In this article, I have set out some danger signs to look for
and provide an overview of actions to consider in the event that such misconduct
is discovered. I hope this helps to ensure that the ‘modesty’ of many
organisations continues to be preserved.
The potential impact :
The shockwaves caused by accounts manipulation can be severe
and invariably spread far wider than the organisation concerned; the sector as a
whole may be affected or at a larger level, the economy may be hit as well. The
demise of Enron is an obvious example. Another case in point is Satyam, where
the stakeholders are shocked at the size as well as the duration of time for
which the fraud went unnoticed.
The discovery of accounts manipulation will inevitably have a
far-reaching impact, even if it has not caused the victim organisation an actual
cash loss. Loss of reputation is a bigger loss than cash loss, as this loss is
not quantifiable and has far-reaching effects on the organisation as a whole.
The management will be distracted from effective operational stewardship; time
and focus will be lost as they seek to determine the facts of the manipulation,
and then develop and execute a communication and remediation strategy with
various stakeholders. Management credibility is also likely to suffer, the event
has come to light ‘on their watch’ irrespective of where the blame actually lies
— a robust response is a good start in this battle (the related elements are
discussed further
below).
Stakeholders in the outcome of any investigation and
remediation are numerous, and will include the organisation’s lenders and
shareholders and may also include regulators and law enforcement agencies. Any
restatement of the financial statements may lead to, or indicate, lending
covenants being breached, with the consequence that finance lines are withdrawn
or renegotiated. In the current lending environment, this is to be taken very
seriously. Shareholders, especially ‘active’ or institutional investors, may
take the view that their investment decisions have been taken on the basis of
misleading information and commence court action. The potential for the share
price to suffer is also high.
The cost and impact of regulatory and law enforcement
involvement is also significant due to the need to involve external lawyers and
accountants. This is especially relevant if the organisation is a listed entity.
Not only will the share price fall, but it will also adversely affect the
capability of the organisation to raise further capital from public in future.
Even non-listed companies would be adversely affected in terms of their future
listing capabilities. Individual management, the staff as well as the
organisation itself may be targets, with criminal as well as civil sanctions
available.
One impact that is often given less consideration is that the
perpetrators may be in senior positions in the organisation. Through their
dismissal, the
organisation may suffer a shortage of skills or experience, with a likely period
of flux as their replacements bed down into their new roles.
Drivers, risk areas and red flags :
What then, are the indicators that one should be vigilant
for ? In this section, I will examine three areas : the organisational factors
that could put an organisation at risk; the areas within financial statements
that are vulnerable to manipulation; and the signs that something may already be
wrong.
Drivers :
Many cases of accounts manipulation have their roots in
organisational change within the victim organisation. Many organisations choose
decentralisation as a key strategy and encourage the staff to be more
competitive and entrepreneurial. Normally, the empowered local management team
is rewarded on performance, particularly by reference to profitability and the
achievement of budgets. The stakes are also rising, with many more layers of
management now receiving a material proportion of pay linked to performance
targets. Decentralisation can often be accompanied by much of the control
function at head office being removed; as well as division of profile leading to
specialisation. This will result in the lessons learnt in one part of a business
being no longer
effectively communicated across the business as
a whole. Not surprisingly, this combination can make an organisation vulnerable
to accounts
manipulation.
Where accounts manipulation has been orchestrated by the
senior group management and
key management personnel, it can be difficult to detect and investigate, often
involving
either the collusion of a number of senior staff or a very dominant personality
who commands fear within the organisation. The organisation’s
control environment is also a vital factor : it is likely to be weak; or, in the
case of senior
management orchestration, capable of being overridden and window dress the
financial statements. Fraud motivation at this level can be
varied, and is usually more complex than simply financial gain.
Risk areas :
Experience gained through assisting clients, as well as my
observations of other reported events has shown that certain items within the
financial statements are especially prone to manipulation. These, together with
the forms that the manipulation can take, are illustrated in the figure below :
(An illustrative list only)
Red flags :
Warning signs are usually present in the financial
information of a subsidiary, division, joint venture or a group; and, can
sometimes be painfully obvious with hindsight. While the precise signs are
dependent on the sector or industry in which the organisation operates, I have
highlighted a few generic indicators as shown below : (an illustrative list
only)
‘Red Flags’ — A few Classic Examples
Reported results are consistently in line with the budget. This may be accompanied by soft accruals to align the actuals with the budget
Areas of low scrutiny or lack of clarity of accountability for some costs, often accompanied by a failure to perform reconciliations or maintain adequate control accounts
Items within the profit and loss account are based on judgment rather than hard data
High levels of manual journals and accruals without automatic adjustment
Unusual fluctuations in sales or forward purchase orders, particularly around the year end
Revenue and profit trends appear inconsistent with other known information
Profits do not appear to be converted into cash
Poor quality or patchy management accounts, which typically comprise only a profit and loss account
Undue concern about audit visits
Employees feeling of lack of job security in the organisation without proper reasoning from the higher management
No proper basis regarding the provisions made in the financial statements.
Auditors’ responsibility for fraud detection?: Stakeholders of the companies and the general public rely on the auditors for unearthing indications of financial statement fraud. We have observed in recent times how the competencies of the auditors have been questioned for not being able to detect the signals of fraud early enough. Although audit is not a fact-finding exercise, but rather a review of the financial statements, yet it is possible to detect the warning signals by adopting appropriate procedures. Some of these are discussed below?:
Professional Skepticism?: Auditors need to overcome some natural tendencies — such as over reliance on client representations — and approach the audit with a skeptical attitude and questioning mind. They should set aside past relationships and not assume that all clients will be totally transparent.
Discussion among engagement personnel?: Extensive brainstorming among the engagement teams at different stages of the engagement about the client’s susceptibility to fraud will help to identify the critical areas for audit.
Identification and assessment of fraud risk?: Identify the fraud risk and perform an assessment of the identified risks to determine where the client is most vulnerable to material misstatement due to fraud, the types of frauds that are most likely to occur and how those material misstatements are likely to be concealed.
Developing audit procedures to mitigate the identified fraud risks?: The key to designing effective audit tests is to perform an effective synthesis of the identified risks. Appropriate procedures should be developed so as to detect any indication of fraud.
Considering client’s anti-fraud programmes and controls?: Review client’s anti-fraud programmes and controls that mitigate or exacerbate the identified risks of material misstatement due to fraud. Such review will help the auditor to identify potential control weaknesses.
Risk of management override of internal controls?: Auditor should be aware of the fact that executives can perpetrate financial reporting frauds by overriding established control procedures and recording unauthorised or inappropriate journal entries or other post-closing modifications (for example, consolidating adjustments or reclassifications). To address such situations, auditor should test the appropriateness of journal entries recorded in the general ledger and other adjustments.
Retrospective review of accounting estimates?: Accounting estimates are particularly vulnerable to manipulation, because they depend heavily on judgement and the quality of the underlying assumptions. Auditors should perform a retrospective review of prior-year accounting estimates for the purpose of identifying bias in management’s assumptions underlying the estimates.
Business rationale for significant unusual transactions?: Many financial reporting frauds have been perpetrated or concealed by using unusual transactions that are outside the normal course of business. Auditor should use his knowledge about the client and the industry to recognise any unusual transactions. Auditor should then obtain appropriate business rationale for such unusual transactions.
Evaluating audit evidence?: Auditor should evaluate the evidence gathered through analytical and substantive procedures to assess whether such evidence indicate any indication of misstatement that was not considered earlier.
Last but not the least, the auditor should demonstrate highest standard of professional integrity and must be independent not only in spirit, but must also appear as independent to all reasonable persons.
How to respond effectively??
Corporate Governance may be defined as ‘A set of systems, processes and principles which ensure that a company is governed in the best interest of all stakeholders.’
It ensures commitment to values and ethical conduct of a business, transparency in business transactions, statutory and legal compliance, adequate disclosures and effective decision-making with a view to achieving corporate objectives.
Clause 49 of the SEBI guidelines on Corporate Governance (which came into effect from 31st December 2005) has made major changes in the definition of independent directors, strengthening the responsibilities of audit committees and improving the quality of financial disclosures, including those relating to related-party transactions and proceeds from public/rights/preferential issues, which call for CEO/CFO certification, the adoption of a formal code of conduct by the Boards and the improvement of disclosures to shareholders. Certain non-mandatory clauses like a whistle-blower policy and the restriction of the term of independent directors have also been included.
According to the Internet, the revised version of Clause 49 has come into effect since 1st Jan. 2006.
In the event that an instance of accounts manipulation is uncovered, it is imperative that the organisation responds both effectively and robustly. A dedicated committee (containing requisite financial expertise) should be considered to oversee the response. Convening such a body not only enables the management to remain operationally focussed, but also ensures that the response is independently managed and free of any perception of conflict of interest.
The committee should aim at rapidly mobilising an investigation team to identify the root cause and quantum of the problem. This will help determine the immediate measures that will need to be taken to mitigate the impact on the business and should also assist in a complete identification of stakeholders.
The latter exercise will enable the reporting and ongoing communication needs of each issue to be assessed and a strategy to be developed. The importance of a credible engagement with the stakeholders at the earliest opportunity cannot be underestimated.
The next stage is to consider whether and to what extent the organisation wishes to utilise external professional advisors. Often, forensic accountants and lawyers are key resources who can contribute with their rich experience and perspective from previous investigations, as well as strategic and investigative input, including assistance with the capture of data to the standards required by regulators or the courts.
Ensuring that the relevant hard and soft copy data is gathered in an evidentially sound manner is a vital element of the response. This will require some preliminary consideration of the accounts affected — for example, customer and supplier details may be kept in a different module from financial statement data. An organisational chart will help identify individuals who process and manage data in the affected area. This will inform the custodians about which employee data needs to be analysed. The organisation should also consider issuing a data preservation notice to all relevant employees.
Conclusion?:
Economic indicators suggest that the current climate is likely to persist for the next couple of years. It is challenging in a business context, both in terms of the trickling effect from the recession in the US and current lack of resources. At the same time, the costs of inputs have been rising. Organisations continue to be under pressure to produce growth and returns for shareholders and to comply with lenders’ covenants. This environment may provide a stimulus for accounts manipulation to take place and organisations would be well advised to be vigilant.
