The Role of the Audit Committee in Business Ethics
A transcript of a panel with three chairs of Board Audit and Ethics Committees held at the Business and Organizational Ethics Partnership meeting, Nov. 3, 2005
Tom McCoy - Executive Vice President and Chief Administrative Officer - AMD
Marty Malone - Retired Partner - Ernst & Young
Susan WangC - Retired Executive Vice President and Chief Financial Officer - Solectron
Nick Moore - Retired Chairman - PricewaterhouseCoopers; Former CEO, Chairman - Coopers Lybrand
Tom McCoy: I am Tom McCoy from AMD. I am [AMD's] executive vice president and chief administrative officer. Before that I was general counsel for about 11 years, and before that I served for about 20 years at a big law firm working with auditors, boards, companies. I have seen these issues from all points at the table.
I am here today with a truly world-class panel of people. I think you will be truly impressed. Beginning with Marty Malone, who is a graduate of Santa Clara University and a parent - Marty is a retired Ernst and Young partner; he had a clientele of global companies in a variety of industries. He has served and [still] serves on a number of boards of public and private companies as well as non-profit boards. In the interest of time, I'm not going to identify all of the red stars on his resume.
Susan Wang is a retired executive vice president and chief financial officer of Solectron, which is a valley-based global contract manufacturing company - very big, and very successful. I am sure Susan has many stories to tell. She is a graduate of the University of Texas with an MBA from the University of Connecticut. She sits on a number of corporate and non-profit boards.
Nick Moore is the retired chairman of PricewaterhouseCoopers, and before that, he was the CEO and chairman of Coopers Lybrand, before it merged with PWC. Nick sits on a number of boards, as well as some private venture companies. Nick began his career as a lawyer with a degree from Hastings.
This is quite an accomplished and highly interactive group. Please interrupt us at any time. Some of you have as much experience and opportunities for comment as we do.
We are going to start with our three distinguished panelists talking for five to 10 minutes about their observations. Each of them has been given a different perspective to talk about based on their experience, including audit committee experiences, objectives, best practices, worst practices, and effectiveness. They will also share what is on their mind in what is a period of transformation in corporate governance. We have been in one place; we are going to a different place. We are not quite there yet; we are not quite sure if we see where the end of this movie is. It is a very interesting time and a very demanding time for audit committees. For $25,000 a year, to be chair of the audit committee is tip money, small change relative to the role, the responsibility, the burden, the stress, and the risk, particularly to the accomplished high net worth people who do this for public service and not for money.
Marty Malone: I think everyone here understands what audit committees do. I chair the audit committee of Countrywide Financial Corporation, which is the country's largest originator of mortgages. The name we have for the Countrywide audit committee is the audit and ethics committee. Jim was interested in why we call it that. I think we are not the only ones; there are a lot of companies that do that, particularly coming out of Sarbanes-Oxley. The audit committees of most companies have attracted the responsibility of overseeing the code of conduct of companies and how that is implemented. That includes standard hotline calls, all of which go directly to the audit committee. Ethics issues naturally sit there. As part of the importance of that, Countrywide decided to call it the audit and ethics committee and it makes a lot of sense.
Since they are in the financial services business, they have a very structured set of how ethics and compliance works. We have a chief ethics officer and they have a program to produce continuing education wherein there is a company Internet site on ethics and ethical behavior, and the audit committee oversees that.
With that said, my personal belief is that ethics is only there if there is a "tone at the top." If the people who are at the top of a corporation are not ethical or do not practice what they preach, then you are not going to have it. It does not exist. I think one of the board's most important activities is to insist on nothing less than the best ethical behavior.
I can tell you that if there is some tolerance for something less than a high level of ethical behavior; it will destroy the corporation. Ultimately, it comes down to reputation. Reputation is something you cannot get back. It takes a long, long time for you to build it.
There was an article reported in the papers in Los Angeles wherein there was a hotline call at Countrywide and it turned out that a relatively senior executive was instructing his employees to steer customers to higher priced product. That particular executive didn't have a job for a very long. That is the only way you can deal with those kinds of issues, and you may think that's a little tough.
Question: Was that an audit committee decision? Or was the committee encouraging the CEO? Or how did it happen?
Marty Malone: When it hit me, I asked the question, and I was told he was already gone. The chairman of Countrywide is the founder. He founded that company in 1969, so it is a little different. He is not a hired hand. Even though it is a huge company now, you are dealing with his baby, and so he looks at ethical behavior in a proprietary way. He is Jesuit-trained and, in fact, believes that a Jesuit education is required of those people. He required it of his own children.
So in the area of ethics, it has got to be there at the top.
I learned early in my career as an auditor that if you found areas where there was a lot of petty theft, you would find people looking the other way if the petty theft was being done by a valued manger or a lead man who got slapped on the hand. Once when a CEO that I admired found out that there was a part of his company where that kind of behavior had occurred, he very quickly said there is no toleration for it, and the next person who gets caught, gets fired. It took about six months and [after that,] you did not see that kind of behavior in that particular business unit.
I am sure that you talked about SOX [Sarbanes-Oxley Act.] There are a lot of people who think that it is very expensive, particularly section 404 of SOX, and it may be. And I have to be the first to admit that it doesn't really address the issue of "tone at the top" directly, but it has gotten everybody's attention despite the cost. I don't know how you measure it. But it has gotten the attention of CEOs, CFOs, and boards. Never before have boards been that engaged in financial disclosure and in controls. I think once you get into the area of controls, it is not just limited to financial controls, it starts broadening out.
In my role on the board, I think a lot about the responsibilities of companies and their employees. One way or another, it comes down to how people are doing their jobs and taking responsibility.
Tom McCoy: Susan is going to talk about audit committee responsibilities and effectiveness. Susan, the question I would have for you is: How do you know whether there is "tone at the top" as seen from the bottom?
Susan Wang: Well, first of all, what I was asked to talk about is very boring; you already know it. I am not going to go down the list of all the key responsibilities of audit committees. You can read it in every company's charter, and by the way, to make some ethical issue here, everyone plagiarizes everybody else's charters.
The other part of what I was asked to talk about it is a little bit more interesting: skills and experience required of audit committee members and what makes an effective audit committee member. More and more today, financial expertise is an absolute requirement. And beyond financial expertise, I think accounting expertise is becoming even more prevalent as a requirement. I personally find that people who are financially literate, under the definition of the New York Stock exchange, are often very good audit committee members, even though they may not have the accounting and financial expertise. But the fact that they have had CEO experience and general corporate experience brings a different perspective that I believe is still very relevant. And so, we should not, going forward, exclude those types of people and insist only on accounting and financial-type people on the audit committees. I think that would be a loss.
But certainly the complexities of accounting, SOX, and internal audit requirements today make a person that is steeped in accounting and finance very much more valuable as an audit committee member. The role these people serve, and I include myself in this category, is to really be able to cut through a lot of the issues, get right to the heart of the issue and be able to deal with it effectively and efficiently. I have seen audit committee members who don't know a debit from a credit, so they cannot really conduct an interview or discussion on the topics of accounting. And that is not good at all. Someone with financial and accounting background can look at complex accounting challenges and be able to get right to the issue and understand if there are disagreements and be able to come to a resolution fairly quickly. And also, it is important that people with such background would be able to understand where and when to seek outside expertise.
Beyond technical skills, what's more important are characteristics that people bring. Good audit committee members have to be very inquisitive, very diligent, and very good listeners who are able to distill issues, make judgments on them, and be able to confront challenges and difficult situations. Whenever you are asked to arbitrate between the outside accountants and management, you can't be tiptoeing around. You really have to take a position and confront it. At the same time, you have to be willing to admit that you don't know everything and that you can be convinced of a different opinion. So that ability to see through all these challenges and be able to deal with them very effectively makes a very effective audit committee member. And yes, we do spend a lot more time than the average board members. And no matter what companies tell you, the amount of time that is required of audit committee members and board members is generally far more than advertised.
But if you do your job, you don't have to worry about liability. That is my view. If you do it right, you have to deal with the nuisance of potentially being engaged in lawsuits. You have no bottom-line liability if you are diligent and if you are loyal, which means you have no conflicts.
Tom McCoy: I think you gave an ideal springboard for Nick, because he said, "If you do this right, you can sleep at night." Nick is going to talk about best and worst practices of audit committees today. And Nick, you might talk a little bit about the auditing profession, what has changed for the profession, and what is good and bad about it.
Nick Moore: The first thing I can say is that I hope Susan is right. We all do spend a lot of time trying to do the job right, and there are a lot of really good people out there, not just on audit committees but in financial management organizations that really do try to get it right. Unfortunately, there is a very, very small percentage out there that are not honest, and that is something we have to live with. There is a very recent case, however, that suggests that if you come to an audit committee with a certain competence or a perceived competence at least, then you have a higher level of risk and liability than someone who doesn't. So that is sending shivers up the spines of a lot of people who sit on these committees who were chosen because they have that capability, and you just never know what courts are going to do. I happen to be an expert on that because I spent a number of years trying to help decide which cases went to juries and which ones we settled, and it is a high-risk area. It is not one that is easily predictable.
I agree with what Marty said about "tone at the top" being important. I think it is probably the most critical variable. If you don't see that and don't feel that when you are thinking about joining an audit committee, then you ought to go the other way.
As I used to tell the people who I worked with at PWC, if you felt or had any indication that there wasn't absolute integrity with any of the individuals you were dealing with, not only in a financial organization but throughout senior management, pick up and leave, and you will get supported one hundred percent. It's a sine qua non.
I also agree with Susan's assessment of who ought to be on these committees. It does take a balance. It does take more financial literacy than in the past. I do have a little bit of a bias for at least one or two of the members being people with, what I would call, hard-core CFO experience, or hard core auditing experience, where they have had to deal with these issues, and they don't have to think very hard about where the bodies are buried or what the issues are going to be when they hear about reserves and product returns and things like that. There are a bunch of issues that flood your mind if you have been there and they allow you to ask the right questions and drill down very quickly and listen between the lines and see if you are getting the right kinds of answers from management.
So I think you do need a balance of the other people because they bring a lot to the party, but one or two of those kinds of people on the committee are really important. I, by the way, come from the tech side, so I don't fit either one of those criteria.
The point was made about the audit committee role being extensive, and it is. Like Susan, I am not going to go through the list. But if you listened to me, go through it. I think you would be impressed with the breadth of responsibilities, and if you drill down in any one of these points, like financial statement credibility - that is only one of 8 or 9 points I have here - there is a whole bunch of activity around that set of duties and responsibilities. The only reason I am making that point again is because most audit committees are overloaded. There was a poll I read yesterday that said 75 percent of audit committee members who were interviewed felt that the responsibilities expanded beyond what is reasonable for them to undertake. So think about that.
I was asked to do two things here. One was to look at the best practices, and the other was to look at the role of the chair.
Let me go through best practice…I have already been through number 1, and that is CFO or audit practice experience is a best practice for someone on the committee. Financial and accounting expertise even by itself isn't enough. I don't know if any of you have read Conspiracy of Fools by Kurt Eichenwald. He does a lot of research and then he basically turns it into a historical novel….You read that and you can see how otherwise smart people had big issues blown by them by people who had an agenda and were way off the charts, in my view, in terms of integrity.
Another best practice, maybe it is implicit and obvious, is to demand that you get candor from financial management. I try and test that before I ever get involved. I try to figure out who the people are that I am going to be dealing with. If it is not there as a natural act on their part, set the tone right away and demand it. Make sure that they understand that you expect nothing less. And also from the CEOs and others who are in senior management. One of the time-honored ways to deal with that is to somehow get it integrated into their compensation package so people know you are taking it seriously.
Unfortunately, recently, I have had a lot of recent experience around whistleblower complaints. I have found based on that experience, that there is a whole body of knowledge and set of protocols and rules that are really important in terms of conducting investigations. I will be happy to share that with you if you want to talk about it later.
It is incumbent on any committee to focus on certain areas. You have got to get into revenue recognition; you have to drill down. You need to understand, particularly with software companies, what the methodology is and how it is being employed, what the processes are around it, inventory reserves, returns, restructuring, liability reserves, expense accruals, and that all of those things are fair game. They are things we bring up every time we sit down with management. Every time, we are going to issue quarterly earnings or issue a press release on quarterly earnings, we get into those issues just to get a comfort level that things have not changed since the last time we looked, and that management has done all that it should.
There is another best practice I want to bring up. Everyone now has a disclosure committee. This requires that different people in the company, before filing any kind of 10Q or 10K, consolidate all business units of an organization, gather the representatives of those units, and lay out for what has changed in the last quarter and what might be worthy of disclosure. Detailed notes are kept, and decisions around what to include and what not to include are made. Those minutes are made available to the audit committee to look at and to decide whether they agree with the decisions. That is what I would call a best practice.
I also want to answer your question about the auditing profession. There is an animal right now called the PCAOB. And that group was legislatively created to deal with oversight of the accounting profession. It used to be self-regulated. Now, it is not. There is a fellow by the name of Bill McDonough who was put in charge. He used to be chairman of the Federal Reserve Bank in New York. He is a very balanced fellow. I know him, and he has done a good job. But it is a body that is highly reactive to political pressure and that group is examining the work of all the accounting firms. They did it last year and they are back this year. I talked with an audit partner the other day, not from PWC but another firm, who said that it was one of the most intense exercises he has ever been through. Not only do they have work papers from all the work you have done, they also have access to you and all your people and are able to go in and look at your own personnel file with all of your evaluations. They have total access to all of your e-mail, including your personal email. Believe it or not, that is what he told me. They basically have instructions not to come back empty-handed.
Audience reaction: That is despite what they said at their conference.
Nick Moore: Yes, despite that. Trust me. The report I heard recently was they were in Los Angeles visiting one firm and they couldn't find anything, so they expanded the scope to come up to San Jose, because you can always find something in San Jose!
They are on the job, and I think that is the good news. To the extent that they create a credible examination of the firms, that will allow trust and confidence to be rebuilt, and probably allow for a greater exercise in professional judgment because I know what they are going to find in the long run. They are going to find what they already know, and be able to communicate up the line so the politicians involved will know too. Firms really are high integrity, they go to great lengths to get it right, not that they are perfect, and that the exercise of judgment is really important in getting the job done. If you are not allowed to exercise that kind of judgment, you end up with something like 404, where people are checking the box, spending a lot of money, and there is not a lot of value added.
The one trap that the big firms are caught in is that even as this PCAOB allows greater exercise of judgment, it is not clear that the courts will agree. So they have to reconcile exercising judgment and the fact that if you go to a jury, they generally won't understand the issues but are willing to come up with big judgments.
The big point I would like to make is that if you look at it from the perspective of a 35- or 40-year-old audit partner in one of these firms, the risk-to-reward ratio is not good these days. It is not good at all. What I am seeing is that the minute they have the opportunity to leave, they are leaving. And these are the people who might not even have gray hair yet, whom you really rely on to make judgments and provide the kind of wisdom that younger people need. Until things even out a little bit, and I think they will settle out, but until that happens, there is going to be a brain drain like there has never been before. It is already occurring. It is major.
Question: I would like to ask the question that was posed by the panel to Susan, which is: How do you know if the tone at the top is perceived from the bottom? Can you give specifics on how you know that and how you measure that?
Susan Wang: In most cases, we have exposure to management. We don't just have the CEO and CFO talk with us. We do have interaction with people one or two tiers down in the organization. And you can kind of judge by the way they carry themselves, the way they present information, particularly bad news. They don't seem to be coached. You get a sense that they are open, willing to deal with it, and share their issues. Then you get a sense that it is not a very controlled, contrived arrangement.
The other thing is requiring a review of employee surveys. You get a lot of scores and see where it is skewing. Sometimes, you find that there is maybe one department that has a problem and that tends to be a management issue in that department. Maybe it is an ethical issue or maybe it is just a management issue. But if you see a lot of questions and hide-and-seek kind of behavior, then you get very uncomfortable. And it is a lot about actions - when a CEO puts out ethical behavior guidelines and then goes and wines and dines on the company's account. Then you know it is just not right
Nick Moore: I got exposure to several companies. Every quarter, they have to give a report to the audit committee on the process around complaints, not just whistleblower complaints but any kind of code of conduct, the 1-800-line and all that sort of thing. I have had people march in and be happy about the fact that there weren't any complaints. And I always ask the question: Why weren't there any complaints? Because, in general, in a large organization, you are going to have some, and often if you aren't getting them, it is because the message hasn't gotten out and people don't see that as an avenue. You have got to sort through it all. The numbers sometimes don't mean anything. They are very often just HR issues where people are trying to insulate themselves from bad evaluations and the like. The seriousness with which that's taken and the level of communication around it, in a company, can be measured to some extent by those kinds of results. I think Susan is also right about the employee surveys. What you have to do is get them to include survey questions about values and related issues and see if you can set a benchmark and begin to measure that against that benchmark, year in and year out. And because the surveys are confidential, people are quite candid.
Marty Malone: You can feel it. You can feel it in the boardroom. You know it if it is there. You can recognize when you see it.
Question: I am not really asking about whether or not YOU can tell if the "tone at the top" is the right tone. It could very well be, and it might still not get communicated to the bottom, which is not exactly the same as the second level of management.
Marty Malone: You do have to rely on employee surveys…
Nick Moore: I think it starts in the boardroom because of the processes. When you have a cascading-down certification process, it is not just the CFO and CEO who are certifying the adequacy of internal controls and the financial statements. Those certifications cascade throughout the organization. All sorts of people out there have to sign off on their level of activity and say that their piece of the program is in line. That is a huge communications opportunity. It really makes people sit up and think about what their responsibilities are. And a lot of the 404 processes, where people have to participate in paying attention to internal controls, where they become cognizant of the fact that they are part of the process personally, help them assimilate and digest what controls really mean and that they are a part of them. I think that is important.
Susan Wang: Funny thing about internal controls is that the accounting rules have changed. You cannot have reserves for every occasion any more. But the CFO who has been trained the old way still believes that he or she is responsible to make sure he she hits the numbers right on. There is a tendency of judging the CFOs competence by how well the numbers are managed. But in fact, if they are really managing the numbers so there is never ever a surprise, you really have to question, is there an ethical problem?
Marty Malone: You mean if they grow by X percent every quarter on the quarter, you know there is something wrong.
Susan Wang: Right.
Tom McCoy: Let me ask you one "tone at the top" follow-up question and then we will open it up again, because we have some legal people here. You are the audit committee, and the company has hired a new general counsel, and you are meeting that person for the first time, and you decide to have an executive session with general counsel to get to know them a little better. What are you going to tell that general counsel about your expectations for that person with respect to the effectiveness of the audit committee?
Nick Moore: We have executive sessions not just with outside auditors and not just with the internal auditors and financial management but also with counsel. And we ask them a lot of hard questions. But in terms of the effectiveness of the board and the audit committee, one of the first things, as an audit committee chairman, that I am going to tell them is this: we look at a long list of requirements here, compliance requirements, other requirements, and it is constantly changing. It is organic. Yes, we are going to look at the charter every year, but you and the CFO are responsible, from my perspective, for making sure that, at least on the compliance side, we are covering all the bases. So that when we look at that template we put together once a year, we cover all those bases. We will make sure, based upon that, that we ask all the right questions, and that we drill down, and if things need to be added based on our experience, we do that. But they are responsible for keeping us out of trouble, in that respect. That is a fairly perfunctory compliance sort of thing, but it is really important. It is hard, particular to sit on a more than a couple of boards, to make sure that you are always on that every quarter and that you have covered all the right things.
I think the general counsel is in many ways like the CFO. I look at the CFO as a high priest in the organization, maybe the philosopher king, and they both have a responsibility to speak up. The CFO now, like the auditor, has statutory responsibilities. Even the lawyers, at this point, have statutory responsibilities to speak up when they see something wrong. There was a great amount of resistance to that, by the way, in the legal community. It has to do with confidentiality, client relationship, and privilege, etc. The counsel is in a very interesting position. Often, the counsel will sit in on an executive session of the board, where we talk about management, how things are going; they are in a very trusted position. They are in there for a lot of reasons: to maintain privilege in the conversations, and to have some documentation of what you have spoken about. But there has to be a level of trust for that individual that they are not speaking inappropriately about what has been conducted in those sessions.
Marty Malone: Also, if he was new, I would expect him to tell me if I am not asking the right questions, if I am not asking enough questions.
Susan Wang: I am on different boards - large, medium, and small companies-and the environment is very different. And if it is a small company, resource-challenged and so forth, the templates that Nick was talking about to guide committees on what we should pay attention to don't even exist. So, you want to establish some of these basic procedures so that you can check the boxes on all the items, so that the audit committee can go through and say, yes we have taken care of these things.
I think, very importantly, the time allocation has to be properly addressed. Technically, audit committees meet four times a year, which is not right, because it is more like 15 times a year. But even still, it is not a lot of time to comprehend all of the issues in disclosure material. Sometimes we go off the deep end on some minor issue, and then we leave open a lot of things that are important. So, I think we can make sure that we have a very good template to follow and that we make sure that every important subject is covered and very deliberately schedule time to cover topics that are current so that we are all up-to-date on the company's business as well as accounting issues, etc.
Question: Sarbanes-Oxley requires audit committees to have a financial expert. Since Sarbanes-Oxley, we have seen a lot more committees become audit and ethics committees, audit and compliance committees. What do you think of the notion of ensuring that, in addition to the financial experts, you have a Frank Daly or somebody like Frank, a very experienced compliance officer, also on the committee to provide that kind of perspective?
Nick Moore: I think if you mean the audit committee is responsible for compliance in a regulated company environment, then I would agree with you. But often, in a regulated company environment, you have a separate committee for compliance, so it may not be necessary in the classic industrial company context.
Marty Malone: We have a committee at Countrywide with compliance as their specific responsibility. Now at some point, the failure to comply becomes an audit committee issue because it becomes an ethical issue. Fortunately, one member of the audit committee sits on the compliance committee. In a financial services company, where it is highly regulated and has lots of compliance laws like secrecy, privacy, you really have to have a second committee.
Question: My second question is: where do you know where the responsibility of the audit committee ends and the responsibility of the compliance committee or the quality committee begins?
Nick Moore: It is in the charters, and when the charters actually get approved by the committee; they go to the board. So the board has overall responsibility to lay all the charters together and make sure it is all covered and be clear about what one committee is covering and what the other isn't.
Question: My research focuses on when the person at the top sends the wrong message because he is the criminal using the corporation as, in our jargon, a weapon. You talked about reputation and being able to walk away. I was a former senior regulator and also involved in savings and loans during the crisis. We always wondered why reputation was not more effective among top professionals. We were restrained by due process. We couldn't close a place down on a rumor. We couldn't close it down because we felt the people were sleazy. But very high-ranking professionals, whose reputations were at stake, were always retained by these people. They always hired the top folks. So what goes wrong with the Bob Jaedicke of the world, at Enron, who was perfectly positioned to stop that?
Nick Moore: Actually Bob Jaedicke's name jumped into my head as you were talking, but he may not be the perfect example, because I think it was just blown by him. With all due respect to the academic community, he knows a lot about accounting. I know Bob well, and he is a wonderful guy, but he has never been in the trenches. I would prefer to have a 38-year-old audit partner with scar tissue all over his body in there, asking the questions that should have been asked at Enron about all the special-purpose entities. It was very clear in reading the book that although they really were pretty gentle on the audit committee, the right questions were not asked. I don't think he got it. This is conjecture on my part, but I don't think he really understood what the problem was. The better question in my view, is what about Vincent & Elkins? What about Citibank? What about Merrill Lynch? What about the general counsel? And of course, what about Arthur Andersen? What really saddens me is that Enron has been used, along with WorldCom, as an example of what goes on in corporate America, when I have to tell you, it is so far off the charts from anything else I have ever experienced, it is laughable. But it is what it is.
Question: It is very similar to the ones I dealt with during the savings and loan crisis.
Nick Moore: Well, you know small savings and loans that basically became captives of developers? Yes, then I would agree with you. But when you talk about multinational companies that have all sorts of processes in place, I think there are lots of people in those places, including in Enron who were trying to get it right. Now some of them, clearly, should have stepped up more than they did. But there are a lot of them that did step up and it just didn't go anywhere. So I think your question is a good one. When you see sleaze, yes it is hard sometimes because they are presumed to be honest people. You take Ken Lay. Is Ken Lay going to get convicted?
Marty Malone: He better.
Nick Moore: I don't think so. If this book is anywhere near right, he is going to get off, just like Scrushy got off.
Audience comment: The book was based mostly on interviews with Skilling, and that is why Skilling comes so innocently, which I don't believe.
Marty Malone: He is a crook. The book points out that he was stealing money.
Nick Moore: But why don't professionals or people with high integrity go the other way? I will tell you one thing, from the accounting firm standpoint, that isn't the reason that these things occur, that is consulting. As chairman of the firm, if I had gone to an audit partner and suggested that they in any way, shape, form, or matter, compromised or softened their view because we had a big consulting contract, it would have taken 3 days for me to drum it out of the firm. No questions asked. That is the culture. That is the culture at Ernst and Young.
Marty Moore: By 2000, that culture was not at Arthur Andersen.
Nick Moore: In Houston, it was not there, but I am not so sure it wasn't there with some of these people in Chicago and other places.
Question: Nick, you brought up the risk/reward ratio for auditors and the loss of them, and we had a CFO panel earlier today and the cost of SOX makes it almost untenable to think about increasing the reward part of that ratio, especially for small and medium enterprises. So my question is first, whether you as a panelist agree with that, and second, how would you reduce the risk and who should motivate that in a way that makes sense?
Nick Moore: I think there are two possible answers to that. One is to have some sort of limit of liability. You would not believe how much money is spent in these firms for what we call practice protection, which would be legal fees and settlements. In the year 2005, how would you like to take an accounting issue to a jury after what has occurred over the last two or three years? So guess what is happening? Every class action lawyer in the country is filing suits every time some stock takes a little blip. And they are extracting 5, 10, 20, 50, 100 million dollars out of accounting firms because you can't take a case to a jury. In 1997 to 2000, when I was right in the middle of all of this, we took 8 cases in a row to juries and we won 7 out of 8. We were really at the point where we were able to manage it. But now it is out of control. We need some kind of liability insulation or indemnification, or we need to take it out of the hands of juries. Have it go to a 3-person judiciary panel made up of experts who understand the issues and who are smart enough to listen to the facts and the discovery and make an informed judgment about whether there was culpability or not. That would bring down the cost incredibly. We were charging ourselves and paying out 15 percent of revenues - 15 percent of revenues just for legal costs.
Marty Malone: There is a basic problem in terms of how you keep that young partner. The thing that I liked about being a line audit partner for a lot of years was that you got to work; you got to help a client do it the right way. But you can't do that anymore; they are not allowed to. They have to go consult with national, and national makes all the decisions. They have got to get themselves involved in Sarbanes-Oxley. Well, checking all those little tiny controls is not great, fulfilling work for a person that has been in the profession for 15 or 20 years. So, I think they are going to have a problem retaining people because the job just isn't as fun anymore.
The costs are up because the accounting firms allowed themselves to commoditize an audit. I truly believe that until this whole thing happened, most audit committees thought that their biggest job was to keep the audit fee as low as possible. I remember one CEO, of course his name was Dennis, who came in to an audit committee meeting and said "I just cut my fees in half by changing auditors." Well, that doesn't help because human nature will say sooner or later you are going to do the work to fit the fee. And hopefully, we are beyond that again and we won't get there again, I hope.
One of the reasons I believe the auditors are being the way they are now is that they have this new regulator, which they really don't know. They have never been regulated like this before, and there is some tension. Even the regulators - they are looking at their job one way, and hopefully they will come to the center.
Question: Section 406, which is a little bit neglected states that a code of conduct should be those standards that are reasonably able to promote ethics and honesty and sensitivity to conflict of interest, timely reporting, and compliance with rules and regulations. Since there is a certain similarity between the way laws are written and the way Vatican documents are stated, or the ways that newspapers position pictures in stories to send other messages, do you think there is any significance in the order that ethics and honesty and sensitivity to conflict is first, timely reporting is second, and compliance is third? And if so, does that broaden greatly the role of an audit and ethics committee?
Nick Moore: I don't know if the sequence has any significance, although I would point out that the first one has a lot more leverage than the second one. I think you can take 406 and it pretty much encapsulates what the audit committee's responsibilities are. And if you look at what processes are now in place, it is intended to accomplish exactly what the statute says.
Marty Malone: You have got to remember that Sarbanes-Oxley was written because Ken Lay and Skilling and those guys got in front of the committee, held up their hands, and said, "I didn't know." And so, they drafted a law to make sure that nobody at that level could ever say "I didn't know" again.
Audience comment: That is generally why business regulatory law was drafted anyway.
Marty Malone: The 404 certification and 302 certification are 100 percent that.
Audience comment: It is interesting to note that Scrushy was actually charged under Sarbanes-Oxley.
Marty Malone: Think about how deep they had to drive this thing in the organization. They had to taint a lot of people to get them to do that. They paid them big salaries; they have nice parties, and all this other stuff. They had to corrupt more than just a handful of people to do what they did because they never made an entry that was big. They created documentation for little entries that added up.
Audience comment: I think the Scrushy case is the best argument you can make for Nick's idea that we should take these kinds of cases out of the hands of juries and hand them to experts.
Tom McCoy: Looking ahead, we had some interesting discussion today about the original SEC act, and then it was amended the next year, and then there was rabid opposition to it initially on Wall Street. Joe Kennedy came in and broke arms and legs and whatever it took to get compliance started. I think it has really been a very important characteristic to restoring the faith the world has in American security markets. So, we have got round one of Sarbanes-Oxley. Without a lot of analysis, what two or three things might really help the negatives of SOX without throwing the baby out with the bathwater?
Nick Moore: Well, I just think that the order has to be restored, and I think they are trying to do that at this point. And probably the biggest thing is legislating back risk-based judgments, and legislating back the fact that the auditors can consult with their clients to help solve problems. Both of those things were part of the SEC PCAOB promulgation that came out in the summer.
The fact that it ought to be a risk-based approach is a firm grasp of the obvious, but it took them a while to get there, and I think that we're going to feel the impact of that. But as long as these entities are under this kind of political pressure, we are not going to see it out for a couple years. That has to subside a little bit, because basically the people at the top are reacting politically. And the people who don't react appropriately (politically), like Harvey Pitt, who was the former chairman of the SEC, get skewered. So, it takes a delicate balance. It takes people, like this McDonough, and [Chris Cox] who are politically savvy who at the same time understand what their job is. People with balance like that are going to be able to get us back to where we need to get, but they can't make any dumb statements like Harvey Pitt did, like we are going to have a kinder, gentler environment.
Tom McCoy: One final overarching question for the panel and the group. We have been through the insider trading scandals and through the savings and loan crisis. It seems like every decade, there is a rather breathtaking revelation of a lapse. And every time, we've had a decline in confidence in the public and in the markets. The politicians, they make it better, and sometimes they make it worse. In our careers, we have seen cycles every decade. Are we condemned to continue to repeat this cycle or are we taking advantage of it to make some changes that are going to endure and make a difference?
Susan Wang: I personally am not optimistic. You cannot legislate honesty. People just have to be that way, to do the right things. I think that there are periods when there are excesses all around and it causes people to be more tempted. There may be corruption by osmosis. But the fact that we have Sarbanes-Oxley, the fact that we have all these certifications, does not eradicate fraud. It is going to happen.
Marty Malone: I think it makes it harder. I think at least right now, the question is whether that will taper off. You have boards that are much more engaged than they ever were. But there is always going to be a crook. Take the recent one, which by the way, I think is going to expand the Sarbanes-Oxley certification. He did not have to sign his own IPO document in terms of responsibility for the financial statements. I think that they are going to figure out how to get those certifications into a 34 act filing and that will be it.
Audience comment: There is no doubt that the bar on accountability and the consequences that go with that have been raised. So, sure there will always be fraud, but by raising the bar on accountability and consequences, inevitably things are improved from where they were.
Marty Malone: I feel somewhat conflicted when they talk about making it easier. Because where does that go? How easy does it get? I remember in the 1970s coming out of the problems in defense contracting. They put in defense industry initiatives, and said "My God, the auditors are going to have to sign off on this." And then said "Well, that's going to cost too much money," so they lowered the standard of what they auditors said. Pretty soon the auditors were doing virtually nothing because they really weren't signing much. I would hate to see that happen to the 404 certifications.
Where do you go? It may be that you need to make it better. Figure out how they write it. Do the rules and the standards make sense? Or you can cycle it-right now, they don't really let you cycle very much. I think it is going to get better as time goes on because the auditors are not going to be scared.
Nick Moore: The other thing is that the range of problems that can arise is so broad that it is really difficult. You look at this morning's paper and Mercury Interactive comes up with stock option fraud. I happen to be on a board where there was - not as egregious example as that one - but we had some issues around stock option administration. We had done a lot of drilling down; we had a first-class management team in place, looking at reserves and all the things where you normally get in trouble. Nobody looked at stock option administration, and sure enough it blows up, and we had restatements, and this year we have had over 40 audit committee meetings.
Marty Malone: The world is very complex. For accounting rules, one section could be 400 pages long. With the new stock option 123R, the Ernst and Young interpretation of it is about 450 pages long. Part of that is that everyone is looking for a bright line, so let's have a lot of rules. Rather than let's exercise judgment and do the right thing, we've got to have all these rules. It has gotten so complex I don't think anybody can close a set of books without making mistakes.
Nick Moore: We talked in the earlier session about the long arm of U.S. imposition of values, and we are doing the same thing with Sarbanes-Oxley, because a lot of people have to come to the United States to get money. Everyone here who has had any business experience knows that around the world, it is different. PWC used to publish something called the opacity index, which is basically a corruption index. I know from having operated at a global level in a large firm that the cultural differences are huge. As the relentless pace of globalization occurs, there are going to be a lot of things that come up that are going to embarrass people because they don't know about them. [They] are going to be criminally liable because we have long-arm statutes. As long as we have prosecutors out there who on the one hand are doing their jobs, but on the other hand…
Marty Malone: …Are running for another office.
Nick Moore: It is all about personal ambition and political agenda. It has got nothing to do with truth, justice, or equity. Nothing. And that is what scares the hell out of CFOs and audit partners who are also bailing out. You can do the job right, and you can still get hosed.
Marty Malone: It is interesting. The justice department threatened to put KPMG out of business on selling so-called shelters that no court of law had ever ruled on. No court of law has ever found any of those things they pleaded guilty to as illegal. But the justice department still said "we are going to indict you."
Audience comment: Or alternatively, we won't indict you if you give up half a dozen or a dozen sacrificial lambs.
Nick Moore: And those sacrificial lambs are not being given protection because of the sentencing guidelines. So it is a tough world out there.
Question: So, I am an implementer of the day-to-day ethics and compliance operations. I have to come in front of you, the audit committee and explain effectiveness. What are you looking for?
Susan Wang: I am troubled by some of the implementation I have seen that is very mechanical. Here is the rule, and we will do it this way. I asked the question just yesterday of management. We have this Sarbanes-Oxley 404 report that says we are effective and there is no question at all about weakness in a particular area. And then, I see in the internal audit report a report on a function that says it is void of controls. I said "Can you reconcile this?" There was a lot of discussion, and management insisted that, under Sarbanes-Oxley rules they were fine. I said "But you have this report that says you are totally void of controls in this whole function, how can that be?" So if you ask me how to look at it, I don't want to see reams of paper, lots of binders and rules and regulations that in the end don't achieve the job. I take a very common sense approach. Do we feel like we have a handle on it? Have we got the main issues covered? We should not just go down the list and mechanically check all the boxes.
Marty Malone: If you were responsible for ethics, I would want to know: is ethical behavior driven down? Does everybody's annual evaluation include some measure of looking at how ethically they behave? More telling, I would like to see the employees surveyed about whether they believe that the people at the top are acting ethically. To me that is more important. And if they do, I feel pretty comfortable.
Audience comment: Where's your line - 90, 95, 99, 80?
Marty Malone: I felt good because our chief ethics officer gave us a report last week that said 93 percent.
Audience comment: [Do you] believe top management is ethical?
Marty Malone: Yes.
-- END --
Nov 3, 2005
Ethics in the News
A recent collaboration with The Atlantic magazine addresses key issues in technology ethics.
An international meeting brings together business leaders and ethicists from around the globe.
How much information should the social media giant share?