Corporate governance: Financial controls are vital

12 Jun, 2009

A recent article in this newspaper ("The Satyam Scandal and the role of Corporate Governance") arguing that a corporate governance failure, in the manner of India's Satyam Computers, could not happen in Pakistan's robust regulatory environment, glosses over the responsibility of Satyam's auditors, Price Waterhouse Cooper (PwC), one of the Big-4 global accounting firms.
Two facts need to be mentioned. First, PwC had been suspended by the Reserve Bank of India, the regulatory authority, from auditing non-Banking Financial Institutions (in 2004) and banking companies (in 2005) for its failure, in one instance, to report under-performing assets and, in the other, to report a Euros 20 million fraud in an investment company.
Second, in 2008 Satyam was blacklisted, and barred from doing business with it for 8 years, by the World Bank for "corrupt" practices. Therefore, both companies involved in the scandal were already afoul of accepted standards of good corporate governance. Soon after the admission by Satyam's CEO that his company's USD1.4 billion of audited cash and bank balances were lighter than thin air, Indian authorities arrested the two PWC partners who had signed off Satyam's accounts.
This led PWC at the international level to insist there was "not an iota" of evidence against the two professionals (one of the Partners had been signing off Satyam's accounts since 2000), but the firm could provide no reason why its auditors were unable to detect such an elementary matter involving reconciliation of bank accounts, a fraud the company's founder admitted he had been perpetrating for many years.
Perhaps the only defence that can be put forward for the Satyam audit lapse is that it was neither an isolated case nor the largest. The bad news of the past few years is not hidden. Enron, WorldCom, Parmalat, Shell Oil and a host of other major companies were all caught in accounting scandals. In each case, the independent auditors charged with confirming that public companies weren't cooking the books were all found asleep at the post, or worse.
Arthur Andersen, it may be remembered, ceased to exist after the US government brought criminal charges against it for destroying evidence related to the Enron scandal. Italian prosecutors indicted the local branches of both Grant Thornton and Deloitte & Touche, auditors of Italian food giant Parmalat, which made USD 10 billion of assets disappear.
Among the many lapses in this case, outstanding are the facts that Parmalat first presented auditor-approved accounts showing a USD4 billion deposit with Bank of America, a claim denied by the Bank. Parmalat next claimed to possess almost USD8 billion in another Bank of America account, but this too was denied by the bank.
Viewed in the context of Satyam, it appears that white collar criminals use the same old tricks, knowing that the big guns of accounting are asleep when it comes to reconciling cash and bank balances.
In the USA, Ernst & Young, which took over Arthur Andersen, had major problems when it was sued by clients for USD 1 billion for allegedly issuing advice to use illegal tax shelters and in the same year its role as auditor came into question when a client health firm was found by the US SEC to have overstated its earnings by more than USD2.5 billion in a bid to raise its share values.
One of the major investors (US $7.5 billion) with Bernie Madoff was investment fund Fairfield Greenwich Group, whose auditors were Price Waterhouse. Perhaps the fact that Fairfield Greenwich received fees of approx.
US500 million for placing its investors' money with Madoff may explain their reluctance to be inquisitive about Madoff, but it certainly dos not exonerate PWC, who, if anything, should have been suspicious that the auditors of Madoff's $50 billion fund was a firm of accountants operating out of a 13x18 foot office, next to a Doctor's, in down-market New York.
If the scandals and financial thefts at ING Baring, Irish Bank, Societe General seem remote with the passage of time, it is not forgotten that these frauds too were uncovered by regulatory organisations, not external auditors. Presently, the world is reeling from the shock of the credit derivatives scandal.
To put the magnitude of this scandal in perspective, the notional value of the defaulted contracts exceeded the sum total of all global bank deposits and pension funds put together, but no accounting firm (or rating agency, for that matter) was able to detect unsustainable leverage until the "structured-products" edifice collapsed under its own weight.
When questioned by a US Congress committee about the derivatives scandal, former Federal Reserve Chairman Alan Greenspan said he "saw no reason to intervene" believing that "management of banks would not put shareholder value at risk." The scholarly Mr Greenspan had overlooked two important considerations, (i) self-regulation does not work where there is conflict of interest and (ii) there are no limits to greed.
Corporate governance and financial prudence were thrown to the winds when management executives tasked with oversight saw billions of dollars in bonuses for taking the opposite route. Those tasked with external checks also failed spectacularly. The ratings agencies, seeing hundreds of millions of dollars in fees, saw no reason to deny positive ratings to the several new exotic (and useless) financial products being floated each day.
So too the accounting firms, benefiting from collateral business (software sales, consulting, valuations, training, technology implementation) who saw no reason to question the fact that their clients had taken exposures to paper IoUs that were often twenty or more times the institutions' total assets.
Corporate governance is a set of rules and guidelines for self-oversight of the diverse operational functions that drive modern corporate activities, with emphasis on setting minimum standards of compliance via internal controls for mitigating risk.
The "Satyam" article states, correctly, that reporting standards in Pakistan, which must conform to International Financial Reporting Standards (IFRS), are higher than those in India and also that our Securities & Exchange Commission has introduced in 2007 a comprehensive Code of Corporate Governance.
The problem, however, is not so much the quality of the regulations as the quality of the implementation; and, in the case of financial reporting, not the extent of disclosures but whether there is substance and veracity behind the disclosures.
Three common factors are observed in the major financial scandals cited above; first, all the above-cited errant corporations operated in a strict regulatory environment and, until they collapsed, were not cautioned either for being in breach of financial reporting or corporate governance standards (Satyam in fact received in 2008 a "Best Corporate Governance" award from the UK-based World Institute of Corporate Governance.)
Second is that none of the companies are known to have implemented institutional internal reporting systems that would have overridden the fraud planned by the senior managers or their incompetence (as in SocGen and ING.) The third common factor is the failure of the "gatekeepers," the external auditors, to detect internal fraud in their clients.
This could have arisen either from incompetence, which is hard to believe, or from reluctance to probe too deep into suspicious matters, which is m ore likely due to conflict of interest. After all, what future would there be for a junior auditor who reported on facts that could bring down his employers' best clients, killing the goose that lays the golden eggs?
In Pakistan, while there is no doubt about the high professional caliber of accounting professionals, conflict of interest at organisational level is a major area of concern. For example, the Big 4 accounting firms, apart from being external auditors, get huge contracts from their clients for consulting on HR and compliance functions, providing training, implementing technology and developing and installing software, even for advising on internal audit and control functions.
One of the major preventive tools of corporate governance and financial reporting is ICFR (Internal Controls over Financial Reporting.) This is a process, defined in guidelines such as COSO (Committee of Sponsoring Organisations of the Treadway Commission) that involves not only an organization's internal auditors but also makes responsible its business units for implementation and oversight of compliance requirements in a holistic manner.
Such processes, involving middle managers up to the Board, theoretically imply a more fail-safe procedure than other regulations, such as Sarbanes-Oxley. While the State Bank of Pakistan has issued clear directives to banks in regard to implementing ICFR according to internationally accepted best practices, for other public companies so far this is obligatory but it would be a good step to make it compulsory.
Learning from past experience, both regulators may consider the conflict of interest aspect and restrict the increasingly intrusive role of external auditors in companies' internal controls and processes. The grey zone between unethical and illegal will always present problems. In the derivatives scandal, absence of regulation meant that none of the stakeholders acted illegally, but ethics certainly required the auditors and rating agencies to point out the inherent weaknesses of the products being sold.
The tenuous nature of accounting of group companies is another grey zone, one that affects both the banking and companies' regulators, as in the fall of the Dewan Group where, because of high levels of inter-linked debt and guarantees, the failure of one group company has led to a domino-effect on its other entities, with resultant billion rupee losses for banks and shareholders.
To conclude it needs to be remembered that prevention of internal fraud remains the responsibility of the companies themselves. Auditors are only required to detect and report fraud, but both stakeholders appear remiss in their responsibilities, in Pakistan and globally.
While no statistics are available from SECP in regard to fraud in public companies, the State Bank recently reported there was a 39% increase in fraud within banks during the last quarter of 2008, with total outstanding fraud and forgery cases rising to over 6300 in the September-December 2008 quarter and the amount involved rising to Rs 6.5billion. The sooner banks and public companies implement preventive measures through strict ICFR and implement them, the better for Pakistan's corporate governance environment.

Read Comments