A defined audit process can never be a defence against frauds A defined audit process can never be a defence against frauds Chartered Accountant CA ICAI Chartered Accountants CA ICAI CAinINDIA ICAI Announcements Accounting Standards CA News ICAI Students ICAI Members Case Laws CPT IPCC Final ICAI Course CA Course ICAI Forum CA Question Papers ICAI Study Material

« Auditing »

Open DEMAT Account in 24 hrs
NFRA issues Draft Procedure for Submission of Audit Files
Auditors barred from putting a value on companies they are auditing
Standard on Internal Audit (SIA) 18, Related Parties
Standard on Internal Audit (SIA) 17, Consideration of Laws and Regulations in an Internal Audit
Standard on Internal Audit (SIA) 16, Using the Work of an Expert
Standard on Internal Audit (SIA) 14, Internal Audit in an Information Technology Environment
Standard on Internal Audit (SIA) 13, Enterprise Risk Management
Standard on Internal Audit (SIA) 12, Internal Control Evaluation
Standard on Internal Audit (SIA) 11, Consideration of Fraud in an Internal Audit
Standard on Internal Audit (SIA) 9, Communication with Management
Standard on Internal Audit (SIA) 8, Terms of Internal Audit Engagement


« Audit firm officials have confessed: police...	'Rotation of audit firms is a disturbing and costly... »
A defined audit process can never be a defence against frauds

January, 21st 2009
The Big Four accounting firms are reputed to have strong process controls. How then could one such firm have failed to detect such a multi-year scam as is getting unravelled in Satyam? "There is a co-relation between the size of audit firms and the size of companies, and hence all large corporate frauds involve big audit firms," answers Mr Shankar Jaganathan, author of 'Corporate Disclosures 1553-2007: The Origin of Financial and Business Reporting' (Routledge). A defined audit process can never be a defence against frauds, he cautions, during the course of a recent email interaction with Business Line. "By definition a successful fraud must overcome the defined audit process." Just as a low tide reveals the rubbish accumulated in a beach, a falling market will throw up frauds, analogises Mr Jaganathan. "The longer the bull-run, the higher the duration of the frauds." Excerpts from the interview. Based on your study of the corporate history over the last five hundred years, can you put the Satyam scam in perspective? Corporate world is an integral part of the free market economy. As Adam Smith said in the 18th century, we get our daily bread not due to the benevolence of the baker, but his self- interest. Greed is but only the extreme form of self-interest. Corporates fuelled by self-interest, have periodically exploded, ignited by greed, as witnessed by corporate scandals and bankruptcies. Globally in the 20th century, except during the two World Wars, every decade saw significant cases of corporate scam. While corporate scams are deplorable, a positive outcome is in the progress of corporate disclosures, auditing standards and corporate governance practices. In fact it was a multi-year scam involving City of Glasgow Bank in 1878 which had inflated its assets by about 5 million that led to audit for companies being made compulsory. Seen in the Indian context, Satyam scam is by far the biggest. Even globally it finds its place in the top league. In 2003, the SEC of the US had awarded the title the largest financial fraud in history to the 13.3 billion scam involving the Italian diary foods company Parmalat. Given this, Satyam may still rank as the largest self-confessed scam, globally. Putting it in perspective, Satyam case should be seen as an aberration of the free market economy and not as being representative of the Indian corporate governance standards. Independent directors are seen as a safeguard against such scandals? Have the independent directors in Satyam failed or does the concept of independent directors need a re-look? The concept of independent directors is relatively new in the corporate history. It was only in 1940 that independent directors were recommended to the boards of mutual funds to protect mutual fund investors in the US. But it was the spate of corporate scandals in the 1970s in the UK that prompted the Bullock Committee on Industrial Democracy to suggest a '2x+y' formula for the corporate boards, where 'x' stood for equal number of directors representing shareholders and employees and 'y' for a smaller number of independent directors to resolve any deadlock. In a move to pre-empt legislation for employee representation in the Board, the corporate world in England hastily embraced the concept of independent directors. The Cadbury Committee in 1992, which itself was set up following the corporate scandals involving BCCI, PolyPeck and Maxwell, provided respectability to the concept of independent directors, by focusing on independent directors as a part of the new practices for better governance. Corporate history of the past decade has more than clearly shown that independent directors have not served their purpose. The Satyam case is not an isolated example of the failure of independent directors but only a reinforcement of that failed concept. Maybe it is time to revisit the system of stakeholder representation - employees, customers, suppliers and the local community; all of whom will have a stake in the company and cannot resign when the going gets tough. Would you categorise the failure of auditors to detect this scam as a failure of an individual or a failure of the auditing standards? Do auditors take into account lower PE ratios paid by the investors and widening bond spreads to tighten the audit scrutiny? With the benefit of hindsight, a lot of issues appear with greater clarity. But the primary job is to decide if the failure to detect the fraud was a result of collusion, sub-standard performance or inadequate auditing standards, after the frauds have surfaced. As of now, adequate information is not available in this case to make a clear judgment. But with the available information, it is apparent that the quantum of benefits an audit firm or an audit partner receives from the audit compared with the potential penalties is inadequate to suggest collusion, though this may appear contrary to the popular opinion. Narrowing the choice between sub-standard performance and inadequate standards, the needle tilts more towards a procedural lapse in obtaining bank confirmation rather than inadequate standards. There is a famous 19th century English case which defines the approach of auditors. An auditor is seen as a watchdog and not a bloodhound. In that the case the judge held, 'He is justified in believing the tried servants of the company in whom confidence is placed by the company.' This approach holds true even today. The market reputation of the company is considered by the auditor before deciding to accept an assignment. However, after accepting the assignment, based on what I have seen, few auditors change their auditing techniques based on financial market reactions, unless it is of a very serious nature. Definitely lower PE ratios and widening bond spreads are not triggers. There is a strong suspicion that other companies may be in a situation similar to Satyam's? What should be done to flush them out? Can some kind of amnesty scheme be used for this purpose? Traditional wisdom says frauds are like cockroaches. When you see one, there are surely more, whether you see them or not. On the other hand, an event like Satyam is more like a Black Swan event: a high-impact event that before the event is seen is a low-probability event but after the event is seen is highly predictable. While simultaneous occurrence of two Black Swan events is unlikely, it is better to be careful rather than regret later. I see companies with large liquid assets make extra effort to address the concern of investors about fictitious assets during the results announcement this month. In addition, companies will also focus on the alignment of profits and cash flows. We have not seen amnesty schemes work even with regard to black money. Hence, there is less chance for success to flush out corporate frauds with amnesty schemes. Should India also look to have a system of corporate restatements as in the US to force the Indian companies to correct their mistakes rather than carry them forward? The basis for treatment of errors in financial statements under the US GAAP and the Indian GAAP is different. Under the US GAAP, errors are rectified by restatement, i.e. correcting the statements of the concerned year and republishing them. Under the Indian GAAP, if errors are noticed in subsequent accounting period, they will be accounted in the period in which they are noticed and classified as 'prior period items' in the financial statements. The system under the Indian GAAP highlights the errors adequately and in my view does not need any change. . Finally, what should Indian regulators do to ensure that such events are not repeated? The regulators can take two distinct approaches - a preventive one or a palliative approach. Palliative approach would involve measures to detect similar cases by introducing new processes and additional verification methods. These measures are seen as proactive measures to build investor confidence. However, in my view, preventive measures would be more effective. This would involve a simple and a short Act that makes accounting misstatements a crime and impose stringent penalty both financial and imprisonment. The financial penalty would be related to the size of the fraud. To enforce the law, special courts could be formed to expedite justice. This in my view is a more effective step in building a better business environment as India moves towards eradicating poverty and generating all-round prosperity.