Accomplice or Adversary?

The position of trust that auditors have enjoyed for decades has been put to the test in recent years, leaving stake-holders wondering whether the twenty first century auditor is an accomplice or an adversary of white-collar crime.

In 2001, the Enron accounting and corporate fraud cost its shareholders upwards of US$70 billion leading to bankruptcy of their auditor, Arthur Andersen, one of the largest audit firms in the world at the time. Arthur Andersen was found guilty of illegally destroying documents relevant to the U.S. Securities and Exchange Commission investigation. Subsequently, Arthur Andersen’s license to audit public companies was voided and the firm eventually collapsed.

Shortly thereafter, the Sarbanes Oxley Act (SOX) was enacted to increase accountability of auditing firms. Through enhanced corporate governance measures, SOX envisioned sustained independence of auditors which would in turn offer stakeholder protection. Research findings on the impact of SOX observed that organisations subject to SOX were significantly more transparent and their financial statements were perceived to be more reliable. Conversely, the research findings also indicated that organisations with reported material weaknesses had significantly higher fraud.

In June 2020, Wirecard, a financial services company headquartered in Germany filed for insolvency after revelations that US$2billion had gone missing. Wirecard engaged in fraud to inflate its profits in a series of accounting malpractices. Ernst & Young (EY), the company’s auditor, gave Wirecard’s books a clean bill of health, and now finds itself facing investigation by Germany’s auditor’s oversight body, APAS. The global chairman of EY expressed “regret” that fraud at the now collapsed Wirecard was “not uncovered sooner” by his firm’s auditors and said EY group would “raise the bar significantly” on its vetting work.

SOX-type regulations were also enacted in Germany, however, legislation, no matter how good cannot deliver the desired outcomes without the collaborative participation of all key players. Global financial systems have made significant technological advancements and auditors must keep up the pace to ensure that audit methodologies are sufficiently apt and agile. Whereas auditors are not expected to investigate their client’s affairs, they may be well positioned to identify and detect changes in the nature of the client’s activities in the course of the business relationship.

Earlier this year, the Angola and Portugal governments issued a freeze on the bank accounts of Isabel dos Santos, Africa’s richest woman and daughter of Angola’s former President. The freeze was aimed at recovering assets which were amassed through embezzlement of state funds using multiple companies, some of which Ms. Dos Santos owned with her husband.  The International Consortium of Investigative Journalists (ICIJ) published a report dubbed ‘Luanda Leaks’ revealing details of how Ms. dos Santos exploited family ties to build an empire at the expense of the Angolan people.

Prosecutors alleged that Ms. Dos Santos and her husband siphoned off over US$1billion of public funds through transactions with state companies Sonangol and Sodiam. Sonangol is a government-owned oil group whereas Sodiam a national diamond exporter.

PricewaterhouseCoopers (PwC), acted as the auditor, consultant and tax adviser to companies controlled by Ms. dos Santos and her husband. Some of these companies were named in the asset freeze imposed by the Angolan and Portuguese governments. The head of PwC’s tax advisory team for Angola and Portugal, stepped down due to the ‘seriousness of the Luanda Leaks’ claims. The severity of these claims led to increased scrutiny of PwC’s involvement raising concerns around conflict of interest. The Angolan government is said to have lost over US$1billion in this scandal, attracting worldwide attention on the role of auditors in safeguarding public interest.

In 2018, KPMG was banned from auditing public institutions in South Africa following a mega corruption scandal. KPMG allegedly facilitated tax evasion and corruption for the influential Gupta family. The Gupta’s, were accused of diverting state contracts in order to benefit their businesses based on their influence on the presidency of Jacob Zuma.  One of the corruption cases against the Gupta’s was a family wedding, which was allegedly funded with US$1.7million of taxpayers’ money. This was purportedly done through the Gupta’s company Linkway Trading Pty Ltd and accounted for as a business expense. While KPMG denied any wrongdoing, it admitted to missing several “red flags” in relation to the family’s accounts. The wake of this scandal led to the resignation of several top KPMG South Africa executives including the then CEO.

KPMG said it would pay to anti-corruption charities the US$3million earned in fees from auditing Gupta-owned companies since 2002. However noble, this act of charity did not stop the South African Auditor-General’s office from terminating contracting of KPMG on government work. The KPMG brand suffered reputational damage which impacted its business relationships across the continent.

Farther afield, the Malaysian Anti-Corruption Commission (MACC), arrested former Malaysian Prime Minister, Najib Razak in connection to misdeeds at 1MDB, a state-owned investment firm. Najib was accused of channelling circa US$700million from 1MDB to his personal bank accounts. According to its publicly filed accounts, 1MDB had nearly US$11billion in debt, some of which resulted from a US$3 billion state-guaranteed bond issue.  In July 2020, a court in Malaysia sentenced Najib Razak to 12 years in jail after finding him guilty of corruption.

Deloitte Malaysia as the auditor for 1MDB entities was fined about US$500,000 by the Malaysia Security Commission (SC) for breaches related to Islamic bond issuance. Deloitte was penalized for failure to report irregularities that may have had a material effect on 1MDB’s ability to repay its creditors. The Malaysia SC fined Deloitte despite the fact that the firm issued a qualified audit opinion and revealed that 1MDB was under investigation by several authorities. Deloitte also disclosed its inability to obtain sufficient audit evidence to determine whether the advances to 1MDB could be recovered.

Although Deloitte paid the fine, they have sought a judicial review of the Malaysia SC decision. In this case, it appears the Malaysian financial watch-dog built an expectation that went over and above a qualified audit opinion, begging the question on how far auditors should go in escalating irregularities they pick up in the course of their business engagement with clients.

The incidents enumerated here demonstrate that none of the accounting giants have been spared from mentions in connection with white collar crime.

Governments worldwide have taken to issuing penalties and sanctions to audit firms for failure to safeguard their independence and blow the whistle on malfeasance. In a bid to restore public confidence and mitigate reputational damage, auditors must continually address conflict of interest risks. Auditors are engaged to examine financial information and independently opine on the financial health of an entity. That notwithstanding, there is now an overarching expectation for the auditor to safeguard public interest over and above the engagement mandate.

Is the twenty first century auditor an accomplice or an adversary to white collar crime? The jury is still out!

Article written by Grace Mburu - Executive Director at  Flywheel Advisory & an expert in all things Financial Crime Risk Management