The backers of 1Malaysia Development Bhd (1MDB) have argued that because international accounting firms like KPMG and Deloitte have signed off all 1MDB’s accounts from FY2010 to FY2014, this meant no money has gone missing and no fraud has occurred.
This argument has been used to justify the not-so-elegant silence of the management and board of directors of 1MDB, who have refused to respond to questions posed to them about various transactions and the movements of billions of ringgit. They hide behind that argument despite the fact that 1MDB has run into serious cash-flow problems and can no longer service its debts, and so many questions have been raised about the whereabouts and nature of the so-called Available-For-Sale Investments valued at RM13.38 billion in its accounts for financial year ended March 31, 2014 (see “Why the RM13.38 bil Available-For-Sale Investments may not be worth much”). Critics of 1MDB have been asked to back off and let the auditor-general complete his work to review the audit of 1MDB.
The argument that because 1MDB’s accounts have been signed off by auditors meant that no fraud has occurred and that money is not missing is flawed. It shows that these people do not know what they are talking about. They have badly misinterpreted, deliberate or otherwise, the role of external auditors and they do not understand the meaning of an auditor’s report when the auditors sign off the financial statement of a company.
There are NO auditors in this world who will agree that their signing off an account can in any way or form be interpreted to mean that they confirm or guarantee that the accounts are completely true, accurate and do not contain any misstatements, by fraud or error.The International Standards for Auditing guideline for auditors states that the external auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error.
That reasonable assurance is based on the external auditor trusting that the management and board of a company have carried out their fiduciary duties and were not involved in any fraud or have concealed any fraud.
Owing to the inherent limitations of an audit, there is an unavoidable risk that material misstatement may not be detected, even when the audit is planned and performed in accordance with international accounting standards.
The risk of fraud is higher than those of error because fraud usually involves sophisticated and carefully organised schemes designed to conceal it.
Therefore, it is not the role of an external auditor to determine whether fraud has actually occurred. That is the responsibility of the country’s criminal and legal system.
Indeed, auditors call the discrepancy between what the public expects and what auditors do as an “expectations gap”.
Let us now take a closer look at Deloitte’s audit report issued to 1MDB on Nov 5, 2014, for the financial year ended March 31, 2014. The fact that it was issued more than seven months after the year end in itself should raise concerns.
Para 2: The directors of the company are responsible for the preparation of these financial statements so as to give a true and fair view. The directors are also responsible for such internal control as the directors determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
Para 3: Our (Deloitte) responsibility is to EXPRESS AN OPINION on these financial statements based on our audit … and perform the audit to obtain REASONABLE assurance about whether the financial statements are free from material misstatement.
The above remarks by Deloitte is a standard template statement issued by auditors to most companies. What is important to note are the following:
1. The directors of 1MDB are ultimately responsible for the accounts in so far as they give a true and fair view. The directors are also responsible for internal controls that are necessary to enable the financial statements to be free from misstatements, whether due to fraud or error. This is NOT the responsibility of the auditor.
2. The auditors only express an opinion that they, as external auditors, have done what is necessary to obtain REASONABLE assurance about whether the financial statements are free from material misstatement.
3. Critically, the external auditors DO NOT express an opinion on the effectiveness of the company’s internal controls.
In short, while auditors should be able to detect defective keeping of accounting records, they cannot detect falsified accounting documents. And neither can they question management decisions on, say, an investment that it made.
The questions asked of 1MDB mainly relate to the effectiveness of internal controls and corporate governance:
• Who approved the agreements and the various payments made since 2009?
• Why were funds diverted from what they were approved for? Why was money sent to an account controlled by Jho Low?
• Why did 1MDB overpay for the power assets, the Penang land and the commissions to the bankers like Goldman Sachs?
• Who verified and agreed to pay the US$700 million to PetroSaudi, purportedly as settlement of a loan?
• Why was Jho Low giving instructions to the management on matters of 1MDB?
• Who agreed to the Aabar options and then agreed to a termination settlement that cost 1MDB US$1.0 billion?
All these major issues that have been raised are about internal controls, decision-making and corporate governance at 1MDB.
Deloitte, in their audit report, had clearly stated they are NOT expressing any opinion on the effectiveness of 1MDB’s internal controls.
So, please stop passing the buck to Deloitte or using the fact that it signed off the accounts to say that nothing wrong has happened and that everything at 1MDB is fine.
And since the auditor-general has merely been asked to audit the work of Deloitte, it is most likely the case that his mandate is no more than that of Deloitte.
It is clear. The board of directors is responsible in ensuring the accounts are true and fair. The board is responsible for internal controls to ensure there is no fraud.
The auditor only expresses a reasonable opinion. Nothing more.
The corporate sector, at home and around the world, is littered with many examples of corporate fraud that escaped the scrutiny of auditors. In a few cases, auditors were also culpable, if not outright complicit.
The largest corporate fraud ever in the world was US energy giant Enron, whose US$78 billion market value was wiped out in days. Former president Jeff Skilling is still serving a 24-year prison term.
And its auditors, Arthur Andersen, one of the Big Four accounting firms in the world then, had to shut.
Bernard Madoff’s US$65 billion Ponzi scheme is evidence that funds under management, with third-party valuations by international institutions, may also be subject to misappropriations and fraud. Madoff is currently spending 150 years in prison.
If anyone still thinks that audits and auditors are infallible, please read the accompanying article that was published in the Nov 20, 2012 issue of Forbes magazine, on how Hewlett-Packard (HP) lost US$5.0 billion on a US$11.1 billion acquisition.
HP said it had to write down the value of UK software company Autonomy because it was “inflated through serious accounting improprieties, misrepresentation and disclosure failures”.
That scam tainted all the auditors involved — Deloitte as the auditors for Autonomy and Ernst & Young, the auditors for HP — for not detecting the fraud.
Need we say more?
The Edge Communications Sdn Bhd.