Ethical Behavior for Management Accountants

It’s well established that members of the accountancy profession have a responsibility to serve the interests of many stakeholders in society, including those of the general public. For example, the first words of the Handbook of the Code of Ethics for Professional Accountants (Handbook) mention the interests of the public: “A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest.” The Handbook is published annually by the International Ethics Standards Board for Accountants (IESBA), a part of the International Federation of Accountants (IFAC).

IFAC’s broad definition of the public interest in IFAC Policy Position 5 is “the net benefits derived for, and procedural rigor employed on behalf of, all society in relation to any action, decision, or policy.” Because the accountancy profession touches on every aspect of society, the public includes all groups and individuals—consumers, investors, taxpayers, and citizens. According to IFAC, determining whether an action, decision, or policy is in the public interest involves two phases: assessing net benefits (to see if benefits outweigh the costs) and considering whether the issue was evaluated with transparency, public accountability, independence, competence, adherence to due process, and participation of a wide range of societal groups.

Do Consulting Services Threaten Audit Performance?

The Sarbanes-Oxley Act of 2002 (SOX) prohibits independent auditors from providing to their audit clients specified nonaudit services, primarily management consulting. But auditing firms, including the Big 4, appear to be moving back toward providing more consulting services in order to benefit their bottom line. The ethics culture that drives the deliberate strategy to provide more of these highly profitable and rapidly growing consulting services could very well lead to the same conflict of interest that brought about the SOX legislation—that is, diminished efforts by audit firms to perform high-quality audits for the benefit of investors and the public.

The language in SOX Section 202 specifically bars audit firms from providing to their audit clients consulting services involving “management functions or human resources” and “expert services unrelated to the audit.” Yet PricewaterhouseCoopers (PwC) announced in 2013 that it was acquiring Booz & Co., a global full line commercial management consulting firm, closing the deal this past April. With this acquisition, PwC significantly adds to the nearly one-third of total revenue it earns from providing consulting services. Former Securities & Exchange Commission (SEC) Chairman Arthur Levitt said, “We are slipping back. As the accounting profession becomes more committed to consulting, their audit activities have got to be questioned.”

PwC’s press release broadly describes the purchase of Booz as providing “an enhanced range of services for our clients” and announces the new name for Booz is Strategy& (pronounced “Strategy and”). The release also says that the acquisition “reflects the strength in strategy consulting that Booz & Company brings to the PwC Network and the benefits this deal will bring to all clients and stakeholders.” It isn’t clear how consulting clients about strategies doesn’t expressly conflict with both the language and intent of SOX to preserve the independence of audit firms from their clients.

The website for Strategy& contains information about the types of services the firm provides and articulates what it means by “strategy consulting.” Some of the statements on the site include:

• “What PwC and Strategy& create together will be unique.”
• “We’ll offer clients something they can’t get elsewhere: a combination of strategy consulting expertise, and a proven track record of delivery, with unrivalled global scale and experience.”
• “Clients will be able to get practical strategy advice from people who understand the opportunities and risks involved in implementation—and strategic execution skills from people who understand the context.”

These suggest that one of PwC’s primary growth strategies is to provide broad-scope consulting that involves the kinds of strategic business decisions only management and the board of directors can make and then facilitate the tactical implementation of those decisions.

In a May 1, 2014, speech at Baruch College’s 13th Annual Financial Reporting Conference, James R. Doty, chairman of the Public Company Accounting Oversight Board (PCAOB), noted that “Audit is a declining portion of accounting firms’ business models.” This is a sharp turnaround from the practices firms adopted a decade ago shortly after SOX was passed. Most of the then Big 5 accounting firms divested their consulting businesses, and PwC was no exception.

In October 2002, PwC sold its consultancy business to IBM for approximately $3.9 billion in cash and stock. But beginning in 2009, PwC began to backtrack by acquiring firms—including Paragon Consulting Group and BearingPoint, the North American commercial practice that succeeded KPMG Consulting—to rebuild its consulting practice. PwC continued its acquisition strategy by adding Diamond Management & Technology Consultants Inc. in 2010 and a firm called PRTM in 2011. In 2012, PwC acquired a social media strategy development and consulting firm called Ant’s Eye View so that it could augment its growing customer impact and customer engagement capabilities in management consulting. The 2013 acquisition of Booz & Co. was a natural follow-on.

Ernst & Young (EY) coped with divesting from its consulting practice by selling it to Capgemini SA, a large global consulting firm headquartered in Paris, France. EY isn’t known to have engaged in large-scale merger activity after 2002, when it acquired some of the remaining practices of Arthur Andersen outside the United States. Its French website doesn’t mention providing consulting services, but its U.S. website indicates that the firm provides advisory services related to performance improvement, performance technology, and risk.

The smallest of the Big 4, KPMG, spun off its consulting practice in 2000 as KPMG Consulting. The company went public in 2001 and was renamed BearingPoint a year later. It fell on hard times, and its U.S. operations declared bankruptcy in 2009. It sold major segments of its global practice, including selling North American Public Services to Deloitte and North American Commercial to PwC.

Deloitte, which is competing with PwC to be the largest accounting firm, is the only one that didn’t divest its consulting practice after SOX was enacted. Its consulting website calls it the largest consulting firm in the world, providing perhaps the most diverse array of consulting services. General categories of the consulting services it provides include analytics, business transformation, digital enterprise, human capital, strategy and operations, technology services, and innovation. Additional services are provided under the heading Financial Advisory Services and Deloitte Growth Enterprise Services.

In addition to part of BearingPoint, Deloitte also acquired Drivers Jonas in the United Kingdom in 2010, plus ClearCarbon Consulting and DOMANI Sustainability Consulting in 2011 to augment its offerings in the field of sustainability. Deloitte entered the mobile application field in 2012 when it acquired Übermind, Inc. and Monitor Group after Monitor filed for bankruptcy.

There are many potential dangers to the independent auditing function as the Big 4 accounting firms (and undoubtedly many smaller firms) become preoccupied with consulting services, and the PCAOB has started to take notice. In a December 2013 speech at the American Institute of Certified Public Accountants (AICPA) National Conference on SEC and PCAOB Developments, the PCAOB’s Doty posed a number of questions dealing with the impact of consulting on audit quality:

• “Of what consequence are these developments for the audit function? What are the implications for independence of the audit function?”
• “What will firm management do to meet the compensation and cultural challenges that destabilized Arthur Andersen?”
• “How will firms avoid talent misallocation, with the best minds going to consulting at the expense of audit expertise and competence?”
• “What is the capability of audit leadership to evaluate and manage other business lines away from audit?”
• “What are the risks of other business lines and how do they affect resource allocation and investment in audit?”

Doty also noted that “audit firms have said that the acquisition and ownership of nonaudit expertise benefits and supports audit expertise.” Following his speech, however, he questioned that assertion, wondering about the extent to which firm consulting expertise can impact audit quality and auditor performance. The personnel who perform audit services are different from those who perform consulting services. The logic of the benefits to auditing has never been clearly explained to the public user.

In the midst of this, public reports on audit quality continue to be disappointing. In April 2014, the International Forum of Independent Audit Regulators (IFIAR) released a global survey of audits conducted by the six largest audit firms. Titled “Report on 2013 Survey of Inspection Findings,” the survey “indicates the persistence of deficiencies in important aspects of audits and that there is a basis for ongoing concerns with audit quality.”

In the 1930s, to serve the public interest, Congress mandated that all public companies engage independent auditors to perform periodic auditing services. Many of these audit providers have merged over time, which means the vast majority of these services are now provided by only a very few firms. Economists characterize this situation as an oligopoly. A 2012 academic study, “The Capture of Government Regulators by the Big 4 Accounting Firms: Some Evidence,” found that regulators “have failed to indict any of the Big 4 for known criminal actions” because of a “too concentrated to indict” modification of the “too big to fail” doctrine.

The public interest isn’t being served if we stand by while accounting firms become global, giant, broad-scope financial service enterprises designed to serve a wide variety of the needs of client management with a lesser commitment to perform the highest-quality independent audits. It’s hard to see how such firms can effectively serve the conflicting interests of such disparate groups of stakeholders. Firm management attention and resources inevitably follow the business line providing the greatest profitability. But we can’t permit the consulting excesses and “please-the-client” culture that led to the demise of Arthur Andersen and collapse of Enron to occur ever again.

Can Truly Independent Auditors Be Co-opted?

The Defense Contract Audit Agency (DCAA) plays a critical role in protecting the interests of taxpayers by monitoring financial aspects of federal defense procurement contracts and subcontracts. The DCAA provides auditing, accounting, and financial advisory services in connection with negotiation, administration, and settlement of contracts and subcontracts to the Department of Defense (DOD) and other federal agencies. These services must comply with generally accepted government auditing standards (GAGAS) promulgated by the U.S. Government Accountability Office (GAO). The standards provide guidance to auditors performing government audits and other reviews to maintain competence, integrity, objectivity, and independence.

On July 22, 2008, the GAO issued a disturbing report, DCAA Audits: Allegations that Certain Audits at Three Locations Did Not Meet Professional Standards Were Substantiated, that illustrates how the objectivity of auditors, who are expected to function on a truly independent basis, can be co-opted by pressures from the contractor and DOD contracting community as well as other factors. Whistleblower complaints on the GAO’s FraudNet hotline triggered investigations of 14 DCAA audits and forward-pricing audit issues in three California DCAA field offices. The GAO review involved more than 100 interviews and included cooperation with the DOD Office of Inspector General and its Defense Criminal Investigative Service. The DCAA audits in question were issued from 2003 to 2007.

Founded in 1965, the DCAA is under the overall authority, direction, and control of the Under Secretary of Defense (Comptroller and Chief Financial Officer), who is one of only five Under Secretaries reporting directly to the Secretary of Defense. The Under Secretary of Defense (Acquisition, Technology, and Logistics) oversees the Defense Contract Management Agency (DCMA), which actually administers contracts relating to the DOD acquisition system, research and development, installation management, military construction, procurement, and more. This high-level reporting relationship should provide sufficient independence for auditors of the DCAA to report effectively on any ethical missteps.

Unfortunately for taxpayers, ethical transgressions in defense contracting have been with us for decades. The Packard Commission was created more than 20 years ago to develop solutions to continuing scandals that had eroded public confidence in the defense industry, including reported instances of waste, fraud, and abuse within both the industry and the DOD. One of the Packard Commission’s major recommendations was to improve the industry environment and public confidence by placing greater emphasis on self-governance. The Commission’s January 1986 report notes:

“To assure that their houses are in order, defense contractors must promulgate and vigilantly enforce codes of ethics that address the unique problems and procedure incident to defense procurement. They must also develop and implement internal controls to monitor these codes of ethics and sensitive aspects of contract compliance.”

The Defense Industry Initiative on Business Ethics and Conduct (DII), a voluntary organization consisting of virtually all of the major defense contractors, was organized later in 1986 to coordinate and facilitate these efforts. This organization continues to function today (www.dii.org), requiring annual certification of a signatory company’s compliance with the DII’s six principles of business ethics and conduct: 1. Each company will have and adhere to a written code of business ethics and conduct. 2. A company’s code establishes the high values expected of its employees and the standard by which they must judge their own conduct and that of their organization; each company will train its employees concerning their personal responsibilities under the code. 3. Each company will create a free and open atmosphere that allows and encourages employees to report violations of its code without fear of retribution for such reporting. 4. Each company has the obligation to self-govern by monitoring compliance with federal procurement laws and adopting procedures for voluntary disclosure of violations of federal procurement laws and corrective actions taken. 5. Each company has a responsibility to each of the other companies in the industry to live by standards of conduct that preserve the integrity of the defense industry. 6. Each company must have public accountability for its commitment to these principles. The DCAA appears to use many quality and ethical control strategies. In addition to supervisory and other reviews, methods include the independence standards of GAGAS, reliance on contractor ethics initiatives, and the mandatory requirements contained in the Truth in Negotiations Act. All seemed ineffective in the audits reviewed by the GAO in July’s report. The allegations of failure to meet standards were all substantiated: (1) Work papers didn’t support reported opinions, (2) DCAA supervisors dropped findings and changed audit opinions without adequate audit evidence for their changes, and (3) sufficient audit work wasn’t performed to support audit opinions and conclusions. Seven contractors were involved, two of which are among the top five in terms of contract value.

One of the most glaring examples of a lack of independence cited in the GAO report was the finding of collusion. The GAO found that “contractor officials and the DOD contracting community improperly influenced the audit scope, conclusions, and opinions of some audits—a serious independence issue.” In other words, there was an upfront agreement between the resident auditor and contractor executives regarding which records would be selected for audit and the decision that the audit opinion would be based on final and corrected documents after several DCAA reviews. Even after all this advance effort, there was sufficient evidence to support a determination of systems inadequacy.

When the contractor objected to the draft findings at the exit conference, the DCAA resident auditor replaced the original supervisor and senior auditor and threatened personnel action if the senior auditor didn’t change the work papers and draft opinion. According to the senior auditor, whom GAO interviewed, he initially refused to make the changes but later did so after being pressured by the resident auditor, who didn’t want the report to differ from other recent opinions. An Air Force official told GAO that he advised the DCAA senior auditor not to “lose his job” over the disagreement and to go ahead and make the necessary changes to the working papers.

Another disturbing finding reported by the GAO is the lack of available experienced staff to complete the analysis of complex cost data required by the Federal Acquisition Regulation (FAR) and other audits. According to DCAA data, planned downsizing has decreased the number of auditors from almost 6,000 in 1989 to about 3,500 in fiscal 2007—despite significant increases in military spending during that period for the Gulf war and Iraq war. Further, the DOD strategy of outsourcing functions previously performed by military personnel increased the proportion of total defense spending allocated to contractors. DCAA auditors told the GAO that the limited number of hours allowed for their audits and the number required to be completed directly affected the sufficiency of audit testing.

Perhaps most disturbing is that the GAO identified a pattern of frequent management actions that served to intimidate the auditors being interviewed and to create an abusive environment. In this environment, some auditors “were hesitant to speak to [the GAO] even on a confidential basis.” An ethical culture in the organization is critical to the proper functioning of controls.

According to a July 23, 2008, press release from Senators Joseph Lieberman (I.D.-Conn.) and Susan Collins (R.-Maine), the two Senate addressees of the GAO report, mismanagement of federal contracts is one of the biggest operational challenges facing the federal government. The two Senators coauthored comprehensive legislation, passed by the Senate, to address the weak oversight and lack of competition in contracting. The website of the report’s House of Representatives addressee, Henry Waxman (D.-Calif.), didn’t contain any information about his reaction to the GAO findings.

There are several lessons to be learned from this situation. The first is that even a very comprehensive control system may be unable to assure successful outcomes if those charged with oversight—in this case, Congress—fail to perform their function effectively and on a timely basis. The GAO refers to a January 2007 report, High-Risk Series: An Update, which states, “[The] DOD is not able to assure that it is using sound business practices to acquire the goods and services required to meet the needs of U.S. warfighters.” The phrase “high risk” in the report’s title refers to a greater vulnerability to fraud, waste, abuse, and mismanagement.

The second lesson is that cost-pinching reductions in resources devoted to auditing efforts may have counterproductive results. Although the current report notes that noncompliance with GAGAS has had an unknown effect on the government, “downsizing of contract oversight staff in the 1990s coupled with hundreds of billions of dollars in increased contract spending since 2000 has exacerbated the risks associated with DOD contract management.” Perhaps the cost-saving business model of stationing a resident auditor at many contractor locations provides too much of an opportunity for auditors to become familiar with contractors, resulting in loss of independence.

The DCAA website notes that there are 300 field audit offices (FAO) and suboffices located throughout the United States and overseas. An FAO is identified as either a branch office or a resident office. Suboffices are established by regional directors as extensions of FAOs when required to furnish contract audit service more economically. With so many auditors based in such close proximity to their audit clients, employing traveling auditors assigned to audit multiple contractors is possibly the only way auditors can function with independence. This structure would prevent auditors from having constant contact with the same set of contractor executives and military officers and would provide a base removed from all contractor organizations, where independence can be regularly reinforced.

The third lesson to be learned is the importance of regularly reinforcing an ethical culture. The federal government provides considerable guidance for achieving ethical success. Beyond GAGAS, available governmental guidance includes the work of the DOD Standards of Conduct Office and the U.S. Office of Ethics. Despite these efforts, however, the DCAA seems to need a much more vibrant ethical culture to sustain sufficient independence to perform its mission. Ethics is a matter of the heart and not just legal rules of the head.