A Lesson from the Accounting Profession: Don’t Cheat on the Ethics Test

SEC Order

Accounting, like many professions, requires practitioners to regularly demonstrate competence and familiarity with relevant knowledge and practices.  One requirement for Certified Public Accountants (CPAs) is to take an on-line, multiple-choice test covering professional ethics.  Sounds easy but the passing grade is relatively high so it’s not a slam dunk.  Some Ernest & Young (EY) audit accountants found it was easier to pass if they cheated by using answer keys and sharing the keys with their colleagues.  They were eventually caught and got into big trouble with the U.S. Securities and Exchange Commission (SEC).  Following is a summary of the scandal as it evolved over time per the SEC order* and our view on what the incident says about EY’s culture.

During 2012-15, some EY employees were exploiting weaknesses in the company’s test software to pass tests despite not having a sufficient number of correct answers.  EY learned about this problem in 2014.  In 2016, EY learned that professionals in one office improperly shared answer keys.  EY repeatedly warned personnel that cheating on tests was a violation of the firm’s code of ethics but did not implement any additional controls to detect this misconduct.  The cheating continued into 2021.

In 2019 the SEC discovered cheating at another accounting firm and fined them $50 million.  As part of the SEC’s 2019 investigation, the agency asked EY if they had any problems with cheating.  In their response, EY said they had uncovered instances in the past but implied they had no current problems.  In fact, EY management had recently received a tip about cheating and initiated what turned out to be an extensive investigation that by late 2019 “confirmed that audit professionals in multiple offices cheated on CPA ethics exams.” (p. 6)  However, EY never updated their response to the SEC.  Eventually EY told the Public Company Accounting Oversight Board (PCAOB)** about the problems, and the PCAOB informed the SEC – 9 months after the SEC’s original request for information from EY.

In the U.S., the relationship between government regulators and regulated entities is based on the expectation that communications from the regulated entities will be complete, truthful, and updated on a timely basis if new information is discovered or developed.  Lying to or misleading the government, either through commission or omission, is a serious matter.

Because of EY’s violation of a PCAOB rule and EY’s misleading behavior with the SEC, the company was censured, fined $100 million, and required to implement a host of corrective actions, summarized below.

Review of Policies and Procedures

“EY shall evaluate . . . the sufficiency and adequacy of its quality controls, policies, and procedures relevant to ethics and integrity and to responding to Information Requests” (p. 9)  In particular, EY will evaluate “whether EY’s culture [emphasis added] is supportive of ethical and compliant conduct and maintaining integrity, including strong, explicit, and visible support and commitment by the firm’s management” (p. 10)

Independent Review of EY’s Policies and Procedures

“EY shall require that the Policies and Procedures IC [Independent Consultant] conduct a review of EY’s Policies and Procedures to determine whether they are designed and being implemented in a manner that provides reasonable assurance of compliance with all professional standards . . . . EY shall adopt, as soon as practicable, all recommendations of the Policies and Procedures IC in its report. . . . EY’s Principal Executive Officer must certify to the Commission staff in writing that (i) EY has adopted and has implemented or will implement all recommendations of the Policies and Procedures IC in its report . . .” (pp. 10-12)

Independent Review of EY’s Disclosure Failures

“EY’s Special Review Committee shall require that the Remedial IC conduct a review . . . of EY’s conduct relating to the Commission staff’s June 2019 Information Request, including whether any member of EY’s executive team, General Counsel’s Office, compliance staff, or other EY employees contributed to the firm’s failure to correct its misleading submission.” (p. 12)  Like the Policies and Procedures review, EY must adopt the recommendations in the Remedial IC Report and EY’s Principal Executive Officer must certify their adoption to the SEC.

Notice to Audit Clients, Training, and Certifications

“Within 10 business days after entry of this Order, EY shall provide all of its issuer audit clients and SEC-registered broker-dealer audit clients a copy of this Order. . . . all audit professionals and all EY partners and employees who, at any time prior to March 3, 2020, were aware (i) of the Division of Enforcement’s June 19, 2019 request, (ii) of EY’s June 20, 2019 response, and (iii) that an employee had made a tip on June 19, 2019 concerning cheating shall complete a minimum of 6 hours every 6 months of ethics and integrity training by an independent training provider . . . . EY’s Principal Executive Officer shall also certify that the training requirements . . . have been completed.” (pp. 14-15)

Our Perspective

A company’s culture includes the values and assumptions that underlie daily work life and influence decision making.  What can we infer about EY’s culture from the behavior described above?

First, what managers did after they discovered the cheating – issuing memos and waving their arms – did not work.  Even if EY terminated some employees, perhaps the worst offenders or maybe the least productive ones, EY did not make their testing process more robust or secure.

Second, senior leadership has not suffered from this scandal.  There is no indication any senior managers have been disciplined or terminated because of the misconduct.  The head of EY’s U.S. operations left at the end of her 4-year term, but her departure was apparently due to a disagreement with her boss, EY’s global chief executive. 

Third, there has been no apparent change in the employees’ task environments, e.g., their workload expectations and compensation program.

Conclusion: EY management tolerated the cheating because their more important priorities were elsewhere.  It’s safe to assume that EY, like other professional service firms, primarily values and rewards technical competence and maximizing billable hours.

We see two drivers for possible changes: the $100 million fine and the mandated review by “Independent Consultants.”  (EY’s self-review will likely be no more useful than their previous memos and posturing.)

What needs to be done? 

To begin, senior leadership has to say fixing the cheating problem is vitally important, and walk the talk by adjusting company practices to reinforce the task’s importance.  Leadership has to commit to a company corrective action program that recognizes, analyzes, and permanently fixes all significant company problems as they arise – not after their noses are rubbed into action by the regulator.  

In addition, there have to be visible changes in the audit professionals’ task environment.  The employees need to get work time, in the form of unbilled overhead hours, to prepare for tests.  The compensation scheme needs to add a component to recognize and reward ethical behavior – with clients and internally.  The administration of ethics tests needs to be made more secure, on a par with the accounting exams the employees take.

*  Securities and Exchange Commission, Other Release No.: 34-95167 Re: Ernst & Young LLP (June 28, 2022).  All quotes in our post are from the SEC order.  There is also an associated SEC press release.

**  The Public Company Accounting Oversight Board establishes auditing and professional practice standards for registered public accounting firms, such as EY, to follow in the preparation of audit reports for public companies.  PCAOB members are appointed by the SEC.

Guiding People to Better Decisions: Lessons from Nudge by Richard Thaler and Cass Sunstein

Safetymatters reports on organizational culture, the values and beliefs that underlie an organization’s essential activities.  One such activity is decision-making (DM) and we’ve said an organization’s DM processes should be robust and replicable.  DM must incorporate the organization’s priorities, allocate its resources, and handle the inevitable goal conflicts which arise.

In a related area, we’ve written about the biases that humans exhibit in their personal DM processes, described most notably in the work by Daniel Kahneman.*  These biases affect decisions people make, or contribute to, on behalf of their organizations, and personal decisions that only impact the decision maker himself.

Thaler and Sunstein also recognize that humans are not perfectly rational decision makers (citing Kahneman’s work, among others) and seek to help people make better decisions based on insights from behavioral science and applied economics.  Nudge** focuses on the presentation of decision situations and alternatives to decision makers on public and private sector websites.  It describes the nitty-gritty of identifying, analyzing, and manipulating decision factors, i.e., the architecture of choice. 

The authors examine the choice architecture for a specific class of decisions: where groups of people make individual choices from a set of alternatives.  Choice architecture consists of curation and navigation tools.  Curation refers to the set of alternatives presented to the decision maker.  Navigation tools sound neutral but small details can have a significant effect on a decider’s behavior. 

The authors discuss many examples including choosing a healthcare or retirement plan, deciding whether or not to become an organ donor, addressing climate change, and selecting a home mortgage.  In each case, they describe different ways of presenting the decision choices, and their suggestions for an optimal approach.  Their recommendations are guided by their philosophy of “libertarian paternalism” which means decision makers should be free to choose, but should be guided to an alternative that would maximize the decider’s utility, as defined by the decision maker herself.

Nudge concentrates on which alternatives are presented to a decider and how they are presented.  Is the decision maker asked to opt-in or opt-out with respect to major decisions?  Are many alternatives presented or a subset of possibilities?  A major problem in the real world is that people can have difficulty in seeing how choices will end up affecting their lives.  What is the default if the decision maker doesn’t make a selection?  This is important: default options are powerful nudges; they can be welfare enhancing for the decider or self-serving for the organization.  Ideally, default choices should be “consistent with choices people would make if they all the relevant information, were not subject to behavioral biases, and had the time to make a thoughtful choice.” (p. 261)

Another real world problem is that much choice architecture is bogged down with sludge - the inefficiency in the choice system – including barriers, red tape, delays, opaque costs, and hidden or difficult to use off-ramps (e.g., finding the path to unsubscribe from a publication).

The authors show how private entities like social media companies and employers, and public ones like the DMV, present decision situations to users.  Some entities have the decider’s welfare and benefit in mind, others are more concerned with their own power and profits.  It’s no secret that markets give companies an incentive to exploit our DM frailties to increase profits.  The authors explicitly do not support the policy of “presumed consent” embedded in many choice situations where the designer has assumed a desirable answer and is trying to get more deciders to end up there. 

The authors’ view is their work has led to many governments around the world establishing “nudge” departments to identify better routes for implementing social policies.

Our Perspective

First, the authors have a construct that is totally consistent with our notion of a system.  A true teleological system includes a designer (the authors), a client (the individual deciders), and a measure of performance (utility as experienced by the decider).  Because we all agree, we’ll give them an A+ for conceptual clarity and completeness.

Second, they pull back the curtain to reveal the deliberate (or haphazard) architecture that underlies many of our on-line experiences where we are asked or required to interact with the source entities.  The authors make clear how often we are being prodded and nudged.  Even the most ostensibly benign sites can suggest what we should be doing through their selection of default choices.  (In fairness, some site operators, like one’s employer, are themselves under the gun to provide complete data to government agencies or insurance companies.  They simply can’t wait indefinitely for employees to make up their minds.)  We need to be alert to defaults that we accept without thinking and choices we make when we know what others have chosen; in both cases, we may end up with a sub-optimal choice for our particular circumstances. 

Thaler and Sunstein are respectable academics so they include lots of endnotes with references to books, journals, mainstream media, government publications, and other sources.  Sunstein was Kahneman’s co-author for Noise, which we reviewed on July 1, 2021.

Bottom line: Nudge is an easy read about how choice architects shape our everyday experiences in the on-line world where user choices exist. 

 

*  Click on the Kahneman label for all our posts related to his work.

**  R.H. Thaler and C.R. Sunstein, Nudge, final ed. (New Haven: Yale University Press) 2021.