LETTER | Corporate fraud not overnight, takes years to plan, execute

LETTER | It is undeniable that in recent years there had been a number of severe financial fraud and audit failure cases that occurred in listed companies, which caused heavy losses to the investing public.

Because investors used financial information to evaluate and judge a company’s operating results and future, the misstatement of financial information is an important risk for investors. If a company’s financial information is misreported, either inadvertently or intentionally, it can mislead investors into making wrong decisions.

A study from 2017 titled ‘How pervasive is corporate fraud’ in the US suggested that only one out of three cases of public company fraud is detected and that one out of eight companies is engaged in fraud. The annual cost of corporate fraud to investors is also estimated to be in the range of US$180 to US$360 billion.

It is a question that always arises in the wake of any high-profile fraud: “How could this have happened?” Followed quickly by: “Who is responsible?”

Responsibility for fraud is a hot potato passed from hand to hand when disaster strikes. But whose job is it to detect and prevent fraud in the first place? And why has the proliferation of new regulations following each major outbreak of fraud failed to prevent its recurrence?

This prevalence of fraud in today’s environment for listed companies is astounding when one considers the architecture that is in place intended to eliminate it. At any sizable listed company, there is now a whole “financial reporting value chain” designed to detect fraud and remediate it before it has a material impact on the company’s results.

Management would assert that every questionable transaction was reviewed by outside lawyers and accountants, and therefore must have been perfectly legal.

The company’s auditors would explain that management concealed vital information from them or conspired to foil their audit process in devious ways.

When problems emerge, audit firms default to talking about an “expectations gap” between the degree of assurance audits provide and absolute assurance to excuse shortcomings.

The board of directors would claim ignorance of the details behind the reported financials, having relied in good faith on the statements of management and the competence of outside professionals.

The lawyers would love to explain what happened, but they are bound by sacred attorney-client privilege not to say a peep.

Corporate fraud often exhibits a certain degree of inertia. An analysis of fraudulent financial reporting by public companies in the US for the period from 1998 to 2007 by the Committee of Sponsoring Organizations (COSO) showed that the average time length of listed companies’ violations is 31.4 months.

If their fraudulent behaviour is not detected, these listed companies whitewash their financial statements in subsequent years. The COSO report also states that 40 percent of the cases have fraudulent periods longer than five years.

Common amongst these listed companies with long-term violations was the engagement in opinion shopping from audit firms in order to cover up unsatisfactory operating performance or achieve new financing needs. Due to Intense industry competition, audit firms are generally receptive to those requests from client companies.

Long-term violations of listed companies not only indicate that accounting information was seriously distorted, but also mean that auditors failed to effectively identify misstatements for many consecutive periods and did not perform audit responsibilities in accordance with relevant laws and regulations.

In summary, the COSO report appears to suggest that audit firms are more likely to be involved when their client companies commit fraud for a longer period of time.

Financial statement fraud is not only attributed to the low moral level of the executives of listed companies but also reflects the poor professional ability and ethics of auditors, which weakens the value of audit reports. Clearly, a lack of ethical boundaries brings out a propensity for bad behaviour.

There are also clear limits to what independent directors can accomplish given that board service is a part-time position. Famed investor Warren Buffet commented that “I’ve seen a lot of corporate boards operate. The independent directors, in many cases, are the least independent.”

If the fees directors receive to serve on boards make up a significant portion of their income, “they’re not going to upset the apple cart” by making management uncomfortable, according to Buffet.

Anyway, in most cases, independent directors depend on management to provide accurate information to monitor corporate performance and decision making. Despite the authority granted to them, some independent directors may feel pressured to stay in management’s good graces as long as the stock price is performing.

Where is the external auditor when it comes to fraud? Are they off the hook?

The auditor generally argued that the role of a statutory audit is to certify the financial statements of companies or public entities. They form professional opinions based on an evaluation of a company’s financial statements and work with the material that is provided to them, and process thousands of documents using sampling techniques and risk detection processes. They cannot test every transaction within a company.

Yes, the auditor has a legal obligation to report fraud to the authorities if it is detected in the course of the audit. This gets talked about a lot. But often, it seems, auditors prefer to quietly withdraw from troubled clients. This is surprising because given the standards for audit diligence and with the increasing availability of artificial intelligence tools, auditors should be able to flag suspicious patterns for further investigation more easily.

So far, it appears that the audit industry has acted as enablers rather than watchdogs when it comes to financial fraud. The auditors simply failed to follow basic audit procedures or accepted documents that were bogus at face value.

Because the compensation of senior partners is tied to keeping large clients happy, most of their energies go towards expanding the scope of engagement, rather than pressing uncomfortable questions on corporate management. Otherwise which industry would rather admit, over and over again that they’re idiots and incompetent and can be fooled over and over and over again by their own clients to evade liability?

Even though the political connection of a listed company influenced the regulator’s supervision in a recent case, it does not mean the regulators forgo their review of the auditors and their role during the years when they were the auditor. Their role and the historical records should also be examined thoroughly.

The Securities Commission as the gatekeeper of the capital market has a responsibility to avoid incidents of financial statement fraud as much as possible.

Presently, it appears that enforcement efforts in the financial market run in cycles, with urgent calls for accountability following major market downturns, often followed by a laxer approach during bull markets.

Structural changes effective in reducing fraud across the market cycle could be introduced. In 2017, the Public Accounting Oversight Board (PCAOB) in the US modified the responsibilities of the auditor to make it clear that detecting fraud is within the scope of those duties.

Maybe the regulators here could follow suit and extend the auditor’s mission to include an “obligation” to detect fraud in the future.

This is a very timely topic which deserves a collective reflection involving issuers and the market regulator who also have a responsibility to set the “right” conditions to enable better fraud detection. There is no simple solution.

The views expressed here are those of the author/contributor and do not necessarily represent the views of Malaysiakini.