Tag Archives: Financial Crime

Feb 25 2013

Fraud Risk Management in Ancient India

Presently, the Serious Fraud Investigation Office of India lacks sufficient powers to initiate investigations and prosecute. The Central Bureau of Intelligence isn’t independent due to which politicians escape prosecution for corruption and money laundering. Indian police force Economic Crime wing doesn’t have expertise in dealing with electronic and financial frauds. The legal system is pathetic and takes a long time to prosecute white-collar criminals. India has a shortfall of trained fraud investigators as it hardly has any courses for students in this line.

All these aspects may make you think that Indians are new to the concept of fraud risk management. This is far from the truth. Kautilya addressed financial fraud risks in 4th century BC and most of the concepts are still used presently. Let me narrate you some of the concepts he formulated in earlier times.

1.      Formation of a Central Investigation Agency

Kautilya proposed a central investigation agency for a kingdom to do espionage work. A network of spies located in different parts of the kingdom reported information to their handlers. The handlers in turn checked the authenticity of the information from three sources and if correct reported to the agency. The spies did not have direct contact with the agency to conceal true identities..

Spy selection depended on character and social position. Spies were recruited from all sections of society. Spies were positioned in all the departments and commercial ventures of the king to ensure that the head of the departments do not abuse their power or cheat the king. Women were considered particularly useful to penetrate wealthy households to get the inside story. In current India, there is a scarcity of female fraud investigators as it now considered a masculine job. However, in ancient India, women investigators and spies were quite common.

2.      Types of Financial Frauds

Kautilya identified 40 ways of embezzlement. Some of them are mentioned below:

  • Overpricing and under-pricing of goods
  • Incorrect recording of quantity of raw material and other stocks
  • Misappropriation of funds
  • Teaming and lading
  • Misrepresentation of sources of income
  • Incorrect recording of debtors and creditors
  • Incorrect valuing and distribution of gifts
  • Inconsistency in donations and distributions for charity
  • Misappropriating goods during barter exchange
  • Manipulating weights and tools for measurement
  • Misrepresentation of test marks or the standard of fineness (of gold and silver)

It is interesting to note that Kautilya mentioned most of the frauds that occur in accounting and preparation of financial statements. It shows human psychology has remained the same. However, in India the value system has deteriorated that has resulted in increased fraud and corruption. In olden times, the value of honour was held high. For example, the prime thought in Hindi was - “prann jiye pur vachan na jiye.” (meaning – it is better to lose one’s life rather than go back on a verbal promise given)

3.      Mechanism for Investigation and Punishment

The investigation process was quite similar to the current process followed. Information was initially gathered regarding the fraud from informants, spies, whistle blowers and audits. Background information of the suspects was gathered by sending spies to their residence and business premises.

Subsequently, the people involved, the suspects and witnesses were interrogated. Kautilya suggested separately examining ” the treasurer (nidháyaka), the prescriber (nibandhaka), the receiver (pratigráhaka), the payer (dáyaka), the person who caused the payment (dápaka), the ministerial servants of the officer (mantri-vaiyávrityakara)” for financial frauds. If any person lied, s/he received the same punishment as the main culprit.

Another fascinating aspect is that India doesn’t not have any law similar to the whistle blower provisions of Dodd Frank Act. However, Kautilya proposed -  “Any informant (súchaka) who supplies information about embezzlement just under perpetration shall, if he succeeds in proving it, get as reward one-sixth of the amount in question; if he happens to be a government servant (bhritaka), he shall get for the same act one-twelfth of the amount.”

The punishment for fraud depended on the nature and value of fraud. It ranged from nominal fines to death penalty. The victim was compensated for the losses suffered.

Closing Thoughts

The processes proposed by Kautilya for fraud detection were followed even until the Moghul rule. However, these were dismantled during the time of British Rule as the Indian Penal Code was formulated.  The difference between Mogul rule was that Moguls settled in India, marriages took place between Indian royalty and Mogul rulers and the culture got integrated over time.

The British came to rule for economic purposes. They wished to take advantage of India’s natural resources and vibrant economy. They levied their own rules and did not integrate them with the Indian culture. Hence, over time the Indian value system was lost or kept for namesake only. Overtime, as even after independence the British education system was used, a split ethical value system developed between personal values and business ethics. Therefore, corruption increased in the business environment till it became all-pervasive in the society. It is going to take a lot of effort to change the system now. No short-term solutions  will work.

Feb 21 2013

Accounting and Auditing in Ancient India

Professionals want to know the origin of their profession, the work done in olden times and the level of knowledge. I thought of sharing with you the history of Indian accounting and auditing profession. I discovered in Kautilya’s Arthshastra that it existed in ancient India in 4th century BC. Therefore, my guess is that it would have originated at least a few centuries earlier.  The accounting principles and standards used in the present century are similar to those that existed in the 4th century BC. This nugget of information may have surprised you.

Broadly, Kautilya’s Arthshastra covers accounting principles and standards, role and responsibilities of accountants and auditors, the methodology of accounting, auditing and fraud risk management, and the role of ethics in managing financial activities. Let me share some of the concepts with you in the next couple of posts.

1.     Maintenance of Accounts

The accounting financial year was fixed to July-June period and with a full process for closure of accounts and audit of the same. It covered the method of consolidating the accounts from various departments of the government to assess the net income and loss. The accountants were required to furnish the completed annual accounts to the head office mid-July. Delay and/or failure to do so attracted financial penalties.

 2.  Classification of Receipts

 Kautilya states thatreceipts may be (1) current, (2) last balance, and (3) accidental (anyajátah= received from external source).” In it, he differentiates between cash receipts and debtors, current and accrued income, income from other sources, windfall gains, and recovery of bad debts. He recognized the concept of risk and suggested different rate of interests for loans. Foreign trade loan attracted the highest interest, as the returns were uncertain.

3. Classification of Expenditure

Expenditure classification was similar to receipts classification and included the differentiation between capital expenditure and revenue expenses. Kautilya described it as – “Expenditure is of two kinds—daily expenditure and profitable expenditure.” The difference between income and expenditure was termed as “net balance”. He insisted on making long-term investments in construction and other works as these would generate profits over a period. It also entailed keeping track of work in progress.

4. Role and responsibility of accountants

A hierarchical organization structure of senior to junior accountants existed within the king’s treasury function. The accountants maintained books of accounts on an annual basis according to prescribed standards. The same were furnished for audit at year-end. Kautilya suggested good salaries to accountants and auditors as high income would keep them ethical. Accountants would be more prone to commit fraud if they earned very little.

5.     Segregation of Roles of Treasury and Auditor

The fascinating part of Kautilya’s approach was that he recognized conflict of interest between finance and auditing functions. He categorically stated that the head of finance and head of audit should independently and separately report to the king. He recognized the possibility of collision between the two. In India, in the government the Comptroller General of Audit and Ministry of Finance are two separate functions. However, in the corporate world still in quite a few companies chief audit executive are reporting to chief financial officer rather than the chief executive officer.

6.     Building an Ethical Culture

Kautilya believed character reflected personal values of individual and ethical values learning must commence from childhood. Even as an adult ethical conduct was as important as professional skills. He proposed measures to build ethical climate in the kingdom. However, he was practical and recognized the potential of corruption. In accounting, he talked about misstating financial statements due to abuse of power and fraudulent reporting. He devised a system of reward and punishment to ensure compliance to rules and regulations.

7.     Verification and Auditing of Accounts

The concept of continuous monitoring, periodical auditing, verification and vouching existed in ancient times. Checks were done daily and periodically (five nights, pakshás, months, four-months, and the year). The attributes used in the present day for verifying income and payment vouchers were also used in earlier times. Interestingly, each department had spies to provide information and report wrongdoing to the seniors. There was a full process for discovering fraudulent transactions and punishing accountants for misstating financial statements. I shall cover that in the next post.

Closing Thoughts

Kautilya prescribed the accounting theory that included bookkeeping, preparation of financial statements, auditing and fraud risk management. He considered accounting as an integral part of economics. Various kingdoms in India used his work until the 15th century AD i.e. before the colonial rule. I am not aware whether similar level of knowledge existed in other parts of the world before the Christian era. If you do have information, please share it with me. It will be an enthralling journey into the past.

References:

Kautilya’s Arthshastra 

Jan 21 2013

Barclays War on Culture Change

Barclays is again in the limelight due to a damaging report on the deviant culture existing in the Investment division. After LIBOR rate fixing scandal and quick departures of senior managers, trouble is again brewing in Barclays. The COO of Investment banking division, Andrew Tinney quit when it was discovered that he shredded the only copy of a report that clearly stated the bullying culture of the organization. Then the new CEO, Anthony Jenkins discovered when an internal whistle blower mentioned it to him. He sent out a message to staff on culture change. Here are some insights into the story.

1. The Damaging Report on Dysfunctional Culture

Daily Mail story states that the report prepared by Genesis Ventures - “paints a devastating picture of incompetence and arrogance at the bank, showing that executives:

  • Pursued a ‘revenue at all costs’ strategy.
  • Fostered a culture of fear and intimidation.
  • Were ‘actively hostile’ to the idea of compliance with banking rules.
  • Presided over a ‘broken culture’ where problems were ignored or buried.
  • Allowed the business to spin ‘out of control.”

The senior management intentionally understaffed support functions, was hostile to compliance and attacked those who spoke contrary to senior management views. A senior manager threw the risk management report publically saying – “this is a piece of s***” showing utter contempt and disregard for the same.

The summarization of the report states – ‘The senior team portray themselves as all-powerful and all-knowing… and people chose to disagree with them at their own peril. It is a mentality of superiority which, when combined with other deficiencies, stops the team from tackling their blind spots. When those deficiencies are in compliance, this results in serious issues that no one else has the power to address.

The bank’s culture has become completely deviant, and it will be a long road ahead for significant change to occur. The problem is that this issue is prevailing in other banks also. They depict the same culture and attitude. Unless we understand why it is occurring and senior managers take sincere steps, nothing positive will happen.

 2. The Psychological Explanation

Western banks are known for their arrogant and aggressive culture. Some view arrogance as a positive trait and humility as a negative trait, while the opposite is true. Stanley Silverman developed Workplace Arrogance Scale to measure arrogance level in the organizations. He stated the arrogant people demean others to prove superiority and competence. However, as per his results arrogant people showed lower intelligence and self-esteem in comparison to their peers. He identified four red flags to identify arrogant behaviour:

  • Does your boss put his/her personal agenda ahead of the organization’s agenda?
  • Does the boss discredit others’ ideas during meetings and often make them look bad?
  • Does your boss reject constructive feedback?
  • Does the boss exaggerate his/her superiority and make others feel inferior?

If you link back to the damaging report, the senior management at Barclays showed these traits in abundance. Even during the financial crises, the bankers didn’t feel apologetic and showed no humility. Now, being in such senior positions one cannot say they lack intelligence, however, questioning their self-esteem is definitely a valid path.

In another psychological study conducted by Angela Y. Lee, a professor of marketing at the Kellogg School of Management, it was determined that people with low self-esteem defend the brands more when their favourite brands are attacked. This explains why bankers refused to change and continued their behaviour when under attack during the financial crises.

3. The CEO Message for Culture Change

Deal Book reported that Anthony Jenkins, the CEO of Barclays sent a mail out to the staff with a clear message – “change or leave”. He categorically stated the values – Respect, Integrity, Service, Excellence and Stewardship – to be adopted by Barclays employees. He further added that those who do not change their behavior are free to leave. His words were – “My message to those people is simple: Barclays is not the place for you. The rules have changed. You won’t feel comfortable at Barclays and, to be frank, we won’t feel comfortable with you as colleagues.

He highlighted that in the last two decades financial institutions pursued profits and compromised integrity and reputation of the organization. He said there is no choice between values and profits. Employees must pursue profits while maintaining values. Evaluation of ethical behaviour will be incorporated in performance appraisal process.

That is a very strong message from the CEO of the organization to transform the culture of the organization. Two questions in everyone’s minds are – will they succeed and how long will it take.

Closing thoughts

Bill Gates had famously said – “The world won’t care about your self-esteem. The world will expect you to accomplish something BEFORE you feel good about yourself.” Maybe organizations should care about the self-esteem of their employees and their senior management team. Studies have shown that people with higher self-esteem show more ethical behaviour and are less likely to get involved in wrongful acts. The present trend of pursuing material gains at the expense of personal values destroys self-esteem in the long run. Bankers have shown extreme tendencies to flaunt expensive toys to feel good and build a superior image. In all probability, they are caught in a catch-22 situation at a psychological level. It might not be possible to change the culture without addressing the core issues faced by the staff.

References:

  1. Exposed: The regime of fear inside Barclays – and how the boss lied and shredded the evidence
  2. Identifying the arrogant boss
  3. Leave My Brand Alone – Kellogg School of Management
  4. New Barclays Chief Tells Staff to Accept Changes or Leave

 

 

Dec 27 2012

Risk Management Lessons Learnt in 2012

For risk managers 2012 was an eventful year. The frequency of ethical breaches, regulatory failures, operational disasters and natural calamities ensured that risk managers have their hands full and are not going to run out of work in 2013. In effect, risk management function is at a strategic inflection point and is facing disruption risks. Globalization, rapidly changing technology, economic recession in Europe, political turmoil in Middle East, growth of emerging markets and global warming has changed the risk landscape. Throw out of the window the old stance of managing risks by implementing controls and focusing just on financial processes and operational risks. The 21st century demands risk managers to focus on strategic, cultural, leadership and human resource risks. This is a bold statement to make, so here are my reasons for making the same. Do you think I am on the right track?

1.      Banking Sector Culture Needs Overhauling

Though I have not done a tally of regulatory fines paid by banks during the year, the numbers are awesome. It the status quo remains the same, paying billion dollar fines will soon become fashionable. The way bankers are behaving, if culture does not change, they will start a competition on who pays the biggest fine and gets away with it. It is clear that bankers gave a lot of lip service of changing to the public after the financial crises. Nothing much changed and they remained complacent with their ability to escape any personal loss due to reckless behaviour. Even with fines, it is investor loss with hardly any personal responsibility. 2013 will determine whether bankers can do the right thing for the right reasons in the right way.

2.      No One is Too Big to Go to Jail

2012 showed that breaking the law isn’t an option for top guns. Big names, for instance, Rajat Gupta and Rebecca Brooks realized the arms of law are long enough to reach them. The psychology that it only is a crime if one gets caught needs to change. A connection even with the Prime Minister doesn’t insulate a person from being held legally accountable.

The downside of capitalism is that business ethics are put on a back burner in pursuit of profitability. 2013 will see the trend of businesses focusing on building ethical cultures.

3.  Senior Management Fails At A Higher Rate

Throughout the year, one heard senior managers being fired for poor performance, regulatory breaches, criminal acts or inability to keep their pants zipped. Tragic but true, that senior managers are failing to walk the talk and assume leadership is about playing power games. They ignore everything in pursuit of a bigger pay packet. It isn’t that leaders didn’t fail previously, but now they make headlines at global level.

Additionally, social media and increasing percentage of women in the workforce has made old management and leadership styles redundant. Flatter organization structures are replacinghierarchical styles. Collaboration is in focus rather than competition. Boomers are leading most organizations, and their style of leadership is passé. Hence, in 2013 we are going to witness higher leadership failures unless organizations start managing leadership risks.

 4. Regulators Take A Tougher Stance

Worldwide regulators have changed their stance. Be it Comptroller and Auditor General of India, Department of Justice of USA or Financial Services Authority of UK, regulators are beating the drums for better compliance. From asking the biggest names in banking to give explanations to holding government accountable for incorrect decisions, they are leaving nothing out of the ambit. They are leading the path for risk managers to follow. In 2013, we are going to see a spate of disclosures from regulators.

Closing Thoughts

Whether we see the banking failure reports, or other aspects of business, risk managers knew and understood the risks. However, they decided to play it safe and not bell the cat. Challenging and confronting business leaders at the expense of ruining ones career can be a tough decision. One avoids the decision, especially when, the lines of accountability state that final responsibility of managing risks lies with the business leaders. However, in the times ahead risk managers won’t have this luxury. They will have to stick their neck out to ensure organization stays legally compliant and manages risks optimally.  I don’t know whether this makes risk managers happy. In my view, in 2013 we should take it up as a challenge and change the dynamics of the risk management function.

Wish you and your loved ones a very Happy New Year.

Dec 3 2012

Bharti Walmart India – Internal FCPA Investigation – Part II

The previous post raised more questions than gave answers. In light of the on-going investigation, it is difficult to predict results. However, I looked at the recently released FCPA Resource Guide to the U.S. Foreign Corrupt Practices Act by the Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission. It sets some clear guidelines and mentions earlier cases with similar issues. It is a good read for Indian managers working in multinationals dealing with FCPA compliance requirements. I am sharing below some insights about the implications of the case.

1.      Liability of Indian Employees

As per reports, the CFO and the legal team were suspended during the course of the investigation. If the US Department of Justice decides to pursue a criminal case, these employees can be prosecuted.

Interestingly enough, the Indian managers consider their capability to bribe various government officials to get a job done as strength. One often hears them saying – “Oh, I have a contact; s/he will do the job for X amount of money. Don’t worry about the legal provisions, they can be circumvented.” Since one rarely hears any action being taken by regulators on the provisions of Prevention of Corruption Act of India, hardly anyone hesitates to take or accept a bribe.

However, Indian employees working in multinationals have to think twice about paying a bribe to get a job done. The FCPA guidelines are strict. It states – “The FCPA’s anti-bribery provisions can apply to conduct both inside and outside the United States. Issuers and domestic concerns—as well as their officers, directors, employees, agents, or stockholders—may be prosecuted for using the U.S. mails or any means or instrumentality of interstate commerce in furtherance of a corrupt payment to a foreign official.” Hence, even sending mails to US boss or colleague that involves a discussion of a bribe payment can make an Indian employee liable. Considering the provisions, the best policy for Indian employees is to keep their hands clean and follow the legal process diligently.

Another aspect to note is that a bribe does not need to be paid to hold an employee liable. The guidance note says – “Also, as long as the offer, promise, authorization, or payment is made corruptly, the actor need not know the identity of the recipient; the attempt is sufficient. Thus, an executive who authorizes others to pay “whoever you need to” in a foreign government to obtain a contract has violated the FCPA—even if no bribe is ultimately offered or paid.” Hence, Indian management and employees both can be prosecuted on this basis.

2.      Challenges for Licenses

With the opening of the retail sector, multinationals need to obtain various licenses to operate in India. The challenge is getting the licenses according to their business strategy and plan.

For instance, IKEA recently obtained from Foreign Investment Promotion Board (FIPB) to invest euros 1.5 billion to open 25 stores in India. However, IKEA was granted permission to open single brand stores for furniture only. It was denied permission to sell textiles, office supplies, food and drinks.

Now the question is, under these circumstances what options will the foreign investor consider? Will they agree to sell products according to permission? The permissions maybe denied for the most profitable lines of products. It may not make sense to sell products with low margins. Hence, they will have the difficult choice of either not entering the Indian market or attempt to influence the government agencies to grant permissions for selling other products. If the second option is chosen, there is a high probability of bribes being paid. More so, since Indian government officials know what will hurt the business venture of the foreign company, they might use denial tactics to coerce the organization into paying bribes. Hence, it is a vicious circle.

A LinkedIn member gave a useful suggestion to curb bribes in the licensing process. Rangarajan Gopalan, Investigator US Department of Homeland Securities in New Delhi,  suggested a single window concept for obtaining licenses in retail industry. If government implements the suggestion, the retail companies will not have to run around 32 different agencies to get licenses.

3.      Partner Liabilities  

In the event of the holding-subsidiary relationship or joint venture partnership, the Indian company can be charged jointly and/or separately.

The guidance note illustrated the implications with a previous case. For instance, “a four-company joint venture used two agents—a British lawyer and a Japanese trading company—to bribe Nigerian government officials in order to win a series of liquefied natural gas construction projects. Together, the four multi-national corporations and the Japanese trading company paid a combined $1.7 billion in civil and criminal sanctions for their decade-long bribery scheme. In addition, the subsidiary of one of the companies pleaded guilty and a number of individuals, including the British lawyer and the former CEO of one of the companies’ subsidiaries, received significant prison terms.”

Hence, if the US company is ignorant of the bribes being paid by Indian employees to conduct business, the Indian employees can face criminal charges and the Indian organization may have to pay hefty fines.

Closing Thoughts

The Indian organizations need to assess their FCPA compliance level and not take the issue lightly. The repercussions of ignoring the issue are huge. The legal and reputation risks can put the company to a great disadvantage. Moreover, the employees must follow the legal process rather than find ways to circumvent it.

 References: 

  1. FCPA Resource Guide to the U.S. Foreign Corrupt Practices Act by the Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission.
  2. FIPB clears IKEA retail store plan
Nov 26 2012

Bharti Walmart India – Internal FCPA Investigation – Part I

Walmart after the Mexico US Foreign Corrupt Practices Act investigation identified India operations as a high risk. It commenced an internal investigation with the help of KPMG India and law firm Greenberg Traurig. Recently CFO and five officers of legal team were suspended. The legal team’s job entailed procuring licenses required for stores and other real estate approvals, taxation etc. Bharti Walmart has opened 18 stores till date. Hence, the suspicion is that these officers paid bribes to get the licenses.

According to the Economic Times article, multiple government permissions are required from the government. The Retail Association of India lists 51 different approvals from 32 different agencies. Seeing the corruption index of India and the way government departments’ function, I would be very surprised if an organization manages to obtain all the relevant licenses without any grease payments. Hence, the question is how will the organizations manage to function without paying bribes?

1.      Dubious Dealings

Considering the huge operations of Bharti group, I would be very surprised if the bribes were paid without senior management approval. Most of the liaisons work has senior managers’ tacit or explicit approval. Therefore, is it right to suspend some after obtaining licenses. What happens in such a case to the license? Will the license be revoked, cancelled, or returned? If not, what is stopping the organizations from first taking the licenses by paying bribes and then doing a clean-up exercise to show their commitment to ethics?

2.      Joint Venture Liabilities

The second issue that crops up is the working of the joint venture in such circumstances.  Let us assume the investigation reveals bribes were paid. In such a situation, will Bharti group be expected to pay back the bribe money? Secondly, if the US authorities under a civil case fine Walmart for FCPA contravention, will Bharti be expected to pay the fine. Seeing the trend the fine could be huge and would wipe out profitability of the company. Moreover, US Department of Justice can pursue criminal liabilities. Then will the Indian officers be implicated for the same.

3.      Foreign Direct Investment (FDI) in Retail Industry

The government has recently allowed FDI in retail industry. The challenge is that in India, most of the retail operations operate by paying bribes at different levels. Hence, a foreign investor will not get a level playing field as the anti-corruption laws of their country bind them. The situation is serious. For instance, the next stage after obtaining licenses would require importing goods.  The FCPA strictly prohibits paying bribes to custom officers whereas in India this is a common business practice. Can an organization wait for months to get its stock cleared by the custom officers? Now the foreign investors will analyse the reward versus risk scenario of their business plans for investing in retail industry in India.

Closing Thoughts

The case opens up interesting aspects of risks of doing business in India. Corruption poses serious obstacles in doing fair business dealings. The FCPA and laws of various countries strictly prohibit paying bribes to foreign officials. The US government has followed some stringent measures against companies contravening the laws. Under such circumstances will the joint ventures between foreign investors and Indian counterparts work?  India cannot change overnight, so what is the solution? Share your thoughts with me on this.

References:

Bharti Walmart suspends CFO, legal team due to FCPA bribery probe

Oct 25 2012

Is Doing Nothing A Reputation Risk?

Tim Cook, CEO of Apple, recently issued an open letter on Apple website, publicly apologizing for the shortcomings in the Apple maps. The first paragraph reads:

“To our customers,

At Apple, we strive to make world-class products that deliver the best experience possible to our customers. With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.”

The purpose was to pacify the angry customers who found inaccuracies in the Apple maps. The words of the CEO mattered.

Now let us assume that none of the customers knew who the CEO of Apple is. They have not heard of the CEO before. The CEO visibility was zilch in media, social networks, business conferences etc. Would the words have mattered then? Wouldn’t the customers say – “Who is this guy? We never heard from him before and now he is giving excuses for horrid products?”

Managing an organization’s reputation is part of CEO/CXO job. When reputation risks occur, their communication is part of the risk mitigation plan. Hence, the effectiveness of risk mitigation plan is dependent on the CEO/CXO profile. Until here, I think you will agree with me.

Now let me ask you the difficult question. If the senior management of the organization does nothing to add to the brand or reputation of the organization, is it a risk?

Here is my argument. Normally, we take the following criteria for reputation risks.

Source- ICAI ERM Training Material

This measures only the negative impact. We talk about negative coverage in the media, but what about no coverage in media. In India, most of the CEO/CXOs have no media visibility and unlike the west, 90% do not give interviews etc. in the media. They even don’t have a social media presence and one can hardly find them directly interacting with customers. That is, except for traditional advertising of products in newspapers, magazines and television, there is no coverage of the organization and the senior management in the media.

Now let us see from risk management perspective. One of the strategic objectives of the organization is to build brand and reputation of the organization. The purpose of enterprise risk management is to give an assurance to the board that the entity is moving in the right direction to achieve its objectives. As risk managers, we focus if something goes wrong, but what if, the company is not moving at all in any direction – positive or negative – in meeting its objectives. Should we capture that as a risk?

Closing thoughts

Negative viral messages in social media tarnish a reputation in a span of few hours. It takes just one tweet to go viral. It will be very difficult for a company to defend itself if a company does not have a twitter account and reputation management plan. The same applies to executives. Now the thought process is either develop a brand or get branded. Silence gives an opportunity to others to put labels and develop negative perceptions. Continuous positive messages at a personal level need to go out about the brand for customers to have a favorable opinion. Doing nothing may become a huge risk.

Oct 1 2012

Misunderstanding of Risks Between Business Teams and Auditors

PWC Internal Audit survey highlighted one critical shortcoming of Chief Audit Executives and Internal Audit Department. The risks that business teams consider critical are being ignored. I have been covering some of the risks on the blog, namely – people risks, competitive advantage, innovation and creativity, marketing, country risks, etc. According to the survey, more than 20% of the stakeholders reported that internal audit paid too little attention on these risks. Hence, the question is why are internal auditors and risk managers not looking at them. Take a look at this chart first.

PWC Internal Audit Survey 2012

From the survey results, two assumptions can be made. First, the internal audit function is still focused on auditing the processes that link to the financial numbers. Second, they are not understanding the business aspects of the organization. As given below, three things need to be done.

1. Understand business requirements

The situation reminds me of an Archie-Veronica joke. Veronica is trying out a new pair of jeans in a store. She looks in the mirror and says – “The jeans are tight, I wonder what could be the problem.” Archie promptly replies – “You might have gained a few pounds”. Veronica gives one whack on Archie’s head and again makes the same statement. This time Archie replies – “The store may have marked a wrong size on the jeans”. If the internal audit reports were hard hitting, business teams may give the internal auditors a rosy picture. They may not be sharing the true concerns in respect to various business risks. Hence, internal auditors would focus their energies on some unsubstantial risks.  Improve the communication with business teams to understand the risk environment. Create an environment where truthful interactions occur.

2. Add in next year business plan

Last quarter of the year has started today, and most of the organizations will prepare 2013 plans in this quarter. This is a good time to understand the business risks and prepare the 2013 annual audit plan and budgets accordingly. Coordinate with the business teams to understand their annual plans. Identify the risks relating to the plans. Discuss with the teams on how internal audit function can help them. Attempt using collective intelligence and crowd sourcing techniques to develop your plan. Where required, take a call to provide advisory services rather than assurance services. Business managers expect much more from the internal audit function. Hence, gear yourself to meet if not exceed those expectations.

3. Develop talent and skills

In the 20th century internal auditors audited the same financial numbers as external auditors. In the 21st century, the function requires revamping. In my previous article – “New Risks and Uncertainties in 21st Century” – I had conducted a poll. I had asked respondents whether they thought present day risk managers were equipped to deal with 21st century risks. Out of 17 total votes, 15 had responded that less than 50% of the risk managers can manage the new business risks. The verdict was by the risk managers about risk managers. Don’t be a dinosaur and learn new skills to survive in the market. In another 5 years when Gen Y become middle managers, Gen X may become redundant.

Closing Thoughts

With the turmoil in various economies, the 2013 risk landscape will be drastically different. Organizations that are well geared in risk management, have a higher probability of sailing through. Internal auditors and risk managers need to incorporate the impact of globalization, technology and social media in their annual plans. There is no purpose in serving stale bread and expecting business teams to swallow it. Rejuvenate in the new business age.

Wishing all my readers a Happy Gandhi Jayanti. Let us pray that each person believes a little more in non-violence and work towards a peaceful world.

References: 

PWC Internal Audit Survey 2012

Sep 13 2012

Auditor’s Communication With Audit Committee

Finally, the US audit committees will be getting the full picture of the financial statements from the auditors. The Public Company Accounting Oversight Board (“PCAOB” or the “Board”) of US  is adopting Auditing Standard No. 16 – Communications with Audit Committees. It is aimed at improving dialogue between auditors and audit committees to enable better oversight and financial reporting.

The scope of communications has increased from the previous practice of discussing – accounting policies, procedures and estimates, quality of financial reporting, unusual transactions and significant auditing and accounting matters. It covers a  more matters that will increase clarity.

Previously the status of communication was aptly described by George Bernard Shaw’s quote – “The single biggest problem in communication is the illusion that it has taken place.” Audit committees in my view lacked critical information . Secondly, as there is a shortage of financial experts (just one is mandatory) they were in no position to analyse the details of the financial statements. It was easy to hide artistic accounting from them. This standard will reduce communication gap between the auditors and audit committee.

In India, though the roles and responsibilities of the auditor and audit committee are defined in the Listing Agreement of SEBI and New Companies Bill, the nature, content and quality of communication is not specified. It mandates audit committee should meet at least four times a year, however doesn’t shed light on the quality of discussion to take place. The audit committees in India, are required to look into loan transactions, related party transactions and a couple of other things. These requirements are not mentioned in the list below.

In brief, as per Auditing Standard No. 16 the auditor would be required to communicate the following to the audit committee:

a.  The terms of appointment and engagement, objective of the audit, and responsibilities of management and auditor.

b. An overview of the overall audit strategy, including timing of the audit, significant risks the auditor identified including risk assessment procedures, and significant changes to the planned audit strategy or identified risks;

c. Information about the nature and extent of specialized skill or knowledge needed in the audit, the extent of the planned use of internal auditors, company personnel or other third parties, and other independent public accounting firms, or other persons not employed by the auditor that are involved in the audit;

d. The basis for the auditor’s determination that he or she can serve as principal auditor, if significant parts of the audit will be performed by other auditors;

e. Significant accounting policies and practices including changes. Reasons certain policies and procedures were considered critical and the effect on them in respect to current and future events. Effect of policies and disclosures in controversial area and where there is lack of authoritative guidance.

f. Situations in which the auditor identified a concern regarding management’s anticipated application of accounting pronouncements that have been issued but are not yet effective and might have a significant effect on future financial reporting;

g. Description of process for developing critical accounting estimates including the significant assumptions. If any significant changes are made in the process or estimates.

h. Significant unusual transactions with policy and procedures used by management for accounting unusual transaction;

i. Quality of financial reporting including whether auditor identified bias in management’s judgement about the amounts and disclosures in financial statements. Assessment and conclusion of critical accounting policies. Auditor’s understanding of the business rationale for significant unusual transactions.

j. The results of auditor’s evaluation about financial statement presentation. Whether the reporting including form, content and arrangement are in conformity to standards.

k. Difficult or contentious matters for which auditors consulted external consultants

l. Auditor is aware management consulted external sources, the auditors should also give their opinion;

m. The auditor’s evaluation of going concern;

n. Uncorrected and corrected mis-statements including those discussed with management;

o. Material written communication with management

p. Disagreements with the management

q. Departure from the auditor’s standard report;

r. Difficulties encountered in performing the audit, and

s. Other matters arising from the audit that are significant to the oversight of the company¡¦s financial reporting process, including complaints or concerns regarding accounting or auditing matters.

Closing thoughts

The various auditing and accounting standards in India cover most of the points mentioned above. The auditor is required to ensure conformity to the standards and comment on the same if there are variances. However, there is no specific guideline for communication between auditor and audit committee. As the US standard just defines minimum communication requirements it would be beneficial to formulate and adopt a similar one in India and other countries. It will ensure a specific level of interaction with auditor and audit committee is maintained and the audit committee makes informed decisions.

What do you say? Should there be a global standard for communication with audit committees? What other steps can be taken to reduce barriers to communication between the auditor and audit committees?

References:

PCAOB Adopts Auditing Standard No. 16, Communications with Audit Committees, and Amendments to other PCAOB Standards

 

Sep 10 2012

Why Auditors Fail To Detect Frauds?

When media reports a new fraud, the first few thoughts of public are – “What were the auditors doing? How did they miss it? Were they involved?” The auditors get labelled as morons, conspirators or criminals. Generally most people jump to the conclusion that auditors had malafide intentions and became accomplices to get more business. While this may be true in some cases, auditors need the benefit of doubt. They sometimes genuinely miss the cases despite their best effort to diligently perform their duties. This post is an attempt to explain why auditors miss the frauds.

I want to share a joke with you before I explain. Two drunkards were walking on a railway track. The first said to other – “I am really tired, I hope the steps will end soon.” The second replied – ‘Yeah. I wish they had put the handrails at a better height, my back is killing me.”

1. Auditors responsibility to detect frauds

We can laugh at this, but if I say most of us don’t see clearly, there will a lot of angry reactions. So I am not saying anything, and am requesting you to watch this video.

Now did you see the moon walking bear?

Auditors have the same problem. They have to to give a true and fair opinion on the financial statements. They are not required to focus on detecting frauds. Hence, the audit programs are not designed to conduct tests to  detect fraud symptoms and probability. Therefore, with no specific coverage auditors fail at detecting frauds. Extract from Section 143 of New Companies Bill is given below:

The auditor shall make a report to the members of the company on the accounts examined by him and on every financial statements which are required by or under this Act to be laid before the company in general meeting and the report shall after taking into account the provisions of this Act, the accounting and auditing standards and matters which are required to be included in the audit report under the provisions of this Act or any rules made thereunder or under any order made under sub-section (11) and to the best of his information and knowledge, the said accounts, financial statements give a true and fair view of the state of the company’s affairs as at the end of its financial year and profit or loss and cash flow for the year and such other matters as may be prescribed.”

2. Auditors punishment on failure

The second question frequently debated is – “Should auditors be punished if they fail to detect frauds?” Section 147, clause 4 of New Companies Bill states auditor’s liabilities in respect to fraud in the following words:

Where, in case of audit of a company being conducted by an audit firm, it is proved that the partner or partners of the audit firm has or have acted in a fraudulent manner or abetted or colluded in any fraud by, or in relation to or by, the company or its directors or officers, the liability, whether civil or criminal as provided in this Act or in any other law for the time being in force, for such act shall be of the partner or partners of the audit firm and of the firm jointly and severally and such partner or partners of the audit firm shall also be punishable in the manner as provided in section 447.”

This clause puts auditors on shaky ground. It is difficult to prove innocence once a fraud is detected. How can an auditor state – “I did my work properly, saw these documents, looked at the same audit evidence but didn’t find anything wrong with it.” Most will jump to the conclusion that the auditor knowingly ignored all the evidence. So here is another video. Watch it, and then you will see how this situation can occur.

According to various experiments, 75% of the people failed to observe the person swap in the experiment.

Think of this from an audit evidence perspective. An auditor is checking 100 vouchers with supports. One voucher among the 100 is fraudulent. What is the probability of the auditor noticing it? One can safely assume that it will be less than 25%.

Is it surprising that auditors fail to detect frauds after seeing these experiments. Though they are trained, they are human. The same psychology works with them too.

Closing thoughts

The success rate of detecting frauds will be higher when the auditors – external and internal – have specific responsibility to detect frauds. Without the specific responsibility, regulators can continue to complain and investors will share their anguish, however all will be futile. The laws need to be devised to hold someone responsibly for detecting frauds. What is your opinion?

A modified version of this article was published in the Middle East Accountant Magazine.