A complete chronology of the KPMG Australia audit scandal, from whistleblower allegations and client confidentiality breaches to resignations, regulatory scrutiny and client fallout …
Inside Project Magenta: How Allens gave KPMG a pass on leaks
The top-tier law firm cleared KPMG of partner misconduct without interviewing a single outsider and using a literal reading of the allegations that have since engulfed the company.
Then, it all became too late and too public. On March 24, O’Neill detailed the whistleblower’s allegations in the Senate, claiming the firm’s auditors misused client data from some of the country’s biggest companies – including Lendlease, Dexus and Optus – to win auditing work.
KPMG was quick to react. The following morning, Michael Ebeid, an independent director who had read the contents of the Allens report, criticised O’Neill’s speech as “completely wrong” in an email to deputy chair Carmel Mortell and others. The same day, then-KPMG chief executive Andrew Yates and chairman Martin Sheppard said publicly the firm had “been unable to substantiate any claims of wrongdoing raised with us”.
A little over a fortnight later, on April 9, Hoggett, Rogers and Lawry all received their fines over what happened at the October 10, 2023 meeting. Yates stepped in to halve the recommended fines for Hoggett and Lawry.
It was only about this time that KPMG informed regulators about the allegations. Those probes are ongoing.
Six weeks later, Yates and audit boss Julian McPherson resigned and admitted that all the investigations until then, including the Allens investigation, had been inadequate. The firm, a long-term adviser to KPMG, is now running a fresh probe.
Sheppard, Hoggett and Rogers have resigned, Ebeid is KPMG’s new chairman and Mortell remains in charge of the investigation. Lawry remains the lead partner on the Westpac audit, which KPMG won five months after that fateful meeting.
The findings about the October 2023 meeting are a clear illustration of the tenor of Project Magenta.
Most telling is the list of who Allens questioned. All 14 interviews were of KPMG partners or directors. Twelve, including Yates and McPherson, were interviewed for just 30 minutes each, and Hoggett and Rogers were questioned for an hour. Sheppard wasn’t interviewed at all. Allens never reviewed mail boxes or other digital channels, interviewed junior staff members, or spoke to affected clients. The firm said a lack of detail from the whistleblower made it difficult to know who to talk to, but then did not speak to named individuals.
The whistleblower was not interviewed because he remained in a legal stand-off with KPMG over legal protections for his disclosures.
In any event, KPMG’s board subcommittee had the final say over what was probed and how. “The subcommittee will approve the scope and approach to the investigation. Our role will be strictly confined to that scope and adopt the approved approach,” Allens notes in the report.
In KPMG’s defence, it has never said Allens’ work was independent. It has instead studiously used the phrase “external investigation”, relying on the fact that a long history of companies commissioning “independent” probes to look into misconduct means most members of the public would conflate the two.
Another example of Allens’ light-touch approach related to the whistleblower’s allegations about the pursuit of another audit target. When Julian McPherson, then the head of audit, heard Telstra was putting its $14.5 million a year audit out to tender in December 2023, he called Malcolm Ramsay, the lead partner on Singtel Optus in Singapore.
McPherson wanted to ensure Ramsay told Singtel Optus that, if the firm won Telstra, there would be a separate KPMG team “with ethical dividers in place”.
McPherson’s Telstra pitch team then started learning about the sector from the ground up, including pumping the KPMG team at Singtel Optus for information about all aspects of their work and attending a “Telco 101” briefing.
The whistleblower claimed this conduct breached ethical rules, which Allens found was “not substantiated”.
The KPMG director on the Singtel Optus audit told Allens he “shared basic industry insights such as how, operationally, telephone calls are processed” and provided feedback on the Telstra team’s approach for the audit, but didn’t share anything about his client that wasn’t publicly available. Another KPMG partner on the Optus audit also sat on a “challenge” panel where he assessed a dry run of KPMG’s pitch for the Telstra work.
The law firm, without ever asking anyone from Singtel Optus or accessing documents or emails, said it could not find evidence confidential Optus information had been shared. Nor could it find any evidence the company had directed its auditors at KPMG “not to engage in any way” with the Telstra pitch team.
Six month later, on June 19 Yates told a parliamentary hearing that he resigned over the Optus-Telstra allegations. “I realised that there were things here that could have been found earlier,” Yates told parliament.
In that same hearing, Sheppard admitted that embedded within the KPMG documents about its Optus auditing work was information relating to the telco that “was unredacted”.
It was as the whistleblower had alleged. KPMG had shared confidential Optus information with the team bidding for Telstra.
Allens also examined other allegations related to the firm’s pitch for Telstra. The law firm concluded – after asking three partners – that there was no evidence that KPMG partners had covertly recorded confidential conversations, including with a Telstra executive. It also found that KPMG consultants briefed the audit team on “context” for its pitch was OK because the telco would have been aware such information would be shared. This is despite Allens never asking Telstra this and strict rules about firms’ consulting and auditing arms not discussing clients.
According to Allens, there were no issues with Yates taking his family to a P!nk concert, courtesy of Telstra chief executive Vicki Brady, while KPMG was bidding for the audit.
The lawyers also dismissed concerns that Yates had used his personal relationship with Dexus’ then-chief executive Darren Steinberg to get inside information about how KPMG’s pitch for his company’s audit was going.
The pair were friends and regularly played golf, Yates said, but he had not discussed anything that KPMG didn’t already know about the tender.
On April 30, KPMG provided a summary of the Allens report to the parliamentary committee looking into the scandal. That 11-page document features a table showing all allegations are “not substantiated” or did not “contain sufficient information to enable further investigation”.
The underlying Allens report makes it clear that the law firm, despite its minimal effort, had found several events alleged by the whistleblower did, in fact, take place. But it downplayed whether these amounted to wrongdoing by being overly literal against the exact wording of the allegations. Governance expert Helen Bird says these sorts of external inquiries are a “classic crisis management response” for companies facing a scandal, but their value and independence are ultimately limited by the fact the firm under investigation is also footing the bill.
“Findings need to be read in the light that the firm commissioning them pays the bill and often has a pre-existing relationship with them,” she says.
“In the KPMG/Allens report, you’ve also got a very long-standing relationship where KPMG is a client of Allens, and probably quite a valuable one … they have an ongoing interdependency.”
That the lawyers didn’t interview anyone outside KPMG, track down documentary evidence and drew inferences about the reliability of witness statements based on their authority within the firm further diminished the report, she said.
But these reports are not meant to be “subject to critical analysis” as companies fight to keep them private. Rather, Bird said, “they’re a form of insurance” should a crisis unfold. It means there can be issues in how extensive or appropriate the scopes and means of investigations are, but these rarely come to light.
Except, it’s since turned out, for this one. The Project Magenta report has now been supplied to the parliamentary committee investigating the whistleblower claims. No doubt they will have questions.
Perhaps magenta, a colour that is an optical illusion, is a fitting alias for an investigation where lawyers create the illusion of a conclusion, manufacturing a comforting reality out of what they chose to see, while blinding themselves to the truth in between.














