On June 8, 2022, the SEC announced a notable settlement with national audit firm CohnReznick LLP, charging it with failure to uphold several professional standards during its 2017 audits of two public companies that had previously been sued by the SEC for accounting fraud.  In its order, the SEC specifically alleged that CohnReznick violated professional standards and contributed to materially misleading financial statements by, among other things, failing to exercise sufficient professional skepticism and accepting assertions from company management without sufficient supporting evidence.  The SEC fined CohnReznick $1.9 million, levied fines and suspensions against several of its audit partners, and imposed an independent consultant with a sweeping mandate to demand various audit-related and internal process reforms and veto new audit clients.  This action is consistent with the SEC’s repeated warnings that “gatekeepers” such as auditors are in the agency’s crosshairs.

The SEC’s Allegations

The SEC’s case focused on CohnReznick’s third quarter 2017 interim review and 2017 annual audit for a brand management company and its unrelated 2017 annual audit of a commodity trading firm.  The crux of the allegations, which were neither admitted nor denied, is that the CohnReznick audit engagement teams repeatedly failed to exercise professional skepticism or to demand evidence in support of accounting judgments made by company management, including in areas that had been identified as key audit risks or that had been flagged by quality control staff in the national office: in short, that CohnReznick was too easily satisfied by its clients’ representations and did not push back for better analysis and documentation.  The SEC did not allege that the auditors involved acted with a wrongful motive or in any way assisted the companies’ alleged frauds; instead the SEC focused on their alleged failure to adhere to audit standards and thereby fulfill their “gatekeeper” role.

The Brand Management Company Audits

In 2017, CohnReznick performed audit work for a brand management company where goodwill—intangible value the company possesses—constituted a significant percentage of the company’s book value.  In 2020, the SEC sued the company, and later its former CFO, for negligence-based fraud and other charges arising from its failure to take a large goodwill impairment in its financial statements for the third quarter of 2017 and the 2017 year-end, with both matters settling.[1]  According to the SEC’s settled order with CohnReznick, when a goodwill impairment review was triggered in 2017, the company dropped its publicly stated valuation method—which would have resulted in a significant impairment—and instead relied heavily on a discounted cash flow valuation that allowed it to avoid a write-down.  CohnReznick’s internal valuation specialists and national office raised concerns about the change.  Yet, according to the SEC, the engagement team accepted the company’s representations about the valuation without requiring adequate analysis or documentation to resolve internal concerns.  The SEC also alleged that CohnReznick later supplemented its audit work papers to add information from the company and analysis by CohnReznick that had not been considered by the audit engagement team at the time of their actual audit.

The Commodity Trading Firm Audit

CohnReznick also performed audit work for a commodity trading firm that the SEC sued for unregistered sales of securities and later for accounting fraud involving related party transactions.[2]  According to the SEC’s settlement with CohnReznick, the audit firm worked on the company’s 2017 annual audit for two months in 2018 before resigning.  The SEC found that CohnReznick failed to uphold multiple professional standards in the audit, including by failing to adopt an audit plan that adequately provided for unique risks at the company, such as a previously-identified material weakness in its internal controls over financial reporting.  The SEC further alleged that CohnReznick failed to identify undisclosed related party transactions and to properly audit related party transactions that were disclosed.  Among other things, the SEC also faulted CohnReznick’s response to an SEC Division of Enforcement inquiry made shortly before the company’s filing was due as being rushed, poorly documented, and lacking “clear policies and procedures for performing this type of review by the national office personnel.”

Charges and Individual Accountability

The SEC alleged that CohnReznick violated SEC rules requiring the firm to uphold numerous professional standards, including twelve different audit standards; inaccurately certified that its audit had complied with generally accepted auditing standards; and was a cause of materially misleading financial statements filed by both companies.

In addition to paying a $1.9 million penalty, the terms of the settlement impose significant restrictions on CohnReznick.  Most notably, the firm is required to engage an independent consultant for a period of at least 19 months.  The consultant will have expansive discretion and power, including a veto power over new audit clients.  The SEC also prohibited the firm from accepting new audit clients during the consulting period that fall within certain risk categories (such as those with a previously identified and unremediated material weakness in controls).  The settlement also gives the independent consultant an expansive mandate to review procedures at the firm not just in specific categories like valuations and related party transactions, but also across a broad range of both audit-related and internal procedures, including professional development and training, application of professional skepticism, and sufficiency of audit evidence.  CohnReznick is obligated to implement the consultant’s recommendations with only limited ability to negotiate or appeal to the SEC’s Enforcement staff, and its CEO must certify that the firm has complied in all respects with the consultant’s recommendations.

The SEC brought similar charges against three CohenReznick partners involved in the brand management company audit and two partners from the commodity trading firm audit,[3] levying fines of between $10,000 and $30,000, suspending two partners from appearing before the Commission as accountants for three years, suspending two more for one year each, and censuring another.

Takeaways

This settlement is notable in several respects.  First, it gives teeth to the repeated declarations of Chair Gary Gensler and Enforcement Director Gurbir Grewal that the SEC will target “gatekeepers” such as auditors,[4] and highlights the agency’s emphasis on the importance of independent, quality audit work to investors.[5]  The settlement was announced just one day after the SEC announced accounting fraud charges against a New Jersey software company and eight of its current and former executives, including its former general counsel,[6] signaling the SEC’s heightened interest in suing individual defendants in general and “gatekeepers” in particular.

Second, the case underscores the SEC’s persistence in continuing to investigate the conduct of auditors for years after the audits in question.  The SEC sued the commodity trading firm in 2018 and again in 2019, and sued the brand management company in 2020, yet clearly did not close its investigations.  It remains to be seen whether this marks a shift in strategy that will see the SEC follow other accounting fraud investigations with a second-act examination of the auditors.

Third, the SEC has sent a clear message that it expects auditors to notice and act upon red flags and push for sufficient audit evidence before putting any concerns to rest.  In the SEC’s accounting fraud complaints against the companies at issue, the agency alleged that the companies withheld evidence from CohnReznick and affirmatively misled its auditors.  This deception by the audit client did not stop the SEC from alleging that the audit firm should have done better.  The SEC clearly expects auditors to play their role in rooting out frauds, and to be hard targets for deception.  The case also highlights the SEC’s expectations that when material weaknesses or significant deficiencies are identified in a company’s internal controls over financial reporting, the auditors will test those controls and require remediation.

Finally, the SEC has proved willing to place a large auditing firm’s future in the hands of an extremely powerful independent consultant, which will likely prove to be costly and disruptive.  Firms that want to avoid that fate would do well to evaluate their processes and ask how their conduct on client engagements might look to SEC enforcement investigators in the future.

[1] https://www.sec.gov/litigation/litreleases/2020/lr24981.htm; https://www.sec.gov/enforce/34-92611-s; https://www.sec.gov/litigation/litreleases/2021/lr25289.htm.

[2] https://www.sec.gov/news/press-release/2018-61; https://www.sec.gov/news/press-release/2019-90; https://www.sec.gov/news/press-release/2020-2.

[3] The partners from the latter audit were charged in a prior settled action in 2021.  See https://www.sec.gov/litigation/admin/2021/34-93133.pdf

[4] See https://www.sec.gov/news/speech/gensler-securities-enforcement-forum-20211104; https://www.sec.gov/news/speech/grewal-pli-broker-dealer-regulation-and-enforcement-100621

[5] https://www.sec.gov/news/statement/munter-20220608

[6] https://www.sec.gov/news/press-release/2022-101