What Do You Do About The Cease And Desist Order With KPMG As Your Auditor?

On June 17, the SEC issued a cease and desist order against KPMG. You can find the order at https://www.sec.gov/litigation/admin/2019/34-86118.pdf.

The order is pretty detailed. Respondent KPMG admits to the facts set forth in Section III, and to certain violations. What do you do about the order if KPMG is your company’s auditor and you are on the audit committee, or if you don’t have an audit committee and you are responsible, or one of the people who is responsible for engaging the auditor for your business?

Everyone would acknowledge that the order discusses truly unfortunate and regrettable past events and actions by the people who were involved, which then reflects poorly upon and can negatively impact KPMG. Other than KPMG, five “Other Relevant Persons” are named or identified in the order. Three of the “Other Relevant Persons” previously worked for the PCAOB. The four “Other Relevant Persons” who worked at KPMG were all separated from the firm in 2017. The order is 21 pages in length, so this is a summary discussion. The order recognizes KPMG for self-reporting the situation, initiating an investigation under the oversight of a Special Committee of the Board, cooperating with the SEC, and undertaking remedial actions. Thus, although the cease and desist order is new, remedial actions started in 2017.

Presumably every audit engagement partner has been prepared to discuss the cease and desist order with audit clients and prospective audit clients. And if I was on the audit committee or was responsible for engaging the services of the auditor, I would raise, and to the extent possible, discuss the issue of the order with the engagement partner, in addition to any other questions that I might have about KPMG as the business’s auditor. Keep in mind that the engagement partner might well have some legal and privacy limitations about what she or he can say about the cease and desist situation and order. If KPMG has already been engaged as the auditor, I would still have those discussions with the engagement partner. Depending on the situation, I would also consider updating and requesting comments from the full board about the order and my discussions with the engagement partner. And to the extent possible, as additional information I would consider having developments and social and business media pertaining to this situation monitored, for example, to know how it is being viewed, and to monitor developments and that this situation involving KPMG doesn’t turn more negative for some unknown reason.

Some of the comments that I have read are already extremely negative toward KPMG as an entity. In that regard, I first view the people who were directly involved including their specific actions or inactions and the titles and authorities that they held within KPMG, while I separately view the actions or inactions of KPMG as an organization including the possible actions or inactions of executive officers, directors and managing agents or representatives, governance, culture and ethics, oversight, risk management, tone at the top, self-reporting and transparency, prompt and active remedial actions, and related processes and procedures.

If you are an audit committee member, or if you are responsible for engaging the outside auditor, you might also want to consider my June 9, post discussing the new PCAOB guidance pertaining to auditor communications with audit committees concerning auditor independence. Although that guidance is on an issue that is different than the KPMG cease and desist order, I believe you might find that guidance helpful during discussions with the engagement partner about the cease and desist order – for example, the guidance might provide some insight or feel as to the detail in which you might expect the engagement partner to be willing or able to discuss the cease and desist order and perhaps actions being taken by KPMG as a result. You can find my June 9, post and discussion at https://wp.me/p75iWX-ge.

The cease and desist order does not state or mean that KPMG cannot be or is prevented from being the auditor of your business. Indeed, pursuant to the order, KPMG self-reported and began remedial actions back in 2017. However, obviously the actions of the people who were directly involved do reflect poorly upon the organization, and some of the people who were involved held important or high or relatively high positions. The order, to which KPMG has agreed, requires the firm to implement significant remedial actions, training and oversight, all of which would be prudent. Obviously, it is important for every auditor, and, similarly, every business and organization including public and private businesses, nonprofits and governmental entities, to prevent judgment and ethical improprieties and shortcomings, and to promptly and appropriately address and remedy any such situation if it does occur.

Every case and situation is different. It is important to obtain and evaluate all of the evidence that is available, and to apply that evidence to the applicable standards and laws. You do need to consult with an attorney and other professionals about your particular situation. This post is not a solicitation for legal or other services inside of or outside of California, and, of course, this post only is a summary of information that changes from time to time, and does not apply to any particular situation or to your specific situation. So . . . you cannot rely on this post for your situation or as legal or other professional advice or representation.

Thank you for reading this website. I ask that you also pass it along to other people who would be interested as it is through collaboration that great things and success occur more quickly.

Best to you, David Tate, Esq. (and inactive California CPA) – practicing in California only.

I am also the new Chair of the Business Law Section of the Bar Association of San Francisco.

Blogs: Trust, estate/probate, power of attorney, conservatorship, elder and dependent adult abuse, nursing home and care, disability, discrimination, personal injury, responsibilities and rights, and other related litigation, and contentious administrations http://californiaestatetrust.com; Business, D&O, board, director, audit committee, shareholder, founder, owner, and investor litigation, governance, responsibilities and rights, compliance, investigations, and risk management  http://auditcommitteeupdate.com

The following are copies of the tables of contents of three of the more formal materials that I have written over the years about accounting/auditing, audit committees, and related legal topics – Accounting and Its Legal Implications was my first formal effort, which resulted in a published book that had more of an accounting and auditing focus; Chapter 5A, Audit Committee Functions and Responsibilities, for the California Continuing Education of the Bar has a more legal focus; and the most recent Tate’s Excellent Audit Committee Guide (February 2017) also has a more legal focus:

Accounting and Its Legal Implications

Chapter 5A, Audit Committee Functions and Responsibilities, CEB Advising and Defending Corporate Directors and Officers

Tate’s Excellent Audit Committee Guide



Audit Committee 5 Lines of Success, Diligence, and Defense - David Tate, Esq, 05052018

COSO Enterprise Risk Management Framework ERM Components and Principles

* * * * *