On Oct. 18, 2016, the SEC announced an $11.8 million settlement with an auditing firm and two of its partners related to failed audits of a public company. The SEC had previously charged the company with accounting fraud related to deceptive income tax accounting and imposed a $140 million penalty on the company.
The SEC found that, despite having designated the company as a high-risk client, the auditor repeatedly failed to detect the fraud until it had been ongoing for more than four years. The SEC’s Order noted that the auditor relied on unsubstantiated explanations from the company instead of performing required audit procedures related to the company’s post-closing adjustments to lower its year-end provision for income taxes each year.
This announcement followed the Sept. 19, 2016 announcement regarding the first enforcement actions on auditor independence failures due to close personal relationships, which was described in the Oct. 17, 2016 edition of GT Insights and a subsequent speech by Andrew J. Ceresney, Director of the SEC’s Division of Enforcement, on the SEC’s enforcement work in the area of auditing.
In his Sept. 22, 2016 speech, Ceresney reiterated the SEC’s position that auditors play an important role in the financial reporting process and are critical gatekeepers, stating that the SEC was going to expect auditors to:
- ensure they have sufficient capacity and competence to audit the client before agreeing to be engaged by the client,
- properly plan and execute audits, with significant risks identified through adequate audit procedures,
- "exercise appropriate professional skepticism," properly document their work and gather sufficient audit evidence, and when "red flags" are present and require more evidence from the client than unsubstantiated representations from management,
- use their internal resources and knowledge when troublesome issues arise, and
- have "robust" monitoring processes and training on independence issues.
In light of the recent enforcement actions and Mr. Ceresney’s speech, companies should likely expect auditors to "step up" their audit processes and seek additional evidence from clients with respect to significant risks identified in the audit.