Marcum Fined $10M by SEC and $3M by PCAOB for Shoddy Quality Controls in SPAC Audits

The PCAOB said on Wednesday that the $3 million penalty it gave Marcum is the largest doled out to a “non-affiliate firm,” meaning an audit firm that isn’t a member of a global network. Marcum has agreed to pay the $3 million fine, the PCAOB stated.

And in a first for the PCAOB, the audit regulator is forcing an audit firm to make functional changes to its supervisory structure related to the firm’s system of quality control. As part of the settlement, Marcum will have to create a new role and hire an individual to serve as head of the firm’s quality control system and to create a committee responsible for the oversight function for the audit practice.

“If firms put profits ahead of PCAOB standards that protect investors, there will be consequences,” PCAOB Chair Erica Williams said in a press release. “Today’s order makes clear, the PCAOB will use every tool at our disposal, including requiring a firm to change its supervisory structure, in order to ensure compliance with PCAOB standards.”

In a statement to Reuters, a Marcum spokesperson said, “We remain committed to maintaining the full confidence of our clients, regulators, and investors.”

Over a three-year period, Marcum more than tripled its number of public company clients, the majority of which were SPACs, including auditing more than 400 SPAC initial public offerings in 2020 and 2021, according to the SEC. But that influx of new clients exposed substantial, widespread, and pre-existing deficiencies in the firm’s underlying quality control policies, procedures, and monitoring. 

The SEC order says:

Marcum’s quality control and audit standard failures permeated most stages of engagement work—from client acceptance to risk assessments, audit committee communications, audit documentation, assembly and retention of audit documentation, engagement quality reviews, technical consultations, due professional care, and engagement partner supervision and review. At nearly every stage, Marcum lacked sufficient policies and procedures to provide reasonable assurance that engagements were conducted in accordance with professional standards. Further, Marcum did not sufficiently monitor the effectiveness of its policies and procedures and did not adequately communicate those policies and procedures to engagement teams. In sum, Marcum’s quality controls system failed and, as a result, certain audits were not conducted in compliance with PCAOB audit standards.

Depending on the audit standard at issue, violations were found in 25% to 50% of audits reviewed, with even more frequent, nearly wholesale violations found as to certain audit standards across Marcum’s SPAC practice, according to the SEC.

Here’s an example of the firm’s quality control failures pertaining to workpaper sign offs from the SEC order:

Marcum lacked sufficient policies, procedures, and monitoring related to workpaper sign offs, including the timing thereof, resulting in widespread violations of the underlying audit standard, AS 1215 [Audit Documentation], based on Marcum engagement partners, EQRs, managers, and staff-level personnel performing workpaper sign offs only subsequent to the release of audit reports and other issuances.

Prior to the release of an audit report, Marcum’s firm policy required engagement managers, engagement partners, and EQRs to sign off on a “routing slip” workpaper, which represented that all requisite reviews had been performed. EQRs were also required, prior to the release of an audit report, to sign off on an “EQR memo” workpaper, which provided information regarding the EQR’s review procedures. Marcum policy also required sign off on certain other workpapers, but did not require that such work paper sign offs be conducted prior to the report release date; Marcum required only that these sign offs were done prior to the documentation completion date prescribed by AS 1215.15 (45 days from report release date).

Marcum’s written policies failed to address explicit requirements of AS 1215.06(b), including that audit documentation reflect “the date such work was completed” and “the date of such review.”

In early 2021, Marcum conducted post-issuance inspections of its SPAC IPO workpaper binders (the “Post-Issuance IPO Review”). These inspections, conducted between one and three days after the relevant audit report was released, revealed that approximately three-fourths of workpaper binders contained one or more workpapers lacking both “preparer” and “reviewer” sign offs. These same inspections revealed that many workpapers required to be signed off on by engagement partners and EQRs—required per Marcum’s own policy—were not yet signed off on; depending upon the workpaper, across these inspections, the percentage of missing sign offs identified ranged from at least 10% to as high as 50%.

Also in early 2021, Marcum conducted a post-issuance inspection of 25 SPAC IPO audits whose workpapers binders had already been archived. Of these 25 binders, only eight were in compliance with Marcum’s documentation and sign off policies.

Additionally, a sampling review of 28 SPAC audit binders conducted by SEC staff in the Division of Enforcement (the “SEC Review”) revealed that over 25% of Marcum-required engagement partner sign offs were either conducted post-issuance or entirely missing. Among Marcum-required EQR sign offs, approximately one-third were either conducted post-issuance or entirely missing. The SEC Review revealed post-issuance and/or missing sign offs in every one of 28 SPAC audit binders reviewed. The SEC Review also revealed that many post-issuance sign offs were conducted only in connection with binder assembly and retention (or “archiving”) procedures, frequently conducted at or around 45 days post-issuance, if not later. Indeed, among the audit binders reviewed, half were archived outside of AS 1215.15’s 45-day “documentation completion date,” and contained sign offs by the engagement partners and EQRs that were executed post-45 days. The SEC Review, and in particular the time-stamps associated with the sign offs, also revealed that sign offs were frequently conducted in quick succession. Similar findings were observed outside the SPAC practice.

“Public company auditors occupy positions of trust that are critical to protecting investors and our capital markets more broadly,” SEC Chair Gary Gensler said in a press release. “Marcum neglected its essential gatekeeper function in service to its own growth. Marcum took on more than 600 new SPAC clients for a nearly six-fold increase in just one year, churning out audits at an unsustainable pace causing widespread quality control and audit standard violations that put its clients and the investing public at risk.”

The PCAOB piled on, saying Marcum’s system of quality control failed to provide reasonable assurance that the firm would:

• Undertake only those issuer engagements that the firm could reasonably expect to be completed with professional competence and appropriately consider the risks associated with providing professional services in the particular circumstances;
• Ensure that partner workloads were manageable to allow sufficient time for engagement partners and engagement quality review partners to discharge their responsibilities with professional competence and due care;
• Timely assemble complete and final sets of audit documentation;
• Timely and accurately file Form APs;
• Perform procedures to identify and assess the risks of material misstatement at the assertion level with respect to SPAC audits;
• Ensure that engagement teams were consulting with individuals within or outside the Firm, when appropriate, when dealing with complex issues;
• Perform sufficient procedures to determine whether certain matters were critical audit matters; and
• Make all required communications to issuer audit committees.

As part of its settlements with the SEC and the PCAOB, Marcum also must undertake several remedial actions, including retaining an independent consultant to review and evaluate its audit, review, and quality control policies and procedures, as well as abide by certain restrictions on accepting new audit clients.