17 Corporate Crime Reporter 22(10), June 2, 2003

INTERVIEW WITH HILARY KRANE, ASSISTANT GENERAL COUNSEL, PRICEWATERHOUSECOOPERS, SAN FRANCISCO, CALIFORNIA

On May 15, PricewaterhouseCoopers took out full page ads in the nation's leading newspapers with the blaring headline: "The Dark Cloud of Corporate Fraud."

The ad leads with this: "Fraud extends beyond the few who commit it. It extends beyond the company that is damaged and the investors whose savings are devastated. Fraud touches every public company and every investor in that it creates a shadow of doubt and uncertainty. Can anyone be trusted?"

Within days of the ad running, the public learns that the big accounting firm will pay $1 million to settle charges brought by the Securities and Exchange Commission (SEC) that it engaged in improper professional conduct in connection with its audit of SmarTalk TeleServices, Inc.'s year-end 1997 financial statements. (See "The Dark Cloud of Corporate Fraud: PricewaterhouseCoopers Pays $1 Million to Settle SEC Lawsuit," 17 Corporate Crime Reporter 21(3), May 26, 2003)

SmarTalk, a now-bankrupt provider of pre-paid telephone cards and wireless services, filed with the Commission an annual report on Form 10-K, which contained materially false and misleading financial statements. Those financial statements were audited by PricewaterhouseCoopers.

The SEC found that PwC, through Philip Hirsch, formerly with PwC and the engagement partner on the audit, failed to comply with Generally Accepted Auditing Standards in the conduct of its audit.

In addition, the SEC found that in late July 1998, after the audit was completed and after Hirsch left the firm, PwC identified potential issues with SmarTalk's 1997 financial statements and its audit and became aware of a class action-shareholder lawsuit alleging accounting fraud against SmarTalk.

The SEC alleged that PricewaterhouseCoopers, with the knowledge of several PwC partners with firm-wide responsibility, made revisions to its working papers.

The accounting firm voluntarily produced documents to the SEC in February 1999 that included listings of computer files showing that certain working paper files had been accessed in early August 1998, but PwC did not tell the staff until November 1999, that some working papers and other documents relating to PwC's audit report had been revised, created and discarded.

The SEC censured PwC for engaging in "improper professional conduct" within the meaning of Rule 102(e) of the SEC's Rules of Practice by virtue of its failure to adequately audit a $25 million restructuring reserve established by SmarTalk at fiscal year-end 1997 and to adequately audit amounts charged against the restructuring reserve at year-end 1997.

Without admitting or denying the SEC's findings, PricewaterhouseCoopers agreed to pay $1 million.

"The Dark Cloud of Corporate Fraud" ad is part of a multi-million dollar ad campaign being run by the big accounting firm to "close the expectation gap" -- the gap between what the public perceives as the auditor's duties -- and what those duties actually are.

To gain some insight into the campaign, we called on Hilary Krane. Krane is an assistant general counsel in the firm's San Francisco office.

We interviewed Krane on May 27, 2003.

CCR: What is your current position?
KRANE: I'm an assistant general counsel at PricewaterhouseCoopers.

CCR: How long have you been there?
KRANE: Nine years.

CCR: What were you doing before that?
KRANE: I was a litigation associate at Skadden, Arps in Chicago, and then briefly in San Francisco.

CCR: What law school did you graduate from and in what year?
KRANE: University of Chicago in 1989.

CCR: What is your work at Pricewaterhouse?
KRANE: I am a counselor to the practice. That means I give legal advice to our partners and professionals in the field in connection with their discharge of their professional responsibilities. I also give advice to the management of the firm about a number of matters, including regulatory matters. Any partner in the firm who ran into a difficult situation with legal implications in doing their job could call me to get advice and counsel on how to proceed.

CCR: People were taken by this ad campaign. What is the genesis of it?
KRANE: The senior partner of our firm, Dennis Nally, determined that to respond to the lack of trust in the market, it was important for our firm to step forward and show the market that we get that there is a lack of confidence and that we are determined to address it.

At Mr. Nally's direction, several partners came together to try to identify areas where there is an expectation gap between the public perception of what an auditor does and what we actually do.

In many of those areas historically, the firms and the profession generally has relied on explaining what our professional standards do not require of us. In many respects, that is perfectly appropriate and must be done so that people have a shared understanding. But in other areas, that may not be the right answer, and we should examine whether there were other things we could do to address the potential shortcomings other people were perceiving in the delivery of our services.

This led to a dialogue in our firm about all sorts of issues. The fruits of that dialogue you see in the ad campaign.

CCR: What do you call this project?
KRANE: Closing the expectation gap.

CCR: It is also known as "building trust," and on the web site there is a section called "stand and be counted." Do you believe that the public has too high an expectation as to what accounting firms can deliver?
KRANE: It depends on what you mean by the public. There are some people who believe that an audit opinion is a statement that the financial statements are right and there is no fraud.

In fact, an audit opinion is a statement that the auditor has undertaken appropriate procedures to look at the financial statements and determine that they are materially correct. But that itself is not a guarantee against fraud nor against immaterial error at the margin.

Historically, that has been a large gap. It would be wrongheaded to try to close that gap by saying -- an auditor will perform to the level of the expectations of an uninformed member of the public and say -- these financial statements are right to a tee. That is not possible without testing every transaction, which is too expensive to ultimately be worth it.

Having said that, we have reached the conclusion that auditors can do more proactively to try to detect and deter fraud. And though you will never be able to accomplish that 100 percent, you can make some adjustments in approach and mindset that could hopefully increase the likelihood of detecting it, and in all events, increase the likelihood of deterring it.

CCR: How much are you spending on the ad campaign?
KRANE: I can't give you that number. I don't know it.

CCR: You are taking out full page ads in major newspapers around the country. How many different ads are there?
KRANE: I believe we are on number nine. They each have a different title and different ad copy.

CCR: One of the recent ones was "The dark cloud of corporate fraud." It says that "an obvious deterrent to fraud is severe criminal punishment for those found guilty of such acts. An equally productive answer might be to better understand the conditions that permit fraud and detect those conditions before fraud can occur and potentially destroy entire market capitalization of companies."

A cynic would say that this is just pure public relations. You have to look beyond the words to the actions of the company.
KRANE: The ad campaign is an attempt to create and foster public dialogue on these subjects that we think are of great importance. But that is not all we are doing. Our efforts internally were not designed to generate an ad campaign. They were designed to assess our own behavior and the behavior of other players in the financial reporting model, and determine those areas where we could effectively add value and increase the value of the services we bring to our clients and therefore to the public.

So, in connection to the fraud, you see the ad campaign talking about that, but that is coupled with a major internal initiative that goes to addressing our procedures for auditing in connection with fraud, our internal training and the resources we make available in order to increase the possibility we can detect and deter fraud, even while we recognize that we are never going to be in a position to prevent it entirely.

There is much behind the ad campaign going on within the firm to make real the concepts that we talk about in the advertorials.

CCR: Your firm last week paid $1 million to settle a Securities and Exchange Commission enforcement action. The SEC alleged that the firm destroyed and altered documents with the knowledge of several top partners.

Some might look at that and say -- well, in your ad you say that sometimes criminal prosecution is the way to deter fraud. There has been criticism of this settlement and others that the SEC is handling this with traditional slap on the wrist fines and consent decrees, when in fact these kinds of cases call out for criminal investigation and prosecution where needed. It is the kind of action that led to a criminal prosecution in Andersen, so why not a criminal prosecution here.

That's what leads to the cynicism. You are saying one thing in the ads, and another with your actions.
KRANE: I was not the lawyer principally responsible for negotiating that settlement, so I cannot provide a great deal of insight on it. I am concerned about a suggestion that this is the same type of conduct that took place at Andersen. As the SEC order itself emphasizes, there was no ongoing investigation and PricewaterhouseCoopers was not subject to any subpoenas at the time that the activities in that case took place. It was a matter that took place five years ago that we were sanctioned only last week. I would not want to create or let stand a misapprehension, if there is one in the marketplace, about a similarity between the two situations.

Obviously, the Commission is a responsible actor. It determined, based on the totality of the facts that it saw, that entering into an settlement was appropriate, and more significant sanctions would not be appropriate in light of the facts of that case.

You really have to be careful about looking the facts of that particular case and not labeling a case based on one or two facts taken in isolation.

CCR: But generally, there has been criticism of enforcement officials in this area, bringing these types of SEC consent decrees where the company neither admits nor denies violating the law, where there is a minimal fine. And there is a double standard between the way we treat street crimes and the way we treat corporate and white collar wrongdoing. They agree with your ads, than an obvious deterrent to fraud is severe criminal punishment to those found guilty of such acts.

So, you have been running ads since last fall. And then you have this headline of PricewaterhouseCoopers settling an SEC action by paying $1 million. It comes at a bad time, don't you think?
KRANE: The two are not really related. As I've mentioned, the matter pending in front of the SEC had been pending for five years. It came to its conclusion last week. Really, we look at that as something where we are putting an end to that matter. Firms have a variety of matters pending at any particular time. That was one specific factual situation.

Our ad campaign is talking about our firms direction going forward -- what we are doing internally, and what others in marketplace could do along with us in order to enhance the market's credibility.

CCR: Well, when one of your clients makes false statements, that seems to be relevant to the market's credibility.
KRANE: There was no allegation of fraud by Pricewaterhouse.

CCR: By your client.
KRANE: I am not sufficiently familiar with the facts of that case to get into the details of it. There were errors in the financial statements, but I do not believe that there was any finding of fraud on the client's part, but I do not know the answer to that question.

CCR: Well, there wasn't a finding, because in these consent decrees, the SEC allows the defendant to neither admit nor deny the allegations. But the SEC alleged that they filed a form 10-K that contained materially false and misleading financial statement.
KRANE: That there was an error in the financial statements is unquestionably true.

CCR: Not an error -- materially false and misleading financial statements.
KRANE: When there is a material error in the financial statements, they are per se false and misleading. I just want to make sure that we are careful here about the distinctions between erroneous financial statements and fraudulent statements. There is still and always will be the potential that people create financial statements that are not accurate without undertaking a fraud.

I do not know enough about this situation to know which camp it fell into. You seem to be suggesting that you see this big settlement, and it was clearly in connection with a fraud, and the settlement was a slap on the wrist, and isn't that inconsistent with what we are saying.

What we are saying is that every situation needs to be evaluated on its merits. But when it is justified, serious enforcement makes sense. And you have seen an uptick in enforcement -- certainly an uptick in the activities that the Department of Justice and the U.S. Attorneys working together with the SEC to move quickly on some of the big fraud cases that have come to light in the recent past. That's a positive thing.

I can't bring that down to the specifics of a single matter in which neither you or I are experts in the facts and say how that plays out.

Nothing in our ad campaign should ever suggest anything other than that every factual situation should be evaluated on its merits. Clearly serious enforcement and punishment will only be an effective deterrent when it is applied justly and after people have the ability to defend themselves with due process. We shouldn't be throwing people in jail for making errors in judgment. We should be throwing people in jail, or giving them very serious fines, for intentionally misleading the public.

CCR: Of the big fraud cases that have made the headlines recently, which ones would you say would be a candidate for seriously criminal enforcement?
KRANE: I'm not going to speak to who I think should go to jail without knowing any of the facts. But I can tell you that there are situations where it is clear by their actions that members of management set out to engage in transactions that did not have an economic basis or were completely fraudulent, or they collude with others to create documentation that does not accurately reflect the business of the company. When that occurs, it is clearly fraud. When someone makes a judgment that ends up being wrong, in the application of an accounting principle to a complex set of facts, you can still get it wrong without having committed a fraud.

The SEC and the government investigators who are involved in these cases, are looking for exactly those kind of distinctions so that they can satisfy themselves that they are taking appropriate action against wrongdoers, while at the same time they are not bringing criminal sanctions to bear against individuals where there is no evidence of intentional wrongdoing. That will always be an important distinction.

CCR: Since we are not naming names then, of the current wave of corporate failures, how much of this do you believe is caused by crime as opposed to poor judgments?
KRANE: There is a fair degree of crime. But I'm not familiar with all of these situations. I know what I read in the paper. There were clearly people who were doing things that they knew to be wrong at the time they were doing them. However, I'm nowhere near close enough to any of the facts to separate that out on any kind of percentage basis or case-by-case basis. It is important to get close to the facts. Because there is a mistake does not mean that there was fraud. Sometimes there clearly is fraud, and sometimes there clearly is not fraud. And that is just what the SEC enforcement division, the Department of Justice and the U.S. Attorneys spend their time on -- trying to separate situations where there is intentional wrongdoing from those where there is not.

That makes the enforcement mechanism meaningful. If you are not going to make those distinctions, you are not providing an effective deterrent. You are saying -- regardless of criminal intent, we are going to punish you as a criminal. And that just not how our system has ever worked.

CCR: The Wall Street Journal ran an article today titled "Accounting Firms Attempt to Dispel the Cloud of Fraud." It points out that many of the largest accounting scandals in recent years, including HealthSouth, Xerox, Waste Management, involved instances where the auditors were tipped off or otherwise alerted to possible shenanigans, but failed to investigate deeply enough.

What is your firm's procedures for finding and rooting out fraud? And second, when you find it, what do you do?
KRANE: We take anonymous tips and whistleblower letters quite seriously and follow up on them in a myriad of different ways. And I have to say there is no single way that would be appropriate. It would depend on the nature of the allegation and the nature of the company. There may be various ways to go at it.

As part of our new fraud program, we seek to determine which clients have red flags, causes for concern, that would make one say -- based on what we know, this client has a higher risk profile for potential fraud than other clients, and therefore we ought to set our scoping and testing accordingly.

There are different ways of doing that. Analyzing journal entries, doing wider and deeper interviews of people at the company, going outside of traditional chains of reporting, having unexpected questioning of different people at different levels to determine whether there are cultural elements that would indicate risks of fraud.

Doing what are called "disaggregated analytics" -- looking at the components of the financial statements from many different views, to see if they make sense in light of the companies business or market conditions, or whether there are areas where there appear to be unusual activity that could be markers for fraud, that could move the company into a higher risk category.

You take all of that information and determine whether you have a client who is at a higher risk of fraud. And if you do, then at that point, we would bring in our firm fraud specialists, who have been specially trained and have a background in forensic accounting, to help us assess our scope and testing and make sure that we feel comfortable that we are doing the right amount of testing appropriate to the risk level presented by the client.

If you have a confirmed letter from a whistleblower, or your procedures give you evidence that make you concerned that the risk is borne out, and you have actual evidence that fraud is ongoing, then you would be likely to bring in forensic auditing teams and really let them loose.

At that point, you are communicating with the audit committee of the board of directors of the client, and enlisting them as your allies in addressing the issue. It is their responsibility, ultimately to direct that effort. Certainly, from an audit standpoint, we would go very deep once fraud is discovered to make sure we have a full understanding of the scope of it, that the company has appropriately addressed the situation, that they have taken appropriate remedial action, that they have addressed their controls and their personnel issues, to prevent recurrence.

In all of those activities, the outside auditor will be working hand in hand with the audit committee to make sure all the appropriate steps have been taken.

CCR: What about calling in law enforcement?
KRANE: Usually, when you discover something of this nature, the audit committees will get in touch with the SEC, as the situation is going to have an impact on their financial statements. The external auditor has duties of client confidentiality. Our obligation is to get it to the right level of the board to then ensure they take the right action, not for us to go outside of that channel directly to law enforcement.

Clearly, when we believe that something very serious is going on, it doesn't take much to get the attention of the audit committees to get them and their counsel to engage in what is the appropriate way to address it. That involves early notice to the SEC in getting them up to speed.

CCR: In the SmarTalk case, who called the SEC?
KRANE: I don't know.

CCR: The Journal translates your "closing the expectation gap" campaign as: the public shouldn't rely on us to keep the companies honest.

The chairman of your company says this -- the auditor is responsible for a fair presentation of the financials, but the auditor is not responsible for detecting fraud.

I thought you just described your company's program for detecting fraud?
KRANE: No auditor is ever going to be able to detect and deter all fraud. The auditing standards don't make that our responsibility. The framework of corporate governance doesn't make that our responsibility.

And there is good reason. There is no effective way to do it in 100 percent of the cases. That is a job more appropriately left to the management of the company, under the oversight of the board, in framing appropriate internal controls and setting the tone at the top.

That doesn't mean the auditor has no role. If the auditor discovers fraud in the course of auditing, the auditor has the obligation to bring that to people's attention and get it addressed.

We are never going to be able to detect and deter 100 percent of fraud.

However, there are changes we can make in our approach to auditing to make it more likely that we detect more fraud and earlier. We are examining the ways in which we can do that, so that we can add one piece from our part to an overall framework of making fraud less likely.

But no matter how good a company's internal control environment is, if people, particularly highly placed executives within the company, set out to override the internal control environment, and are prepared to lie and falsify documents, they will be able to, in many cases, get that through an audit process. You cannot test every transaction.

But we are not saying -- nobody should rely on us. This is not our responsibility. We are saying -- within the bounds of what we reasonably can achieve, we are going to the outer edge of trying to achieve more in terms of beefing up our own detection programs.

CCR: You keep talking about eradicating all fraud. We are not talking about eradicating all fraud. We are talking about major, multi-billion dollar frauds that major accounting firms didn't pick up or ignored -- like HealthSouth, Xerox, Waste Management. You are driving by a corporate hog farm and not smelling it.
KRANE: I don't know more than I read in the paper about those cases. I can't tell you why those cases were or were not caught, or what the audit firm could have done differently.

CCR: Was your firm involved in any of those cases?
KRANE: No. And these are complex questions about sophisticated situations not amendable to an easy answer. But we are changing the focus. We are saying -- we have to recognize that at one end of the spectrum, we can't eradicate it, that it is not our historic position to catch fraud. The purpose of an audit is not to root out fraud. If it was, it would be a lot more expensive, and it would be a different undertaking. However, in the course of doing an audit, we are trying to identify specific areas where we can change our approach, bring in experts that have more of a fraud mindset to assist our engagement teams in doing a better job of diagnosing where fraud is likely to occur, and then addressing and formulating procedures in those higher risk areas to increase the likelihood of detection. So it is a change in the historic position of how we are thinking about it, the amount of time and energy we are putting into it.

There was a large firm training program last year that we are following up this year. We are getting fraud experts in place to provide assistance to engagement teams. We are increasing our front end diagnostics of high risk clients. We are going outside of our ordinary channels of interviewing people to determine where fraud conditions may exist -- all with the goal of increasing the likelihood that we detect it where it exists and the hope that the sheer fact of doing the procedures will deter some of it.

Can the public ever assume that an audit opinion is going to be a stamp of no fraud? No. However, we are saying, we are doing more to try and make us more effective in doing our part, but it can't stop with us. It has to work through the management of these companies, it has to start at the top of the companies, with executives and board members who are willing to set a strong tone at the top and engage in a concerted effort with external auditors, to allow us to increase our scope.

CCR: Is there a situation where your firm would drop a client because of an accounting disagreement, and second, report the client to the enforcement authorities?
KRANE: There is a provision under the securities laws, section 10A of the 1934 Act. That sets out procedures that an auditor must follow if they find an illegal act at a company, and how they bring it to the attention of the board. If they don't get satisfaction, there is a mechanism of reporting that to the SEC. That's one mechanism.

Secondly, if you have a disagreement over an accounting issue with the company, and the auditor/client relationship is severed, the 8K reporting rules require that the change in auditor be reported and require that the client report whether there were any disagreement in the preceding three years with the auditor. And then the auditor is called upon to either agree or disagree.

So, it wouldn't take the form of us dumping a client and calling law enforcement. We would go through the channels of the securities laws designed to strike the right balance between our protecting our client's confidential information, and getting the necessary information to the regulators in order to permit them to do their job.

CCR: In a nutshell, does Sarbanes Oxley help you or hurt you?
KRANE: It helps us in that it has brought into focus the key role of audit committees. To the extent that auditors and audit committees can be more fully engaged, that helps us immeasurably. We want to have an active, strong partner in the audit committee of the company that feels responsibility for the efficacy and appropriateness of the company's financial reporting. By putting the auditor relationship squarely in line with the audit committee, I believe that the Sarbanes Oxley did much to align the interests appropriately and give us the hammer we need to affect change.

CCR: What specifically does the law say?
KRANE: It says specifically that the audit committee shall have responsibility for the relationship with the auditor, including hiring and firing, compensation decisions. Before Sarbanes Oxley, that authority lay with the management of the company. The auditor would report to the senior management. That has now all been moved to the audit committee level.

CCR: What about the signing of the financials by the CEO?
KRANE: The financial statements have always been first and foremost the responsibility of management. The certifications help reinforce that at every turn. It has also brought a great deal of emphasis on the necessity of having a strong and vibrant internal control environment, which has never been a requirement before.

CEOs and CFOs have always signed 34 Act filings. To some extent, they have taken responsibility. But it hasn't been as clear and in such a focused manner as the certifications coming out of Sarbanes Oxley. That has generated much activity in many companies.

CCR: Mr. Nally says that your firm has parted ways with 50 or 60 public companies this year, most due to clients not fitting the risk profile, or disagreeing on fees, some from accounting disagreements. Starting this year, he says the firm is going to identify 50 high risk clients and assign one forensic auditor to each. Ernst & Young has walked away from 200 clients this year. Any indication that this walkaway rate is higher this year than in the past?
KRANE: I don't have the statistics in front of me, but certainly we are taking a hard look at our client base and our relationships. We are making difficult and not so difficult decisions about who we want to be associated with and why.

Our firm has always been focused on making sure that we were associating with an appropriate client base. But I would say we are bringing more rigor to that now than we have in the recent past.

CCR: Was there a sense in the industry that the Justice Department was heavy-handed in the Arthur Andersen case?
KRANE: It was an extreme result. But I don't know all of the facts available to the Justice Department when it made its charging decisions.

Without that information, it is impossible for me to judge whether it was appropriate, extreme or not enough.

I know that everybody in the industry was distraught to see a large number of highly qualified professionals with a great deal of integrity go through such a difficult professional experience. That was troubling for everybody to watch.

CCR: How many Andersen partners did Pricewaterhouse hire?
KRANE: I don't know the number. We took fewer than any of the remaining firms. We didn't take whole groups. We cherry picked here and there. We got some of the Andersen people that fit our culture and fit our firm's needs.

CCR: In the ad, The Dark Cloud of Corporate Fraud, the company says, "in the end, companies don't commit fraud, people do." But much of what you talked about is corporate culture. And you are recognizing that companies do in fact set the culture that allows fraud to be committed.
KRANE: There are those companies that have appropriate, even outstanding controls and appropriate tone at the top, and yet an individual for their own benefit can do something inappropriate. And there are other cases, where there is a cultural or institutional ethos that builds within companies that allows people to do things that they would not otherwise do.

So, it is a combination. At the end of the day, individuals take actions. The environment in which an individual is trained and discharges his or her function, has an incredible amount of influence over what that individual will be willing to do or won't be willing to do.

So, at the end of the day, people commit fraud. But environments can be more or less conducive to it. Setting the tone at the top, emphasizing doing the right thing, rewarding people for making the right decisions, giving people a safe place to raise issues that trouble them -- are all important factors and will influence individual decision making.

[Contact: Hilary Krane, PricewaterhouseCoopers, 333 Market Street, San Francisco, California 94105. Telephone: (415) 498-5000]