![How to govern [not like that]](https://substackcdn.com/image/fetch/$s_!emEQ!,w_80,h_80,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa9d7f587-4c16-42f0-9526-b00edc0ab4c8_155x155.png)
![How to govern [not like that]](https://substackcdn.com/image/fetch/$s_!Te2X!,e_trim:10:white/e_trim:10:transparent/h_72,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F51c6c618-ff5a-481b-b4e2-28047c606ca8_990x369.jpeg)
![How to govern [not like that]](https://substackcdn.com/image/fetch/$s_!emEQ!,w_36,h_36,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa9d7f587-4c16-42f0-9526-b00edc0ab4c8_155x155.png)
Fraud and audit – not quite toxin and antidote
Even without Donald Trump’s trial on allegations of false accounting in the Stormy Daniels case, or the judge’s ruling that he inflated the valuation of his real estate company’s assets, or the fresh allegations of claiming tax losses twice for his Chicago property, we might still be hearing a lot about organisational fraud. There’s a lot of it going around.
We hear the complaint, regularly: Where were the auditors? But fraud is a tricky thing to prove. It’s even more difficult to detect, despite all the mechanisms, processes and encouragements for whistleblowing that we’ve seen over more than two decades – since the collapse of Enron set off a wave of introspection and regulation worldwide.
To what effect? Since then, we’ve seen the global financial crisis rooted in asset mis-valuation, high-profile collapses of numerous large listed companies. Financial machinations and deceptions led to spectacular implosion of the German fintech company Wirecard, where the audits by EY have been judged grossly inadequate, were uncovered by hints from short-sellers and a lot of legwork from reporters at the Financial Times.
The Association of Certified Fraud Investigators has published a catalogue of cases and statistics the gives us some indication of the scale of the problem and some indication which of those mechanisms, processes and encouragements are having an impact. It doesn’t make for happy reading.
The ACFE “Report to the Nations” examined 1,921 cases of fraud in 138 countries that caused $3.1 billion in losses. The total is no doubt much higher. The figures don’t include undetected cases or cases that were detected but didn’t find their way to the attention of ACFE members. They also don’t include the 5,542 cases reported to ACFE but didn’t have all the information needed for the study.
But based on the data analysed, the ACFE estimates that firms lose five per cent of their annual revenue to fraud. It’s a big issue.
Let’s consider a small corner of this problem, one pertinent to the coming season of annual reports, audited externally. What role did auditors play in uncovering fraud. Not a lot. More than half the tips that led to investigations came from employees themselves and almost a third from customers and suppliers. Just three per cent of cases were identified by external auditors (see image above, from p. 24 of the report).
Auditors tell you – that is, they tell the boards for whom they work – that detecting fraud is not their job. And they’re right. While legal and professional guidelines vary from jurisdiction to jurisdiction, the point of an external audit is to determine whether financial statements reflect the viability of a business, not whether any one transaction is or isn’t valid.
Yet if fraud involves anything like five per cent of revenue, then it must be material to the health of the business and the “correspondence theory of truth” (see also Sellars, 1962).
That’s only one way that auditors might think about how you get to accounts being “true and fair”, as British audit standards put it. Their methods of analysis often look for evidence that meets the standard of a “coherence” theory – that the evidence fits with the rest of the evidence, rather than whether it is an accurate, detailed description of the underlying reality.
The ACFE report shows that only nine per cent of fraud cases uncovered even get reported to external auditors. Only one per cent of whistleblowers notify the external auditor. Perhaps that’s how it should be: that cases are cleaned up immediately, internally, before the audit commences.
Auditors regularly comment – for the client (i.e., the board), but not publicly – on whether internal controls are working well and whether the processes and accounting systems they use can be manipulated to circumvent those controls.
So, what to do?
Focus on the big stuff, maybe? Fraud by employees costs about $60,000; fraud by executives and owners costs $459,000. In some nine per cent of cases identified in the report, the fraud arose from executives and upper management.
And this: We use audit for a lot of purposes other than financial mis-doings. The “true” side of the audit doesn’t give us, and doesn’t promise, something essential, that is, the essence of the thing observed. Let’s keep asking ourselves, therefore, what can an audit say and not say?
Sellars, W. (1962). Truth and "Correspondence". The Journal of Philosophy, 59(2), 29-56. doi:10.2307/2023294