KPMG Inspection Cheating Case Wraps But Painful Lessons Linger

One of the worst ethics breaches in the modern era of auditing ended with a fizzle recently as the last criminal conviction tied to a scheme to falsely inflate KPMG’s inspections results was tossed out.

The federal criminal case may have crumbled but that doesn’t negate the legacy of the inspections cheating scheme that tarnished the reputation of one of the largest firms in the US and undermined a process that is meant to protect investors.

KPMG paid a $50 million penalty. CPAs lost their licenses and livelihoods. Reforms were adopted. And the lessons for a profession that bills itself for being trusted, independent arbiters remain intact.

“The profession demands, expects integrity and this is just blatant defiance of all the professional standards,” said Bob Conway, an author and former inspector with the US audit regulator.

Congress in 2002 formed the Public Company Accounting Oversight Board in the wake of frauds that toppled Enron and WorldCom auditor Arthur Andersen, giving the regulator authority to inspect routine audit work and investigate failures.

Inspection results offer an important gauge of firm performance. KPMG in 2017 uncovered that some of its most senior staff conspired to rely on stolen details about which audits the regulator planned to review and then doctored its work to lift its results.

Top leaders of KPMG’s audit practice plus former PCAOB employees—two the firm poached and one who stayed at the regulator—were among those involved in the plot. The combination of regulatory staff and high-ranking auditors sets the scandal apart from other recent ethics probes from auditors cheating on training exams to the leak of the Australian government’s tax plans.

Regardless the outcome of the criminal case, a rash of rules, laws, and professional obligations remain in force that police auditors and any temptations to skirt those requirements.

“The PCAOB does not tolerate any improper sharing of its confidential information, and we will strictly enforce our rules, standards and ethics code to maintain the integrity of our oversight on behalf of investors,” board Chair Erica Williams said in a statement.

KPMG declined to comment.

Vacated

Six people involved in the scheme were convicted of federal fraud charges and some were sentenced to prison or supervised release. One was deported as a result of his guilty plea.

But in August 2023 the federal government’s criminal case fell apart over the definition of property.

The US attorney’s office for the Southern District of New York sought to dismiss charges against David Middendorf, former national managing partner for audit quality at KPMG, and Jeffrey Wada, a former inspections leader with the US audit regulator.

Prosecutors determined that the audit board’s inspection plans at the heart of the case weren’t “an object of fraud” under US wire fraud statutes, citing recent court rulings.

“It had value only in the ‘exercise of regulatory power,’” and not in the government’s role “as property holder,” prosecutors said in court filings.

Dropping the charges “was just and long overdue,” Middendorf’s lawyer Nelson Boxer, a partner with Petrillo Klein & Boxer LLP, said in a statement. “Mr. Middendorf never committed a crime.”

Co-defendants David Britt, Thomas Whittle, and Brian Sweet successfully petitioned the court to vacate their convictions on similar grounds.

Cynthia Holder, a former PCAOB inspector who left to work for KPMG, became the last to have her conviction vacated on March 8.

“Mr. Britt is obviously relieved that the courts have recognized the fatal flaws in these criminal charges and is very much looking forward to finally being reunited with his family,” his lawyer Rob Stern, a partner with Weil Gotshal & Manges LLP, said in a statement. Britt remains in Australia where he was deported.

Attorneys for Whittle declined to comment. And lawyers representing Holder and Sweet didn’t respond to requests for comment.

Consequences

The threat of a criminal record wasn’t the only consequence facing the auditors.

The firm’s former vice chair for audit Scott Marcello agreed to a $100,000 penalty for not intervening to halt the inspections scheme.

The six who faced criminal charges also were barred from appearing before the Securities and Exchange Commission. Most lost or surrendered their CPA licenses.

Wada and Middendorf also faced additional administrative penalties but the SEC dropped the case due to a server access issues that led to 42 cases in total being dismissed.

“The entire regulatory system is threatened by this kind of behavior and so they threw the book at these people,” said Michael MacPhail, a securities lawyer and partner with Faegre Drinker Biddle & Reath LLP.

Lessons Learned

No audit is perfect and mistakes happen. But the incentives to produce effective audits or to limit inspection findings don’t always hit their mark.

The inspections plot offers a case study of what happens to auditors under tremendous pressure: they will make poor judgments, Conway said.

“It is a delicate dance between respecting the process and being so overly fearful that you would do anything to escape the punishment,” said Kecia Williams Smith, an assistant accounting professor at North Carolina A&T State University.

Regulators who second-guess auditors’ work add to the stresses that these accountants face. Yet those routine reviews are meant to ensure auditors serve as an effective check against corporate managers and deliver reliable financial reporting into the hands of investors.

They also serve as a backstop for auditors. They can point to the board’s rules and scrutiny when they need to rein in clients who would stretch the bounds of US accounting rules.

“Expect someone to come in and mark our homework,” said Paul Dunlop, chief operating officer of Sóta Signal Analytics. “Nobody likes to have someone looking over their shoulder—but that’s the game.”

How firms respond to errors or inspection findings also matters, Williams Smith said.

Firms need to support frontline auditors to learn from those mistakes. That takes resources and planning up front to set up auditors for success—from assigning the best auditors to the highest risk clients to giving staff the tools and training they need to do the work, Williams Smith said.

“That’s the kind of culture that will really move quality forward,” she said.

Both KPMG and the board rolled out a series of reforms to prevent similar abuses in the future.

At the PCAOB, that included stronger security controls around its internal data. The board also set up an internal ethics tip line and created an enterprise risk management office.

KPMG, which agreed to $50 million settlement with the SEC, pulled its internal inspections staff outside the audit practice. The firm also added independent directors to its governance board and invested heavily to modernize its suite of audit tools.

“It’s one of those horrific experiences that nobody wants to go through again. And so the firms learned painful lessons; the individuals learned painful lessons,” Conway said.