EY will have to pay a $100 million fine, the largest monetary penalty ever given to an audit firm by the Securities and Exchange Commission (SEC), after it was revealed today that hundreds of the Big Four firm’s auditors had cheated on mandatory ethics exams and internal continuing professional education (CPE) courses for several years.
This is not the first time a Big Four firm has been busted by the SEC for cheating on internal training exams. The SEC handed KPMG a $50 million fine in June 2019 after an investigation found that audit professionals had cheated on internal training exams by improperly sharing answers and manipulating test results.
Part of that fine also was attributed to a separate scheme in which KPMG audit executives illegally received and used confidential inspection information from insiders at the Public Company Accounting Oversight Board (PCAOB) between 2015 and 2017 to improve the firm’s regulatory audit inspection results. And a couple of Big Four firms outside of the United States were fined by the PCAOB over the past year for internal testing misconduct: KPMG Australia in September 2021 ($450,000) and PwC Canada in late February of this year ($750,000).
The accounting news website Going Concern reported earlier this year on rumors from an anonymous source that cheating on internal training exams had been going on at EY for many years and an internal investigation had been conducted as far back as 2015, but the cheating and the investigation had not been confirmed until today.
The reason EY’s fine was two times more severe than KPMG’s in 2019 is because the firm withheld evidence of cheating on internal training exams from the SEC’s Enforcement Division during an investigation of EY.
“This action involves breaches of trust by gatekeepers within the gatekeeper entrusted to audit many of our nation’s public companies. It’s simply outrageous that the very professionals responsible for catching cheating by clients cheated on ethics exams of all things,” Gurbir S. Grewal, director of the SEC’s Enforcement Division, said in a statement. “And it’s equally shocking that Ernst & Young hindered our investigation of this misconduct. This action should serve as a clear message that the SEC will not tolerate integrity failures by independent auditors who choose the easier wrong over the harder right.”
According to the SEC’s enforcement order, 49 EY audit professionals received answer keys to CPA ethics exams or sent the answers to colleagues between 2017 and 2021. In addition, hundreds of other audit professionals at the firm cheated on CPE courses required to maintain CPA licenses, including ones designed to ensure that accountants can properly evaluate whether clients’ financial statements comply with Generally Accepted Accounting Principles. And a significant number of EY employees who did not cheat themselves, but knew of colleagues who did, violated the firm’s Code of Conduct by not reporting the misconduct.
The SEC also found that firmwide cheating on internal ethics exams had occurred several years prior to 2017.
“From 2012 to 2015, over 200 EY audit professionals across the country exploited a software flaw in EY’s CPE testing platform to pass exams while answering only a low percentage of questions correctly,” the SEC enforcement order states. “Following EY’s discovery of that earlier cheating scheme, the firm took disciplinary actions and repeatedly warned its audit professionals not to cheat on exams.”
According to the anonymous source, Going Concern reported that those involved in the earlier cheating scheme received either a one-time fine of $500, a salary reduction, or were fired, including several EY partners.
To prevent further cheating, EY included warnings to CPE exams sometime in 2015 reminding test-takers that the exams must be taken independently, and that a failure to do so reflected a lack of integrity, according to the SEC. And EY repeatedly reminded its employees that cheating on exams was highly improper and violated the firm’s Code of Conduct, which requires professionals to act with integrity and requires those who become aware of misconduct to report any deviations or violations of the code to the firm. But those punishments and warnings did not stop the cheating from continuing.
Even worse, EY tried to hide the exam cheating during an SEC investigation of the firm. On June 19, 2019, two days after KPMG received its $50 million fine from the SEC, EY US Chair and Managing Partner Kelly Grier sent a message to all US employees about what happened to KPMG. According to the SEC, the message warned, “[s]haring answers on internal or external tests or evaluations is highly unethical behavior, in violation of our Code of Conduct, and will not be tolerated at EY.” The SEC’s action against KPMG, she wrote, “serves as an important reminder of our responsibility to serve the public interest and the need to always act with integrity and honesty.”
Sometime that day, the SEC Division of Enforcement sent EY a formal request asking whether EY had received any ethics or whistleblower complaints regarding testing associated with any training program or CPE course. This is when EY did not practice what Grier preached.
The SEC order states: “As requested, EY responded on June 20. EY provided a narrative submission that described five matters ‘related to cheating or other misconduct on training programs and assessments.’ One of those matters was [a] 2017 tip about two employees cheating on a CPA ethics exam. None of the matters in EY’s submission involved potentially ongoing misconduct by current employees or misconduct that the firm did not appear to have appropriately addressed.
“EY’s June 20 submission created the impression that EY did not have current issues with cheating—either on training programs and assessments or CPA ethics exams,” the SEC order continues. “However, on June 19, the day before EY made its submission, an employee reported to a manager that a professional in the firm’s audit group had emailed the employee answers to a CPA ethics exam. That afternoon, the manager informed an EY human resources employee of the tip, which was then relayed to others in EY’s human resources group.”
Several EY attorneys reviewed and signed off on the firm’s June 20 response to the SEC that its employees were not currently cheating on internal training exams. But even though those attorneys knew of the employee’s June 19 tip about receiving an answer key to a CPA ethics exam, the SEC said the firm’s response made no mention of the exam answer-sharing that was going on.
“[The tip] was sufficiently concerning to the firm that it began an extensive investigation,” the SEC order states. “Yet, despite the message from EY’s US chair and managing partner only two days earlier about the importance of integrity and honesty, EY did not correct its submission to the SEC’s Enforcement Division.”
The SEC noted in a press release that its investigation of EY is still ongoing.
In addition to paying a $100 million fine, the SEC is requiring EY to engage in extensive undertakings, including retaining two separate independent consultants to help remediate its deficiencies. One consultant will review the firm’s policies and procedures relating to ethics and integrity. The other will review EY’s conduct regarding its disclosure failures, including whether any EY employees contributed to the firm’s failure to correct its misleading submission.
“The SEC will not permit the submission of misleading information or any action that delays or frustrates our mandate to protect investors and our markets,” Melissa R. Hodgman, associate director of the SEC’s Enforcement Division, said in a statement. “Ernst & Young faces significant sanctions and extensive remediation to ensure that its culture and conduct meet the ethical standards required of those responsible for the integrity of our capital markets.”
It is unclear whether the punishment handed down today by the SEC will have any impact at all on EY’s global plan to split the firm into separate auditing and consulting entities.