjusting its audit procedures accordingly. However, in the real world where grown-ups live, an audit firm that chooses to take on a risky client like FIFA is going to be even more vigilant in making sure that their audit plan conforms to GAAS like a son of a bitch.
Our profession is reluctant to say it out loud, but external audits suck at detecting fraud. According to the ACFE, only 3 percent of frauds are initially detected by external auditors. Seven percent are discovered by accident. That proves that fraudsters are 4 percent dumber than external auditors are smart. The real value of an external audit with respect to fraud is that it’s effective at preventing fraud because of the perception (not based in reality) that all fraud will be caught.
Regarding FIFA, NASBA's Center of Public Trust blog states that “fraud was just a part of their corporate culture.” And their fraud took the forms of bribery, kickbacks and racketeering.1 Lots of people don’t even understand that these forms of corruption are wrong.
One of the anti-fraud controls listed by the ACFE is "an anti-fraud policy." When I first read that I thought, "What the fuck is an anti-fraud policy?" Doesn’t every company have an anti-fraud policy? No company has a pro-fraud policy. Wouldn’t an anti-fraud policy just be a three-ring binder in the break room with one sheet of paper inside that said, “DON’T STEAL SHIT”?
But no. An anti-fraud policy is a means by which companies educate their people about what is and what is not considered fraud. And a kickback often doesn’t feel like fraud. 
If you got a job offer from PwC that came with no signing bonus and another offer from Wipfli that came with a $10,000 signing bonus and you took the job at Wipfli — despite the fact that everyone’s a little embarrassed by their name — you just received an ethically acceptable kickback.
And with that as a starting point, it’s easier to see how someone could justify giving the 2010 World Cup to South Africa for a $10 million “signing bonus.”

1 I assume racketeering is what the British call tennis.