Sleeping With the Auditor

The appearance of independence is key, stresses Brett Trueman, professor of accounting at the Haas School of Business at UC Berkeley. "No one can get inside the mind of an auditor, so we must rely upon the outward signs of independence. Even separating auditing from consulting may not go far enough in terms of perception. The danger is that the public will not believe the audited financial statements, and [investors] will stay away from [a government's] bonds."

To preserve the public's confidence, government regulators and the accounting industry evolved two overarching principles during years of acrimonious debate:

- Audit organizations should not provide nonaudit services that involve performing management functions or making management decisions.

- Audit organizations should not audit their own work or provide nonaudit services in situations where the nonaudit services are significant or material to the subject matter of the audit.

A year before the Enron-Andersen scandal hit the front pages, the Securities and Exchange Commission clarified the overarching principles. The agency ruled that, "The greatest assurance of auditor independence would come from prohibiting auditors from providing nonaudit services to clients." Responding to pressure from the accounting industry, several federal agencies that oversee accountants stopped short of making a blanket prohibition against nonaudit consulting, instead publishing a list of don'ts for audit organizations:

- Do not maintain, prepare, or construct financial records.

- Do not provide internal audit services.

- Do not design, install, or operate the client's information technology system (auditors are limited to providing routine advice only).

- Do not prepare annual budgets or strategic plans or participate in management and policy decisions.

- "Avoid situations that could lead reasonable [people] ... to conclude that the auditor is not able to maintain independence in conducting audits. Remember: The independence standard is principles-based and should be applied using a substance over form approach" (emphasis in original).

"The overarching principles were always there," says Relmond Van Daniker, executive director of the National Association of State Auditors, Controllers, and Treasurers. "The problem started in the 1990s. If an auditor came in and said, 'Look at this!' a chief financial officer might think, 'Who better to fix the problem than people who reported it?' Auditing became commoditized; consulting was a way to expand the business. The auditors argued that since different divisions did the work, there was a wall between auditors and consultants. But it was not independent in appearance; maybe in fact, but perception becomes reality."

In looking over several years' worth of internal documents between KPMG and the city's controller, it is clear that KPMG has violated virtually every one of the feds' don'ts for independent auditors.

As the issue of auditor independence was becoming increasingly controversial, KPMG LLP created a separate U.S. corporation, called KPMG Consulting Inc., to contain the bulk of its American consulting business and to shield itself from charges of nonindependence. "As a result, we will no longer have to comply with the rules and regulations governing the independence of auditors from their clients," KPMG Consulting told the SEC.

That would be true if KPMG Consulting were totally separated from KPMG International, the Swiss-based association of which KPMG LLP is the dominant member. Reports on file with the Securities and Exchange Commission show, however, that several of KPMG LLP's associate firms own shares in KPMG Consulting.

A spokesman for KPMG LLP said the company will not discuss its partners' holdings, but SEC records show that, when the companies separated, individual partners were allowed to put KPMG Consulting equities into blind trusts "in order to comply with the Auditor Independence Rules."

"You're not supposed to own a spinoff," says Van Daniker. "If they do [have stock], they've got to get rid of it."

A spokesperson for KPMG Consulting says that the firm's parent company no longer "has an investment stake in us."

The two organizations may be divorced in name, but they are still a couple. They cohabit in an office headquarters complex in McLean, Va. Last year, the two companies shared $234 million worth of space and "basic administrative, clerical and processing services ... accounting and payroll support, technology support, human resources, employee benefits, marketing and office support," according to KPMG Consulting's annual report.

Nor has KPMG LLP stopped consulting; the two companies have a "noncompetition" agreement, which states that they will meet to divvy up possible consulting contracts. Both KPMG-monikered firms have arrangements with major corporations, including Qwest, Cisco, Oracle, and Microsoft, that are worth hundreds of millions of dollars and are based on the KPMG group's ability to "resell" software to its clients.

The Governmental Accounting Standards Board's Hildreth says, "The spinoff could alleviate the appearance of nonindependence to the extent that they are legally separate." He says he is aware that KPMG LLP maintained an ownership stake in KPMG Consulting. "That's why I said 'legally separate,'" he explains. "And legal separation helps, but does not prevent all unethical behavior."

Sharon Russell, who is an executive with the state of Alabama's Department of Examiners of Public Accounts, as well as an adviser to the Governmental Accounting Standards Board, was blunt: "If to most people it looks like they are not divested, then they are not a separate spinoff."