Biggest financial collapses in history came from fraud. Most of them (as not proven for all) from governance. One of the most emblematic was in Italy, in 2003. A famous multinational company operating in the food processing collapsed, after a hole of billions was discovered. Do you know the (unofficial) story of how the hole was discovered?
It was probably a very normal working day for an Italian junior auditor. Wake up early, quick breakfast and run to the client’s headquarter. Probably as a first task of the day, the senior asked the guy to check all confirmation letters received from the client’s counterparts, during circularization procedures.
One of those was a fax confirmation. It was supposed to come from a bank in the US, confirming an account balance of around three billion dollars, held by the company. The guy, who was awake (and smart) enough, paid attention not only to the confirmation of the numbers but to the sender’s details as well. Those very little details that you can hardly read at the edge of the sheet. He was expecting to see an US fax number, obviously. It was an Italian number, instead. It is quite easy to imagine how the scandal exploded afterwards.
I do not know if this story is fully true, however it gives a good representation of how things can easily go wrong when business managers feel invincible. What I call the ‘blind pride’ , is often the reason behind financial collapses in the last century. Other recent examples show similar attitude. In 2001, a colossal accounting fraud was discovered in the US and led to the bankruptcy of a major multinational group operating in the energy sector. As we all know, the biggest recent collapse happened in 2008 again in the US, few months after the CFO of the group proudly said that risks related to subprime loans were well addressed. Even more recently, in 2014, a major international financial group collapsed, few weeks after his Portuguese CEO proudly published his The last banker book. Many other examples exist, but I will stop here, to focus on some specific aspects.
In the initial case I mentioned, the fraud was discovered by the external auditor. Actually, as investors, we would expect the auditors to be there exactly for that. In reality, external auditors have really limited power to detect fraud and basically no chance to prevent it. There are several key issues behind this.
The first issue is responsibility. Without entering into specific details and text, if you read the International Standards of Auditing (ISA), you will notice three things: a) the ISA specify that the responsibility of preventing fraud stands, first of all, with governance and management; b) the ISA state that auditors have the responsibility to obtain reasonable assurance that financial statements are not mistaken; c) the ISA admit that there are unavoidable inherent limitations and that in case of fraud the risk is higher. Basically, in case of fraud auditors have very limited responsibility and they become somehow victim of that fraud like all other stakeholders.
Because of this limited responsibility in case of fraud (unless colluded), audit procedures on fraud are very limited too and, normally, the financial audit is conducted on the assumption that the risk of fraud is low.
Another issue is that audit procedures are very standardized (as defined by the ISA). This makes easier any plan to make fraud without being caught by the auditors.
A third issue is that auditors’ responsibility and mandate is in relation to the financial statements. This is again a limitation, as any decision, transaction, operation becomes relevant to them only if and when it affects the accounts. Financial statements are a backward looking window to the entity’s activities. Audit comes afterwards, therefore quite late. Moreover, even after so many scandals, the importance of financial reporting is still much undervalued. Most of the stakeholders do not care about financial statements content. They are not even able to properly read it and understand it. Rating agencies do analyze financial statements and company’s activities in detail, it seems not sufficient though (see 2008). Same thing for local regulators and authorities, they do have quite much power to inspect company’s operations, but the frequency and magnitude of fraud scandals shows that something is indeed missing. Despite the regulatory burden, on banks in particular, got much heavier in the last decade.
The biggest issue is independence. Despite subject to strict rotation and independence rules (e.g. the auditor must change after few years and cannot provide to the auditee other services not related to the audit mandate), the auditee selects and pays his auditor. Moreover, once the audit mandate ends, the auditee becomes a potential (or obvious) client for all other services.
Audit firms position in a competitive environment is therefore unavoidably delicate. In this context, in front of huge responsibilities, they have almost no power to challenge governance decisions and put their honesty in doubt.
Knowing all these aspects – the evidence that all financial disasters come from fraud and the fact that power is addictive and leads to the blind pride – I want to end this post with a question. Is it really impossible to strengthen auditors’ power and position in relation to fraud detection and prevention?