SEC Charges Two KPMG Auditors with Something We’re All Accustomed to Auditors Doing

By | January 9, 2013

Way back in April 2010, KPMG resigned as the auditor of TierOne Bank. You see, TierOne was in a bit of a mess with its regulator, the Office of Thrift Supervision; the House of Klynveld risk gurus finally had enough, pulled everyone out of there, withdrew their 2008 audit, and told everyone they wouldn't touch those financial statements with a ten-foot pole. 

Last September, the SEC charged TierOne executives with understating their loan losses in order to mislead investors. So it appeared KPMG was on the right track when they ditched TierOne.

Unfortunately, now it's KPMG partner John Aesoph and senior manager Darren Bennett's turn to have their names in the paper.

Take it away, Robert Khuzami!

“Aesoph and Bennett merely rubber-stamped TierOne’s collateral value estimates and ignored the red flags surrounding the bank’s troubled real estate loans,” said Robert Khuzami, Director of the SEC’s Division of Enforcement. “Auditors must adhere to professional auditing standards and exercise due diligence rather than merely relying on management’s representations.”
Auditors rubber-stamping?! For a bank?! The hell you say!
How devoid of actual auditing was this particular effort? Here are some details:
[T]he auditors failed to comply with professional auditing standards in their substantive audit procedures over the bank’s valuation of loan losses resulting from impaired loans. They relied principally on stale appraisals and management’s uncorroborated representations of current value despite evidence that management’s estimates were biased and inconsistent with independent market data. Aesoph and Bennett failed to exercise the appropriate professional skepticism and obtain sufficient evidence that management’s collateral value and loan loss estimates were reasonable.
Okay, so they were insufficiently skeptical. What else?
According to the SEC’s order, the internal controls identified and tested by the auditing engagement team did not effectively test management’s use of stale and inadequate appraisals to value the collateral underlying the bank’s troubled loan portfolio. For example, the auditors identified TierOne’s Asset Classification Committee as a key [allowance for loan and lease losses] control. But there was no reference in the audit work papers to whether or how the committee assessed the value of the collateral underlying individual loans evaluated for impairment, and the committee did not generate or review written documentation to support management’s assumptions.
So no evidence that they actually tested key controls? Alright, that is pretty shoddy auditing, although if the SEC were to compare these auditors' work to those serving another KPMG banking client, say, oh I don't know, Citigroup, during the same period (circa 2008) does anyone think the quality of the audit was much different?  
And the auditors in each instance were held to task as you might expect — the ones in Omaha will probably get a temporary ban and possibly fined; the ones in New York were told (in my imagination), "Yeesh, you guys fucked up. Don't let it happen again."
We'll be patiently waiting for the SEC's own stamp for Aesoph and Bennett — allowing them to "neither admit nor deny" the charges. 
Bang up job, SEC.