|
news |
features |
students |
law firms |
practice areas |
expert witness |
events |
jobs |
subscribe |
RSS
|
|
At risk of not exposing the fraud
The term “fraud” is generic in nature and is often used to describe a number of specific crimes, including “obtaining benefit by deception” or “producing a false instrument”. In simple terms, fraud involves the use of dishonest or deceitful conduct in order to obtain some unjust advantage over another.
While fraud is an old crime, it has evolved remarkably over the past 100 years, along with the technological, social and economic developments throughout the world.
The figures are staggering. According to Pat Mayhew OBE, consultant criminologist at the Australian Institute of Criminology from 2001 to 2003, estimates of the cost of crime in Australia in 2004 indicated that fraud could be costing up to $5.9 billion per annum, 31 per cent of the total cost of crime in Australia.
In the United States, the 2006 Report to the Nation on Occupational Fraud and Abuse from the Association of Certified Fraud Examiners (ACFE) indicated that fraud could be costing US businesses up to 5 per cent of annual revenues. Applied to the estimated 2006 US gross domestic product, the 5 per cent figure would translate to US$652 billion ($745 billion).
If it is assumed that Australia is experiencing a similar level of fraud (and there is no reason to believe otherwise), the cost of fraud in Australia could be up to $48.3 billion per annum. What is not in dispute is that fraud is a massive problem notwithstanding the inherent problems in attempting to quantify actual costs.
Driving regulatory change
In the aftermath of the HIH and One.Tel financial scandals in Australia, in addition to numerous international company frauds including Worldcom, Enron and Parmalat, it was recognised that the existing regulatory frameworks were ill-equipped to deal with fraud on such a massive scale. Company failures influenced not only the lives of direct stakeholders, but national and international economies.
The US was among the first to act to assure markets that such anomalies could never happen again, with the introduction of the compliance behemoth that is the Sarbanes-Oxley Act (SOX). The costs of implementing such an undertaking were enormous, borne primarily by the market it sought to regulate.
Similarly, the Australian Government introduced a range of regulatory measures, initiated by CLERP 9, which while not as compliance-heavy as SOX was a clear indication that corporate accountability and transparency were on the national agenda.
One of the interesting things (if only to auditors) enacted by CLERP 9 was the establishment of the Australian Auditing and Assurance Standards Board (AUASB), whose standards would carry the “force of law” under the Legislative Instruments Act 2003. This, when coupled with the existing Corporations Act, meant that the duties and responsibilities of directors and officers were bound tighter than ever before.
Admittedly, Australian Auditing Standards govern the method and substance of audit services rendered by professional auditors and thus do not require compliance on the part of directors and officers of the audited company. However, information that must be provided by these individuals forms the basis of the audit opinion expressed by the auditor. As such, the provision of false or misleading information to the auditor by the directors and officers of the company may end up in front of ASIC.
The impact of ASA 240
Of specific interest – in terms of fraud in Australia – is the newly developed Australian Auditing Standard ASA 240 Auditor’s responsibility to consider fraud in an audit of a financial report, effective on all audits conducted on financial statements for periods subsequent to 1 July 2006.
ASA 240 requires that the auditor “endeavour” to obtain written representations from management that it:
• acknowledges its responsibility for ensuring adequate systems and controls exist (and are operating) to prevent and detect fraud;
• provides results of an assessment of the risk that the financial report may have been materially misstated as a result of fraud;
• has disclosed any fraud, suspected fraud or any allegations or suspicions of fraud affecting the entity.
In the event that management refuses to provide these written representations, the auditor must consider providing a qualified audit report.
The incentive on the part of management is obviously to ensure that the audit report remains unqualified, which would require that adequate systems and internal controls exist to ensure that any such representations made could be supported by a robust fraud risk management system. What has become apparent, however, is that few companies have the skills required to implement the systems required, nor to assess the overall fraud risk exposure of their business. It is also a rarity to find a company collecting information on all instances or allegations of fraud, not to mention keeping records that indicate what investigative action (if any) has been taken in each instance.
If we consider the wording of the standard more closely, the reason for this skills shortfall becomes more apparent. It does not specify that the fraud which may materially affect the financial reports of the company is a single instance. Rather, through omission, the standard requires management to provide an assessment of the cumulative exposure of the company to all fraud risk. For instance, a company that buys and sells electronic equipment may have an exposure to various fraud risks. These could include the risk of paying fraudulent invoices; pilfering of stock by employees; cash thefts by employees; acceptance of false cheques; or payment of false warranty claims.
The risk of each fraud type, when considered in isolation, would not be considered to be a material risk, but when considered in total, the fraud risk may become more substantial. However, without a reliable method of measuring the risk, it is almost certain that a company will miss something. It is therefore crucial that the company invests in risk management resources, whether that be people or other tools, in order to understand the risks associated with their business and to differentiate fraud risk from other risks associated with doing business.
While ASA 240 addresses fraud risk specifically, the ASX Corporate Governance Principles and Recommendations (taking affect from 1 January 2008) require directors to comment on risk management (including fraud) within the company. The mandate for risk management is becoming undeniable. The toolsets exist in the form of various Australian and New Zealand standards (AS/NZS 4360) and research on fraud is conducted by various private and public bodies, so ignorance or lack of information is no defence.
The interlocking regulatory changes may assist in reducing the historical “tick the box” attitude exhibited by some companies toward compliance. An example of this is the Australian Wheat Board, which, to read their 2005 annual report, complied with the ASX Corporate Governance Principles and Recommendations. The fact that the ASX principles did not specifically require disclosure of any corrupt conduct or practices meant that compliance didn’t equate to ethical business practices. It seems ethics cannot be regulated. Reducing the scope for interpretation and applying a comprehensive suite of regulatory requirements seems to be the next tactic.
The wider ramifications
Now comes the kicker. If the business goes under and it can be proven that fraud was a primary or contributory factor in the demise of the company, and that directors and management did not make reasonable steps to “inform themselves about the subject matter” of their representation to their auditor, they may have contravened s 180 of the Corporations Act and may have civil penalties applied. Directors and/or management may be required to produce evidence of the risk management system or any analysis that was conducted to reach their position on the absence of material fraud in the financial reports. It would be prudent, therefore, to ensure that the information on which such reliance is placed is produced by a risk management system that is operating effectively and is providing high quality information.
What has this got to do with lawyers?
Risk management as a management tool has existed for a number of years, and long before it was touted as the internal control du jour, it was providing businesses with valuable information on where its greatest risks lie and thus enabling management to make better, informed business decisions.
It is, as a standalone tool, valuable to virtually any business. By understanding the risks to a business, management can take steps to mitigate those risks, and either reduce potential liability or maximise revenues. However, the best method of reducing the fraud risks identified may not always be a simple matter. It is at this point that a lawyer may become involved.
Certainly some fraud risks are easily mitigated through implementing effective internal controls, but other areas require specialist knowledge which is not often found within business.
Fraud risk management is an area that straddles the gap between accounting and law. The increasing compliance requirements in the area are such that companies require the services of both the forensic accounting fraternity and commercial lawyers. Structuring of contracts to defray risk has always been a mainstay of “front-end” law practice. Simply put, fraud risk is now a risk category that needs to be considered separately and may require a new set of skills on the part of the lawyer. Being a relatively new area of practice, directors and officers may also seek advice on crafting any representations to be provided to auditors or seek an assessment of any legal exposure that may result from providing the statement to auditors.
Understanding the breadth of the term fraud and the mechanics of assessing and managing risk are essential if a lawyer is going to provide their services in this arena.
Brett Goodyer is an associate at Jirsch Sutherland, a firm that offers forensic accounting services.
�
5-Oct-2007
Related Tags
Corporate Lawyer Supportive firm Small team Great work/life balance This is the opportunity you have been waiting for, looking for a more bal ... [more]
