The Adelphia settlement is pretty much old news by now, but an acquaintance pointed out to me that there were some pretty unique aspects to the settlement that sure didn’t receive much press coverage. Or maybe it was just tangential and not really noticed. (By me, anyway.)
Anyway, as part of the settlement, private investment trust is now required to “think forensically” in evaluating its clients and its risks in auditing them. SEC Accounting and Auditing Enforcement Release No. 2237 contains the summary of the case and proceedings; what’s really interesting is in the back of it, in Sections F. (”Certain Steps Taken By Deloitte Since The Adelphia Audit”) and G. (”Undertakings By Deloitte”).
After the Adelphia audits, Deloitte started using proprietary financial analysis to assess its exposure to financial statement fraud or business failure in its client base of publicly-traded U.S. clients. There’s a strata of clients that they worry about based on the output of the analysis: the ones they put into the “Risk Management Program.”
Since May 2002, Deloitte has taken extra care with these clients:
– They notify the Audit Committee that the firm has received “Risk Management Program” status.
– Deloitte forensic specialists become involved in the audit planning for “high risk” clients in the Risk Management Program.
– There’s more tension built into the review processes of the audit engagement partner and the concurring partner.
– At the end of the audit for clients in the Risk Management Program, the audit team must document conclusions about the effectiveness of audit response to identified audit risks; a “Special Review Partner” must agree with them.
– Finally, Deloitte now develops and documents the circumstances for each particular company in the Risk Management Program to find its way out of the classification.
It gets even tougher soon. Beginning with audits of companies with 6/30/05 year ends, Deloitte will pay even more attention to its publicly-traded Risk Management Program clients: it will appoint Special Review Partners to oversee the planning and design of audit procedures for risks identified in the planning stage; they’ll use their forensic specialists in the planning stage of audits of all clients in the Risk Management Program; the engagement partner will document the specific and pervasive audit risks identified at the planning stage of the audit as well as any significant issues that arose during the engagement, the procedures used to address each identified risk and issue, and explain why such procedures were satisfactory.
There’s plenty more; check the document. But it’s notable that one burden placed on Deloitte is that “within 24 months from the date of this order, Deloitte will take reasonable steps to ensure that all Deloitte audit professionals have completed 8 hours of training on: (a) fraud detection; and (b) operation of, and an auditor’s responsibilities under, Section 10A of the Exchange Act..”
By the end of October 2006, Deloitte will have to hire an independent consultant to verify to the SEC that it has complied with the requirements of the order; the consultant will have until the end of February 2007 to render its report to the Commission.
Strong stuff, for certain. Deloitte should be better off for the steps, aggravating as they’ll be for the extra administrative work they’ll cause; they’ll likely chip away at the profit margins if left unmanaged. On the other hand, if Deloitte’s clients land in the Risk Management program that’s going to cost more, what’s the logical thing to do? Right: charge more. And the client will know why, so they have an incentive to play ball; it’s in their own self-interest. Deloitte might lose clients because of their new duties – but they might be the right kind of clients to lose.