AA's Hindsight is 20/20 Foresight Much Less |
This
is the first to two posts on this topic. Second post here.
In
an earlier post, I proposed two measures to enhance the detection of
corporate fraud.
This
post and the one that follows outline how it might
have been applied to Wirecard.
To
start a recap of the two points in my proposal:
- Reemphasize the auditor’s duty to identify unique material risks and vulnerabilities in a company’s business model or practices and disclose them as appropriate in the financial statements, e.g., key audit matters and/or footnotes. And as well to ensure the auditor performs the appropriate amount of audit work on these and other risks.
- Scale audit work to risk. For example, one should not confirm the existence of Euros 1.9 billion in deposits in the same way one confirms a Euro 100,000 receivable.
Before
you proceed further, it’s probably useful to take a look at my
earlier
post which details the proposal, its rationale, and more
importantly its limitations.
That
will help provide the context necessary for you to make an informed
assessment of the potential
efficacy of
my proposal.
From
that and
what follows
you will see that I’m under no illusion that this is a “perfect”
solution—one that will detect all fraud or even all major
fraud.
But
it will, I think, increase the odds of detection.
It
is a necessary but not sufficient step.
Now
to Wirecard.
Point
One: Identification and Disclosure of Significant Business Risk
It’s
pretty clear from a cursory understanding of basic accounting that
the fact that WC’s Euros 1.9 billion deposits were imaginary meant
that an equivalent amount of earnings were as well. 26
June post .
Recently
the FT
reported that a special KPMG “audit” found that Wirecard had
been loss making for years. A even more dire situation.
Let’s
assume that in their review of the company’s revenues and net
profit, WC’s then auditors (who were not KPMG) noticed that WC was
dependent on three companies for the bulk of revenues and profits.
See
FT article here for details.
At
this point, let’s assume there was no hint of fraud.
Because
of this dependence, WC faced the risk that these third-parties might
take their business to another company, leaving WC with a massive
“hole” in revenues and income.
Or
these companies might have future problems of their own which would
then impact WC.
Now
this is not something that can be dismissed with a wave of the
corporate hand. “But we work through 100 partners where we don’t
have licenses”.
The
fact is that if the business with these 3 companies didn’t exist,
WC’s revenues and net profit would be vastly different.
Under
my proposal, the auditors would have had to insist that WC disclose
this “material” reliance on third parties. The auditors would
have also had to treat this dependence as a “key audit
matter”.
The
latter would require enhanced audit measures to analyze the risks of
this dependency. For example, to determine how much discretion those
third parties had to redirect the business elsewhere, what sort of
pressures they might bring to force WC to accept reductions in
compensation, etc. What were the risks that these companies faced to
their business.
WC
no doubt would have made arguments against disclosure of this
dependency in its financials citing business confidentiality,
maintenance of a competitive advantage, etc. If the “secret” of
its third party relationships were revealed, a competitor might poach
them. And so on.
The
resulting compromise might have been something like “WC’s
historical and future profitability has been and remains critically
dependent on business flow from 3 third party firms.”
In
reviewing this relationship, the auditors should also have noticed
that these third parties had been granted access to WC funds (the
imaginary escrow accounts).
Or,
if the business reliance were not disclosed or overlooked by the
auditors, the single fact that the third parties had access to WC’s
escrow accounts should have raised further investigation on the
accounts.
An
investigation which could have led to the auditors discovering WC’s
dependence on the third parties for the bulk of revenues and
profit.
Assuming
that this more detailed work were done, then the fraud might have
been caught years earlier.
According
to information that the FT was given, at one point AlAlam owed WC an
amount roughly
equal to one year’s net income.
That
certainly qualifies as a material risk.
The
two banks that held the accounts BDO and Bank of the Philippine
Islands are the largest and third largest in the Republic of the
Philippines (ROP) by total assets.
Big
fish but small pond.
As
of 31 December 2018, BDO had total consolidated assets of US$62
billion equivalent and total shareholders’ equity of US$7 billion
equivalent. BPI’s comparable figures were US$43 billion and US$5
billion equivalent.
As
of the same date, Deutsche
Bank had roughly Euros889 billion in total assets and some
Euros55 billion in equity. Bank
of America some US$2.4 trillion in assets and US$265 billion in
equity.
Euros
1.9 billion in deposits with the Philippine banks should raise credit
risk issues as well as other more practical ones, e.g., liquidity..
To be fair an escrow/trust account structure would address some of
these.
Beyond
that is the issue of country and regulatory risk.
The
ROP is judged to have defects in its legal and financial sector
supervisory system. See the
US
Government’s 2019 INSCR issued in March 2019 (page 157 and
following) and the 2019
Asia/Pacific Group on Monetary Laundering Mutual Evaluation Report
(page 10 points 8 and 9).
Based
on the foregoing, WC was taking several significant risks with its
“arrangements” for the escrow accounts.
Recognition
of that “fact” would require that the auditors perform
additional measures to review that credit and risks.
With
respect to the three parties, that would mean an investigation of the
conditions of their access, the reasonableness of amounts that they
were permitted to access, the escrow agreement’s effective
protections, etc..
As
well, the auditors would have to review the credit exposure to the
two Philippine banks who “held” the deposits and regulatory and
credit issues related to the choice of the ROP as the “depository”
country.
That
doesn’t mean that the auditors would necessarily
determine
if the decision were the right one.
After
their review, they might note “issues” surrounding the credit
decision for public disclosure. And equally important factor these
risks into their audit plan.
At
the very minimum it would seem that the third party access—which
seems not to be a usual business practice—would warrant disclosure
by
a
sentence or two in the note to the financial statement about cash and
banks.
These
disclosure should alerted investors, analysts, other market
participants to these risks and hopefully triggered questions.
But
there’s a critical dependency. Warnings are of little utility if
they are missed for whatever reason.
However,
this “finding” should also have resulted in the auditor having
greater focus on these issues in conducting the audit. And thus
provide a back-up in the case market participants were somnolent or
in throes of irrational exuberance.
The resulting effect on audit work is very important because the auditor has access
to more information than outside parties. Thus, there is more
likelihood that the auditor will have more success in “pulling on a
loose thread” and unraveling a fraud.
In the next post, I'll look at some enhanced audit measures that the auditors could have employed.