Code of Ethics for Auditors: Some Case Studies and Legal Principles in Auditing Standards

Posted October 9, 2009 by   · Print This Post Print This Post

Auditors have their own codes of ethics.   Where there is no code of ethics, or where the code of ethics permits a degree of conflict of intere+/st, the auditors tread at their own risk.  The following case study underscores the traditional common law obligations of auditors as fiduciaries, even before the adoption of the Sarbanes-Oxley Act of 2002.   This section covers some basic issues in auditing standards.

Case Study #1: Cap Gemini and Ernst & Young, Potential Self-Dealing

Responding to SEC criticism of ostensible conflicts of interest, some major accounting firms, such as KPMG and Arthur Andersen, have spun off their consulting arms as independently owned and managed entities. Ernst & Young LLP chose another route. The story of E&Y and its alliance with Cap Gemini leads from a regulatory no-action letter to a court case alleging breach of the accountant’s fiduciary duty. The tale leads to “lessons learned.”

Independence of Auditors: SEC No-Action Letter to Ernst & Young LLP on Alliance with Cap Gemini Ernst & Young LLC.
By no-action letter dated May 25, 2000, the SEC’s Chief Accountant advised Ernst & Young LLP that it would consider E&Y to maintain its independence even though Cap Gemini Ernst & Young were to provide IT services to E&Y audit clients. The no-action letter imposed a number of conditions that ” (1) limit at the outset and within five years end E&Y’s equity interest in Cap Gemini; (2) impose limitations on Cap Gemini’s use of the E&Y name; (3) require a strict separation of E&Y and Cap Gemini’s corporate governance; (4) forbid any revenue sharing between E&Y and Cap Gemini; (5) forbid any joint marketing agreements between E&Y and Cap Gemini; and (6) restrict any shared services between E&Y and Cap Gemini. Letter of Lynn E. Turner, Chief Accountant of SEC, to Kathryn A. Oberly, Esq., Ernst & Young, May 25, 2000. http://www.sec.gov/info/accountants/noaction/lteyltr.php

Litigation Alleging Breach of Accountant’s Fiduciary Duty; Liability for Systems Integrator’s Nonperformance.
Unfortunately, an SEC no-action letter is not a vaccine against client lawsuits. Accountants engaged in management consulting should pay careful attention to a ruling against Ernst & Young, LLP (“E&Y”) and its successor in interest (by sale of consulting business), Cap Gemini Ernst & Young, U.S. LLC (“CGEY”). This case is instructive to anyone in a licensed professional capacity engaged in ancillary or multidisciplinary consulting practice.

Pre-Trial Ruling.
In a pre-trial ruling in early January 2002 on a motion to dismiss, without deciding the final outcome, the court found that E&Y was potentially legally subject to claims of breach of fiduciary duty and punitive damages arising out of a failed software implementation by CGEY, a company in which apparently E&Y is a substantial owner. (The was no allegation or showing of a failure to exercise the skill and care of a reasonably diligent accountant, so the court noted that there were no claims of professional malpractice (whether relating to accounting or computer consulting).

Alleged Misrepresentations by Accountants.
The alleged facts of the case, if true, would be particularly egregious. The following reports are provided according to the court’s pre-trial decision. Whether the allegations will be proven remains to be seen.
In June 2000, E&Y recommended to a client, a medical and nutritional company, to retain CGEY as the vendor to implement a commercial off-the-shelf software package that the client had selected, based on E&Y’s recommendation, for its short and long-term business needs. E&Y made a number of representations to the client to induce the client to hire CGEY, and the court concluded that, without those representations, the client would probably have selected another IT service provider. E&Y reportedly represented that (1) CGEY was competent, experienced and qualified to implement the system selected by E&Y, and (2) CGEY’s performance of services had already been “coordinated” with E&Y.

Existence of Fiduciary Duty.
A fiduciary relationship existed between the accounting firm and its client for several reasons. First, the client had developed a relationship of trusting the accounting firm’s judgment based on prior professional services. Second, the accounting firm offered to provide additional consulting services. Third, the medical and nutritional company was less sophisticated than the accounting firm in the “specialty” for which the accounting firm and the services firm were hired.

Potential Breach of Accountant’s Fiduciary Duty.
Thus, “[w]hen a fiduciary fails to disclose personal interests preliminary to contract, and/or represents the existence of a questionable competence and experience critical to the contract and procures a benefit such as that alleged to E&Y and the newly formed CGEY, the risk of liability for the negligent misrepresentations and a question of fraud is properly alleged.”

Atkins Nutritionals, Inc. v. Ernst & Young, LLP,
NYLJ, Jan. 10, 2002. Accordingly, a fiduciary relationship arose and could have been breached if proven at trial.

Case Study #2: KPMG Canada: Lack of Independence.

In June 2005, the Securities and Exchange Commission entered into a settlement, in an enforcement action, with KPMG LLP (KPMG Canada), a Canadian audit firm, and two of its partners, Gary Bentham, the audit engagement partner, and John Gordon, the concurring and SEC reviewing partner. The SEC asserted that KPMG Canada, Bentham and Gordon lacked independence when they audited the 1999 through 2002 financial statements of Southwestern Water Exploration Co. (Southwestern), a now-bankrupt Colorado corporation.

The SEC claimed that KPMG Canada provided bookkeeping services to Southwestern and then audited its own work. Specifically, after KPMG Canada prepared certain of Southwestern’s basic accounting records and financial statements, it issued purportedly independent audit reports on those financial statements. KPMG Canada’s audit reports were included in Southwestern’s annual reports that were filed with the Commission.

The SEC found that KPMG Canada, Bentham and Gordon engaged in “improper professional conduct” within the meaning of Rule 102(e) of the SEC’s Rules of Practice by virtue of their violations of the auditor independence requirements imposed by the Commission’s rules and guidance and by generally accepted auditing standards in the United States.

Some Rules of Ethics for Auditors

The Sarbanes-Oxley Act sets new standards of independence for auditors.

Public Companies.
Such standards created such friction between public companies and their auditors that decisional gridlock set in.  On May 16, 2005, the Public Company Accounting Oversight Board (established under the Sarbanes-Oxley Act, to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports) issued a policy statement on its Auditing Standard No. 2.  The PCAOB’s Policy Statement sought to give ensure some level of reasonableness and flexibility in the conduct of audits.  As it noted,

In particular, the staff questions and answers seek to correct the misimpression that certain provisions of Auditing Standard No. 2 need to be applied in a rigid manner that discourages auditors from exercising the judgment necessary to conduct an internal control audit in a manner that is both effective and cost-efficient. The Policy Statement expresses the Board’s view that, to properly plan and perform an effective audit under Auditing Standard No. 2, auditors should –

  • integrate their audits of internal control with their audits of the client’s financial statements, so that evidence gathered and tests conducted in the context of either audit contribute to completion of both audits;
  • exercise judgment to tailor their audit plans to the risks facing individual audit clients, instead of using standardized “checklists” that may not reflect an allocation of audit work weighted toward high-risk areas (and weighted against unnecessary audit focus in low-risk areas);
  • use a top-down approach that begins with company-level controls, to identify for further testing only those accounts and processes that are, in fact, relevant to internal control over financial reporting, and use the risk assessment required by the standard to eliminate from further consideration those accounts that have only a remote likelihood of containing a material misstatement;
  • take advantage of the significant flexibility that the standard allows to use the work of others; and
  • engage in direct and timely communication with audit clients when those clients seek auditors’ views on accounting or internal control issues before those clients make their own decisions on such issues, implement internal control processes under consideration, or finalize financial reports.

Private Companies.
Where the audit client is a privately owned business (such as a private enterprise customer or a private service provider), auditor independence rules still apply.  Reviewing Case Studies #1 and 2, the auditors could probably have avoided the claims of breached fiduciary duty if they had made suitable disclosures and had remedied, or caused their consulting affiliate, to remedy a failed software installation.
In that case, the auditors should:

  1. disclose their conflict of interest to the client and obtain waivers (similar to the waivers obtained from medical patients undergoing surgery);
  2. remedy the flaws in the selection of off-the-shelf software, the systems integrator, and the systems integrator’s lack of skills to cure the defects impeding software performance; and
  3. learn from similar client-relationship mistakes that had been subject to prior, unrelated litigation.

The court’s ruling is based under existing rules governing independence of auditors.

Auditors have their own codes of ethics.   Where there is no code of ethics, or where the code of ethics permits a degree of conflict of intere+/st, the auditors tread