Independent audits are an integral part of the system of controls designed to
professionalism and poor quality audit work by CPA’s [sic] helped mask the
notify regulators about poor management practices at failing thrifts, which
ultimately delayed regulatory action against many unscrupulous thrift
the bank as those terms are used in 12 U.S.C. §§ 1813(u)(4)(C), 1818(b)(1), and
1818(b)(1) and 12 U.S.C. § 1818(i)(2)(B)(i)(II) expressly include an Institution
Affiliated Party (IAP) within their respective sanctions so that there must be some
[c]oncern … that [the OCC] could obtain enforcement orders against a
firm, since the term “person” includes entities as well as individuals, and that
1818(i)(2)(B)(i)(II).” Maj. Op. at 1329. As the majority itself notes, the statutory
identify and report problems in thrift’s [sic] when they arise. A lack of
presence of fraud at a number of failed thrifts. In many instances auditors did not
[T]he Committee expects the [OCC] to limit enforcement actions in the usual
case to individuals who have participated in the wrongful action, to prevent
unintended consequences or economic harm to innocent third parties.
However the Committee strongly believes that [OCC] should have the power to
proceed against such entities if most or many of the managing partners or senior
officers of the entity have participated in some way in the egregious misconduct.
For example, a removal and prohibition order might be justified against the local
office of a national accounting firm if it could be shown that a majority of the
managing partners or senior supervisory staff participated directly or indirectly in
*1337 Keystone audit, Grant Thornton had approximately 300 partners and 3,500
other employees in 40 offices throughout the United States. Hr’g Tr. 2160, Nov.
23, 2004. The failure of Grant Thornton’s Keystone audit, however, was caused
by the actions of only two individuals. The OCC made no finding that the flaws in
FN1. The OCC argues that this language limiting firm-wide liability applies only
to “12 U.S.C. § 1818(e)’s removal and prohibition sanctions against professional
firms…. There was no hint in the House Report that professional firms were not
I also firmly disagree with the majority’s vacillating assessment of the audit Grant
Thornton conducted. See Maj. Op. at 1333 (“while Grant Thornton’s audit may
have been ‘strikingly incompetent,’…” (emphasis added)). A fuller exposition of
was losing money as it was being looted by its management. To preserve the
illusion of profitability, Keystone’s management fraudulently misrepresented its
financial condition. At the center of the fraud was a business arrangement
Keystone entered into with United National Bank (United) of Wheeling, West
for securitization.FN2 After purchasing the mortgages with funds provided by
United and arranging for servicing and securitization, Keystone included the
mortgages on its books as assets despite the fact that United owned them. See
OCC Dec. at 4-5.
irregularities in Keystone’s management and accounting practices reflected in the
quarterly reports Keystone was required to file with the OCC. On May 8, 1998 the
OCC informed Keystone that it was considering imposing a civil monetary
penalty after Keystone filed an inaccurate report for the third quarter of 1997;
FN3. The Supervisory Agreement required that Keystone retain a national
accounting firm to, inter alia,
(3) assess the appropriateness of all carrying values of entries on the balance
sheet and income statement.
between the OCC and Keystone to discuss the OCC’s earlier investigations of
Keystone. The OCC representatives explained that Keystone had overstated its
assets by about $90 million (almost 10% of its reported assets) in three earlier
quarterly reports. Grant Thornton assigned one partner, Stanley Quay, and one
2159, Nov. 23, 2004. Buenger had over four years of auditing experience with
Grant Thornton. See Tr. 2590, Nov. 24, 2004.
(1) in a short period of time Keystone had grown rapidly in asset size and
internal control structure (FF 132-134); (6) The OCC had just downgraded the
bank to an unacceptable composite “4” CAMELS rating, and downgraded
Keystone’s management to the lowest rating of “5” (FF 150); (7) the FBI had
investigated [Keystone’s “senior vice president” and “controlling officer”] Ms.
139); (10) Keystone also recently had claimed ownership of $16 million in
residual interests in securitizations even though Keystone had pledged those
interests to other parties (FF 139); (11) the bank had a history of filing inaccurate
Call Reports, key insiders had been assessed CMPs [civil monetary penalties] in
OCC Dec. 10-11. Despite these obvious red flags, Quay and Buenger began with
what Grant Thornton’s audit manual termed a “Basic” audit. FF 176-77, 182-83.
Performing only a “Basic” audit, Quay and Buenger were to (1) obtain written
confirmation from Compu-Link and Advanta that they were in fact servicing the
to Grant Thornton’s audit manual, in auditing a maximum risk client, an auditor is
required to perform a “Comprehensive” audit, including a “test of details” to verify
the accuracy of the client’s interest income. FF 185-89. Despite Keystone’s
classification as “maximum risk,” the original audit plan was not amended and
information in the bank’s financial statements. See FF 66-68, 180. The more
searching method, a “test of details,” requires the auditor to review the bank’s
“primary financial documents such as … remittances and cash receipts” and to
“trace[ ] those items into bank records.” FF 63–65.
$14 million in Keystone accounts and Advanta had serviced approximately $6.3
million. Buenger asked Compu-Link and Advanta in writing to verify the size of
Keystone’s loan portfolios. CompuLink verified, without explanation, that it had
serviced just over $227 million “of Keystone loans.” FN6
After receiving no response from Advanta for several weeks, Buenger followed
up by telephone and fax. The Advanta manager in charge of the Keystone
accounts, Patricia Ramirez, then sent Buenger a statement via FedEx indicating
that Advanta had serviced only approximately $6.3 million in Keystone
titanic*1340 discrepancy, Buenger did not request a written clarification as
required under Generally Accepted Auditing Standards (GAAS).FN8 Instead,
relying on the earlier telephone call with Ramirez, Buenger simply concluded that
the $242 million figure was accurate.
audit. See Ferriso v. NLRB, 125 F.3d 865, 871 (D.C.Cir.1997). Under 12 U.S.C.
§ 1831m(f)(1) an auditor examining a federally insured depository institution is
required to comply with GAAS. GAAS requires, inter alia, that an auditor exercise
“due professional care” and “professional skepticism” in conducting an audit. See
writing. See AU § 330.29. Buenger’s reliance on her telephone conversation with
Ramirez that Ramirez had located an additional $236 million in “Keystone loans”
flagrantly violated the requirement that all “significant” confirmations of financial
data be in writing.
independently verify the accuracy of the figures as they were required to do
under GAAS and Grant Thornton’s own internal audit manual.FN9 In reality
almost the entire $98 million that Keystone reported in interest income for 1998
did not exist-a fact that could have quickly been verified by requesting the
220-27. Nor does it appear that the auditors confirmed that any of the reported
interest income was in fact deposited in Keystone’s account by reviewing
Keystone’s general ledger. Compare Tr. 2502-10, Nov. 24, 2004 with FF 257.
FN9. See, e.g., FF 225 (“Grant Thornton did not follow the requirements of its
audit manual to conduct a ‘Comprehensive’ audit that called for primary reliance
upon a ‘test of details’ in connection with the audit of interest income from loans
serviced by third-party servicers.”); FF 230 (“Before an analytical test could be
used for substantive purposes in place of a ‘test of details,’ GAAS, as described
in Grant Thornton’s auditing manual, required Grant Thornton’s auditors to
identify and describe the internal controls pertinent to the assertions to be
audited, test the controls to be relied upon, and re-evaluate such controls in light
of the results to determine if reliance would be warranted.”); FF 232 (“Where an
entity’s internal controls have not been tested for reliability, GAAS imposes a duty
upon the auditor to independently verify all financial data generated internally or
otherwise provided by the client’s management before that data may be used for
overstated, the OCC contacted Grant Thornton. Grant Thornton performed a
“test of details” and uncovered the fraud in under one hour. See OCC. Dec. 30
(citing FF 226).
interest income, FF 259, and over $450 million in assets (approximately 50% of
the total assets reported by Keystone), id., and was “hopelessly insolvent,” OCC
Dec. 1. In September 1999, OCC ordered Keystone closed and appointed the
Federal Deposit Insurance Corporation (FDIC) as receiver. The Keystone
v. FDIC, Nos. 1:00-0655 et al., 2007 U.S. Dist. LEXIS 19379, at *100 (D.W.Va.
Mar. 14, 2007).
The conduct of the two Grant Thornton auditors can only be described as
amend their audit plan to require a “test of details”-in violation of Grant Thornton’s
own manual-after Keystone was classified a “maximum risk” audit.
Accountants and auditors perform a critical role in insuring the integrity of
what happened here.
[T]he Committee expects the [OCC] to limit enforcement actions in the usual
case to individuals who have participated in the wrongful action, to prevent
unintended consequences or economic harm to innocent third parties.
However the Committee strongly believes that [OCC] should have the power to
proceed against such entities if most or many of the managing partners or senior
officers of the entity have participated in some way in the egregious misconduct.
For example, a removal and prohibition order might be justified against the local
office of a national accounting firm if it could be shown that a majority of the
managing partners or senior supervisory staff participated directly or indirectly in
*1337 Keystone audit, Grant Thornton had approximately 300 partners and 3,500
other employees in 40 offices throughout the United States. Hr’g Tr. 2160, Nov.
23, 2004. The failure of Grant Thornton’s Keystone audit, however, was caused
by the actions of only two individuals. The OCC made no finding that the flaws in
FN1. The OCC argues that this language limiting firm-wide liability applies only
to “12 U.S.C. § 1818(e)’s removal and prohibition sanctions against professional
firms…. There was no hint in the House Report that professional firms were not
I also firmly disagree with the majority’s vacillating assessment of the audit Grant
Thornton conducted. See Maj. Op. at 1333 (“while Grant Thornton’s audit may
have been ‘strikingly incompetent,’…” (emphasis added)). A fuller exposition of
was losing money as it was being looted by its management. To preserve the
illusion of profitability, Keystone’s management fraudulently misrepresented its
financial condition. At the center of the fraud was a business arrangement
Keystone entered into with United National Bank (United) of Wheeling, West
for securitization.FN2 After purchasing the mortgages with funds provided by
United and arranging for servicing and securitization, Keystone included the
mortgages on its books as assets despite the fact that United owned them. See
OCC Dec. at 4-5.
irregularities in Keystone’s management and accounting practices reflected in the
quarterly reports Keystone was required to file with the OCC. On May 8, 1998 the
OCC informed Keystone that it was considering imposing a civil monetary
penalty after Keystone filed an inaccurate report for the third quarter of 1997;
FN3. The Supervisory Agreement required that Keystone retain a national
accounting firm to, inter alia,
(3) assess the appropriateness of all carrying values of entries on the balance
sheet and income statement.
between the OCC and Keystone to discuss the OCC’s earlier investigations of
Keystone. The OCC representatives explained that Keystone had overstated its
assets by about $90 million (almost 10% of its reported assets) in three earlier
quarterly reports. Grant Thornton assigned one partner, Stanley Quay, and one
2159, Nov. 23, 2004. Buenger had over four years of auditing experience with
Grant Thornton. See Tr. 2590, Nov. 24, 2004.
(1) in a short period of time Keystone had grown rapidly in asset size and
internal control structure (FF 132-134); (6) The OCC had just downgraded the
bank to an unacceptable composite “4” CAMELS rating, and downgraded
Keystone’s management to the lowest rating of “5” (FF 150); (7) the FBI had
investigated [Keystone’s “senior vice president” and “controlling officer”] Ms.
139); (10) Keystone also recently had claimed ownership of $16 million in
residual interests in securitizations even though Keystone had pledged those
interests to other parties (FF 139); (11) the bank had a history of filing inaccurate
Call Reports, key insiders had been assessed CMPs [civil monetary penalties] in
OCC Dec. 10-11. Despite these obvious red flags, Quay and Buenger began with
what Grant Thornton’s audit manual termed a “Basic” audit. FF 176-77, 182-83.
Performing only a “Basic” audit, Quay and Buenger were to (1) obtain written
confirmation from Compu-Link and Advanta that they were in fact servicing the
to Grant Thornton’s audit manual, in auditing a maximum risk client, an auditor is
required to perform a “Comprehensive” audit, including a “test of details” to verify
the accuracy of the client’s interest income. FF 185-89. Despite Keystone’s
classification as “maximum risk,” the original audit plan was not amended and
information in the bank’s financial statements. See FF 66-68, 180. The more
searching method, a “test of details,” requires the auditor to review the bank’s
“primary financial documents such as … remittances and cash receipts” and to
“trace[ ] those items into bank records.” FF 63–65.
$14 million in Keystone accounts and Advanta had serviced approximately $6.3
million. Buenger asked Compu-Link and Advanta in writing to verify the size of
Keystone’s loan portfolios. CompuLink verified, without explanation, that it had
serviced just over $227 million “of Keystone loans.” FN6
After receiving no response from Advanta for several weeks, Buenger followed
up by telephone and fax. The Advanta manager in charge of the Keystone
accounts, Patricia Ramirez, then sent Buenger a statement via FedEx indicating
that Advanta had serviced only approximately $6.3 million in Keystone
titanic*1340 discrepancy, Buenger did not request a written clarification as
required under Generally Accepted Auditing Standards (GAAS).FN8 Instead,
relying on the earlier telephone call with Ramirez, Buenger simply concluded that
the $242 million figure was accurate.
audit. See Ferriso v. NLRB, 125 F.3d 865, 871 (D.C.Cir.1997). Under 12 U.S.C.
§ 1831m(f)(1) an auditor examining a federally insured depository institution is
required to comply with GAAS. GAAS requires, inter alia, that an auditor exercise
“due professional care” and “professional skepticism” in conducting an audit. See
writing. See AU § 330.29. Buenger’s reliance on her telephone conversation with
Ramirez that Ramirez had located an additional $236 million in “Keystone loans”
flagrantly violated the requirement that all “significant” confirmations of financial
data be in writing.
independently verify the accuracy of the figures as they were required to do
under GAAS and Grant Thornton’s own internal audit manual.FN9 In reality
almost the entire $98 million that Keystone reported in interest income for 1998
did not exist-a fact that could have quickly been verified by requesting the
220-27. Nor does it appear that the auditors confirmed that any of the reported
interest income was in fact deposited in Keystone’s account by reviewing
Keystone’s general ledger. Compare Tr. 2502-10, Nov. 24, 2004 with FF 257.
FN9. See, e.g., FF 225 (“Grant Thornton did not follow the requirements of its
audit manual to conduct a ‘Comprehensive’ audit that called for primary reliance
upon a ‘test of details’ in connection with the audit of interest income from loans
serviced by third-party servicers.”); FF 230 (“Before an analytical test could be
used for substantive purposes in place of a ‘test of details,’ GAAS, as described
in Grant Thornton’s auditing manual, required Grant Thornton’s auditors to
identify and describe the internal controls pertinent to the assertions to be
audited, test the controls to be relied upon, and re-evaluate such controls in light
of the results to determine if reliance would be warranted.”); FF 232 (“Where an
entity’s internal controls have not been tested for reliability, GAAS imposes a duty
upon the auditor to independently verify all financial data generated internally or
otherwise provided by the client’s management before that data may be used for
overstated, the OCC contacted Grant Thornton. Grant Thornton performed a
“test of details” and uncovered the fraud in under one hour. See OCC. Dec. 30
(citing FF 226).
interest income, FF 259, and over $450 million in assets (approximately 50% of
the total assets reported by Keystone), id., and was “hopelessly insolvent,” OCC
Dec. 1. In September 1999, OCC ordered Keystone closed and appointed the
Federal Deposit Insurance Corporation (FDIC) as receiver. The Keystone
v. FDIC, Nos. 1:00-0655 et al., 2007 U.S. Dist. LEXIS 19379, at *100 (D.W.Va.
Mar. 14, 2007).
The conduct of the two Grant Thornton auditors can only be described as
amend their audit plan to require a “test of details”-in violation of Grant Thornton’s
own manual-after Keystone was classified a “maximum risk” audit.
Accountants and auditors perform a critical role in insuring the integrity of
what happened here.