Archive

Posts Tagged ‘Fraud Investigations’

Auditing Career: Do “Dumb Auditors” have more Professional Longevity than “Smart” ones?

Thanksgiving Day
Image via Wikipedia

Two days ago I attended a nice Thanksgiving party given by a CIO friend, who like in previous years, had invited several CFO‘s, corporate attorney’s and high level management people from high profile Fortune 500 companies in the New York region to his house.   After a few drinks and delicious turkey, conversations about the state of the economy, technology and the headaches of regulatory compliance ensued.   There where two auditors in the group and it felt as if we where the only ones who did not feel regulatory compliance is a headache.    My Merlot and turkey friends, perceiving that they had numerical superiority over us, went on to a typical “we hate the auditors” discussion, where we had the “pleasure” of hearing every criticism launched against auditors since the time of Heraclitus.   Thank goodness I too had access to the Merlot.   One of the discussions that has stayed in my mind is one about how “well appreciated” dumb auditors are.   And, this I’ve decided to share with you.

Most auditors learn early in their careers that auditing is not a popularity contest.  As a result they adjust to the fact that they are paid to investigate, search, test, snoop around, and in many cases confirm the existence of wrong doing and mistakes by members of the organization at all levels.    The auditor is usually the person who has ulterior motives for asking questions, and the one who usually does not bring good news.    The auditor by his/her simple presence disrupts the “normal order” of things, makes the staff feel uncomfortable and require that all evidence be double checked for accuracy and legitimacy.   Often, when those being audited most want the auditors  to “go away,” some action or words  deep in the crevices of the organization send a message to the auditors to dig deeper or further expand their questions.   In common language, auditors are a pain in the neck.

The intensity of hatred or dislike towards the auditor however varies depending on his/her ability to understand what he/she is testing or investigating.    The smart, experienced auditor tends to ask deep, relevant and timely questions, often not found in a strict audit script or checklist, which can open the doors to problems and issues hidden just below the surface.   The smart auditor is happy when he/she finds problems, because he/she sees himself as a solution or insurance policy against risk exposures to the company.  However, this feeling is not shared by those who “own” the problems and depending on company politics, the reactions can range from lukewarm admission, challenges bordering threats from some levels of management, to a long term stealth campaign against the auditor leading to his/her dismissal for supposedly  “unrelated reasons.”  Like a Whistle-blower, the good auditor walks a dangerous road.    During difficult times, the good auditor has few or no allies.

The dumb auditor on the other hand, usually sticks to a rigid script or checklist, and is not likely to expand his questions beyond the “scope” of the audit, preassigned or created with the approval of management.  The audit process of the dumb auditor tends to be quick, rarely discovering problems and always neatly on time.   His reports usually sound like this:  “We tested A, B, and C and found no exceptions.  Managements’ controls are working according to established policies and guidelines and” (here is the mandatory recommendation for improvement – so it looks like some work was done),  “we believe the Segregation of Duties process in AP can be tightened by implementing the following…..  Otherwise all is well.”   This cookie cutter report, used by both Internal and External auditors, is the type that makes its way to most audit committees today.    This is also the type of report, according to my friends at the Thanksgiving party, that management wants and pays handsomely for.   I found myself looking at the other auditor and realized that we where both nodding in agreement.    My friends in the party, all experienced dealing with auditors, pointed out that “Smart” auditors, or auditors with independent minds can not last long in a typical organization, because the very act of following their ethical, inquisitive and legalistic mentalities gets them into serious conflicts with management and they end up fired after short tenures. Also, good auditors have few champions in the organization who see value or gain in “protecting” someone who is serious in his/her responsibility to investigate or test anyone (including them) in the future if they have to.   This is simple human nature.    A “Dumb” auditor on the other hand, creates few waves, does not offend or criticize too much, uses neutral and complimentary language in reports, and keeps to his/her “scripts” as planned by management.   By playing dumb, this type of auditor is indirectly “winning friends and influencing people.”   His/her back is covered because he/she is needed by those who need coverage.  The dumb auditor has allies.

In light of current scandals, like the Bernie Madoff case, and the mortgage meltdown, it has become common for many to ask:  “And, where were the auditors while all this was happening?”  My answer has to be that most of the auditors involved where diligently doing their jobs as good “dumb” auditors do, so they can stay employed.   That is, they where auditing every nick and cranny that was within scope and within the “Risk Appetites’ of their organizations, as set by “management.”   But, what about the codes of conduct, the audit charters, the PCAOB, the SEC, the GAAS‘s, ISACA and the IIA‘s.   Don’t these organizations have some level of control over how auditors should conduct themselves and how they should investigate and follow up on questionable activities?   Are all of these structures useless? My answer is no.  These are not useless organizations, and without them, the problems cited by my friends in the Thanksgiving party would be much worse.   The codes of ethics, guidance documents, audit frameworks and standards created by these organizations are the only line of defense we auditors and audit committees have against the many Barbarians who dwell in the halls of corporate America today.    But, are these standards  and frameworks sufficient?  My feeling is that they are not, and here is why.   Money corrupts as every auditor knows.  When you follow the money you find the power.   Organizationally, there is an imbalance between the auditor and those he/she audits.  On the one hand you have a well meaning, ethical person who wants to do the right thing, making an average mid-level management salary, tasked with uncovering wrong doing among those at levels that can crush him/her with ease, and whose interests are the maintenance of the status-quo, a low profile and making sure the company’s stock value is not disrupted by doubtful auditor reports.   In most companies, those in the Director, V.P. and “C” levels (usually persons with net worth’s in the millions of dollars and stock holders in the company) can easily muster the resources of the organization whenever they raise a red flag regarding a “trouble maker.”   The controlling factor here is not bribery, but the threat of dismissal.   So, in my opinion things boil down to a primal level for the auditor.   Ethics, integrity, morality, legality and professionalism on one side,  versus no job on the other. Unemployment, inability to pay the mortgage, damaged credit rating, children without college tuition’s, etc.   How many good auditors can consistently afford to be martyrs, and when it happens, who shows up at their door to help them pay the mortgage?   The fact that the majority of auditors are good, ethical, law abiding and take their oath’s of conduct and ethics seriously is a reflection of the social, religious and cultural values they share with the greater society, and less so on other types of controls  promoted by various groups.   As these cultural, religious and social values erode,  resulting from poor education, dysfunctional families, media aggrandizement of thieves, the belief that the  “bad guys” win and little understanding of civics, I suspect we will see more problems relating to poor auditor ethics and values.   In general, auditors are still good because they perceive that the society provides more positive reinforcements for good behaviors than bad ones.

In addition to the money and power challenges I noted above, there are issues dealing with the “Culture of Auditing,” which most of us are familiar with.    In my opinion, many of these favor the “Dumb Auditor.”   Some of these also help explain why many Madoff type schemes go “Undetected.”  Here are the top fifteen that come to mind.  I am sure there are others:

  1. Auditors are taught to find ways to give bad news in a positive manner.  Avoid bad news as much as possible.
  2. Auditors should avoid using the words “Failure,” “Problems,” or naming specific individuals who fail or pose problems.  Instead they should call these things “Exceptions,” or “Positive findings Needing Improvement.”
  3. Even when management has repeatedly ignored auditor recommendations and warnings, auditors are expected to be “flexible” and at best point out the issues as “still needing some levels of improvement.”
  4. Auditors are bound by extreme discretion and confidentiality.  They are to be like flies on the walls.  Rarely seen and not too vocal on any subject or occasion.
  5. Management has the last say in terms of what is possible by way of solutions to issues raised by audit.   The “Business” is the key determinant in whether a risk gets addressed as recommended by audit.
  6. Auditors work on behalf of management, and are not to be seen as impediments or obstacles to managements’ decision making.   Aggressive auditors can inhibit management’s entrepreneurial spirit.
  7. The auditor is there to protect the business from outside risks.
  8. Management sets the “Risk Appetite” for the company.  Auditors work within those parameters.   Even when the parameters are not well defined (on purpose).
  9. Auditors are supposed to uphold the utmost ethical standards, but often their superiors lie, cheat and have no scruples.   Some times the code of Ethics, zero tolerance statements, and even the Audit Charter are disregarded at higher levels, while zealously enforced at the lower levels.
  10. Auditors are supposed to remain positive and un-moved, even when those audited usually assassinate their character, create rumors and gossip about their professionalism, plant fake or doctored evidence against them, and call for their dismissal.
  11. Auditors are supposed to maintain meticulous notes and documentation, while many of their superiors rarely answer  email requests for clarifications, or document an opinion.
  12. Auditors are supposed to advocate for and practice “meritocracy” being on a constant race to obtain and maintain professional certifications.   While it is not unusual to see many of their superiors having reached positions of authority because they have either slept, drank, bought or strong armed their way up the ladder.
  13. When the Chief Audit Officer is weak, unstable and/or indecisive, audit work is reactive and there is unusual turn over in Internal Audit.   Expertise, maturity and professionalism has little time to take root.   “Dumb Auditors” flourish in these environments.
  14. In a recession and during cost cutting, some Audit departments let go of their “expensive” talent, keeping lower paid less experienced staff on hand until better times (and budgets) return.    “Dumb Auditors” flourish in these environments also.
  15. When the “C” level executives have been around for 10, 15 or 20 years and their “old boy” culture does not care about “irritants” such as “compliance,” or “industry best practices,” or “well designed controls,” and the head of compliance and legal counsel are never in the mood to “disturb” the old boys, smart auditors often become dumb by way of necessity.

As I prepared to finish this article, I discussed it with my friend, the other auditor at the Thanksgiving party, and he felt many of the issues tackled here are highly controversial and uncomfortable.   He said I make many generalizations  like what constitutes “Dumb” or “Smart.”   He said that what I call here the “Dumb Auditor” may really be the “Smart” one.  Every person faced with the sorts of challenges I mention has a huge reservoir of personal, professional and family reasons for taking one or another path, and those are known only to that person.   Passing judgment as I appear to do in this article may be too insensitive and simplistic.   The issues are just too complicated to put them in simple moral boxes.

I admit that my friend makes good points here, and I can only say that in this article my intent is to shed light on what is clearly a serious challenge with ramifications that go far above those of individuals.   This is a serious systematic problem  in the business world and many good minds in government and in professional organizations worldwide are working hard to find the right solutions.   In an ideal world, the typical auditor should not have to spend sleepless nights wondering whether he/she should play “Dumb” or “Smart.”

I  personally do not have a clear answer on how to solve these dilemmas for others.  I only know what my ethical, moral and social values are and I have first hand experience on the high costs and frustrations of being a “Smart” auditor.

If you are a new auditor, I hope I’ve alerted you to issues that may come your way sooner or later.   If you are an experienced auditor, I hope that by reading this you realize that you are not the only one who has seen these things.

To all readers.  I will appreciate it very much if  you left  your comments on this subject, so we can make this a more diverse  exchange.  Do you believe that “Dumb Auditors” indeed have a longer professional longevity than “Smart” ones?

Enhanced by Zemanta
Advertisements

Nigeria: Corrupt Auditors and Auditing Practices

* (en) Nigeria Location * (he) מיקום ניגריה
Image via Wikipedia

Sometimes its good to read about the auditing profession in other countries to get a sense of perspective about auditing in the USA.

This story published in the allAfrica.com News Service provides a good sense of the lack of ethics, oversight and reliability of auditors in Nigeria. I’ve always wondered (and sometimes admired) how some companies do business in places like these and consistently stay in compliance with the FCPA.  At other times I just wonder how it is that half of the officials in these places are corrupt, but the foreigners who do business with them are always ethical and lawful.   After you read the excerpt below, you can read the complete article by clicking on the link at the bottom of the post:

“Abuja – When the EFCC carried the anti-corruption war to the Federal Ministry of Agriculture and Water Resources recently, it yielded good results. The head of internal audit received marked bills totalling N2 million as a bribe from some contractors. He was caught in the act!

The story has not attracted undue attention, partly because it is common and “normal” in government ministries, departments and agencies. Auditors are envied even by other corrupt colleagues. They obstruct free flow of files so that contractors, suppliers and even workmates are forced to offer bribes to them. Often, they do not act alone: they have the backing of their bosses who also have itchy fingers. In the private sector, internal and external auditors collaborate to doctor the books of quoted and unquoted companies.”

To finish reading the story from the allAfrica.com News Service, click the link below:

Shared via AddThis

*** Important Update ***

Soon after I posted the article above, I was contacted by a Nigerian person who directed me to a Nigerian Blog that carried a story on the subject of fraud, auditors and the Nigerian Oil and Gas Industry.   Although, I am not a follower of business, political or social events in Nigeria, I found it appropriate to add information about this story, and link it for the benefit of those interested.    The story shows how real efforts are being made in Nigeria to combat corruption and how local auditors are not all corrupt.  Below is an excerpt of the story, posted in the Nigeria General Discussion Blog Website which you can read in its entirety by following the link on the bottom of this update:

“How Corruption, Theft Ruin Nigerian Oil and Gas Industry.  Is PIB the Way Out? – From DENNIS MERNYI, Abuja.

The high level corruption and theft in the extractive industry particularly the oil and gas industry has been exposed for the second time by the Hart Group and Sam Afemikhe group of auditors that carried out the audit report on the activities of the multinational firms in the oil and gas sector, the Nigerian government institutions responsible for both revenue, tax collections and regulations of all financial transactions in sector.

The auditors were commissioned by the National Stakeholders Working Group of NEITI under the chairmanship of Professor Assisi Asobie and their report was unprecedented for their independence and comprehensiveness. In that report, both financial and physical audits were carried out. Nigerian National Petroleum Corporation, NNPC, Central Bank of Nigeria, CBN, several government institutions as well as oil companies were indicted for stealing chunk of moneys either during crude production or refined oil product export or supply.

In the report also, the auditors found some discrepancies among the Petroleum Profit Tax (PPT), royalties and gas flaring penalties the companies declared they have paid and what the CBN said it had received.

NNPC’s reported cash calls were reconciled with receipts by the joint venture operators, but when the audit moved away from the CBN to focus on PPT and royalties in more detail, it ran into several problems because the companies’ assessments of production differed from the Federal Inland Revenue Service others’ records.

NEITI was created in 2004 essentially to develop a framework for and ensure transparency and accountability in the reporting and disclosure by the extractive industry companies, of revenue, owing to or paid to the government. As a subset of the global Extractive Industries Transparency Initiative, EITI, the main task of NEITI is the reconciliation of payment s made by the extractive industry companies with receipts recorded by public agencies.”

The article goes on to mention the challenges faced by the auditors who undertook the investigation, attempts to influence or derail their report by political forces, the large amounts of moneys involved and identifies some of the the foreign companies investigated.

To read entire article, please follow this link:

Enhanced by Zemanta

Does Wikileaks Support Corporate Whistleblowers?

whistleblower-back-stabbing

Is this the norm for Whistleblowers?

For those who did not read my previous post about Wikileaks.org, here is an explanation of what Wikileaks does, copied from their website:

“Wikileaks is an uncensorable version of Wikipedia for untraceable mass document leaking and analysis. It combines the protection and anonymity of cutting-edge cryptographic technologies with the transparency and simplicity of a wiki interface.

Wikileaks looks like Wikipedia. Anybody can post comments to it. No technical knowledge is required. Whistleblowers can submit documents anonymously and untraceably. Users can publicly discuss documents and analyze their credibility and veracity. Users can discuss the latest material, read and write explanatory articles on leaks along with background material and context. The political relevance of documents and their veracity can be revealed by a cast of thousands.

Wikileaks incorporates advanced cryptographic technologies to ensure anonymity and untraceability. Those who provide leaked information may face severe risks, whether of political repercussions, legal sanctions or physical violence. Accordingly, sophisticated cryptographic and postal techniques are used to minimize the risks that anonymous sources face.”

Now that you know what they do, the excerpt below copied from the Wikileaks  “About” page at http://www.wikileaks.org provides information on Wikileaks views regarding Corporate Whistle blowers.    I believe that the work these folks are doing will likely have a far reaching impact on our professions, corporate ethics, fraud investigations and governance in general.   Read and reach your own conclusions:

“Does Wikileaks support corporate whistleblowers?

It is increasingly obvious that corporate fraud must be effectively addressed. In the US, employees account for most revelations of fraud, followed by industry regulators, media, auditors and, finally, the SEC. Whistleblowers account for around half of all exposures of fraud.

Corporate corruption comes in many forms. The number of employees and turnover of some corporations exceeds the population and GDP of some nation states. When comparing countries, after observations of population size and GDP, it is usual to compare the system of government, the major power groupings and the civic freedoms available to their populations. Such comparisons can also be illuminating in the case of corporations.

Considering the largest corporations as analogous to a nation state reveals the following properties:

1. The right to vote does not exist except for share holders (analogous to land owners) and even there voting power is in proportion to ownership.
2. All power issues from a central committee.
3. There is no balancing division of power. There is no fourth estate. There are no juries and innocence is not presumed.
4. Failure to submit to any order may result in instant exile.
5. There is no freedom of speech.
6. There is no right of association. Even romance between men and women is often forbidden without approval.
7. The economy is centrally planned.
8. There is pervasive surveillance of movement and electronic communication.
9. The society is heavily regulated, to the degree many employees are told when, where and how many times a day they can go to the toilet.
10. There is little transparency and something like the Freedom of Information Act is unimaginable.
11. Internal opposition groups, such as unions, are blackbanned, surveilled and/or marginalized whenever and wherever possible.

While having a GDP and population comparable to Belgium, Denmark or New Zealand, many of these multi-national corporations have nothing like their quality of civic freedoms and protections. This is even more striking when the regional civic laws the company operates under are weak (such as in West Papua, many African states or even South Korea); there, the character of these corporate tyrannies is unobscured by their civilizing surroundings.

Through governmental corruption, political influence, or manipulation of the judicial system, abusive corporations are able to gain control over the defining element of government — the sole right to deploy coersive force.

Wikileaks endeavors to civilize corporations by exposing uncivil plans and behavior. Just like a country, a corrupt or unethical corporation is a menace to all inside and outside it.”

I’ve heard calls for reforms in the board room, but what these folks are talking about goes a little beyond that!

Wikileaks Plans to Make the Web a Leakier Place

letters in stone
Image by myfear via Flickr

This may be one of the most revolutionary events in the history of Corporate Governance, since the SEC was established.    It will be interesting to follow how this service unfolds around the world and here at home.

Here is an excerpt of the article:

“IDG News Service – Wikileaks.org, the online clearinghouse for leaked documents, is working on a plan to make the Web leakier by enabling newspapers, human rights organizations, criminal investigators and others to embed an “upload a disclosure to me via Wikileaks” form onto their Web sites.

The upload system will give potential whistleblowers around the world the ability to leak sensitive documents to an organization or journalist they trust over a secure connection, while giving the receiver legal protection they might not otherwise enjoy.

“We will take the burden of protecting the source and the legal risks associated with publishing the document,” said Julien Assange, an advisory board member at Wikileaks, in an interview at the Hack In The Box security conference in Kuala Lumpur, Malaysia.”

To read the complete article, from CIO.com, please click the link below:

Shared via AddThis

Related article:

Enhanced by Zemanta