In this episode of Industry Focus: Energy, Motley Fool analyst Nick Sciple is joined by The Dig's Francine McKenna. They talk about the dynamics among the regulators, businesses, auditors, and investors; the rise of non-GAAP measures in accounting; a few examples of irregularities in companies; and much more.

To catch full episodes of all The Motley Fool's free podcasts, check out our podcast center. To get started investing, check out our quick-start guide to investing in stocks. A full transcript follows the video.

This video was recorded on March 5, 2020.

Nick Sciple: Welcome to Industry Focus, I'm your host Nick Sciple. We spend a lot of time on this show talking about earnings and how businesses are performing, but how do we know those numbers are accurate? That's where auditors come in, checking company financial statements to make sure the numbers investors see reflect actual business results and comply with accounting standards.

Last week, I sat down with Francine McKenna to learn more about why the auditing process is so important for investors. In our wide-ranging conversation we covered a lot of topics from conflicts-of-interest between auditors and investors and the role of auditors in spotting fraud, to the rise of non-GAAP accounting, and examples of accounting irregularities at companies, like, Enron, Disney (NYSE:DIS), Square (NYSE:SQ), Wells Fargo (NYSE:WMT), Theranos and more. I hope you'll enjoy our conversation.

--

My guest today is Francine McKenna. After a decades-long career in public accounting and consulting, since 2006, Francine has been a commentator and investigative reporter, focusing on accounting, audit and corporate governance issues affecting public and pre-IPO private companies. A two-time Loeb Award finalist, Francine now writes her own independent newsletter, The Dig -- to which I personally subscribe -- and teaches as an adjunct professor at American University's Kogod School of Business.

Francine McKenna, welcome to Industry Focus.

Francine McKenna: Thanks so much, Nick.

Sciple: I'm excited to have you on to talk about auditing and accounting. I mentioned off the top, you've got a long background in this industry, can you talk to us about a little bit, how you got involved in this industry?

McKenna: Well, my undergraduate degree is in accounting from Purdue. I'm originally from Chicago. I've been here in Washington for almost five years. I worked, though, first at a bank. The first "too big to fail" bank, Continental Bank in Chicago; which, those of you who are senior statesman will remember was the one involved in Penn Square, the failure that was precipitated by them buying syndicated loans, energy loans and then, obviously, overextending. Sounds familiar, right? So, they were bailed out by the FDIC and then eventually taken over by Bank of America.

So, I started there in internal audit. So, way to start and begin, sort of, a cynical look at business and at a career. Worked there for a little while, and then eventually, after about 10 years, took a job with KPMG on the consulting side. So, I was the accounting expertise for a group that was implementing financial systems in state and local government. And eventually got an opportunity to work outside the U.S. So, I was in charge of the Y2K project for JPMorgan in Latin America.

Sciple: Wow! Yeah, so that tells you some of your experience in implementing these kinds of issues.

McKenna: ... these systems. So, I had a pretty varied experience. I'm an accountant by trade. And so, after a while working in consulting at KPMG Consulting then BearingPoint, working independently with my own firm back in Latin America, I went back to work at PwC in the internal audit of the firm itself. So this was 2005, when they were just, sort of, getting used to the idea that the big four public accounting firms were now going to have an outside regulator, the PCAOB, Public Company Accounting Oversight Board, that was implemented with the Sarbanes-Oxley law after Enron collapsed in 2002 and Arthur Andersen disappeared as a result. And they were getting used to this idea and they needed to kind of focus on, you know, are we ready as a firm to respond to a new outside regulator versus the peer, kind of, review, the self-regulation that they have.

So, I was looking at a lot of the issues that I write about now; auditor independence, risk and quality, risk of certain clients, partner matters, insider trading issues. And I left in 2006, I like to say, because I was making some people uncomfortable by pointing out some partners, I thought were bringing potentially some risk on the firm. And I thought, I will write a book, you know, I'll start a blog, I'll write a book. A blog can get an agent. This was, sort of, in the early days of blogs. And I started a blog, and lo-and-behold, what really happened was the financial crisis.

So, some of the first things I started writing about were subprime loans and the impact on the audit firms, whether or not they were actually forcing the banks to make sufficient reserves for these subprime loans, and the failure of some of the mortgage originators, the early mortgage originators. And because of that people started noticing my writing, asking to quote me, asking me to write things for them. And I came to a fork in the road and said, "Will I ever go back to work in one of the firms?" I never wrote a book. And instead I said, "alright, I'm going to do this journalism thing." And I always do things 150%, so you go forward and you do it, and I haven't looked back since.

Sciple: And we thank you for doing that, I know I get a lot of value out of reading your work. You mentioned a lot of these issues that are important in the auditing industry, but before we dive into some of those issues, like, the PCAOB and other things, just for our listeners, from a high-level, can you talk about auditing, what is it and why is it important?

McKenna: So, every public company, and it's a pretty common thing all over the world, but let's talk about the U.S. in particular. In the U.S., if you're listed on an exchange, the rules are, based on the securities laws, that you have to have audited financial statements in order to be listed on a public stock exchange. And that's an SEC rule, and that means now, post Sarbanes-Oxley that that auditor also has to be registered with this new outside regulator, the PCAOB. And that audit is an opinion on the financial statements by this audit firm, where they look at whether or not your financial statements are conform to or are aligned with Generally Accepted Accounting Principles, the standards that all public companies and private companies, who do any kind of debt issuance or have any kind of filing with the SEC, you have to file according to GAAP, Generally Accepted Accounting Principles, and you have to prepare your financial statements according to those standards. And the auditor looks and says, "Do these financial statements align with those standards and can we give an opinion with reasonable assurance -- not a guarantee, but reasonable assurance -- that they're free of any material misstatement or fraud.

Sciple: Right, the quote that always comes to my mind when I think about auditing is that Reagan quote, "trust, but verify," right? The management can put out these numbers, but we want an independent auditor, some third-party that can verify these numbers for you as a shareholder to make sure to trust them. One issue that I think about a lot with auditing is that the auditor really represents the shareholder confirming those numbers that their management puts out. However, management tends to be the one that hires the auditor. So, when we think about conflicts-of-interest between shareholders and auditors, how should we think about that?

McKenna: So, this is one of the most important principles. And I go out and talk to students a lot, accounting students, people who are going for their masters of accounting, going to sit for the CPA exam and want to have a career in public accounting. And I make sure that their professors are telling them, making sure that they know, your client is not the company that's paying the bill, your client are the shareholders and the capital markets as a whole. Why? Because the audit firms are actually, sort of, the last stop before financial information gets out to the public.

You have inside the company general executives and financial managers, etc., that are supposed to do their job, then you might have an internal audit function that's supposed to check from an operational perspective that people are doing their job, then you're going to have the executives that are in charge of the company that are supposed to make sure everybody's doing their job, and then you have the Board of Directors that's supposed to make sure that the executives are doing their job. Who is supposed to be making sure that all of those people are doing their job on behalf of the shareholders? The external auditors.

And so, before information gets out to the public, in order for it to be filed with the SEC and then made available, the external auditor is giving this opinion. However, they get hired and paid by the Board of Directors of the company. And in practical form, it's usually the CFO or financial executives that have the connections in the network to determine what firm will work best with that company based on experience and geographic coverage and etc. And sometimes just, who do we get along with, who understands us, who understands our business.

And so, it's an inherent conflict-of-interest that's not unlike the conflict that rating agencies have. So, rating agencies get paid by the people that issue the bonds to attach a rating to it. And we saw what kind of problem that can create during the financial crisis. If you're getting paid to produce a rating that is higher, and therefore, means that the company doesn't have to pay as high of an interest rate, you're going to maybe have an incentive to softball any criticisms and maybe give a higher rating, because that's your bread-and-butter, that's your business. And we've seen that conflict raise its ugly head over-and-over-and-over again with the audit firms.

The students need to keep understanding, the students who are going to go and do this kind of work, they really report to a higher power, which is shareholders and the capital markets as a whole. However, they're also employees of the firms and they're worried about their jobs and they're worried about their student loans and they're worried about the security of their family and they're worried about their career. And so, this is the inherent conflict that we have, and the model that we have for public accounting. And it's the same in the U.K., it's the same almost everywhere in the world.

Sciple: And you talked about Enron earlier, that concern about the conflict between Arthur Andersen and the shareholders really led to this ramp-up in regulation with Sarbanes-Oxley. Since that has taken place, how has auditing changed as a business or has it changed much? So, the inherent conflict of this model, what did change is an idea that they would reduce the potential conflict from an audit firm, the one that's doing this opinion, this independent objective opinion on the financial statements and their conformance to GAAP, reduce the conflict that they might have if they're also doing other kinds of work for the company.

So, Enron was the catalyst for Sarbanes-Oxley and for these changes, but it wasn't the only company where this had occurred. And in fact, the concerns about audit firms doing lots of other things for companies, in fact, actually spending more money with auditors on things like consulting and tax advice and M&A etc., had been around for a while. There has been a lot of tension about that.

And the issue was that Enron, they were paying an enormous amount of money for things like tax strategy and M&A advice and other kinds of consulting systems, implementation consulting, etc., than they were for the audit. The audit was sort of like a byproduct. And the idea was that it had become beholden to the desire to maintain the relationship for all of these other lucrative things.

So, they put some prohibitions in the Sarbanes-Oxley law and said, an auditor cannot do these very specific things for an audit client anymore. They can't be involved in designing or implementing a financial system. In particular, financial information that's produced, that the auditor is going to go back and audit. It makes sense, right? We can't implement the system and decide how you're going to book things and then come back and say, "Okay, you booked it right."

You can't be the internal audit co-sourcer, you can't be managing the internal audit, the review of operational activities within the company that reports to management, you can't do that because you're performing a management function. And again, you would be auditing yourself or auditing your own decisions. You can't do things like actuarial work. You can't do things like sophisticated tax consulting; although that's sort of been not well-enforced. So, bookkeeping, other HR, legal services.

So, there were some prohibitions that said, "Let's get all these things off the table." And the law is on the books, but it's been very, very, very sparsely enforced. Every once in a while the SEC will get, you know, something up their tail and decide, "Oh, we're going to come down hard on the firms about a specific thing, because they've really gone over the line on doing stuff." But it's very, very scattershot. And it's sort of like just knocking a few chips off the table when the pile is still sitting there.

And so, we're seeing now, again, the firms are doing more consulting work, the audit firms are actually making more revenue and profits from consulting then they are from audit. So, we're back in that, sort of, unequal situation again, where the incentives may be screwed up.

Sciple: When you talk about potential issues with having auditors engaged in consulting services, you've written in the past about alleged overstatements of revenue at Disney's Parks division that trace themselves directly back to these sorts of issues. What are going on with those accounting issues at Disney?

McKenna: Sure. So, last summer I wrote about a whistleblower that's made allegations about Disney and some revenue accounting fraud. And those are ongoing and they're continuing to be investigated, and that whistleblower is still in litigation with Disney and in conversations with various regulators.

However, one of the interesting things that came out of that discussion is that, many of the things that this whistleblower and other sources that came up after I wrote the story, one of the things that they said was that, the weaknesses in their financial accounting system were what made some of these things possible, some of these -- they say fraud, but they could also be just errors, misstatements or weaknesses in how they're reporting information.

So, who implemented that system? They've had a very sophisticated system from SAP for many, many, many years. Well, they had their system implemented way back in 1998, 1999, 2000, before these restrictions from Sarbanes-Oxley came into play that said the auditor cannot do that work. PwC, Disney's auditor, was the one that started that process in implementing their new financial system. And because these new restrictions came into play, PwC had to stop that project.

So, the whistleblower's allegations are that, the system was never fully implemented, that there weren't a lot of reports that were created, that they were, sort of, left to their own devices at Disney to, sort of, patch-in and build their own reporting. Maybe there were weaknesses in some of the internal controls that are supposed to be built into those systems. And it allowed then manager's, first, to make mistakes, and later, according to her allegations, to take advantage of those weaknesses in order to manipulate the results.

And this is a classic example where the audit firm was allowed to do this. It was allowable at the time when they started the project. They sold their consulting arm, the people that were doing this project were sold to IBM, IBM continued the project. And basically, the same people from PwC continued working on the project under IBM.

Sciple: So, the people didn't change, the behaviors didn't change, and so you shouldn't expect a meaningful change just because the name of the company changed.

McKenna: Well, and the conclusion from the piece that I wrote was that, what incentive does PwC, as the auditor -- who's been the auditor of Disney since the 1930s; OK, continues very long and strong as the auditor of Disney -- what incentive does PwC have to call out weaknesses or problems enabled by that system, when they were the ones that originally implemented it and it was their personnel that went over to IBM that continued with the implementation? Basically they would be calling out their own people, calling out their own lack of follow through in terms of that system. So, there's a disincentive because they still have, sort of, an investment in not highlighting weaknesses or errors or problems in the way that that system was originally implemented or the way it's been maintained since.

Sciple: This raises another question for me, when you look at whistleblowers uncovering this sort of irregular behavior on the part of companies, a lot of times fraud is discovered by whistleblowers. To what extent is it the job of the auditor to find fraud or not?

McKenna: So, this is probably the No. 1, most contentious issue in the world of auditing. Is the audit designed to detect fraud? And I was just reading through some testimony from back to 2008, the last time we had a Treasury Committee studying, what's wrong with audit, what do we need to do to correct it? And this was before the crisis started, so it was kind of a weird timing that they had started doing this and then the crisis hit and we saw so many vulnerabilities in terms of how the banks and investment banks, in particular, were being audited.

And the answer to the question from the audit firm's perspective is, the audit is not designed to detect fraud. And they've actually testified to that in court recently, which did not sound or look good. Anytime they actually end up in court or there's a deposition or there's actual testimony and a partner oblivious to how it sounds says, "We can only do so much, if we did more, it would cost too much, nobody would pay for that much work, so we give you reasonable assurance because it's sort of a cost-benefit calculation." Anytime they say that in public, say that out loud, it never sounds good, it doesn't sound good at all.

The bottom-line though is that, it's not true. Because the PCAOB, the regulator, put out a report that was supposedly going to put this issue to bed once and for all. And they put out some information in, I think, it was 2013, a really nice compendium of all of the standards for auditors, all the way from when you're thinking about taking a client on to when you actually find out that there might be some fraud going on somewhere in the company and you have to make sure that the company is handling it correctly, that the Board of Directors is aware, that management has a plan to start a corporate investigation, that they plan to report it to the SEC.

So, from Alpha to Omega, there are a multitude of steps that the auditor can and is supposed to do to assess the risk of fraud: To expand or modify their audit program and their testing to determine whether there is fraud; to address with management what to do about the fact that they may have found some errors or misstatements; and if a company is not addressing that properly, to report it, eventually, to the SEC themselves.

And so, it's sort of this thickness in their skull that they just absolutely refuse. Why? Because if you say that the audit is designed to detect fraud, then that opens them up to a limit liability.

Sciple: Yeah, their lawyer definitely talked to them before they said that out publicly. You don't want to take that liability on.

Another thing that you've written about, you talk about, the apparent expense of auditing and that sort of thing, that there's been some rumblings about maybe reducing the audit requirement. Can you talk about that a little bit and maybe your thoughts on that?

McKenna: So, one of the most contentious things that came in the Sarbanes-Oxley law in 2002 were not these prohibitions against doing all these different consulting kinds of tests. I think, because the audit firms knew they were going to be able to do stuff and nobody was ever going to be able to know how much they were doing, nobody was going to enforce it. Instead, what was really the most contentious thing is that, the law imposed a requirement that auditors give an opinion on the internal controls at a company for financial reporting. That means, what controls or procedures, policies does the company have to make sure, for example, that somebody isn't creating false invoices that would boost revenue or that somebody isn't paying checks out to their own company, an employee's company, side company or something?

So, all these different controls that the company is supposed to have in place to manage its assets and its liabilities and therefore to make sure that their financial statements are accurate, accurately reflecting the business as it is, those all have to be tested. So, the auditor has to come in and as part of saying, "Oh, yeah, the financial statements are an accurate reflection of the accounting standards," they have to say, "And the company actually has controls to make sure that that's the case." And they have to give an opinion on that.

And this, in the first few years after Sarbanes-Oxley, from 2003 to around 2006-07, were an enormous extra effort. There was a lot of confusion and lack of direction in terms of, how much was needed to be done for the auditor to give an opinion? So, a lot of concern about, what if they didn't do it right? And the companies were upset, because it was a lot of extra work. And they had to do something before the auditors actually did their work and it costs a lot of extra money.

It was a sort of a double-edged sword for the audit firms. On the one hand, they were now under scrutiny by an outside regulator, and they had their clients really upset that they had to do all this extra work. However, they were raking in billions and billions of extra dollars in fees. And the neat thing is that, they could blame this new regulator for the fact that they had to do this extra work, and they could blame the law. In the meantime, they collected all the money.

Eventually, the clients were very, very upset about it. And they went to the SEC -- it was Christopher Cox at the time -- and they appealed, sort of, we got to find some happy medium. And they made some changes in terms of the approach, so that it costs a little bit less. And the audit firm started to see that gravy-train, sort of, dissipate. But there's still an enormous amount of, sort of, the level of fees is a little bit higher, but it's not increasing at the same rate that it was in this period right after Sarbanes-Oxley.

But ever since, anybody who doesn't like to pay fees to auditors, anybody who thinks that regulation is overregulation, any regulation is overregulation, anybody who doesn't see the value in the audit, which is a lot of people, has been trying to chip away at these requirements. And the Jobs Act of 2010 actually chipped away at some of them. So, for some companies that are just starting out, that are just IPO-ing, there's a time before they get too big that they don't have to have this opinion. No company has to have it in their first year of public life. And so, you sort of have seen a gradual chipping away.

And this SEC, under the Trump administration, has been trying to chip away at it even more. And one of the commissioners, Hester Peirce, is actually of the opinion that nobody should have to do it. And that opinion is shared by a lot of business people who just -- they just don't want to pay the fees; they just do not think that this is a worthwhile endeavor, that it does anything to improve the quality of financial information.

Sciple: And what do we lose if that policy becomes fact?

McKenna: Well, my personal belief has always been that, what that requirement formalized was something that big companies, especially, should be doing anyway. You should have your policies and procedures clear about things that end up in the financial statements or that deal with cash or that mean you aren't going to be reporting revenue, etc. Those should be very, very clear; everybody should know how that works.

You should have segregation of duties. In other words, you shouldn't have the same person that's paying the bills, recording that information in the financial statements. Why? Because there's plenty of opportunity there to cover up fraud or error. You should have this, kind of, good policy and procedure and documentation of those policies and procedures in any big company, because you're a steward of the shareholders assets and you're also responsible for a whole lot of other people's lives and livelihood; your own employees, your customers, your vendors, in the community that you operate in etc.

So, it just was a formalization of something that any large company is going to have, they're going to have good policies and procedures. They're going to have systems that make sure that things happen the way they're supposed to happen. And they're going to have lots of checks and balances to make sure that people are not stealing from them or that people are not making significant errors.

Smaller companies, though, are always a little bit resistant. Why? Because, of course, smaller companies, even medium-sized companies, they're often struggling or they're striving and they don't want to spend money on what they consider to be non-value adding activities. And this is where they've been chipping away at this.

That really is a contradiction, it's kind of an oxymoron, because those are the companies that are most prone to fraud and misstatement. If you're small, you're just starting out, and you can't afford to have good accounting people, good finance people, good HR people, good people in your IT department, that's when you're the most vulnerable.

And there's lots and lots of research that says that, it's those companies, in particular, development stage pharmaceutical, medical devices, etc. All of the ones that, again, commissioner, Hester Peirce, at the SEC has said, "These are the people that do not want to pay for an audit, they do not want to tell their investors that are raising money for them, we're going to spend that money to pay an auditor." I guess, any more than they want to pay a lawyer, but they just, even more so, do not see the value of this activity.

However, it's really the bread-and-butter of delivering on your objectives, delivering on your mission. If you're raising money, you should have accountability in terms of where that money goes.

The story I tell accounting students, in terms of, if you let this go too far, if you let this sort of anti-regulatory drive diminish the role of audit and controls and good accounting and finance personnel within companies, what you're going to end up with is Theranos.

And Theranos, everybody knows the story, if you've read anything in the last couple of years. John Carreyrou with Wall Street Journal, is an excellent reporter, wrote a fabulous book. I highly recommend it. But he didn't focus at all, really, on the financial fraud, he focused on the medical fraud. And the financial fraud there, is what they're being tried in a criminal court for now. It's what they had to pay a fine to the SEC for.

And the financial fraud is that, basically, they were just making stuff up. And what I reported on is that, they never had an outside accounting firm to check their books, they never had a steady group of people doing their accounting in finance activities, because they did not want to spend money on that. It was not a priority. And they never had outside audits, but the sin of it is, the sophisticated investors that put money in Theranos never asked for outside audits.

Sciple: Right. And they had the leverage to ask for that, whereas an individual investor, like me and you, don't have the skill to do that.

McKenna: Absolutely. And the other thing is that, these were very sophisticated investors. So, some of the names that Carreyrou published were Rupert Murdoch, our mutual boss at News Corp; Carlos Slim, at Telmex, one of the richest men in the world; the DeVos family, who are Amway; Larry Ellison, of Oracle; the Walton family from Walmart. And these are people that also know very well the role of audit and prudent financial reporting and financial accounting, they know the SEC rules. Why? Because they're either significant investors/owners or CEO/chairman of public companies.

But when they made their own personal investments, and in the case of Rupert Murdoch more than a $100 million, they did that without ever asking for audited financial statements. And they wouldn't have got them, because there were none. And so, they got PowerPoint with stuff that Elizabeth Holmes and "Sunny" Balwani allegedly just made up.

Sciple: I want to change gears a little bit. We talked a little bit about chipping away at standards, how standards have evolved over time. And one area where we see that a lot is in non-GAAP accounting. And just over the last couple decades, every company has some type of adjusted metric. When you look at this evolution, what do we lose as we move away from GAAP accounting to these more non-GAAP measures?

McKenna: So, the idea of GAAP is that it's a standard, it's a global standard. Outside of the U.S., most people use IFRS, International Financial Reporting Standards. But one way or the other, the idea is that that's an accounting standard that allows you to compare financial information between companies in the same industry. So, one pharmaceutical and another pharmaceutical, you know how their revenue number is defined, you know what that number consists of. It's consistent because they have to follow the standard of what can and can't be included in that number. And that you also have consistency between companies across industries. And that you would have consistency of how those numbers are reported across geographies.

So, if you're looking at audited financial statements according to GAAP in the U.S., you're going to be able to compare that information to audited financial statements out of the U.K. Even if you have a different accounting standard, you understand what those standards are and you can anticipate where the differences might be.

But not that somebody can decide, we don't like the way the standard defines revenue, our revenue is this. We want to report revenue faster than the standard allows. We want to report revenue that we haven't collected yet. We want to report revenue that we're not sure we're ever going to collect. We want to report revenue that the standard says we're not ever going to report, but we think that that's stupid and we want to report it anyway.

And so, this is really what's happened with non-GAAP. People think that I'm absolutely positively against all non-GAAP pro forma metrics, but I'm not. And the reason is, because non-GAAP metrics are supposed to be in order to explain, for management to explain, something that is an anomaly, something that's a one-time unusual item that you do not want analysts or investors to consider to be part of the trend. So, something happens, you get a blip in some particular account and you want to explain that that's not going to continue, that that's an unusual item. And whether it was because of M&A, it was because of some unusual expense that occurred because it was some catastrophic calamity that we took a loss for, something that happened that is not going to continue.

And so, there's been situations where the SEC has said, "Yeah, it makes sense for management to want to explain that these are one-time items." The problem is that companies have abused that privilege. So, things like restructuring, things like stock option compensation. Things like, and what I've written about quite a bit, which is, ghost revenue. And that's revenue that occurs -- deferred revenue that gets written-off after an acquisition. And companies are like, "Oh, but that's not fair, we don't like, and we're going to just keep plugging it into our revenue numbers on a non-GAAP basis." They're never ever, ever going to collect that. It's never going to show up on their financial statements, and it's just ghost revenue and it's completely arbitrary. And there's usually not enough detail in order to track if they're even being reasonable in terms of what they're reporting.

So, the problem is that companies have gotten away from this idea that these are just one-time things. And even the most public critics of non-GAAP, like, Warren Buffett, are hypocrites. Because he doesn't like some of the things that some people do, like, restructuring or depreciation, but he says, he doesn't like now the fact that he has to report in net income, both, realized and unrealized gains from his equity portfolio. He doesn't like the volatility that that's causing in his net income figures.

And nobody included the impact of the Tax Reform Act in the results, almost nobody, almost everybody adjusted that out, whether it was positive or negative, but some companies didn't. And which ones didn't? The ones where it was positive.

So, there's a tendency to have inconsistency in even how people treat the same non-GAAP kinds of adjustments, because for some companies, things are positive, and for some companies, things are negative. And it's completely arbitrary and they just do it and wait to get caught. So, right now, the non-GAAP environment is a "ask for forgiveness, not permission" and the SEC can't keep up.

Sciple: Do you have a favorite non-GAAP measure?

McKenna: Before I left MarketWatch, we were on a crusade about adjusted revenue. And the reason is, because the SEC is very, very clear in its guidelines, revenue is never adjusted. Never. Except under very limited circumstances where they give explicit permission. So, I'll give you two examples of where revenue was adjusted and the SEC gave, sort of, explicit permission. One of which, they ended-up having to rescind because the company abused the privilege. So, when the new rules for recognizing revenue came in at the beginning of 2018, there were some companies that have been preparing for a long, long time, there are some companies that are always leaders, best-practice, kind of, companies like Microsoft.

Microsoft actually adopted that rule early, they started reporting their revenue under the new rules early. So, they were on this for a long time and they saw that the way they were going to have to report revenue from subscription under Windows 10, there was something related to their Windows 10 revenue that was going to change. And so, what they did is, they started telling investors, "Here's the adjusted numbers, so that when this changes, you're going to see how it's going to look going forward." So, they were preparing investors for that eventuality for a while.

The SEC gave them explicit permission to do that. They went and asked for permission, and the SEC gave them permission to do that. And to me, that's eminently reasonable. There's this very significant change that's occurring, you want to get your investors accustomed to how the numbers are going to look, so they can build their new trendlines, build their new models. You're going to tell them, this is why it's changing, and when we cross over that line that you're going to see things differently and you need to get used to it.

Square was another one. Square had a contract with Starbucks (NASDAQ:SBUX), and then that contract was going to expire and they weren't going to renew it. And so, they started adjusting their revenue number, because they wanted, again, to tell investors when this contract with Starbucks expires, we're not going to see this revenue anymore, this is going to be the new trendline for revenue. And that, to me, is eminently reasonable.

However, Square started adding other things to that adjustment. They started adding other items, different fees and different costs that they were incurring for all the different ways that they manage payments. So, they have to pay all kinds of fees including stuff related to cryptocurrency that they're accepting. They also started doing this ghost revenue thing that I mentioned earlier.

They had made an acquisition and they had to write-off some deferred revenue related to that acquisition. Again, according to GAAP, they had to do that, everybody has to do that; that's a consistent rule that everybody gets impacted by, but some companies don't like it, right. They acquire a company, they're expecting this revenue to flow into their results, and GAAP says, "You need to write some of it off, because you're never going to collect it in the same way or it's going to cost you too much to collect." So, they didn't like that, so they started adding back in some of this deferred revenue in their adjusted number.

So, long after the Starbucks issue was over, Square kept creating an adjusted revenue metric. And the SEC wrote a comment letter to them and told them, "Stop." And Square went back-and-forth. And during the time when they went back-and-forth, they actually fired their auditor and hired somebody new. And I think it's because they were getting advice from that prior auditor that this was going to be OK, and, obviously, they got in trouble and they had to stop doing that. And now they were told completely, like, "You can't do this anymore."

Sciple: How common is it for companies to be forbidden from using these types of non-GAAP metrics?

McKenna: So, companies get comment letters all the time. And back in May of 2016, the SEC actually saw that this abuse was, sort of, increasing and they started writing a bunch of comment letters to, like, go back to companies and say, "Hey, you know, you can't talk about the non-GAAP information first, you got to talk about your GAAP information." "And you can't say all these ra-ra and enthusiastic stuff about your gap results, you need to talk about your non-GAAP results, you need to talk about your GAAP results with equal prominence."

And there's certain things that are just absolutely forbidden. Like, these kind of weird revenue things. They call them individually tailored accounting principles, because what they're saying is, I'm creating a new accounting principle because I don't like GAAP, and you can't do that. And so, there's very specific things that they reminded people, you can't do. And they gave some people time to digest that, and then in 2017 they started writing letters and saying, stop or you need to do this differently or you need to rearrange earnings release. And it's all earnings releases that this stuff is appearing on.

And then, of course, what happened in 2017, a new administration came in, a new SEC Chairman came in, a whole new Commission, basically, ended up coming in. There were some turnover in the SEC in terms of all of the different staffs, the new Corporation Finance, which is the one that reviews all the filings, has a new leader, etc. And they, kind of, slowed down, stop doing those letters. And as soon as they let off the pressure, companies will go back to doing stuff.

And we were writing at MarketWatch and saying, you can't do this. The SEC is going to write you a letter. And we had quite a few scalps in that, we said, this is not good, the SEC is going to write you a letter, and then the SEC wrote a letter and told them to stop. And that continues, because [laughs] there's a whole pipeline of stuff that I wrote about that I'm waiting for the SEC to catch up on.

But, again, Square, that was one that I wrote about that said, you know, they're using the Starbucks information, that's OK, but if you start going beyond that and taking advantage of the fact that you're getting this, sort of, leeway from the SEC, then you're going to get nailed. BlackBerry is one that we got a lot of bad feedback because people were like, "How can you say that the SEC is going to write a letter, this is ... " And the BlackBerry is another one that's using this ghost revenue.

So, there're situations... Symantec, which is now called (sic) NortonLifeLock was the first ghost revenue one that I wrote about. They actually have a class action lawsuit because a whistleblower came and complained about the fact that they were showing this revenue for some people and paying them bonuses and not showing it for other people and not paying them bonuses.

So, slowly but surely it, sort of, flushes through, but the problem is it's like whack-a-mole. The SEC has taken, sort of, priority off of it. So, why has the SEC taken priority off of it? We're seeing this right now with the coronavirus response. The most important thing in the whole wide world in politics is that the stock market keeps going up. And so, if share prices are responding not to what's in the 10-K or the 10-Q, but to what's in the earnings release. And if companies are emphasizing the earnings release, these adjusted figures, and that's what's driving the share price on the day that earnings are released. If you mess with that, you're going to all of a sudden start seeing the air come out of a lot of companies. And there's a reluctance, because there's a lot of air in a lot of companies' results.

And we've just, sort of, gotten used to this. It's, sort of, like saying, you have a skinny mirror and a fat mirror, and you're going to only look in your skinny mirror. And one day you'll look in the fat mirror, and you're like, "Ahh!" like, break that, because I want to keep looking in my skinny mirror. And if everybody looks only in the non-GAAP mirror, then we're good, but the minute somebody starts poking holes and you start to see what's really going on, that the emperor has no clothes, then all of a sudden, the froth is going to come out of the market.

Sciple: Right. Shifting the narrative, you mentioned coronavirus, that's a thing I wanted to talk about briefly, we've seen a lot of companies, Apple was the first to come out of the gate and say, "Our earnings aren't going to be performing like we expected due to the disruptions caused by this virus." Obviously, the decisions to make these disclosures, come down to some communication between management and their accounting firms and auditors.

When companies are making these decisions to disclose impacts on their business due to things like coronavirus, what goes into that decision-making process?

McKenna: So, the decision is based on what a company can determine or what they think is going to be material in the decision that a reasonable investor makes about that stock? So, when a reasonable investor looks at the information, what is it that would have a material impact on their decision?

And, of course, we're talking about a lot of subjective judgments and a lot of discretion and also some anticipation, some sort of crystal ball, you know. I don't know if the reasonable investor will think this is material to their decision. I don't know, they might be interested in it, but how significant will it be to their decision-making about the stock?

And so, companies have that discretion. And one of the first things I learned when I started writing about the stuff is, as an accountant, I thought everything was sort of rules-based and black-and-white. And when I got to writing more about the SEC and how the regulatory process works and how the regulatory process works in conjunction with the enforcement process, I found out that our whole securities laws are based on what they call a disclosure principle versus an enforcement or kind of a black-and-white hard approach.

And so, the idea is that, if a company discloses something, they've done everything they can to inform the investor and then the investor gets to make their own decision. If you don't disclose, then that's where you get in trouble. So, you can see that a lot of the enforcement actions that have come recently are not because a company did something wrong but because they didn't disclose what they were doing.

And so, in the coronavirus situation, again, whether or not that issue is going to be material on the results of a particular company is going to be vary company-by-company, and it's going to vary over time, and it's going to vary as we have more information. And some companies, let's say, like Apple, are going to know right away. Why? Because they have significant operations and vendors in China. And GM, gets most of its revenue from China.

And you have companies where it's a pretty straightforward situation where they can't get [laughs] their supplies or their customers are not buying, and that's this much of their company. I mean, it's pretty straightforward.

But in many companies, it remains to be seen what the impact will be and it remains to be seen if they're going to lose that whole portion of their business and for how long and is that material to them?

And so, each company is going to make a decision and the SEC is going to look at it after the fact, although, I think, they've been giving a little bit of guidance. They gave guidance recently about climate change, same thing, right. Some companies know immediately that climate change is going to have an impact. Why? Because they operate in countries that are already impacted by, let's say, rising ocean levels or rising, you know, some kind of climate change. But other companies are like, "Climate change! Ah! I don't know, it depends, we'll see, we don't see it yet."

And so, the disclosure is all about being aware, making those assessments. Let's step on this idea of making sure in your company that you have someone looking at this or some large group looking at this, depending. And when the time comes, make the right disclosures to inform the investor. And the SEC is going to look at it after the fact, and they're going to be making a Monday morning quarterback [laughs] decision of whether or not you should have or could have known when you put that disclosure out or didn't put that disclosure out, or whether when you put a disclosure out, it was enough.

The worst thing is that, if you don't put something out at all and you should have, or if you put something out at all and it's misleading. So, a misleading disclosure is really, really, really bad. And they will come down hard on misleading disclosures, inaccurate, misleading, especially if you could have known or should have known that that information was misleading.

Not putting something out right away, being slow to it, then you get the benefit of the doubt often. But the bigger the company, the more sophisticated, the more they expect that those companies have the resources in order to be on top of stuff that even you and I can realize must have an impact, this is likely to have an impact at some point.

Sciple: Right. So, it sounds like, there's a ton of discretion on the part of management to decide when to disclose this. Particularly, in the context of something like coronavirus that we're really still figuring out the facts on the ground of what's going on with this disease.

One other thing I wanted to ask you about briefly. You've talked about the discretion that management has to make these sorts of disclosures, and we also talked about earlier about how GAAP and IFRS are the two dominant accounting standards globally. Over the past several years, there's been a continued trend toward convergence between those standards. Moving GAAP more toward a principle, like, standard that we're seeing among the IFRS. Maybe that's a little bit more similar to what we've talked about in the past with non-GAAP.

As you see this convergence take place, general thoughts on that? How should we be viewing that as investors?

McKenna: When I started looking at these issues, when I started writing about them during the crisis and shortly after, this was a very hot issue, this idea of convergence of the standards between GAAP and IFRS. And the rationale was, U.S. is really the only one that uses GAAP, everybody else uses IFRS. Let's, sort of, bring these things together.

And there was a lot of resistance, in particular, it was hard for me because a lot of the resistance was from academics. So, people who actually teach accounting to students. Why? You know, curriculum, syllabi, textbooks, etc., all that stuff, as you know, has a very long lead time and you have, sort of, an aging population in the academic world; in particular, in accounting.

And so, you have this sort of stodginess and stubbornness where, "GAAP was good enough for us, why would we want to change to these international standards?" And there was a lot of resistance. And that resistance was so sticky for such a long time that eventually the pushback dissipated, but in the meantime, you had some big new standards that had been worked on for, like, 10 years, 12 years, whatever. Revenue recognition, I think, was in process for 14 years. Leases, which is a really big dramatic change how leases are accounted for on the balance sheet long, long, long, long time. Some other standards that were in process for a long time.

And what happened was, when the U.S. actually adopted new standards, they made them more like IFRS, in that, they were much more principles-based, they much more allowed for discretion, such that, in the revenue recognition rules the SEC actually said, "We're not even going to expect companies in the same industry to treat the same revenue the same, if they have a rationale not to do so." What that means is that there really is a lot of judgment and discretion in some of the most important lines on the balance sheet and the income statement, and you really have to be looking for those disclosures, you really have to be looking for that information that the company says on the earnings release, in the conference calls and then in the Qs and the Ks, which I say, I usually can't answer anybody's questions about anything unless I look at the Q and the K.

And so, you have to look for that detail, you have to ask those questions, because they're going to be making a lot of assumptions, and they can, and the SEC is going to respect that process and allow them to make assumptions that are their favorite phrases, facts and circumstances. So, we're going to look at each K, so whether or not someone is following the standard according to their own facts and circumstances.

Why is that? Is it because the U.S. has decided that IFRS or principles-based standard is better, they've capitulated and said the Europeans always knew what they were doing? No way. It's because of an environment of deregulation. It's because of a desire to have more latitude in how you report. It's this push that companies have been making, and that everyone else has enabled, toward alternative financial information, including non-GAAP metrics.

Companies want to explain and report the way it makes sense for them, that drives their earnings, drives their narrative about what the company is and what it does and how it's going to perform and what its future looks like?

And what does that mean? It means that you really are, sort of, beholden to whatever management tells you. Because if they take away that objective quality of the financial information, then you cannot compare one company to another in an industry. You cannot compare one company in one industry to another industry. You cannot compare a company in the U.S. to a company abroad, you have to take what management tells you and there may be a lot of assumptions and a lot of discretion behind those numbers. And so that's why you see a lot of investing that's no longer driven by fundamentals, because the fundamentals aren't driving the narrative, the fundamentals aren't driving even the numbers that are reported, management is deciding what are the numbers that represent or interpret what they think the company's results are and what its future is.

Sciple: When you look at this trend toward more principles-based accounting, you've been following this industry much longer than I have, do you think this is cyclical or this is the trend that we're on and this should continue; 10 years from now, we will be more toward a principles-based accounting system than we are today?

McKenna: It's cyclical in that it would take another very massive, significant, earth shattering corporate fraud to, sort of, reorient again. That was what happened after Enron. It didn't last very long. In my mind, it's barely lasted 10, 15 years. And we, right now, write-off a lot of very, very, very sketchy kind of reporting and a lot of, sort of, mini-frauds, a lot of enforcement actions by the SEC and DoJ against companies that we say are anomalies, one-off, one executive, one group of people; you don't look and say, this is systemic.

So, look, for example, at Wells Fargo. Wells Fargo has been committing multiple frauds against consumers for years; years and years. And their auditor, KPMG, never raised their hand and said, "Wow! This process is really generating information and revenue that we don't think has any basis for it. The controls are so weak that employees can actually create fake accounts for customers and steal their information and do this and get paid commissions." That's fundamental, that's a fundamental control. Controls are not in place; therefore, employees can commit fraud.

And there were many other examples at Wells Fargo. Wells Fargo paid a multi-billion-dollar fine. They paid a fine before. Wells Fargo still exists. KPMG is still its auditor. And it goes on. And it goes on, because it has to. Nobody wants the bank to go out of business.

Sciple: So, by that tack, then it raises the question for me, back to the Enron scandal, failure of Arthur Andersen, are these remaining big four auditing firms "too big to fail?"

McKenna: They are "too few to fail." What's happened is that the reduction of the number of firms from five to four, when Arthur Andersen went out of business; they never went bankrupt, by the way. Anderson never went bankrupt; they actually just sort of dissolved because they could no longer do business with an indictment. When you went down to four, we've actually seen more concentration, more power vested in those remaining four firms.

So, not only are public companies dependent on them, but the Federal government is dependent on them. So, the Fed, the Department of Justice and The Treasury are audited by KPMG. KPMG is the auditor of Wells Fargo. KPMG is the auditor of Citigroup. KPMG also recently had to pay a $50 million fine to the SEC because its senior audit partners colluded with people from the regulator itself to steal regulatory data and cheat on its inspection process from this independent regulator.

KPMG still exists. Why? Because nobody can afford for it to go out of business. Unlike when Arthur Andersen went out and the four remaining firms were able to absorb the client work and absorb anybody who wanted to remain in the accounting industry, still wanted to work for an accounting firm. The remaining four firms, if one of them went out, again, it would be because of some really catastrophic thing that the government could not find a way to prevent. The government is not going to indict another firm; that's not going to happen because that's a death penalty.

There may be a large plaintiff's lawsuit, private lawsuit against one of the accounting firms. And there was, against Colonial Bank, the first big bank that the FDIC sued related to crisis-era stuff. And it went through a trial and they got a $625 million-$635 million judgment, which is a huge number, which is the largest ever damages award, especially via a trial, not a settlement, a trial that found guilt that PwC did not find fraud when they should have and could have. And what happened was, that settlement or that damages award, by a judge, was negotiated down by the FDIC to about half, to much more palatable figure.

So, the government is not going to, on-purpose, be the instrument of one of the firm's demise. A private lawsuit may bring it to the brink. But if that happened it would be a massive, massive situation. And the remaining three firms, in my opinion and in others -- academics and some other people who studied it -- would not be able to absorb the client work and the people, the way the four firms did Arthur Andersen stuff. Why? They were much, much, much bigger at this point and because it would take so much for that to happen, given that the government is, like, actively trying to avoid it, that firm will probably one that not only has that particular problem, but probably is infested with all kinds of other liability. So, no one of the remaining three firms is going to be willing to take on clients and other, you know, pending litigation from one of those firms.

They haven't, since Andersen, set up any other kind of contingency plan if that should happen, whether anyone likes it or not. So, there's an active, active, sort of, anything but another firm going out of business. And they're willing to allow the remaining four firms to, sort of, concentrate their power and operate with impunity to some extent.

Sciple: So, given what we've talked about today, and this rise of non-GAAP accounting, regulatory concerns when it comes to how accountable regulators are keeping auditing firms; when it comes to individual investors, how they should be looking at financial statements and investing, what advice do you have for them?

McKenna: Read the Q and the K. So, the audit opinion itself, it's a necessary evil from the company's perspective. They have to pay, it's per law, it's mandated, so it's going to be there.

How much information it's going to give you? In the past, it never gave really much except for if it didn't give any at all, which meant that the company was filing bankruptcy or disappearing. Now, you have a new thing called Critical Audit Matters. So, there's some new information that's been mandated that the audit firms have to provide. Which is, what areas of the audit have extra potential risk where the auditor has given it extra emphasis or focus? Not that there's anything wrong, but where there were more discussions than usual or there's more assumptions or discretion involved than usual. And so, investors should be aware that these are things that take extra time and that are unique to this particular company as being potentially more risk prone or vulnerable.

So, that's good information. However, there's a feeling that eventually those will, sort of, trend toward boiler plate. Because, again, liability; nobody wants to be the one pointing something out.

And we've seen in the past, like, in the U.K. where they have those Critical Audit Matter warnings, even if the firm put something down, it doesn't mean they did the work, it doesn't mean they actually found anything or they're going to find something in advance. And even if they found something, it doesn't mean that they're going to raise their hand, because that's, sort of, like a self-fulfilling prophecy, you raise your hand and say this company has fraud, then, you know, everything goes down the tubes and you lose the fees and [laughs] somebody is going to blame you anyway and sue you anyway.

So, Tesco is a good example. Tesco in the U.K. was this grocery store that started having issues and there was a whistleblower that said that there was fraud related to marketing expenses and vendor rebates and some other kind of those unique things that you have in distribution and a grocery store. And lo-and-behold, PwC had actually said in the audit report that came out before this whistleblower made their allegations public, they had said that area of the accounting is of particular focus and has higher risk. But the fraud had been going on for years.

Sciple: But they have wrote that CYA line there --

McKenna: They wrote that CYA that they were aware that this was a high-risk area, that they had supposedly done extra procedures. But the whistleblower said the fraud had been going on for years. And there was actually an investigation by the regulators in the U.K. of PwC related to Tesco and whether they could or should have known or did they look the other way or did they miss something.

And the bottom-line is they let them off the hook and said, "They could not prove that they could have been aware that this had been going." I mean, anytime there's a collusive fraud, the auditors will say, "If somebody works really, really hard to hide it from us or gives us bad information, then nobody can find it." Really? You know.

Sciple: So, make sure in the Q and the K to read that language that the auditor has to put out there to protect themselves.

McKenna: But also, I'm very much a value investor or a proponent of value investing, fundamental investing. Things might not happen right away. Fraud is never a good short thesis because it never happens on your timing. You should never expect the regulator to act immediately, just because they're aware of it. Even when things are obvious, that doesn't mean the company is going to go out of business or go to zero.

But weak companies that are chronic manipulators or abusers of accounting will eventually have, what I call, a sudden, unexpected black swan liquidity event.

Sciple: The rapture will come for them.

McKenna: The rapture will come. It'll come when you least expect it. It'll seem like it's a surprise or a sudden thing, but actually, those who have been watching will have seen it coming all along. And you've either avoided it or you've done some other kind of investment technique to take advantage of it.

Sciple: Francine, thanks so much for joining this Industry Focus. Where can folks find your work if they want to stay in touch with you and follow your writing?

McKenna: So, I am always on Twitter @retheauditors, and The Dig at substack, thedig.substack.com.

Sciple: I scrubbed through myself. Check it out. Really great work.

McKenna: Thank you, Nick.

Sciple: Thanks for coming on.

McKenna: Thank you.

Sciple: As always, people on the program may own companies discussed on the show, and The Motley Fool may have formal recommendations for or against the stocks discussed, so don't buy or sell anything based solely on what you hear.

Thanks to Austin Morgan for his work behind the glass. For Francine McKenna, I'm Nick Sciple, thanks for listening and Fool on!