Auditors and Fraud: Interview with Going Concern

Mark was recently interviewed by Going Concern about auditors' responsibilities to detect fraud. Here are a few highlights:

Moral Hypocrisy: The KPMG / PCAOB Scandal

Auditors aren't that great at detecting fraud and sometimes claim their audits aren't designed to detect it. It looks like they may not be that great at committing it, either (though not for lack of effort).

Is Bitcoin a Scam?

First, let's consider what bitcoin isn't.

PWC Held Responsible for Not Detecting Fraud

The Wall Street Journal published an article explaining that PricewaterhouseCoopers (PWC) was held responsible for failing to detect fraud in their independent audits of Colonial Bank. Colonial Bank collapsed in 2009 and, according to the Tampa Bay Times, was the sixth largest bank failure in history. The articles estimate that PWC may be responsible for damages totaling hundreds of millions of dollars.

This is an interesting case because the audit firm has had some individuals claim, in court, that auditors are not responsible to detect fraud. The court rejected this claim and said auditors who don't design audits to detect fraud are not following their own auditing standards. Here are some details from the FDIC order related to the case:

“While there are numerous auditing standards that are implicated in this case,...the overarching standard that governed the PWC audits is that: “[t]he auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements, whether caused by error or fraud.” AU § 110.02; AU § 316. PCAOB Auditing Standard No. 2 states that “[a]lthough not absolute assurance, reasonable assurance is nevertheless a high level of assurance.” Id. at ¶ 17. To that end, a PCAOB 2007 release clarified that “[t]he auditor should, therefore, assess risks and apply procedures directed specifically to the detection of a material, fraudulent misstatement of the financial statements." (emphasis added). The Engagement Letters between PWC and CBG acknowledged this responsibility by stating that PWC would “design [the] audits to obtain reasonable, but not absolute, assurance of detecting errors or fraud.” See, e.g., A4 at 3. Indeed, Mr. Westbrook, one of the PWC audit partners, testified at trial that PWC had a duty to design audit procedures to detect fraud. Tr. 817:25-818:7 (Westbrook). He further testified that if PWC failed to design its audit procedures to detect fraud, it would be a violation of PCAOB standards. Tr. 822: 19-22 (Westbrook). 

However, PWC voiced a very different tune just a few years ago with respect to another lawsuit that stemmed from this fraud. TBW’s bankruptcy trustee also filed suit against PWC, alleging that PWC breached its duties when it failed to detect the fraud. That lawsuit proceeded to trial in August 2016 before it settled mid-trial. As part of that lawsuit, many of the same PWC engagement partners, audit managers, and audit staff who are involved in this case gave deposition testimony under oath in the TBW trustee’s case. During that testimony, these individuals repeatedly admitted that PWC did not design its audits to detect fraud. For instance, Mr. Westbrook testified that PWC “audits are not designed to detect fraud.” Tr. 358:6-7 (Westbrook) (quoting Westbrook TBW Dep. at 23:7-12). Likewise, Mr. Jackson, the PWC engagement partner, testified that “I would point out that our audit procedures were not designed to detect fraud.” Tr. 1027:1-10 (TBW Dep. at 31:17-20). Similarly, Wes Kelly, PWC’s audit manager for the 2003-2005 and 2008 CBG audits, testified that PWC “did not design audit procedures to detect fraud.” W. Kelly TBW Dep. 45:608 (Ex. P3120). Finally, Mr. Rivers, a PWC audit associate assigned to the CBG audit, testified that PWC had no obligation to look for fraud. Rivers TBW Dep. at 66:17-23. 

At trial, PWC attempted to explain away this testimony by arguing that these individuals simply meant that PWC was not a guarantor against the possibility of material fraud because the auditing standards recognize that “even a properly planned and performed audit may not detect a material misstatement resulting from fraud.” Ex. A400 at 7-8 (AU § 316.12); Tr. 821:25-822:24 (Westbrook stating that in order to provide a guarantee against fraud, auditors would “need a lot more tools like lie detector tests and subpoena power and guns and badges and all those kinds of things.”). This Court does not find this explanation credible, nor is it consistent with the previous testimony from the TBW trustee’s lawsuit. This Court heard Mr. Westbrook and Mr. Rivers testify for hours and is convinced that these gentlemen are more than capable of saying what they mean. If they had intended to say that PWC audits were not a guarantee against the possibility of material fraud, they would have testified accordingly. However, that was not their testimony. Instead, they clearly stated that PWC had no duty to detect fraud and did not design its audits to detect fraud. The Court concludes that PWC did not design its audits to detect fraud and PWC’s failure to do so constitutes a violation of the auditing standards. 

What I find interesting is that practicing auditors admitted that they don’t design their audits to detect fraud even though auditing standards clearly say that auditors are responsible to provide reasonable assurance that there are no material misstatements due to (error or) fraud. Over the past decade, including as recently as 2016, I’ve asked several audiences of auditors to answer the following true-false question: “Auditors have the responsibility to provide reasonable assurance that there are no material misstatements due to fraud.” These auditors range from staff to partners and, on average, about 50% incorrectly answer false. This is pretty disheartening to me...

Unfortunately, my experience suggests that most auditors don’t put in a lot of effort to detect material fraud. Fraud may be discussed briefly in the required brainstorming session but then quickly forgotten as the audit team gets focused on ticking and tying and trying to get some sleep during busy season. 

There are many things that auditors could do but, unfortunately, it's rare to find an auditor who is thinking beyond what they did last year. If I were king for a day, I would require auditors to do interviews with lower level people in an organization with the goal of discovering aggressive accounting or business practices. Combining interviews with strategic reasoning would potentially help auditors provide the reasonable assurance they are responsible for. For example, if strategic reasoning leads the auditors to believe revenue recognition and shipping cutoff is ripe for financial reporting fraud, auditors trained in interviewing could meet with shipping / warehouse personnel about the end of the year. Well designed questions could reveal information that could help identify control weaknesses and potential fraud. 

In any case, this case and other experiences with auditors reminds me of the 1980s when auditors put it in their engagement letters that they weren’t responsible for providing assurance for fraud. Back then, and now, the courts don’t appear to share that view. In the end, both the auditing profession and audit users end up suffering when auditors are weak in fulfilling this responsibility.

Wells Fargo Incentives Lead to Fraud

Wells Fargo, one of the largest banks in America, was fined $185 million for the company’s fraudulent selling practices. A Wall Street Journal article¹ reports, “Federal regulators announced that Wells Fargo opened as many as two million deposit and credit-card accounts without customers’ knowledge.” Many former employees of the bank attribute the widespread fraud to the incentive structure and the pressure received from managers to reach the company’s ambitious sales targets.

Wells Fargo has been envied by its competitors for its high return on equity, with greater relative profits than other leading financial institutions such as J.P. Morgan. This success is a result of the focus on cross-selling more products (i.e. different financial services) per customer, a strategy it has faithfully followed since 1999.

However, some managers’ fierce dedication to this strategy led many lower level employees to create dummy accounts. Sales progress was closely monitored, requiring updated reports several times a day. Not meeting your targets was not something to be taken lightly, as many lower and mid-level managers lost their jobs due to their inability to consistently achieve their goals.

The account representatives and account managers also felt immense personal pressure to achieve sales goals due to the monetary incentives attached to their targets. With low base salaries those bonuses became very significant and highly desirable. A Harvard Business Review article³ explains how this type of incentive structure entices employees to make minor ethical compromises which then escalate and spread from there. The article reads:

“Consider the following sequence: A bank account manager, under pressure to make a sales goal to receive his bonus, pushes a customer to add a credit card, even though the account manager knows it’s not in the customer’s interest. Still short of the goal, the account manager asks his friends and family to open accounts. (The accounts are to be closed shortly thereafter.) With the goal still not achieved, the account manager opens accounts without asking customers and transfers a small amount of money. (The accounts are closed shortly thereafter and the money is transferred back.) As soon as the account manager gets away with the first unethical act, it’s not a big step to the fraudulent ones. The justification moves from ‘it’s legal’ to ‘no one is harmed’ to ‘no one will notice.’ When such practices are tolerated, they escalate in severity and spread throughout the organization.”

Wells Fargo’s CEO, John Stumpf, accepted full responsibility in his congressional hearing last week.² Over the past five years the bank has fired 5,300 employees for their involvement in fraudulent practices and has hired consultants from PriceWaterhouseCoopers and Accenture as well as several law firms to investigate the situation. However, it seems as though all that effort was too little, too late. 

Mr. Stumpf has received a lot of heat for this scandal, including requests for his resignation and calls for top executive’s compensation to be paid back to those negatively affected. Some have even questioned his competency as the CEO of such a large bank. The WSJ article¹ previously mentioned goes on to state, “In the 2010 annual report, Mr. Stumpf said he often was asked why Wells Fargo had set a cross-selling goal of eight retail banking products per customer. “The answer is, it rhymed with ‘great,’ he wrote. ‘Perhaps our new cheer should be: ‘Let’s go again, for ten!’” 

The bank said it will “scrap all product-based sales goals in its retail branches starting January 1.”¹  It is unclear why they are waiting until next year to implement this change aimed to alleviate the pressure experienced by employees that led them to these illegal practices.  Hopefully this scandal will help other companies see more clearly that extreme commitments to aggressive goals can potentially lead to fraud.

1.     http://www.wsj.com/articles/how-wells-fargos-high-pressure-sales-culture-spiraled-out-of-control-1474053044

2.   http://www.wsj.com/articles/wells-fargo-ceo-stumpf-i-accept-full-responsibility-for-unethical-sales-practices-1474326173

3.   https://hbr.org/2016/09/wells-fargo-and-the-slippery-slope-of-sales-incentives

Combating Cheating in the Classroom

Online resources students may use for cheating

Have you ever heard of websites such as Course Hero, Quizlet, or Koofers? If you have, you may know that while these websites can provide some advantages for honest students, they also provide an opportunity for some students to cheat. A recent presentation by a professor at Brigham Young University (BYU) highlighted several concerns about these study websites. After searching the websites, thousands of assignments, quizzes, and exams were discovered posted on the various sites. While it may be okay to post student notes, flash cards, or even class slides depending on professors’ instructions, posting assignments, quizzes, and exams is likely a violation of copyright laws.

Whose Job is it Anyway? Are Auditors Expected to Detect Fraud?

A recent article in The Wall Street Journal details what could be one of the only legal cases from the great recession to actually go to trial. Taylor Bean & Whitaker Mortgage Corp. is suing PriceWaterhouseCoopers LLP (PWC) for $5.5 billion dollars claiming that PWC was negligent in auditing one of their clients. While PWC didn’t audit Taylor Bean, they did audit a bank with which Taylor Bean did frequent business--Colonial Bank (Colonial). Taylor Bean overdrew its accounts with Colonial for several years to cover cash shortfalls, then sold fake pools of mortgages to Colonial in order to cover up the fraud. Taylor Bean claims PWC was negligent in auditing Colonial, and that the collapse of Colonial led to them losing billions of dollars. The real question is how liable should auditors be for detecting fraud?

HSBC Holdings Receives Nothing More Than a Slap on the Wrist

A recent article in The Wall Street Journal talks about the Justice Department’s decision to not pursue charges against HSBC for allegations made in 2012. HSBC is a major bank in the UK that admitted to neglecting to spot proceeds from drug trafficking in Mexico and also did not flag transactions by countries under economic sanctions. Rather than being prosecuted, the bank was allowed to admit guilt, improve its controls, and make a few other minor changes. Both Republican and Democrat lawmakers view the decision as a slap in the wrist for a company that admitted to engaging in extreme illegal activity. While former Attorney General Eric Holder says his remarks were misinterpreted (see below), the fact that HSBC is no longer being prosecuted lends credence to the idea that the government seems incapable of handling corruption within some of the world’s largest corporations.

See this previous post for a further discussion on companies being too big to fail.

SaveSave

Fraud Prevention in the Banking Industry

According to a recent article on Bloomberg, banks are considering using blockchain technology, the same platform used in bitcoin transactions. This change could prevent losses that are due to one particular type of fraud. Some companies are applying for and receiving financing from multiple banks, but are using the same invoice as proof of collateral for all of the banks. This allows the company to receive much more financing than they should be able to receive, and the banks lose a lot of money if the company defaults on their loan. This fraud is similar to if an individual were to receive several mortgages from various banks for a single house. If the individual were to default on their mortgage, they would keep a lot of cash, and the banks would each be left with only a portion of a house as collateral. The losses due to this financing fraud have been close to $700 million for banks such as Standard Chartered Plc and JPMorgan Chase.

Expert Witnesses in the Armstrong Case: Are their Opinions Valid?

It’s been over three years since Lance Armstrong admitted to doping throughout his career, but the lawsuit between the United States Postal Service (USPS) and Armstrong continues. The main question that is still unresolved is whether or not the USPS actually suffered losses due to sponsoring Armstrong with more than $30 million between 1998 and 2004. If the USPS can prove they experienced losses due to sponsoring Armstrong and subsequently learning of Armstrong’s doping, then they will have strong evidence to win the case. On the other hand, if Armstrong can prove that the USPS didn’t experience any loss, he will have a better chance at winning the case. How is the dispute resolved? By hiring expert witnesses at $700 – 900 per hour.

New Detection Method Could Have Caught Lance Armstrong

There are several articles on Fraudbytes discussing doping in professional sports, but is there a way to stop doping? A recent article on road.cc discusses research that claims it could have caught Lance Armstrong. The current methods for detecting drugs in an athlete’s system are extremely sophisticated (i.e., if there was a drop of drugs in an Olympic sized pool, they would detect that drop). However, they are only able to detect the drug if it was used in the last 48 hours. According to Yannis Pitsiladis, a professor of sport and exercise science with a particular interest in genetics, his new method can detect if the athlete has doped in the past several months and, potentially, even years.

Financial Crime Registry: Will it Deter Fraud and Improve Restitutions?

Every state in the United States has a sex offender registry that is publicly available for everyone to see in order to identify people who have been convicted of a sex crime in the past. Could such an approach also prove effective at lowering financial crime rates? A recent article in The Wall Street Journal discusses the creation of a White Collar Crime Offender Registry in Utah. Utah is the first state to implement such a registry, making them, according to the article, the “most aggressive jurisdiction in the country when it comes to publicly shaming financial criminals.” The registry will list first time offenders of financial crime for five years, second time offenders for ten years, and third time offenders will never have the option of being removed. In addition, convicts who fully comply with court orders and pay their restitutions in full will not be added to the list.

How to Avoid Being Asked to Commit Fraud

A recent article in The Economist discusses how to avoid being asked to commit fraud. It can be very uncomfortable if your manager asks you to alter the books or do anything that is unethical. Often there are not only repercussions for committing the fraud (i.e., fines or jail time), but also for not committing the fraud (21% of employees who reported unethical behavior at work said they experienced some form of punishment from their employer). If you refuse to commit a fraud, your manager may choose not to promote you or may even fire you.  Rather than refusing to commit a fraud, the best scenario for an employee would be to never be asked to commit a fraud. A study that was done by Dr. Sreedhari Desai (professor at the University of North Carolina at Chapel Hill) found one approach that dissuades managers from asking employees to engage in unethical behavior.

Doping and Match Fixing: Has Tennis Crossed the Line?

News of professional tennis player Maria Sharapova failing a drug test at the Australian Open has spread rapidly, especially since tennis is generally considered a more sophisticated sport, and people don’t usually think of tennis players when they think about athletes that are doping (see the video below of the press conference where Sharapova made the announcement). While Sharapova says that the drug she was taking was a medicine given to her for health reasons that was only just recently banned by WADA (World Anti-Doping Agency), she still takes responsibility for taking it after it became a banned substance. Additionally, this situation has brought to light other instances of potential fraud in professional tennis, including doping and fixing matches.