September 01, 2005

KPMG establishes the price of the get-out-of-jail card

The monopoly game of accounting goes on another round. A few rounds back, Arthur Andersen was knocked out, and now the KPMG is losing its houses on the plush side of the board:

Accounting firm KPMG LLP on Monday agreed to pay $456 million and to cooperate with authorities investigating tax shelter deals. Rival Ernst & Young LLP remains under grand jury investigation for its role in selling shelters.

which works out as $300k per partner for the get-out-of-jail card. Given how much each partner makes per year, this looks like no more than a blip in their yearly income; the more important question is ... whither accounting reputation now?

Serious Financial Cryptographers have always known that accounting practices and audits are but a fig leaf of respectibility. Arthur Andersen seemed to blow away that paltry covering for the first time, according to the public's viewpoint. Above we see that Ernst & Young are also under investigation, and there is every reason to believe that they were all doing it, whatever it was.

What "it" was is somewhat apropos - raking in huge fees for shady transactions. No matter your views on government, taxes and the equally shady concept of trading justice that resulted in a fine but no indictment, what is clear is that the accountants are not serving the public interest.

Serving the public interest by means of public audits is their being and meaning in life. It is the reason they are special, the reason they have privileges and the reason they can ask high fees. It's the reason that the regulator instructs public companies to get audited. It's the reason that any difficult hidden thing gets a secret report from an auditor, for a fat fee.

For this privilege they get to serve the public interest. It is a very easy test to apply and equally easy to see that this not terrifically high standard is not being met by the public auditors.

For this privilege the accountants have earnt huge fees for huge periods. We can fairly comfortably agree that they got out their rewards; no partner at a big N firm could reasonably claim that too much was asked of them for too little pay.

I have no hesitation therefore in stripping from them any specialness and calling for the end to KPMG. And the rest - society needs to move on and consider other ways in which we audit and confirm to our public that what we are doing is in the interests of our shareholders.

I know that ignoring these words is easy - and that "jobs are at stake." But those are poor excuses for supporting a rotten system. Why does a poor job (or worse - basically theft) by the auditors mean that their jobs must be protected?

Before the veins burst, here's today's ludicrous audit news:

CardSystems auditor completes compliance report Thu Sep 1, 2005 11:31 AM ET NEW YORK, Sept 1 (Reuters) - Payments processor CardSystems Solutions Inc., where a security breach exposed more than 40 million credit card accounts to fraud, on Thursday said its auditor had completed a report to payment networks and concluded it complies with industry data-security standards.

CardSystems, which handles payments for more than 119,000 merchants, in July hired AmbironTrustWave, a data security assessment firm, to review its compliance with payment card industry security standards. The report was submitted to MasterCard, Visa, American Express Co. (AXP.N: Quote, Profile, Research) and Morgan Stanley's (MWD.N: Quote, Profile, Research) Discover on Wednesday, as scheduled.

But they already had the t-shirt that said "I got my systems audited and only exposed 40 million accounts..." No mention of what happened to the predecessor auditor. Anyways, back to the the monopoly game, I wonder who's going to pick up Mayfair?

Posted by iang at September 1, 2005 11:21 AM | TrackBack

I think you might be overreacting wildly, bringing everything the Big 4 do under one heading of theft, from isolated incidents in particular firms, regions and practices.

Admittedly, my perspective may be limited - I am not an accountant, but as a CISSP and CISM, with over 12 years in the information security industry, and almost 29 years in networking and IT, I can honestly say I have never seen any organisation conduct itself as professionally and ethically as the practice I currently work for in one of the Big 4.

Media scaremongering and hype serves no-one but the media. Comments like "today's ludicrous audit news..." are just a sop to a public looking for juicy gossip. The standards are not set by the auditor or assessor, and if we are asked to measure against standards, that is what we must do. A system compliant with industry security standards is still going to be vulnerable to attack, as all systems are vulnerable to something, be it a technical, physical, social or other attack. All a company can do is implement RELEVANT controls to a level which is APPROPRIATE for their risk profile.

That is where teams like mine come in - years of expertise across a wide range of technologies, industries and processes. The most telling indication of our value to clients is being retained for long periods of time, even though our rivals (not just Big 4, but many smaller infosec boutiques) are often cheaper. You get what you pay for!-

Posted by: Rory A at September 2, 2005 08:56 AM

It's curious isn't it. We pretty much all are in agreement that, according to the standards of the prosecutors, what we have here is criminal behaviour. (This was why I was careful to state "regardless of your views on taxation..." etc etc.)

Yet, solely because the firm would collapse if indicted following the clear precedent set by AA, even though the criminal acts were clearly pre-meditated, the company argued its way out to a fine.

And, now, the accounting profession can rally around and say "well, let's not overreact here..."

What message is it that we should draw from this? That's a serious question - I think we all want to know what we can expect from the accounting profession on these issues.

Posted by: Iang at September 2, 2005 09:19 AM

Ian, my compliments on that story. I hope it gets a lot more attention.

Posted by: Mark Miller at September 2, 2005 10:44 AM

I don't see how auditors will ever serve the public interest as long as they are paid by the people they audit. What we see is a preordained outcome in such a system.

Posted by: O.L. at September 2, 2005 12:12 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.