So after Enron (2001), Worldcom (2002), Parmelat (2003), Satyam (2009) and Olympus (2011) the world was waiting for the next big scandal. Of course, in the UK there had been little ones such as Tesco and Patisserie Valerie involving merely tens of millions but nothing big nothing to rival these classic cases from the past.
Auditing regulators introduced new concepts which really came to prominence in around 2012, advising the auditors to develop something they called 'professional scepticism' the questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. This, one would have thought, would actually be a given in anyone conducting an audit question the information, don't believe everything that nice financial accountant tells you.
If you were a detective investigating a crime you wouldn't get very far if you told your boss 'well he said he didn't do it so I let him go.' So why do auditors , who carry out a similar role in investigating the truth and fairness of company financial statements seem to believe that what some director or senior manager tells them must be the truth so they don't need to check it properly? Because it's happened - again.
This time the big fraud is in Germany with a company called Wirecard which processes millions of debit and credit transactions every year. The auditors have found themselves in a bit of a pickle after it was disclosed that they couldn't verify the existence of €1.9 billion which was supposed to be in two banks in the Philippines. The banks concerned said they know nothing of Wirecard. This looks like a major fraud and the CEO Markus Braun has been arrested and has subsequently disappeared. Allegations are that profits have been artificially inflated and the auditors have been misled for more than a decade.
In addition the auditors had, allegedly, been warned of a possible fraud in 2016 and had signed off on the financial statements, including the so- called bank deposits in the Philippines, up to 2018.
So, it would appear that the auditors have missed the bus yet again.
When verifying assets, such as bank accounts with big deposits, it is normal for auditors to obtain a confirmation directly from the bank that the respective accounts exist and that they contain the amount of money that the company says they do. In the case of Wirecard the auditors, allegedly, didn't do this instead accepting some sort of certification from an agent or intermediary. This really flies in the face of accepted practice, in particular International Standard on Auditing ('ISA') 500 Audit Evidence which states that the auditor should obtain sufficient, appropriate audit evidence so as to draw reasonable conclusions to support their audit opinion. Accepting a certificate from a second party ostensibly validating €1.9bn of bank balances on the face of it does not constitute sufficient, reliable evidence.
There is an ISA in issue relating directly to fraud - ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements. This requires the auditors to focus on the possible intentional misstatement of the financial statements, arising from either fraudulent financial reporting of income or mismanagement of assets.
However, ISA 240 goes on to say that that the auditor is less likely to detect a material misstatement due to fraud as a result of sophisticated efforts to conceal it. It also stresses that there is a higher risk of not detecting management fraud because of the directors' ability to override controls and directly or indirectly manipulate accounting records.
So this creates an ambiguity and, to some extent lets the auditors off the hook. This may well have been the intention, of course, when the original ISA was drafted to leave a trapdoor open for the auditors to escape through if the client commits a huge fraud they havent detected during their audit.
So why does an international audit firm such as EY get itself in such a position? There are two possibilities. The first one is that audit teams actually carrying out the work can find it incredibly difficult to believe that such an ostensibly respectable organisation as Wirecard with its lovely shiny offices and its clever staff would possibly be involved with fraud. This plays into something called Confirmation Bias auditors are predisposed to believe the assurances they are given because these agree with how they view the business.
The second view is that, at a senior level, audit partners in major accounting firms and chief executives of large organisations are cut from the same cloth. They inhabit the same world, probably view that world in a similar way and even move in much the same social circles. This encourages a form of Groupthink where, again, a rather cosy relationship develops and the possibility of fraud becomes unthinkable until it happens.
On 18 December 2019 in the UK, Sir Donald Brydon sent a report setting out his personal views on the quality and effectiveness of audit to the Department for Business, Energy and Industrial Strategy.
Among a raft of recommendations Brydon suggested:
'A new reporting duty on directors to set out the actions they have taken each year to prevent and detect material fraud. A corresponding new duty on the auditor to state in their report how they have assured the directors' statement on material fraud, and what additional steps they have taken to assess the effectiveness of the relevant controls and to detect any such fraud.'
In other words Brydon suggests that the auditors start to look harder for the possibility of fraud as part of their risk evaluation of the business.
Whether these recommendations will ever see the light of day again depends on the political will of the government and the enthusiasm of the regulator. So far the fallout is primarily financial investors in Wirecard have lost their money, employees have lost their jobs, EY are facing a wall of lawsuits. It is also likely to have to face possible disciplinary action from the German regulator. The former CEO might well end up in jail and some of his colleagues, particularly the CFO, with him.
In the UK people have not forgotten Carillion and that may come back to haunt the audit profession. Wirecard was in Germany but, in a global world, a failure is a failure no matter where it lies.
John Taylor is an author for accountingcpd. To see his courses, click here.