Professional Services Monitor: Today

Our 2009 Big Four Annual Report is now available for immediate purchase and download. More information at www.amesrgi.com/products_annualreport.asp

Mark Olsen, chair of the PCAOB since June 2006, announced his resignation effective then end of July.

Mark Olson, chairman of the Public Company Accounting Oversight Board, said he is resigning his post at the end of July, but did not elaborate on the reasons.

In a letter of resignation, Olson, 66, simply said, “The decision is entirely personal and reflects my desire at this time of life to establish new priorities.”

Olson was named PCAOB chairman on June 26, 2006, after serving on the board of governors of the Federal Reserve. The resignation will take effect after more than three years of service in the job, on July 31, 2009.

He was appointed by the SEC to run the board, which inspects accounting firms that perform audits on public companies. The PCAOB is also slated to begin inspecting accounting firms that audit non-public broker-dealers, such as the three-person accounting firm that audited Bernard Madoff’s investment management firm.

A study conducted by two accounting professors at North Carolina State University on the SEC’s pilot XBRL program found significant flaws in the data.  The study examined filings submitted by 22 companies during the SEC’s voluntary program, and raises concerns about data quality ahead of the mandatory XBRL filing deadline for the largest 500 companies, beginning with quarter-ending June 15, 2009.

But, while the XBRL concept is promising, the study from NC State found that reports from companies that participated in the voluntary pilot program contained multiple errors. “They were poorly tagged,” [Dr. Eileen] Taylor says, “and there were fundamental errors of accounting. One report, for example, contained too many zeros – turning millions into billions.” In their abstract, the researchers note that “These errors are serious because since XBRL data is computer-readable, users will not visually recognize the errors, especially when using XBRL analysis software.” In other words, users won’t be able to spot that something is wrong.

The study, “A Comparison of XBRL Filings to Corporate 10-Ks – Evidence from the Voluntary Filing Program,” examined XBRL filings by 22 companies that participated in the SEC’s voluntary pilot program in 2006. The study was co-authored by Taylor, Drs. Al Y. S. Chen and Jon Bartley, who are both professors of accounting at NC State. The study will be presented at the American Accounting Association Annual Meeting being held in New York City, Aug. 2-5.

Savvis, a “IT infrastructure services” provider, is being sued after issuing a clean security audit to CardSystems Solutions in 2004, three months before CardSystems was hacked and compromised.  Wired’s Threat Level blog calls this the first such suit against a security auditing firm.

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.

In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.

More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.

They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies.

The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards.

Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secure and trustworthy. Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company’s system was underway.

A Visa executive told an audience earlier this month that the companies were not compliant, though auditors certified they were. “No compromised entity has yet been found to be in compliance with [the standards] at the time of the breach,” she said.

In the CardSystems case, Merrick Bank, which is based in Utah and services 125,000 merchants, sued Savvis last year in Missouri. Merrick says Savvis was negligent in certifying that CardSystems was compliant. The case was moved to Arizona five months ago but only recently assigned a judge, allowing the suit to finally move forward.

We wrap up the March to April proxy statement busy season with three more lists of audit fees, as a follow-up to our earlier post. We again look at largest increases and decreases from FY2007 to FY2008, and we’ve added a third list of the 10 largest total audit fees.

These 30 companies were taken from about 2400 proxies filed during March and April, 2009. The average increase in this group was about 10.0%.

PricewaterhouseCoopers clients had an average increase of 8.9%. The three of the four largest audit fees-paid in FY2008 belong to PwC clients: JP Morgan Chase, Goldman Sachs Group and Bank of America. With the large acquisitions made by each of these three companies in the second half of 2008, one might expect that audit fees increases ought to be even larger in FY2009.  Net, audit fees increased for this group of PwC clients by about $6.5 million.

(more…)

WolframAlpha is a new search engine—”computational knowledge engine: it generates output by doing computations from its own internal knowledge base”—from Wolfram Research,. which debuted over the weekend. The Internet is alive with discussion of WolframAlpha being a Wikipedia killer and an alternative to Google.
While I personally have no interest in feeding the Wolf with mathematical minutiae, I did have a look at it’s treatment on public company data. Using General Electric as an example, WolframAlpha quickly produces a page of about 10 boxes, starting with current stock quote and fundementals (or ratios, or balance sheet, or quarterly cashflow), down to projections and daily returns compared to the S&P 500. Data is not limited to mega-cap companies, like IBM or Wal-Mart, but also smaller companies such as Meridian Biosciences and Isilon Systems. It did not, however, generate data on hometown favorites, Pyramid Breweries and Craft Brewers Alliance (formerly Redhook).
Furthermore, WolframAlpha can also combine most of an individual company’s data with another in a quick comparison.

Institutional Investor Magazine has released a study ranking investor relations departments based on surveying buy-side and sell-side portfolio managers and analysts.  While the online article doesn’t provide the exact questionnaire used, it appears that they essentially asked these analysts which companies were forthcoming and helpful in their investor relations functions.

Winners are divided by category and sector. For example, in the Financial Institutions category, Large-Cap Banks sector, JPMorgan Chase, Citigroup, and Bank of America go 1-2-3 among buy-side analysts.

Two more lists have been added to our Auditor Market Share Lists.  These lists provide the 10 companies with the largest increases and decreases in total audit fees, among proxy filers in March 2009.

These 20 companies were taken from more than 1000 proxies filed during March.  The average increase in this group was about 6.1%.

KPMG clients, for one, have an average increase of 10.9%.  Boise Inc., a KPMG client, had the largest increase in fees at more than 1500% between FY2007 and FY2008, although McGladrey was Boise’s auditor for FY07.  Furthermore, as Hoovers.com notes, Boise Inc. “was formed in 2008 when Aldabra 2 Acquisition Corp. purchased the paper and packaging assets of Boise Cascade.”  Synovus Financial was the KPMG client with the largest decrease, -60%.

(more…)

KPMG is being sued for “no less than $1 billion in compensatory and consequential damages” by the bankruptcy trustee for New Century Financial.

The trustee overseeing the bankruptcy of subprime lender New Century Financial Corp. filed suit against its auditor, KPMG LLP, claiming that “reckless and grossly negligent audits” helped accelerate the firm’s collapse two years ago.

The lawsuits filed Wednesday said that specialists at KPMG tried to point out errors in New Century’s financial statements but were silenced by the KPMG partner in charge of the audits “to protect KPMG’s business relationship with, and fees from, New Century.”

Francine McKenna, of Re: The Auditors fame, is quoted in the story, saying that if the suit is successful, “it may embolden others to look more closely at the possibility of bringing [accounting] firms to some level of culpability for the things that happened” that led to the credit crisis.

KPMG spokesman Dan Ginsburg said, “KPMG acted in accordance with professional standards in New Century, and we will vigorously defend our audit work. Any implication that the collapse of New Century was related to accounting issues ignores the reality of the global credit crisis. This was a business failure not an accounting issue.”

New Century disclosed a total of $10.4 million in fees between fiscal 2002 and 2005.

OpenID, a login framework “eliminates the need for multiple usernames across different websites,” is now supported on amesrgi.com for commenters.

OpenID allows users to login with a GMail, Yahoo, Wordpress.com, or Blogger account, among others.