The Australian Financial Review (AFR) has just reported on an emerging scandal at KPMG in Australia. It recounts how senior executives and other employees were found to have cheated on a regulatory compliance test, as discovered through a whistleblower complaint, and subsequently verified during a comprehensive third-party investigation.
The test in question was originally offered in December 2019 and January of this year. A 20 question multiple-choice exam, the test is given at the end of an annual training course on KPMG’s policies and local regulatory requirements related to ensuring auditor independence. KPMG Australia’s CEO announced that virtually all employees would retake the training and the test.
There are a number of items that are striking about both the cheating scandal and the response by KPMG.
First, the training itself seems to have been fairly routine. Training programs of this kind have become ubiquitous as firms scramble for solutions to their persistent conduct risk challenges. These programs cover a variety of topics including #MeToo training, general ethics training, and training regarding specific compliance topics, such as insider trading.
Our own experiences with such programs suggests that the programs, and their accompanying tests, are designed with a view to achieving 100% success rates, rather than selecting for failure, as might be expected in a licensing exam, for instance. As such, a 20 question multiple-choice test on a topic that KPMG consultants review annually, and that consultants must navigate on a regular basis, should not have been a terrible challenge. It certainly wouldn’t require cheating for any reasonably competent consultant.
Second, the cheating reflects a cultural element. The training program reportedly takes 2 hours: a significant amount of time for consultants billing hundreds of dollar per hour. These training programs are often boring, simplistic, and perceived either as lacking relevance to the test-taker’s “real world” experience of the workplace, or being so bloody obvious as to be meaningless in any practical sense. It is not a stretch to imagine that the cheaters at KPMG may have been motivated to avoid ‘wasting time’ on the training and, thus, sought short-cuts.
Such a benign motivation — “let’s not waste time” — may explain the brazen openness of the cheating, which took place across archived and searchable corporate communications platforms. Cheaters could thus assume that they left an evidentiary trail. But, if they perceived their behavior to reflect simply “the way things are done here,” it is likely that they were not troubled by leaving behind clear markers discoverable through subsequent internal investigation — notably, precisely the kind of internal investigation that KPMG and its peers regularly offer clients!
And thirdly, it is interesting to consider KPMG’s response: requiring that all key employees, including 600 partners and 5,900 client-facing staff, retake the 2-hour training and the exam. Effectively, those that followed the rules will be treated the same as those who didn’t. The implicit priority is thus not to ensure compliance: most employees presumably demonstrated mastery of the content the first time through. Rather, it appears that for KPMG leadership the goal is to demonstrate uniform task completion.
Behavioral science would suggest that this will lead to unintended consequences. In a note sent to employees after the cheating was discovered, KPMG emphasized that they want all of their people to come forward whenever they see unethical or inappropriate behavior. Yet the cost of coming forward in this instance (e.g., “whistleblowing”) has resulted in a penalty for everyone. One wonders whether fingers will be pointed at the small group of cheaters or if staff will instead blame an “over-zealous” whistleblower for having to sit through the tedium of the training and exam for a second time.
Our experience suggests that the response from KPMG’s leadership will have little impact on the cultural dynamics that led to the scandal in the first place. ‘Tone from the top’ and rigid compliance controls may represent good practice, but it’s the ‘tone from the middle’ that shapes behavior. KPMG would be well advised to focus its attention to that. Demonstrating its success in this regard would likely go a long way towards winning opportunities to help their clients to do the same.
The full article is available here.