First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Wells Fargo and KPMG – did KPMG fail the investors?

Is it fair to blame KPMG for not pointing out a pattern of misbehaviour at Wells Fargo that led to one CEO stepping down and thousands of workers being laid off?

Wells FargoMy friend Francine McKenna recently had a piece (she is co-author) published by MarketWatch.

Where was KPMG, Wells Fargo’s auditor, while the funny business was going on? is scathing in its discussion of the role played by KPMG.

I doubt that anybody would speak up in active support of KPMG, but is it fair to blame them and say they have failed investors?

This is how MarketWatch described the underlying fiasco:

The record of management failures at Wells started with revelations last year that millions of accounts had been opened illicitly. It got longer after the admission last month that the bank had also forced unneeded auto insurance on customers and neglected to refund optional guaranteed asset protection, so-called GAP, coverage for auto loan borrowers.

Politicians and regulators see the misbehavior as a pattern that should have been caught — and stopped. And there have been consequences for the bank. One CEO was forced to step down and forfeit millions of dollars in incentive compensation. Thousands of workers, including several executives, have been fired. Most recently the bank reshuffled its board, replacing its chairman and adjusting board committee memberships including on its audit and examination committee.

However, the authors continue:

But external auditors should serve as another line of defense. Each year, auditors offer an opinion on whether their clients’ financial statements are truthful. To do so, the auditors have to determine whether they have enough confidence in the company’s internal controls to offer that blessing.

In November, KPMG was questioned by a Senate committee. MarketWatch reports:

KPMG’s response to the senators in November acknowledged that its audits of Wells Fargo’s financial statements included procedures to identify instances of unethical and illegal conduct.

Those procedures included interviews with the company’s chief auditor, members of the bank’s Corporate Investigations Unit, bank financial executives, and attorneys inside and outside the bank, the auditor wrote. KPMG also reviews regulatory reports and reporting to executive management, the audit committee and the rest of the board from the chief compliance officer regarding investigations that related to accounting, internal accounting controls, auditing, and whistleblower claims and claims of retaliation.

KPMG wrote it did become aware, as early as 2013, of “instances of unethical and illegal conduct by Wells Fargo employees, including incidents involving these improper sales practices.” But the firm said it was “satisfied that the appropriate members of management were fully informed with respect to such conduct.”

Yet the auditor said nothing about these issues to investors, either in its audit opinion, its opinion on the bank’s internal controls, or elsewhere.

Instead, KPMG told the senators, its view is that “not every illegal act has a meaningful impact on a company’s financial statements or its system of internal controls over financial reporting. From the facts developed to date, including those set out in the CFPB settlement, the misconduct described did not implicate any key control over financial reporting and the amounts reportedly involved did not significantly impact the bank’s financial statements.”

The MarketWatch article is accurate, but is it fair?

Sorry, Francine, it is not.

What is omitted from the article is that:

  1. The external auditors are engaged to audit and provide opinions on (a) the financial statements and (b) the system of internal control over financial reporting.
  2. The external auditors are obliged to assert in their audit report (included on Form 10K) whether the financial statements are free from material error and whether the system of internal control provides reasonable assurance that material errors will be prevented or detected.
  3. When it comes to fraud, the PCAOB’s Standard Number 5 directs the external auditor to consider only fraud that might lead to a material error in the financial statements.
  4. The external auditor’s responsibility beyond that is to disclose significant matters to the audit committee of the board.
  5. There is no requirement that the external auditor share any issues unrelated to material errors in the financial statements to investors.
  6. It is not the fault of the external auditors if the board fails to act on fraud that is not material to the financial statements. They do not assess the effectiveness of the board beyond where it may unacceptably raise the level of risk of material error in the financials.

Rather than blame KPMG, I would have preferred that Francine and her co-author suggest that the rules and standards that direct the work of the external audit firms be changed.

Should they disclose non-material fraud? I am not in favor.

Should they disclose concerns with the effectiveness of corporate governance? That is something worth debating.

What do you think?

I welcome your views.

Follow me

Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more
Follow me

Latest posts by Norman D. Marks, CPA, CRMA (see all)

, , ,

Comments are currently closed.