Enron in 2001.
Worldcom in 2002.
Satyam Computers in 2009.
Sino-Forest, Harbin Electric and Puda Coal in 2011.
China Metal Recycling in 2013.
Noble Group in 2015.
Carillion plc in 2018.
Wirecard and Luckin Coffee in 2020.
It can come as a surprise to many investors how so many frauds have passed through the watchful eyes of well-known auditors such as KPMG and EY and not get found out… until it is too late.
Aren’t they supposed to be the “first-defenders” of our capital?
It isn’t quite as straightforward as that.
What Auditors Actually Do
When it comes to external audits, auditors primarily check for 2 key things:
- Whether the company’s financial statements are presented fairly, according to US or international based standards
- Whether proper internal controls are in place
As you can see, auditors are NOT required to specifically look for fraud (unless there is separate request or allegation against the company). The audit process goes so far as to highlight material misstatements (huge irregularities) arising from their checks of whether the financial statements are fair or not.
As I wrote in my personal blog on a high-profile case of fraud in the US last year…
It is also important to note that auditors rely quite heavily on information provided by the management.
These can include documentation to support financial statements, management’s estimates and justification over items such as useful life of property, plant, equipment (PPE) and receivables’ age.
Auditors are not expected to verify each and every document (as it takes a lot of time and cost) but rely on the strength of internal controls (which they will have also audited).
However, this leaves sufficient opportunity for a fraudulent company to do mischief. This was what happened to EY with Wirecard:
That said, the scope of audits has improved over the years to better protect stakeholders following events such as the Enron & Worldcom scandal and their auditor, Arthur Andersen, and the passing of the Sarbanes-Oxley Act (SOX).
This generally includes gathering much more information to assess fraud risks (such as engaging with operating personnel, or hypothesizing scenarios where fraud may likely occur).
However, it is still very difficult to uncover fraud for a company who is bent on doing it. A global study by the Association of Certified Fraud Examiners (ACFE) revealed that external auditors detect fraud cases 4% of the time, while internal audits fare only slightly better at 15%.
I will not delve into whether regulators should make auditors take on more responsibility in detecting fraud in this article.
The issue is a complicated one. It involves weighing the responsibilities of the other parties (ie. Board and management) and the additional time and costs (borne by who?) – which brings along a host of other problems.
Instead, I’ll focus on;
What Can Investors Do?
According to Roger Darvall-Stevens, the Director and National Head of Fraud & Forensic Services at RSM Australia, fraud is usually found through internal audits, management reviews and tip-offs.
While we may not have such insider information privy to us, we can estimate the likelihood of fraud happening in the first place by finding out if insiders have the “ROI” to do so.
This includes finding out if a company has good checks and balances in place (ie. an unbiased Audit committee with good track record, un-complicated organizational and shareholder structure) and whether there are any incentives for mischief to occur (ie. remuneration heavily tied to short-term business or stock price performance).
You can read more about this “ROI” approach here.
Investors Need to Look Out For Themselves
It is wishful thinking to hope that auditors and regulators will detect every single fraudulent company, and remove them from existence in our economies and stock markets.
What is more productive for investors to do, is to figure out on a high-level if a we’re comfortable with the level of ROIs a company has (or doesn’t have), and avoid those that would make our stomach churn.
This would ensure that fraud risks within our portfolios are (somewhat) minimized, so that we can safely meet our desired financial goals.
Certain actions by management could raise a red flag. With regard to the Wirecard case, it was mentioned here that the biggest red flag is the founder pledged his shares to get a bank loan.
https://youtu.be/1y-Gl0lFEmM?t=195