The Public Company Accounting Oversight Board imposed its largest ever penalty of $25 million against KPMG’s firm in the Netherlands, in addition to $2 million in fines against Deloitte’s firms in Indonesia and the Philippines, accusing the firms Wednesday of cheating on exams and sharing answers.
In the KPMG Netherlands case, the PCAOB posted two settled disciplinary orders sanctioning KPMG Accountants N.V. in addition to its former head of assurance, Marc Hogeboom, accusing them of violating the PCAOB rules and quality control standards pertaining to the firm’s internal training program and monitoring of its quality control system. The PCAOB said it found widespread improper answer sharing happening at the firm over a five-year period and that the firm made multiple misrepresentations to the PCAOB about its knowledge of the misconduct. The PCAOB learned of the exam cheating through a whistleblower report it received in 2022.
“The growth and breadth of exam cheating in this case was enabled by the firm’s failure to take appropriate steps to monitor, investigate and identify potential misconduct,” said PCAOB chair Erica Williams during a press conference Wednesday. “Furthermore, during the course of our investigation, the firm submitted and failed to correct multiple inaccurate representations to the PCAOB. For example, the firm claimed to have no knowledge of answer sharing prior to the 2022 whistleblower report. Yet this could not have been true because members of the firm’s management board and supervisory board who signed off on that submission to the PCAOB have in fact cheated themselves. But it doesn’t end there. KPMG Netherlands’ CEO learned the submissions were inaccurate and failed to inform anyone until months later, when a second whistleblower came forward. Only then did the firm correct the inaccurate representations to investigators. This misconduct reveals an inappropriate tone at the top and a complete failure of firm leadership to promote an ethical culture worthy of investors’ trust.”
PCAOB chair Erica Williams
The sanctions imposed by the PCAOB included a $25 million civil money penalty on KPMG Netherlands — the biggest fine ever levied by the PCAOB — along with a permanent bar and $150,000 civil money penalty on Hogeboom.
KPMG Netherlands acknowledged the problems at the firm and its CEO apologized. The investigation revealed that from at least October 2017, over 500 people at the firm were involved in some form of improper conduct, including sending or receiving answers to training tests and providing or receiving assistance in taking such tests. The firm said the settlement reflects that KPMG Netherlands violated a number of PCAOB rules.
“The conclusions are damning, and the penalty is a reflection of that,” said KPMG Netherlands CEO Stephanie Hottenhuis in a statement. “I deeply regret that this misconduct happened in our firm. Our clients and stakeholders deserve our apologies. They count on our quality and integrity as this is our role in society, with trust as our license to operate.”
The firm said that after the investigation, people, at all levels of seniority, who participated in answer sharing have been sanctioned, and some of them had to leave the firm. After the second whistleblower notification, with regard to a member of the management board, all members of the board of management and supervisory board were subject to additional personal investigations into their involvement in answer sharing. The investigation led to the departure of the former head of assurance as a partner in the firm. The chairman of the supervisory board resigned after admitting he had received assistance in completing a training test.
The PCAOB and the Dutch Authority for the Financial Markets conducted parallel investigations, and the Dutch AFM separately imposed enhanced supervision measures under Dutch law to prevent recurrence of such behavior.
KPMG Netherlands said it has now taken several targeted remedial measures and is working on further improvements in policies and procedures relating to the assessment of mandatory training and internal culture. The remediation process is under the enhanced supervision of the AFM. The supervisory board of KPMG Netherlands will also monitor this closely.
“It is a hard lesson, and we are learning from this,” said Hottenhuis. “We have reviewed our approach to mandatory testing and made meaningful changes to our learning and development programs. We also have implemented controls to monitor whether training tests are being completed appropriately and will continue to do so going forward. We will continuously improve, and we must ensure we do our training sessions appropriately, sustainably.”
KPMG Netherlands also plans to encourage its employees to speak up about improper behavior. “This is a significant failure in our duty to serve the public interest,” said Hottenhuis. “Trust is essential in our business, and we must learn from this and make a change in our culture and behavior. Additional programs on ethical decision making are being rolled out for all teams. This is a critical topic that will remain on the agenda of all leaders and for everyone at our firm.”
The PCAOB said that from 2017 until 2022, hundreds of professionals at KPMG Netherlands engaged in improper answer sharing — either by providing access to test questions or answers, or by receiving such access without reporting it — in connection with tests for mandatory firm training courses. The courses related to different topics, including U.S. auditing standards, professional ethics and independence. The improper answer sharing reached as far as partners and senior firm leaders, including Hogeboom (who at the time was the firm’s head of assurance and a member of the firm’s management board). The growth of this widespread answer sharing was exacerbated by the firm’s failure to take appropriate steps to monitor, investigate and identify the potential misconduct. For example, starting in June 2020, the firm was aware that answer sharing had occurred at a KPMG service delivery center serving KPMG Netherlands and KPMG LLP in the United Kingdom, and the sharing had extended to the U.K. firm’s personnel. Nevertheless, KPMG Netherlands took virtually no steps to investigate potential answer sharing among its employees until a whistleblower reported the misconduct in July 2022.
Without admitting or denying the findings, the firm and Hogeboom agreed to the PCAOB’s respective orders against them. KPMG Netherlands was censured and agreed to pay a $25 million civil money penalty. The firm also agreed to review and improve its quality control policies and procedures to provide reasonable assurance that its personnel act with integrity in connection with internal training, and to report its compliance to the PCAOB. Hogeboom was censured, permanently barred from being an associated person of a registered public accounting firm, and agreed to pay a $150,000 civil money penalty.
Attorneys for Hogenboom and KPMG Netherlands did not immediately respond to requests for comment.
Deloitte Indonesia and Philippines
In the cases involving Deloitte’s member firms in Indonesia and the Philippines, the investigations also uncovered problems with exam cheating and answer sharing on training tests and coverups at high levels of the firms.
The PCAOB announced three settled disciplinary orders sanctioning Imelda & Raken (Deloitte Indonesia), Navarro Amper & Co. (Deloitte Philippines), and the Philippines firm’s former national professional practice director, Wilfredo Baltazar, for violating PCAOB rules and quality control standards relating to the firms’ internal training programs and monitoring of their systems of quality control that led to pervasive cheating.
From 2017 to 2019, the PCAOB said Deloitte Philippines’s audit partners and other personnel engaged in widespread answer sharing — either by providing answers or using answers — or received answers without reporting such sharing in connection with tests for mandatory firm training courses. On at least six occasions, Baltazar, who was the partner who was supposed to be responsible for e-learning compliance, shared answers to training assessments with other audit partners at the firm. (He has since left the firm.) Attorneys for Baltazar and the firms did not immediately respond to requests for comment.
From 2021 to 2023, over 200 professionals at Deloitte Indonesia engaged in answer sharing. The firm’s failure to detect and deter improper answer sharing by its personnel happened despite numerous warnings from Deloitte Global and regional leadership that answer sharing was impermissible.
Without admitting or denying the findings, Deloitte Indonesia, Deloitte Philippines and Baltazar agreed to the PCAOB’s respective orders against them. Deloitte Indonesia and Deloitte Philippines were censured, and each agreed to pay a $1 million penalty. The firms also agreed to review and improve their quality control policies and procedures to provide reasonable assurance that their personnel act with integrity in connection with internal training, and to report their compliance to the PCAOB.
Baltazar was censured, barred from being an associated person of a registered public accounting firm with a right to apply to terminate his bar after three years, and agreed to pay a $10,000 civil money penalty that reflects his financial resources. The PCAOB said it would have imposed a civil money penalty of $50,000 if it hadn’t considered his financial resources.
“Today’s orders demonstrate that an inadequate tone at the top, particularly with regard to issues of integrity and personnel management, can permeate all levels of a firm,” said Robert Rice, director of the PCAOB’s Division of Enforcement and Investigations, in a statement.
Since 2021, the PCAOB has sanctioned nine registered firms for quality control deficiencies related to the inappropriate sharing of answers on internal training exams.
“I want to be very clear: The PCAOB will not tolerate exam cheating, nor any other unethical behavior period,” said Williams. “Impaired ethics erode trust and threaten the investor confidence our system relies on. The PCAOB will take action to hold firms accountable when they fail to enforce culture, honesty and integrity.”
Accounting Today asked Williams during the press conference whether the new standards proposed Tuesday for firm reporting and engagement metrics would have ferreted out such conduct.
“The goal of those proposals is to provide consistent information about audit firms in their audit engagements to help bolster confidence in our markets and strengthen oversight and empower investors and audit committees as they make informed decisions in order to help drive product quality forward,” Williams responded. “As I noted yesterday, I look forward to reviewing all the input we receive and encourage anyone who’s interested to submit a comment.”
Record levels of enforcement activity
The PCAOB has been cracking down on firms and auditors alike, according to a report released Wednesday by Cornerstone Research.
The report found the PCAOB publicly disclosed 46 total enforcement actions, 37 of which related to the performance of an audit (auditing actions), an increase of more than 28% from 2022. Twenty-nine of the 37 auditing actions were concluded in the second half of 2023, matching the total number of auditing actions for 2022. Monetary penalties totaled $19.7 million, nearly doubling the previous record of approximately $10.5 million in 2022.
“There was a notable shift in the types of respondents in 2023 auditing actions,” said Jean-Philippe Poissant, who co-authored the report and is co-head of Cornerstone Research’s accounting practice, in a statement. “In the past, two-thirds of respondents were individuals. Yet in 2023, two-thirds of respondents were firms. This shift was the result of a substantial jump in the number of auditing actions that only involved firms.”
The great majority — 79% — of the auditing actions in 2023 included alleged violations of auditing standards. Some 60% of those actions included additional allegations related to ethics and independence standards, quality control standards or both. For the first time, the PCAOB included allegations related to critical audit matters, or CAMs, in enforcement actions, with three actions including such allegations.
Of the $19.7 million in total monetary penalties in 2023, $18.8 million were imposed on firms, nearly twice the $9.5 million imposed on firms in 2022. Some 15% of the firm respondents were required to obtain an independent consultant.
Many of the penalties involve firms outside the U.S., as in the cases today involving Big Four affiliates in the Netherlands, Indonesia and the Philippines.
“More than two-thirds of the PCAOB’s record-setting monetary penalties were imposed on non-U.S. respondents in 2023, even though non-U.S. respondents accounted for less than half of the auditing actions during the year,” said Russell Molter, a principal at Cornerstone Research and report co-author, in a statement.
The number of respondents in auditing actions totaled 53, a 23% increase over 2022, according to the report. The PCAOB settled four actions involving three China-based firms after securing access to inspect and investigate Chinese firms in 2022.
For the second year in a row, there were no enforcement actions related to a company’s disclosure of a material weakness in internal control. In contrast, SEC enforcement actions that referred to an announced restatement and/or material weakness in internal control reached their highest levels in recent years.
Violations of quality control standards were alleged in more than half of the actions involving firm respondents. Nearly 80% of the total monetary penalties in 2023 were assessed on just six defendants. The proportion of individual respondents who were barred increased from 64% in 2022 to 85% in 2023.
Enforcement activity appears to be on course for another record-setting year in 2024.
“This board set a goal to strengthen PCAOB enforcement, and we are doing just that,” said Williams during Wednesday’s press conference. “As of today, the PCAOB has imposed $34 million in penalties this year alone, and it’s only April. We set a record in 2022. We broke that record in 2023, and we are breaking it again today.”
In today’s digital business environment, backing up bookkeeping data is not just a good practice—it’s a critical part of financial management. Your financial records are among your company’s most valuable assets. Losing them can lead to serious consequences, from lost revenue and legal penalties to a complete breakdown of operations. Whether you’re a small business owner or a large enterprise, understanding the importance of data backup in bookkeeping can save you from irreversible damage.
Why Financial Data Backup Matters
Financial data backup is essential because data loss can happen at any time. It can come from hardware failures, cyberattacks, software crashes, natural disasters, or even simple human mistakes. One accidental deletion or system crash could wipe out years of financial records, including invoices, receipts, tax filings, payroll data, and customer information. Without a solid backup plan, restoring that information can be impossible, leading to compliance violations and major setbacks.
Business Continuity and Bookkeeping Reliability
One of the main goals of any data backup strategy is business continuity. When your financial information is backed up and easily restorable, your business can continue to function even after an unexpected event. This minimizes downtime and ensures your bookkeeping stays accurate and up to date. Whether you face a cyberattack or a flood, a reliable backup ensures you can access your critical financial records and get back on track quickly.
Follow the 3-2-1 Backup Rule
A best practice for data backup is the 3-2-1 rule, which stands for:
3 copies of your data (one primary and two backups)
2 different types of media (for example, a computer hard drive and an external USB drive)
1 copy stored off-site, such as in a secure cloud-based system
This approach protects your financial data from all types of risks, including physical theft or natural disasters that could destroy all on-site backups.
Use Cloud Backup Solutions
Modern cloud accounting software like QuickBooks Online, Xero, and FreshBooks often include automatic data backup features. These platforms store your information in secure, off-site servers and regularly update your data in real time. While this offers a great layer of protection, businesses should still maintain independent backups—either through cloud storage providers like Google Drive or Dropbox or through physical external drives.
Automate Your Backup Schedule
To avoid the risk of forgetting manual backups, it’s smart to set up automated backup schedules. Most businesses benefit from:
Daily incremental backups (to capture changes made each day)
Weekly full backups (to maintain a complete and up-to-date copy)
Additionally, consider making extra backups after major financial activities, such as closing the month or completing annual reports. This ensures that your most important financial data is stored securely at critical checkpoints.
Test Your Backup Systems Regularly
Backing up your data is only half the job. The other half is making sure you can successfully restore it when needed. Many businesses make the mistake of assuming their backup systems work, only to discover too late that their files are corrupted or inaccessible. Set a quarterly schedule to test your backup restoration process. Restore files in a test environment and make sure they are complete, accurate, and usable.
Keep Backup Data Secure
Your financial data contains sensitive business information, including banking details, employee records, and customer data. This means your backup system must be just as secure as your main systems. Use strong encryption, require password protection, and enable multi-factor authentication (MFA) on your cloud accounts. Make sure that only authorized personnel have access to backup files, and regularly audit access permissions.
Store Physical Backups Off-Site
If you use external hard drives or USB devices for backup, store at least one copy off-site. Keeping all backups in the same location exposes your data to risks like fires, floods, or theft. Consider storing a copy at a trusted partner’s office, a secure storage facility, or even using a backup vaulting service.
Stay Compliant with Legal and Tax Requirements
In many industries, financial records must be retained for several years to meet legal and tax obligations. Failing to back up your bookkeeping data can result in penalties during audits or investigations. Keeping reliable backups helps you meet these requirements, providing a digital paper trail of your financial activities.
Make Backup Part of Your Financial Strategy
Treat your bookkeeping backup system as an essential part of your business strategy. It’s not just about preventing disaster—it’s about preserving your financial history, supporting compliance, and keeping your business running smoothly. Regular data backups give you peace of mind and a safety net to fall back on when the unexpected happens.
Conclusion: Backup for Long-Term Success
Backing up your bookkeeping data is one of the smartest moves you can make to protect your business. With cyber threats rising and unexpected issues always a possibility, a strong data backup system ensures your financial records are always safe, accessible, and intact. By following best practices like the 3-2-1 rule, automating schedules, securing your data, and regularly testing your system, you build a reliable foundation for your financial operations. Make data backup a non-negotiable part of your bookkeeping routine, and you’ll be well-prepared for whatever challenges come your way.
Thirteen accounting firms have united to form Sorren, a national firm backed by private equity firm DFW Capital Partners that will have over a thousand employees and 20 offices across the country.
Operating in an alternative practice structure as Sorren CPAs PC for attest services and Sorren Inc. for business advisory and non-attest services, the combined firms have 85 partners and approximately $170 million in revenue, with plans to add more firms going forwards.
Many of the founding firms met as members of the BDO Alliance, and their leaders had gotten to know one another as attendees at alliance meetings and managing partner roundtables, according to Josh Tyree, the president of Sorren, who was previously president of Harris CPAs, an Idaho-based firm that was the first of the group to go the PE route, signing up with DFW in January 2024.
Sorren’s headquarters in Boise, Idaho
“Harris had started looking at that process with DFW for a good chunk of 2023,” Tyree recalled, “and I remember we were having a managing partner roundtable meeting in Nashville that year in the fall, and they were all there and I raised my hand after two hours of talking about PE and I said, ‘Hey guys, I think I’m going to jump in feet first and you guys should all come and join us.'”
And they did — with individual firms joining up with DFW over the course of 2024, and a large group in January 2025.
“There was a level of comfort,” he explained. “We knew all of our firms and our people and what we do and how we do it because we’d shared so much information over the years.”
Apart from Harris, the other firms currently comprising Sorren are:
Acuity (Georgia);
Aycock & Co. (Texas);
Capital Nomics Valuations (California);
Chigbrow Ryan Murata (Idaho);
Hoerber Tillman & Co. (Florida);
JRJBF (Illinois);
KDP Advisors (Oregon);
KMA Advisors (Wisconsin);
Pisenti & Brinker (California);
Roeser Accountancy (California).
SBF Advisors (Florida);
Stockman Kast Ryan & Co. (Colorado).
Allan Koltin, CEO of Koltin Consulting Group, said in a statement, “What makes Sorren stand out is the way these firms came together — with intention, shared values, and a commitment to staying deeply connected to their local markets. This group didn’t just merge for size; they united around a common purpose. It’s a blueprint for how innovative firms can grow, while staying true to who they are.”
Josh Tyree
The firms all have a strong focus on small and middle-market businesses and nonprofits that want a local firm feel and relationship, even if they need services across the country. As it adds new firms, Sorren will prioritizing those that are a fit with their current culture.
“If we go into another region, we want to start with leadership and good people; we’re not just randomly going out to try and find any firm that meets [a client need],” Tyree explained. “It really has to fit our culture and it has to have a leader in that area for us to go into that services.”
He also made the point that Sorren is still very much a work in progress — relying on current firm expertise to build national practices in tax, assurance, CAS and advisory.
“One goal when we originally started was we wanted to get to enough mass size that we could really start to build this by using leadership from and talent from all the firms that came on board,” Tyree said.
“It’s going to be super fun, but it’s a lot of work,” he added. “If all you’re looking to do is do a rollup or something like that, that’s probably not our style. We’re trying to create this for our type of client and our type of cultures. And we think there’s a little void there where we can do it.”
Donald Trump’s promise to strip Harvard University of its tax-exempt status prompted criticism Friday from a former Internal Revenue Service commissioner in the president’s first term, who said the process would take years and need a judge’s approval.
“The IRS will not allow itself to be weaponized,” former IRS Commissioner Charles Rettig said in an emailed statement to Bloomberg News. Rettig, who oversaw the agency from 2018 to 2022, was asked to respond to Trump’s social media post early Friday that said: “We are going to be taking away Harvard’s Tax Exempt Status. It’s what they deserve!”
Trump made the announcement after weeks of threatening a change to the school’s tax-exempt treatment, stepping up his attack on the Ivy League school.
Federal criminal law bars President Trump or the vice president from ordering the IRS to punish his political opponents or reward his allies. Rettig said the Treasury Department’s Inspector General for Tax Administration “closely monitors and investigates efforts to possibly influence IRS operations.”
The IRS cannot take any action on an organization’s tax-exempt status “without conducting an appropriate examination that would provide relevant information objectively supporting such an action,” Rettig said. “The IRS does not and should not conduct a ‘fishing expedition’ designed to hopefully uncover a relevant issue.”
Organizations also have administrative and judicial appeal rights that can take years to resolve before a federal judge approves a change in tax-exempt status, he said. “Throughout that process, there are many opportunities for resolution that would not result in the removal of the tax-exempt status of an organization,” he wrote.
Trump’s fight with Harvard escalated after it rejected his administration’s demands to reform campus policies to combat antisemitism and promote viewpoint diversity. The administration has frozen $2.2 billion in funding that supported projects including ALS and tuberculosis research.
On April 21, Harvard sued the U.S., claiming the funding freeze violated its free speech rights, and the government cannot dictate what it teaches, who it hires, and which students it admits.
In Trump’s second term, four people have held the IRS commissioner’s job on an acting basis.