Satyam's Auditors Arrested – Who's Next?
Based on confessions of fraud made by the promoters of Satyam and its CFO, the Andhra Pradesh Police arrested the two members of the Institute of Chartered Accountants of India, who signed the Audit Report and put them behind bars along with common criminals. Does this fate befall any of us next?
In training and studying to qualify as a Chartered Accountant, we have been made to understand that Auditing Standards are to guide the audit process. Further, these auditing standards are laid out to also protect the Auditors following them in their audit.
It has been stated that the main fraud committed in Satyam has been over-statement of the bank balances. For a minute, forget the quantum of the overstatement and let's look at what the Audit Standards and Guidelines require of an Auditor.
Relying on Evidence
AAS-5 Audit Evidence and AAS-30 External Confirmations in conjunction with AAS-6 Risk Assessments and Internal Control require an Auditor to obtain direct confirmations from the banks for bank balances and fixed deposits. In fact, the Guidance Note on Audit of Cash and Bank Balances does not even require external confirmations from banks for Fixed Deposits. Clause 21 of the guidance note states
"In respect of fixed deposits or any other type of deposits with banks, the relevant receipts/certificates, duly supported by bank advices, should be examined."
The amount of substantive testing that an auditor is required to carry out would be based on the inherent and the control risk assessed by the Auditor. At the time of the audit, Satyam was a Company which had won multiple reputed Corporate Governance Awards. In a company of Satyam's size it can only be expected that it also had extensive delegation of authority and segregation of duties. Taking into account these factors, an Auditor would have assessed the control risk as low. However, since the inherent risk in cash (and Bank Balances) is high, the Auditor would have invariably sought direct confirmations from the bank.
The letters have also been displayed on television channels and now it is alleged that the confirmations that were received by the Auditors directly by the bank to their address were forged. Who forged them? Was the bank involved or was the Company able to send forged confirmations in forged envelopes to the Auditor's office is something that we should leave to the competent investigating authorities to determine. But the fact of the matter is that auditor obtained direct confirmation letters from the banks.
What else is an Auditor expected to do? In case the Auditor cannot rely on letters received by him directly from the bankers, what other evidence can he rely upon if there is no reason existed to disbelieve the correctness?
Fraud and Auditors Responsibility
AAS-4, 'The Auditor's Responsibility to Consider Fraud and Error in an Audit of Financial Statements' states that
"An audit conducted in accordance with the auditing standards generally accepted in India is designed to provide reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. The fact that an audit is carried out may act as a deterrent, but the auditor is not and cannot be held responsible for the prevention of fraud and error."
This aspect is also stated in the USGAAS AU316 that it is management's responsibility, not the auditor's, to prevent and detect fraud.
Therefore, prima facie, Auditor's cannot be held responsible for a Fraud in case, they have followed the Auditing Standards and where a complex web of lies, deceit and forgery was used to perpetrate a fraud. In this case, if the Auditor has followed in fact and in spirit the requirements of the Auditing Standards, they should not be held responsible for not detecting the fraud.
Taking the promoter's confession letter at its face value, and assuming that the fraud has been going on for quite some time now, the question that comes first to the mind is how could the fraud can go undetected by the Auditor's for so long. But that's the way frauds are perpetuated. They are different from errors. There is an intention to perpetrate a fraud and the frauds are designed not to be detected. How else, could all other agencies not be aware of the perpetuation? In India, the Income Tax Authorities obtain a lot of information from the Annual Information Returns (AIR). The Reserve Bank of India gets information on inward/outward remittances as also balances held abroad. SEBI and the Stock Exchanges and here additionally US SEC are submitted so much information and no one could even sense that a fraud was being perpetrated.
In an organisation as large, where different activities are carried out by different people, processes are expected to be well defined with multiple levels of approvals and when all those are present, can we still hold the Auditor responsible for not detecting fraud? Auditors have to rely on internal controls. However, internal controls can be over-ridden by collusion in the management.
Responsibility for preventing and detecting fraud
The auditing standard in its introductory paragraph states
"The purpose of this Auditing and Assurance Standard (AAS) is to establish standards on the auditor's responsibility to consider fraud and error in an audit of financial statements. While this AAS focuses on the auditor's responsibilities with respect to fraud and error, the primary responsibility for the prevention and detection of fraud and error rests with both those charged with governance and the management of an entity."
So is it not the Senior Management, the Audit Committee and the Board who have responsibility for prevention and detection of frauds? If they were ignorant of this, how can one expect the auditors to know about the perpetration?
If the auditing standard on fraud is so clear from the perspective of the auditor, why does there seem to be an expectation gap between the auditors and general public every time a fraud is perpetuated by those at the top?
Is it not necessary to have competent investigators from the SFIO and SEBI to get to the truth of the matter in place of the CB-CID who may not understand accounting, leave alone auditing principles and the role and duties of Auditors and the difference between 'True and Correct' and 'True and Fair'?
What we are seeing today is a systematic campaign by the media and the investigating authorities in a quest for sensational and breaking news to pronounce the Auditors guilty even before it has been established. They say that the public memory is short but the memory of the media seems to be even shorter, how else will one explain that just a few months after the Arushi case, where the media had egg on its face we are seeing them come out with zeal on the auditors being arrested without seeing evidence of their collusion being established?
The one argument the media has to indicate that the Auditors were a party to the fraud is the substantial increase in audit fee from 2006 to 2007. Sarbanes Oxley Act (SoX) became applicable to the Company from 2007. World over the biggest criticism of SoX has been the high cost of compliance since Internal Controls need to be documented and tested by the Management as well as the Auditors. In fact, based on industry surveys carried out by leading organisations like Gartner and AMR, the average cost of SoX was to the tune of USD 4 Million (INR 20 Crores) per organisation. Therefore the fee increase of around Rs.2 Crore from 2006 to 2007 cannot be attributed to collusion but could be attributed to the applicability of SoX. Comparing the Audit Fee to other companies to come to a conclusion on connivance of the Auditor is also incorrect since Audit Fee is a function of the time spent by an Audit Team, the experience of the personnel involved, the complexity of Systems and issues at the client and many more factors.
We have seen so many frauds being perpetrated by Companies worldwide in the past and even recently. In none of the cases, even where the quantum of fraud were much larger in quantum and in developed countries, have the auditors been arrested without the uncovering of the nature of fraud and without evidence of the culpability of the Auditors in perpetrating the fraud. What we are seeing is unprecedented and dangerous for the profession.
What needs to be appreciated is that we should not come to the conclusion that the Auditors perpetrators / abettors of the Fraud. In fact, in my opinion, the Auditor's were the victim of a complex and well-designed, hard-to-detect fraud perpetrated by the management.
- Which audit firm would knowingly be a party to such a large fraud given the fact that the revenue from Satyam would be a small percentage of their total revenues and the resultant loss of credibility and reputation would be of a much larger magnitude?
- Should auditors be meted out this treatment when the "truth" behind "Satyam's" ex-Chairman's letter has not been unfurled to this day?
- Why aren't the key accounting staff of Satyam who may have been aware of the Fraud not been arrested?
- Why aren't the Internal Auditors arrested before the Statutory Auditors?
- It is also not clear what the present Board's actions are on the fraud perpetuated on it.
- Does it not continue to employ some of the fraud perpetuators?
Auditors have been arrested based on an oral confession of the Management who have admitted to conducting the fraud. However, we do not want to even contemplate that the Auditor's could be innocent. This is a precedent that could lead to the best of our professionals being arrested even though their guilt has not been established!
Whose turn is it next?
This is not the time to think that this cannot happen to any others. This is the time to be united as fellow professionals and explain to the world, the investigating agencies and the media, the role and limitations of an Audit.
For, if we do not act now, it could be your turn tomorrow. It is not intended even for a moment about shirking our responsibilities as Auditors, but we need to stand together in this defining moment of how we want to shape the future of profession. One incorrect decision and we will see far fewer people wanting to be Auditors in the future.
It is time ICAI came out with a publicity campaign for reducing the expectation gap and also clarifying the role of an Auditor in case of Fraud and falsification of Cash and Bank Balances. If it sleeps while Rome burns, we professionals are going to have tough days ahead. Unfortunately, we can only take insurance for professional indemnity but not for staying out of jail! For every time an Income Tax Officer rejects the audited books of accounts of a Company, anyone could file an FIR and say the Auditor was involved.
We need to act now. We need to protest against this treatment of the Auditors. If we stay silent today because it is not affecting us, it could affect us tomorrow and others would be silent at that time. We need to protest to the MCA and the PMO. We need to give out statements that without proper evidence, arresting an Auditor is incorrect. Else, we will always sign with fear. Fear of being arrested.
As a mark of solidarity, anger and protest, let us wear black ribbons till our professional brethren are released from jail.
Group of Chartered Accountants
Note:we have no regards for those who are working with bad Intention and doing wrong/improper audit Knowingly.
Your comments invited.