KPMG Australia mishandled a whistleblower and lost its top leadership
KPMG Australia is one of the country's biggest accounting firms. In a matter of weeks it lost its chief executive, its chair, and its head of audit. The trigger was not a missing report line. A whistleblower raised the alarm inside the firm back in 2024. KPMG just handled that report badly, and the cost landed on almost everyone.
Key Takeaways
- A KPMG whistleblower said senior KPMG staff misused a client's confidential board papers to chase audit work.
- KPMG's own internal review cleared those involved, then was later judged inadequate.
- The whistleblower resigned and paid a heavy personal and career cost.
- Within weeks the firm lost its CEO, chair and head of audit, plus the two named auditors.
- A reporting channel only works if the firm acts on the report and shields the person who sends it.
What the whistleblower actually exposed
The whistleblower said KPMG used one client's secrets to win business from others. KPMG was the outside auditor for the property group Lendlease, and that job gave its auditors access to Lendlease's confidential board papers. Those papers held something a competitor would love to see: the audit bids that rival firms EY and PwC had sent in to Lendlease.
Senator Deborah O'Neill
©Deborah O'Neill (CC BY-SA 4.0)
To be clear on who is who: KPMG, EY and PwC are all rival accounting firms. Lendlease, Westpac and Dexus are the companies whose audits they compete to win. KPMG was already Lendlease's auditor, so its own staff could see those confidential documents. EY and PwC were still bidding to take that work over.
Here is how the papers handed KPMG an edge. A rival's bid is a roadmap. It shows the price the rival would charge, the team it would put on the job, and the way it sells itself. A competitor that holds those documents knows exactly what it is up against. The chain the whistleblower described was simple:
- EY and PwC each bid to become Lendlease's auditor, and their proposals ended up in Lendlease's board papers.
- KPMG was already Lendlease's auditor, so KPMG's own auditors could see those rival proposals.
- Those KPMG auditors then used what they had seen while bidding for the audits of other companies, the bank Westpac and the property group Dexus.
- Knowing how EY and PwC priced and pitched, KPMG could shape its own offers to beat them.
And it paid off. KPMG won the work it chased, including the Westpac audit, reported at about 32 million Australian dollars. The firm later admitted that one of its own auditors had opened two Lendlease board documents through a shared folder while KPMG was bidding for that Westpac job, and conceded the auditor should never have viewed them. By the time the firm's chair faced the Senate, he accepted there had been three separate incidents of this kind, not one.
The allegations became public on 24 March 2026. Labor Senator Deborah O'Neill used parliamentary privilege to read them into federal parliament. She said the lead KPMG auditors on the Lendlease account had taken documents and kept them in a locker. What looked at first like a single suspect bid now looked like a pattern.
Why KPMG's own investigation cleared everyone
KPMG looked into the claims itself first, and found nothing it could prove. That internal review did not stand up. The firm later accepted it had not been run with the rigour the case needed. So the very process meant to test the whistleblower's report instead waved it through. The wrongdoing stayed hidden for months longer than it should have.
Part of the failure was how KPMG framed the report. It treated the matter more like a staff complaint than a serious audit problem. That choice shaped who looked at it and how hard they pushed. Once the claims went public, the firm handed the job to an outside law firm, Allens, and said it had sanctioned the people involved. But that came only after a senator had aired the story in parliament.
The order of events is the damning part. The check came late, it came from outside, and it came under public pressure. None of that is how a trusted channel is supposed to work. A report is meant to be tested fairly the first time, by people willing to follow it wherever it leads, not cleared and shelved until someone forces a second look.
The paper trail backs the worker. Lendlease wrote to KPMG on 30 April 2026 to confirm what had happened with its documents. KPMG says it then sanctioned the people involved, and that a board sub-committee signed off on those penalties. Yet all of that came after the public reckoning, not the original report. The internal process had already had its chance, and missed it.
The whistleblower lost more than the accused did
The person who raised the alarm paid the highest price of anyone. They tried the inside routes first. When those went nowhere, they went to Senator O'Neill. By the time the story broke, the whistleblower had resigned, and the firm accepts the experience caused real harm. The people they named, by contrast, kept their senior standing at the firm.
Parliament House, Canberra, where the allegations were aired under privilege. Photo by Kgbo (CC BY-SA 4.0)
At the Senate hearing, the gap was put plainly. Senator Paul Scarr pressed KPMG's outgoing chair, Martin Sheppard, on what the firm's apology was actually worth to the person who had carried the cost.
"Your words on a piece of paper don't feed the whistleblower and his family, don't pay the mortgage, don't restore their professional career."
Senator Paul Scarr, Senate committee hearing, June 2026
Senator Deborah O'Neill, who had first aired the allegations, framed the worker as the one person in the room who had acted against their own interest. Reporting the misconduct could only hurt them, and it did. It is the same bind faced by the young insiders who exposed Theranos, who put their own careers on the line to come forward. Yet without that choice, the misuse might never have surfaced at all.
"This person is an Australian hero, because they've outed conduct that's against their own interest to do so."
Senator Deborah O'Neill, Senate committee hearing, June 2026
The firm did not really contest the point. Sheppard told the committee it was uncomfortable to sit there knowing the frustration KPMG had caused, especially over the way it had presented the whistleblower's protections to him. The Australian Broadcasting Corporation's 7.30 program laid out the sequence in detail.
How far the fallout has spread
The damage moved fast once the report was public. KPMG lost three of its most senior leaders inside a month, a decades-old client walked away, and a regulator opened a formal probe. The table below tracks how a single buried report turned into a firm-wide crisis.
| When | What happened |
|---|---|
| 2024 | Whistleblower raises the Lendlease concerns inside KPMG; the internal review clears the auditors. |
| 24 March 2026 | Senator O'Neill reads the allegations into federal parliament. |
| 29 May 2026 | CEO Andrew Yates and head of audit Julian McPherson resign. |
| June 2026 | Lendlease ends its 68-year audit relationship with KPMG; ASIC confirms it is investigating. |
| 23 June 2026 | Chair Martin Sheppard and auditors Paul Rogers and Eileen Hoggett resign from KPMG. |
The client loss stung most. Lendlease ended an audit relationship that had run for 68 years, calling the misuse of its papers a grave breach of trust. The corporate regulator ASIC then opened a formal investigation. Its chair, Sarah Court, told the Senate that three registered auditors were in scope, and that the picture was still moving. Reports also said the Reserve Bank was preparing to drop KPMG from its whistleblower hotline work.
Westpac Place, Sydney. KPMG won audit work from Westpac during the period the papers were misused. Photo by J Bar (CC BY-SA 4.0)
The fallout reached the public purse too. Roughly 270 million dollars of government contracts came under review as the scandal grew. The leadership clear-out was the firm's attempt to draw a line, with an independent chair and new outside board members promised.
Why the firm itself faces a one-million-dollar ceiling
The individuals can be chased, but the firm itself is hard to punish in full. KPMG runs as a partnership, which means its senior people own the firm rather than work for one company. So the regulator can mainly go after individual auditors, not the whole business. And special Australian rules cap the damages these firms must pay, which softens the blow at the top.
A former KPMG executive, Brendan Lyon, made this point during the hearings. In 2020 he alleged that senior figures at the firm had pressured him over a hole in the New South Wales state budget. He says he was bullied out of the firm, and he sees the same forces at play now. In his telling, the pull toward fee income runs over the professional rules that are meant to hold it back.
Lyon argues the penalties simply are not big enough to change behaviour. He notes that Australia limits the total damages payable by these firms to about a million dollars each, a tiny sum once it is split across the firm's owners. When the upside of winning a contract dwarfs the downside of getting caught, the maths pushes the wrong way. That, he says, is the deeper problem the resignations do not fix.
There is a wider cost here than one firm's name. An audit only means something if the auditor stands apart from the company it checks. When the people signing off on a bank's accounts are the same people accused of trading on a client's secrets, that trust takes a hit. Investors lean on audited figures. So do regulators and ordinary savers. A scandal like this chips at the whole system, not just KPMG. It runs along the same fault line as Enron, where Sherron Watkins exposed the accounting fraud that took down its auditor Arthur Andersen, and WorldCom, where internal auditor Cynthia Cooper uncovered a multibillion-dollar fraud. Each time, the figures the public trusted turned out to be fiction.
What a working report process would have done differently
Strip the case back and one thing stands out. KPMG had a way to report. What it lacked was the will to act on the report once it arrived. A channel that takes in a complaint and then clears it without real scrutiny is worse than no channel, because it lets the firm believe the matter is closed. The fix is in how a report gets handled once it lands.
- Investigate as if the claim is true, and test it hard the first time, not only when a senator forces it.
- Keep the reporter out of the line of fire, with anonymity and clear rules against payback.
- Send the report to people without a stake, because an independent reviewer beats colleagues judging colleagues.
- Track the report from start to finish, so a logged trail makes a quiet shelving far harder to pull off.
This is the gap good whistleblowing software is built to close. A tool like WeMoral gives a worker a secure, anonymous way to report, a record of every step that follows, and protection from retaliation along the way. None of it removes the need for honest judgement. But it makes the quiet burial of an awkward report much harder, which is exactly where KPMG came undone.
The firm will rebuild its board and rewrite its rules, and in time the headlines will fade. The harder question sits with the worker who started it. They followed the inside path, were proven right, and still lost their career, while the people they named kept their reputations until the press forced a reckoning. Until that imbalance flips, the next person who spots something wrong has every reason to stay silent.
Banner photograph: KPMG signage on the Bay Adelaide Centre tower. Photo by Raysonho (CC0)
Researcher and data analyst in whistleblowing. Tells the stories of famous whistleblowers and the history behind their fight for accountability.