And, while the fines are getting larger and larger each year, many folks think they are still too small to deter the risk taking that the big boys do. In fact, Erik Gordon, assistant professor at the University of Michigan’s Ross School of Business, said: “It is surprising [accountancy firms] are not more severely penalized than they currently are. The damage to investors, including retirees, [of misconduct] is far larger than the fines imposed.
Sure, some folks say that the damage to the audit firm’s reputation is what’s really significant in these situations. But, while the firms suffer some small embarrassment, the audit market is so concentrated that even if companies wanted to switch auditors, conflicts of interest make it difficult or impossible to do so and the audit firms get away relatively unscathed.
So what to do? Larger fines of course: “Fines that would be large enough to eliminate partner bonuses for five years would be more effective,” Prof Gordon told the FT. And bans, either of the firms from accepting new clients or partners from serving public companies seem to be a couple of popular ideas. Whatever the punishment is, it has to be more severe than the value of lucrative client relationships. Until that happens, the incentives will always lead a firm back to doing what its client wants.
Meanwhile, those same large firms continue to try and avoid any responsibility for the damage of hacks at clients.
Take for example the case of EY and Equifax.
When the Equifax breach occurred, according to correspondence reviewed by MarketWatch between the SEC and the Equifax CEO and CFO dating from 2011 to 2014, EY was already aware that the SEC had scrutinized Equifax for inadequate disclosures of its cyberrisk and poor overall disclosure controls..
In January of 2014, the SEC asked Equifax’s CEO about inadequate disclosures regarding a material weakness in internal controls over financial reporting in 2013. In its response Equifax provided the SEC with a detailed timeline of its evaluation of the control weaknesses—and concluded that its interim quarter disclosure controls were also ineffective.
In September of 2012, Equifax was asked to add more information in future filings about cyberattacks, security breaches or other similar events it had experienced in the past, in order to “provide the proper context” for the disclosure.
Even if they’ve largely escaped scrutiny for now, it’s hard to imagine a scenario where EY is excluded from this mess completely. One expert quoted says that despite the large audit firms’ belief that “cybersecurity risks is outside the scope of a financial statement and ICFR audit” that won’t protect them because the general IT controls “are not typically managed or controlled separately” from the access and patch controls that led to the breach.
That argument probably won’t hold water for very long. Nowadays, general IT controls absolutely have to be included in access and updates, and any accountant that doesn’t realize that needs to think seriously about changing professions.
As a matter of fact, even local accountants who access client software, or manage online accounting for clients, need to seriously consider the risks they face once the trickle down effect begins to trickle, down.
Join us here at Practice Builder Publishing and become a part of the community, whether you become a contributing author, a peer recruiter, or merely a raving devotee of the Practice Builder Publishing resources, I'll work with you personally so you can reach the goals you set.
Best to you and yours,
P.S. Think I'm full of B.S.? Maybe you ought to let me know what you think. Plop your comments in the section down below the related articles and let me know what you think.!
P.P.S. Got questions about products and services I talk about, the terms of service, privacy nd all that stuff related to Practice Builder Publishing? Click Here to read the fine print.
Share your experiences, and pick our brains.
Get Into Tax Representation NOW!
I would love to see you build a great Tax Practice, building a strong client base by helping troubled taxpayers solve their problems with the IRS.
I want you to become a part of the Practice Builder Publishing network, and I want to work with you personally to reach maximum profit potential this year! Nothing I teach or help you with damage your credibility. It will simply get you more clients and help you make more money.
If you stop searching for the next magic trick, the perfect software, the "shiny object" that's going to do all the work for you (note: it doesn't exist)- and just focus on building & serving your market - you'll actually start seeing GREAT results. FAST.
Get started building your practice by learning how actual practitioners build their business marketing tax representation services, and start building it FAST, by clicking on the link below. Click the button below and find out more!