IN recent years there has been a number of large-scale financial fraud and audit failure cases in listed companies, which caused investors heavy losses.

Because investors use financial information to evaluate a company’s worth and future, the misstatement of its finances can mislead investors into making wrong decisions.

A 2017 US study entitled “How pervasive is corporate fraud” showed that only one in three cases of public company fraud is detected, that one in eight companies engage in fraud, and corporate fraud costs investors US$180-360 billion (RM790 billion to RM1.6 trillion) annually.

Corporate fraud does not happen overnight. The question that always arises in the wake of discovery is: How could this have happened? Followed quickly by: Who is responsible?

Whose job is it to detect and prevent fraud in the first place? And why has the proliferation of new regulations following each major outbreak of fraud failed to prevent its recurrence?

The prevalence of fraud in listed companies is astounding when one considers the architecture that is in place to eliminate it. At any sizeable listed company, there is now an entire “financial reporting value chain” designed to detect fraud and remediate it before it has a material impact on the company’s results.

Management will assert that every questionable transaction was reviewed by external lawyers and accountants.

The company’s auditors will explain that management concealed vital information from them or conspired to foil the audit process in devious ways. When problems emerge, audit firms default to talking about an “expectations gap” between the degree of assurance audits provide and absolute assurance to excuse shortcomings.

The board of directors claims ignorance of the details behind the reported financials, having relied in good faith on the statements of management and the competence of outside professionals. 

The lawyers would love to explain what happened but they are bound by attorney-client privilege.

Corporate fraud often exhibits a certain degree of inertia. An analysis of fraudulent financial reporting by public companies in the US for the period 1998 to 2007 by the Committee of Sponsoring Organizations (Coso) showed that the average duration of listed companies’ violations is 31.4 months.

If their fraudulent behaviour is not detected, the listed companies whitewash their financial statements in subsequent years. The Coso report also states that 40% of the cases have fraudulent periods longer than five years.

It is common for listed companies with long term violations to engage in opinion shopping from audit firms in order to cover up unsatisfactory operating performance or achieve new financing needs. Due to intense competition for business, audit firms are generally receptive to such requests from client companies.

Long-term violations of listed companies not only indicate that accounting information was seriously distorted, but also mean that auditors failed to effectively identify misstatements for many consecutive periods and did not perform their audit responsibilities as required by law. In summary, the Coso report appears to suggest that audit firms are more likely to be involved when their client companies commit fraud for a longer period of time.

Financial statement fraud is not only attributed to the low morals of the executives of listed companies, but also reflects the poor professional ability and ethics of auditors, which weakens the value of audit reports. Clearly, a lack of ethical boundaries brings out a propensity for bad behaviour.

There are also clearly limits to what independent directors can accomplish given that board service is a part-time position. Billionaire investor Warren Buffet commented that “I’ve seen a lot of corporate boards operate. The independent directors, in many cases, are the least independent.” If the fees directors receive to serve on boards make up a significant portion of their income, “they’re not going to upset the apple cart” by making management uncomfortable, he said. 

In most cases, independent directors depend on management to provide accurate information to monitor corporate performance and decision making. Despite the authority granted to them, some independent directors may feel pressure to stay in management’s good graces, as long as the stock price is performing.

Where is the external auditor when it comes to fraud? Is it off the hook? 

The auditor generally argued that the role of a statutory audit is to certify the financial statements of companies or public entities. They form professional opinions based on an evaluation of a company’s financial statements and they work with the material that is provided to them, and process thousands of documents using sampling techniques and risk detection processes. They cannot test every transaction within a company.

Yes, the auditor has a legal obligation to report fraud to the authorities if it is detected in the course of the audit. This gets talked about a lot. But often, it seems, auditors prefer to quietly withdraw from troubled clients. Which is surprising because given the standards for audit diligence and with the increasing availability of artificial intelligence tools, auditors should be able to flag suspect patterns for further investigation more easily.

So far it appears that the audit industry has acted as enablers, rather than watchdogs, when it comes to financial fraud. The auditors simply failed to follow basic audit procedures or accepted documents that were bogus at face value. Because the compensation of senior partners is tied to keeping large clients happy, most of their energies go towards expanding the scope of engagement, rather than pressing uncomfortable questions on corporate management. Otherwise which industry would rather admit, over and over again that they’re idiots and incompetent and can be fooled over and over and over again by their own clients to evade liability?

Even though the political connection of a listed company influenced the regulator’s supervision in a recent case, it does not mean the regulators neglected their review and oversight of the auditors. Their role and the historical records should also be examined thoroughly.  

The Securities Commission as the gatekeeper of the capital market has a responsibility to prevent financial statement fraud as far as possible.

Presently, it appears that enforcement efforts in the financial market run in cycles, with urgent calls for accountability following major market downturns, often followed by a laxer approach during bull markets. 

Structural changes effective in reducing the incidence of fraud across the market cycle could be introduced. 

In 2017, the Public Accounting Oversight Board in the US modified the responsibilities of the auditor to make it clear that detecting fraud is within the scope those duties.

Maybe the regulators here could follow suit and extend the auditor’s mission to include an “obligation” to detect fraud in the future. 

This is a very timely topic which deserves a collective reflection involving issuers and the market regulator who also have a responsibility to set the “right” conditions to enable better fraud detection. There is no simple solution. – May 13, 2022.

*FLK reads The Malaysian Insight.

* This is the opinion of the writer or publication and does not necessarily represent the views of The Malaysian Insight. Article may be edited for brevity and clarity.