THE auditors involved in financial fraud cases are not as innocent as they make themselves out to be.

Wirecard – a software and systems provider for online payments and fraud protection – filed for insolvency in Germany on June 25, 2020, after it revealed a multiyear fraud that led to the arrest of its ex-chief executive in the same year.

The German Parliament later announced that it will organise an inquiry into the reasons why the government failed to prevent the corporate fraud.

The subsequent report revealed that the blame lies in the auditor’s failure to scrutinise Wirecard’s operations in Asia – the heart of the fraud.

Creditors and investors lost billions of euros when the company collapsed in one of the biggest accounting frauds in Europe.

Wirecard’s business in Asia, on paper, generated half of its reported revenue and all of its profits, whereas the genuine parts of its business was too small to sustain the cost base and debt of a company that spent 18 months fighting allegations of accounting fraud.

Wirecard’s administrator later launched an investigation, which found that the business might not have existed nor resulted in actual cash inflows.

Yet, just months before the collapse, the auditor vigorously defended the outsourced business in internal meetings despite a draft forensic audit by another audit firm that was unable to conclusively confirm those operations existed.

After the damning report by the second audit firm was published, the auditor apparently hired external lawyers to advise on whether it can resign mid-audit but was warned that resigning will be very difficult, if not impossible, under German law.

Wirecard was the audit client for the auditor for almost a decade and consistently received unqualified audits in the run-up to the collapse.

It started in December 2018, just weeks before doubts about one of its most high-profile clients started to circulate and the auditor decided to investigate company operations more closely.

The auditor wanted to scrutinise the internal processes for payments settled by outsourcing partners in Asia – an integral part of the business, which was once valued at €24 billion (RM111 billion).

The auditor then started shopping with online merchants identified as clients of Wirecard’s Asian partners, purchasing a €33.45 breathalyser, €9.95 seven-day subscription to an Asian porn site, US$23.08 (RM101.30) “coins” for football video game Fifa 19, and 1,000 yen (RM34.33) on bitcoin.

None of the merchants existed. All were set up by company executives to dupe the auditor.

It would be another 18 months before the auditor realised that half of the fintech firm’s revenue and €1.9 billion company cash linked to the so-called third party acquiring business did not exist, when it ordered Wirecard to transfer €110 million from each of the four Asian escrow accounts to Germany.

The auditor gave the company just a few days to deliver the €440 million, which never arrived.

It then sought independent confirmation from the management of the Asian banks, of which two said the claim that €1.9 billion company cash existed is “spurious”.

Hours before it was due to reveal its annual results on June 18, 2020, Wirecard disclosed this fact to the financial markets.

Its share price collapsed.

This revelation forced the once high-flying German payments provider into insolvency and plunged the Big Four accountancy firm into one of the worst auditing scandals in recent history.

In the report, it was revealed that the auditor failed to spot fraud risk indicators, did not fully implement professional guidelines, relied on verbal assurances from executives and a reluctance to challenge its client in public, even when Wirecard’s chief executive made highly misleading statements to investors.

The existence and amount of revenue appear to have been validated only indirectly through balance confirmations, adding that a number of inconsistencies in those documents should have raised alarm bells with the auditor.

Confirmation fraud has been at the heart of most major corporate fraud cases around the world. It played the lead role in the fictional US$9 billion that led to the collapse of Italian beverage company Parmalat in 2003.

In many confirmation fraud cases, paper confirmation documents are either completely forged, or an “inside man” at a financial institution is bribed or coerced into providing a false confirmation statement on a bank letterhead or e-mail address.

The conspirator is rarely the person authorised to provide legitimate confirmation, so the fraud typically involves misdirecting the auditor into sending the confirmation request to a person at the bank who is involved in the conspiracy.

The auditor repeatedly claimed that they were deceived by the fraud and that they performed their audit procedures professionally, to the best of their knowledge and in good faith.

The auditor alleged that Wirecard workers engaged in an elaborate and sophisticated fraud, involving multiple parties in different institutions around the world, with a deliberate aim to deceive – that even the most robust audit procedures may not uncover such a fraud.

The auditor is now facing an avalanche of lawsuits from Wirecard shareholders, who lost billions in investments. Softbank, who invested in Wirecard with a €900 million cash injection in 2019, blamed what it saw as failures on the auditor’s part and announced plans to sue the auditor for damages.

Germany’s capital markets supervisors were also under fire for their lack of supervision. And the report concluded that the supervisors did not keep pace with the times, lacked the necessary technical and analytical skills, and made technical mistakes in their supervision.

Domestically, in a recent case, the investing public praised the auditor for their role. But to the discerning and careful investors, the auditor did not do anything nor revealed anything publicly. It was the issuer who decided to make the issue of their auditors refusing to sign off the audited accounts public that led to the circumstances in which both are in.

The cookie jar is translucent. The auditor can always sight hands dipping into the jar, but they can never blow the whistle on the same hands that feed them. – May 21, 2022.

* FLK reads The Malaysian Insight.

* This is the opinion of the writer or publication and does not necessarily represent the views of The Malaysian Insight. Article may be edited for brevity and clarity.