The Securities and Exchange Commission has fired a shot across the bow of the auditing world, charging audit firm CohnReznick and three of its partners on Wednesday with improper professional conduct involving two corporate clients that had previously faced charges of accounting fraud.
The companies in question are Sequential Brands, which the SEC charged with accounting fraud in 2020; and Longfin Corp., a “purported cryptocurrency company” (gotta love that potshot against a crypto startup) charged with fraud in 2019. The SEC eventually won judgments against both companies. CohnReznick was auditor for the two in the late 2010s when their frauds transpired.
The partners charged by the SEC were Stephen Wyss, Stephen Jackson, and Robert Hilbert. All three, plus CohnReznick itself, agreed to settle the SEC’s charges without admitting or denying the findings. CohnReznick agreed to pay a penalty of $1.9 million, which will go to investors. Wyss agreed to a $30,000 penalty and a three-year ban from appearing before the SEC; Jackson will pay $20,000 and face a two-year ban. Hilbert agreed to a $30,000 penalty and censure.
So what happened? Let’s start with Sequential Brands, a fashion retailer that fell on hard times in the late 2010s and then used weak internal controls to avoid declaring a sorely needed goodwill impairment for nearly a full year.
As described in the SEC’s settlement order, CohnReznick improperly accepted Sequential’s conclusion that its goodwill was not impaired or reduced in value, in the third quarter of 2017. Even while CohnReznick’s national office partners and the firm’s own valuation specialists expressed concerns about Sequential’s conclusion, the firm failed to obtain sufficient evidence or conduct additional procedures to confirm whether Sequential’s decision was legitimate — which, of course, it wasn’t.
The Longfin audit, which happened in 2018, was even worse. The SEC says CohnReznick didn’t design an appropriate audit, especially considering Longfin’s precarious financial position and its “purported commodity sales” (there’s that word again), which supposedly happened on the high seas and therefore couldn’t be physically verified.
CohnReznick also failed to identify undisclosed related parties and appropriately audit disclosed related-party transactions. Example: auditors missed indications that Longfin engaged in significant transactions with at least three undisclosed related parties that accounted for more than 10 percent of Longfin’s 2017 revenues.
We could keep going, but the allegations are more relevant to audit firms themselves rather than compliance officers and internal auditors. Suffice to say, the settlement order paints a messy picture, where CohnReznick’s engagement teams performed sloppy audits and the firm’s national office didn’t enforce sufficient quality control.
Holding Audit Firms Accountable
The most interesting point in this enforcement action is that the SEC took action at all. We rarely see enforcement actions against audit firms, and the ones we have seen lately were mostly related to KPMG and its scandal of offering jobs to regulators in exchange for tips on upcoming inspections.
This is the first enforcement action I’ve seen in a long while where the SEC sanctioned the audit firm for poor quality control that led auditors to miss accounting fraud at a client company. So for all you folks who wail, “Where were the auditors?” after a corporate misconduct scandal, now you have an answer.
Audit firm critics (and there are plenty such people around) will say the sanction isn’t much, and they’re not wrong; CohnReznick had an estimated $680 million in revenue in 2021, so that $1.9 million penalty is small potatoes. Then again, planting small potatoes is how you start a potato field.
More potent than the penalty, however, CohnReznick also agreed to hire an independent compliance consultant who will review the firm’s audit and quality control procedures. That consultant will review procedures including:
- obtaining sufficient evidence;
- auditing related-party transactions
- performing root cause analysis; and
- evaluating potential fraud risks.
The consultant will also examine how CohnReznick’s local audit partners consult with the firm’s national office on complex or difficult questions, and how the firm’s professional development program addresses the bullet points mentioned above.
To that extent, this independent consultant seems a lot like the arrangement JPMorgan accepted earlier this year when it settled charges of poor supervision of employee communications.
CohnReznick, however, has yet another restriction. While the consultant is assessing the firm’s procedures, recommending reforms, and testing those reforms once they’re made (a process that should take roughly one year), CohnReznick will not be able to accept any new clients that meet certain criteria.
For example, CohnReznick wouldn’t be permitted to accept new clients that conduct the majority of operations from outside of the United States, unless those foreign operations are audited by a PCAOB-registered firm. Nor would CohnReznick be able to take new clients that have un-remediated material weakness in internal controls over financial reporting, or that had received a going-concern warning from their prior auditor in the last fiscal year.
That curb on new business is going to sting much more than a $1.9 million penalty. It sends a message to corporate audit committees that CohnReznick doesn’t have its house in order, and that could drive audit committees looking for a new audit firm to look elsewhere. I also wonder how the conversations will go between audit committees of current CohnReznick clients and their engagement partners.
Anyway, the lesson for internal audit executives and compliance teams is that the SEC is starting to hold audit firms more accountable for doing their job — which is to perform a serious, competent, and objective audit of financial statements. As audit firms begin to respond to that pressure, they will start demanding more evidence from their clients (that would be you) to support the management estimates, assertions, and other claims that your company is making.
The more quickly you can respond to those requests for evidence, the less headache you’ll have and the smaller your audit fees will be.
Or at least, the smaller the increase in your audit fees will be from one year to the next. After all, some things still never change.