Friday, January 3, 2014

Do not trust Deloitte - whistleblower edition...

I recently wrote a long letter to Deloitte about a company audited by Deloitte in which I thought there was a possibility that the accounts were fake.

I specifically told them that I was keeping the letter confidential and that they should do the same. This was explicitly a speculative letter. Moreover if the speculations were right then the company in question was controlled by criminal elements. However there was a reasonable chance that I was wrong - and so general publication - especially on this blog - was not reasonable.

Deloitte did not honor that request for confidentiality. I received this letter from Sarah Simpson, Associate General Counsel, Office of the General Counsel:

Dear Mr Hempton 
We have received your letter in which you questioned certain accounting for inventory, cash and gross margins at [company name deleted]. Since the management of the Company is responsible for preparing the company's financial statements and accurately recording transactions, we believe the questions raised in your letter should be addressed to management of the Company. Accordingly, we have forwarded a copy of your email to management and the Audit Committee of the Company. Whilst we appreciate receiving your inquiry about the Company we are precluded by professional standards from discussing client matters with anyone outside the Company. Accordingly, we will will not be able to respond directly to the questions in your email 
Sincerely

Sarah Simpson

I wrote to Ms Simpson and asked whether blowing the cover of anonymous whistleblowers was standard practice.

I was the person who wrote the letter that caused Longtop Financial Technology to implode - a major failing for Deloitte. I have previously written partially defending Deloitte for that mistake. Maybe I was too generous.

If Deloitte has integrity I suggest that they get an external partner to review the audit of the company in question. [They know what company it is...]

Normally I do not bother wasting my time with class-action lawyers. Lousy ambulance chasers in the securities arena - a wart on the capital markets. But not as much a wart as audit firms.

If and when this company blows (and it is by no means assured) up I will consider it my "professional duty" to cause Deloitte as much difficulty re this audit as possible. My material (and it is extensive) will be passed to class action lawyers and I will gratis testify against Deloitte.

Indeed I look forward to it. I also look forward to the apology from Ms Simpson's managers vis her indiscretion.





John Hempton

Post script: there are several people (including Professor Gillis) who think the auditor did what was legally required of them. My experience is that the letter I received from Deloitte is unusual - but if that is what is required of auditors I will never write to the auditor using my own name again (though I will use disclosed fake ones).

I will also - just to add insult to auditor injury - write a copy to a friendly securities class action lawyer - who will then have a leg-up on any cases - and who I suspect will treat the letter with the confidentiality it deserves - at least until confidentiality can be broken.

Anyone want to be the friendly securities class action lawyer?

25 comments:

Anonymous said...

Perhaps you should have written to an oversight body, rather than the firm's auditor. They have a duty to their paying client, not you, and it seems appropriate that they bring such a letter to the attention of the audit committee that is charged with oversight of the financials. It is not the auditors job to be a regulator or police the board. They provide an audit opinion clearly subject to representations made by management to the board. So I suggest you were barking up the wrong tree and misunderstanding the role of the company's auditor in this case.

Rahul Deodhar said...

Just checked on Sarah Simpson. She seems to be pretty senior to make such an elementary mistake. That is one hell of a blunder.

I guess you must have kept your attorney posted on this one.

Anonymous said...

I don't see how audit firms are a "wart on the capital markets". Really?

MrContrarian said...

"Dear Mr Chem Co,

I have evidence that your client, Mr Oli Garch, is using chemicals supplied by you to poison his rivals. I'm sure you don't wish to be complicit in murder.
This letter is sent in the strictest confidence.
yours..."

"Dear Whis Le Blower,
I have passed on your letter to my client Mr Garch since the use of arsenic & polonium is his responsibility. I expect his representatives will be in touch.
regards
Mr Chem Co"

Eapen Chacko said...

John,
I agree that what Deloitte did is the only path they could have taken. If you had written directly to the Chair of the Audit Committee, then it becomes more challenging for the company because per the typical audit committee charter, it would be difficult, but not impossible for them not to notify the auditor and their general counsel and to start some sort of process. Now, you are a whistleblower from the company's standpoint. It would have been entirely inappropriate for Deloitte to have started a dialogue with you, as Anonymous has said also.

Anonymous said...

Agree with comment #1. Go to SEC next time.

Anonymous said...

Deloitte did exactly what the law and professional standards required. You should have filed a whistleblower complaint with the SEC so you could have been paid, and then sent it to the chairman of the audit committee. The audit committee would be required to inform Deloitte.

But it sounds from your post that you do not have proof, only a theory, and wanted Deloitte to do your field work. It does not work that way.

Wilfried said...

An auditor should not share information about a client with an outsider any more than a priest should pass on anything learned during confession. I find it naive that you seem to have expected that Deloitte would talk to you. However, they should never have forwarded your letter to the client. That will come to haunt them, and not only if something bad happens to you because of it.

How often have you tried to alert somebody to something but were ignored?

Why do intelligent people like you still believe that auditors, regulators and all the other financial oversight bodies are more than blind, toothless dogs who usually fail to bark? And it is meant to be that way so that fools can be parted from their money more easily.

Paul Gillis said...

Deloitte could not engage in a dialogue with you as this clearly would violate client confidentiality rules. The problem with those rules is they treat the company, instead of the investors, as the client.

Deloitte cannot ignore the information that you provide them, however. They must also (unless they consider the allegations to be clearly inconsequential) inform management and the audit committee, and also the SEC if the company does not deal with the issues.

A good article on this: http://www.law.yale.edu/documents/pdf/SEA-Section_10A_Audit_Requirements-A_Play_in_Five_Acts.pdf

Absalon said...

"Go to SEC next time."

That seems to be a complete waste of time. The evidence of the last ten years is that the SEC is utterly useless. After multiple warnings they only moved against Madoff when he marched into their offices and forced his own confession on them.

I'm not an auditor but it seems to me that Deloitte should have gone back and taken further steps to verify the information being provided to them by the company without telling the company why they were doing it.

Dikaios Logos said...

I pass on commenting on Deloitte's conduct, but I will say anyone with a brain and moral sense shouldn't be too surprised that things go wrong on Deloitte's watch.

As to "going to the SEC", that is laughable. Basically the SEC is deliberately weakened by the legislative and executive branch. The staff is only allowed (budget 'issues') to pursue a single digit percentage of the cases they already KNOW are very likely to be serious. Read that previous sentence again: I've been in the stables talking to the animals. Which cases are pursued, you ask? The ones' whose pursuit harms political rivals and their associates.

I think you have done Ok, John. But I do like the idea of addressing the head of the audit committee and perhaps the whole audit commitee. It isn't perfect, but getting them worried is about as good as one can easily do.

Paul Gillis said...

While Deloitte clearly needed to pass on your information to the client, it is not so clear they had to pass on your letter. They could have protected your identity yet passed on the allegations. That would have met their legal responsibilities to the client, and their ethical responsibilities to you.

Anonymous said...

I didn't see anything in the blog that stated that Mr. Hempton wanted an individual dialogue with the auditor, so let's just stop saying that. read it again. He never asks for one. He sent a letter of his concerns, because he needs to know if Deloitte is being deceived, willfully or otherwise. These days, you know, they carry a larger burden for the things they sign off on. He made his concerns known, if for no other reason than his previous blog post. He makes no material gain from Deloitte by relaying his letter and in fact, they may have shut the door on relieving themselves of future laibilities. I look forward to both the implosion and the inevitable blog write-up. Unless of course, the company winds up being bought out by the chairman and/or a related party after a good run up. But I can't remember that ever happening...

CrocodileChuck said...

@ Anonymous @ 8:57 am

How many frauds have the 'Big 8', then 'Big Six', then 'Big 5', now 'Big 4' ever uncovered in the entire history of external audit?

(skips beat.......................

ZERO

http://en.wikipedia.org/wiki/External_auditor#Detection_of_fraud

Anonymous said...

What's your definition of "whistleblower"? I always understood that denoted an insider. Whistleblower protections protect such a person from reprisals such as being fired or demoted.

Anonymous said...

Based on other comments, seems like people assume that Bronte is asking for a dialogue but nothing directly suggests a dialogue is an issue.

If Bronte's letter is just a "I suspect certain accounts are fake, and question their validity based on research" then it seems like it makes sense that Deloitte would take this into consideration as a tip that could help avoid harm to reputation.

If Bronte asked Deloitte for additional info to prove accounts are correct, then obviously that is different.

Eapen Chacko said...

I like the "Terminal Spy" allusion in McContrarian's letter.

Carl HT said...

I agree with Absalon, and John. The underlying point is that Audit firms are a wart on the capital markets, unless they put their clients up to the test of scrutiny - surely this was their intended purpose!
Seems to me they are quite happy to be complicit... There should be more skin in the game for them, ie. if the firm misleads investors and the auditing firm doesn't pick up on it, but can be proved to have irresponsibly fact checked, they should be up for restitution to investors.

Anonymous said...

I'm with those who think Deloitte behaved in a wholly foolish and unethical manner.

First, there is a simple practical argument : if whistleblower information is passed on to clients, then no whistleblowers will come forward.

There is a second practical element : passing on information may lead to personal danger to the whistleblower. To behave in a way which leads to this outcome is morally reprehensible.

More profundly, though, there is a fundamental ethical argument. The information was provided in confidence; I am sure the letter opened with this.

*The implicit deal is - I have these concerns, they are confidential, if you want to read them, you cannot pass them on*.

If Deloitte felt such information was impossible for them to receive such information *they should have stopped at that point*.

To read the information is to accept the contract of confidentiality - so Deloitte accepted and then violated.

Anonymous said...

John, I echo what several posters point out as your gullible trust in an auditor. But I respect you greatly and will ask if this approach has worked in the past for you?

John, you have also placed undo faith in the use of a administrator, specifically Citco. I am familiar with Citco and many of their processes and processors and I doubt they could have stopped Madoff or the next Madoff. They're a money generating dream paid handsomely to rubber stamp anything that comes there way.

Anonymous said...

John, I'm curious if you mentioned your suspicion of "criminal element" in your letter to d&t? If you did, Deloitte's response is even more questionable. I'm surprised by all comments thinking john expected to have a two way dialogue w the auditor. The thought is that Deloitte explores the questionable accounts that results in some some verification of fraudulent #s (ie auditor resignation, investigation, restatement, filing delay). I would bet two bit coins the timing of the letter is closely tied to the annual audit timing --s.w.

McMike said...

Did you send any sort of evidence with your assertion? Without evidence, I could see how it would be viewed simply as a crank letter.

As for the auditors being a wart, I am not sure how you figure that. The auditors are useless, compromised, corrupt, and feckless to be sure, but to call them a wart grants them more agency than deserved. They are essentially inconsequential. One among many entities corrupted by the corporate sector to the point of irrelevance.

As for plaintiff lawyers, not sure why they earn your disdain. Your general compliant is a lack of independent oversight. In fact, tort law is the only remaining check on the industry - and so it is under heavy assault to limit it. And so, like it or not, we should be glad to have those ambulance chasers and the last only only line of recourse.

Anonymous said...

I really enjoy your blog and I think you actually do the world an incredible service. Having said that, reading this I felt insulted for my profession and couldn't hold my tongue.

As someone who has spent more than 6 years working in big four audit, including doing time at Deloitte, I think a lot of what you have said suggests you don't understand what an auditor actually does or what their responsibilities are. Understand than an auditor provides a 'reasonable assurance' opinion, not a 'certification'.

Onus falls on the board and management to issue correct accounts and respond to queries such as yours; your question should be to them. The auditor has a duty of care to their client (who pays them) first, and every single person who sends them a letter second. What if you were an unethical person? your letter could indicate a speculative attack on the company designed to derail its share price. If regulation worked how you seem to expect it would images could be conjured of fund managers wanting to delay issuing of financial statements for market reactions and then getting every private citizen they know to write a letter to the auditor suggesting a fraud may exist so the auditor would then have delay the issue and spend time investigating it... it doesn't work that way, nor should it.

What's more, you need to understand the main tool for auditing cash is bank confirmation, that is a separate confirmation from the company's bank sent directly to the auditor, meaning that if you had a fraud in cash, not only would it need to be a management fudge, the company's bank would have to be in on it too providing fraudulent or incorrect information... that's something that could only be stopped if the auditor was to audit the banks accounts as well which I'm sure you'll agree is impractical - when would it end then? Either way, if you believe cash is incorrect, you should be shorting the bank too and writing all sorts of letters to get them investigated... banks are better regulated than normal companies so you might actually get some traction there.

An auditor is always going to think the evidence they have is better than someone who is not on the inside of the company, because they've had access to everything, rather than only access to the same limited market data as everyone else, combined with their (albeit impressive) calculations. An auditor would likely only act on such information received from people who are inside the company and have all the information, not just a part of it.

Looking at it from an audit perspective, getting a letter from a hedge fund manager who specialises in shorting stocks which he believes are fraudulent, suggesting fraud may exist, has to be treated with the same level of professional skepticism as an audit and brought to the attention of the board given it could easily be perceived as a speculative threat... Noone wants to see their share price halve based on an unfounded rumour, no matter how good the guy who started the rumour is at his job.

The main mistake the audit firm made was replying to you at all. What you should have got was a one line boilerplate response telling you to take your questions to management.

The audit profession does more good than you realise or know, but it can't do everything.

Anonymous said...

Sorry one more thing... you mentioned 'an external partner should review it' - it is standard practice for big four firms to have a 'Quality Reviewer' on listed clients, that is, do exactly what you are suggesting should happen.

String said...

Presumably by forwarding the letter to the company then there is a chance that a tipping off offence was committed under money laundering laws?

General disclaimer

The content contained in this blog represents the opinions of Mr. Hempton. You should assume Mr. Hempton and his affiliates have positions in the securities discussed in this blog, and such beneficial ownership can create a conflict of interest regarding the objectivity of this blog. Statements in the blog are not guarantees of future performance and are subject to certain risks, uncertainties and other factors. Certain information in this blog concerning economic trends and performance is based on or derived from information provided by third-party sources. Mr. Hempton does not guarantee the accuracy of such information and has not independently verified the accuracy or completeness of such information or the assumptions on which such information is based. Such information may change after it is posted and Mr. Hempton is not obligated to, and may not, update it. The commentary in this blog in no way constitutes a solicitation of business, an offer of a security or a solicitation to purchase a security, or investment advice. In fact, it should not be relied upon in making investment decisions, ever. It is intended solely for the entertainment of the reader, and the author. In particular this blog is not directed for investment purposes at US Persons.