THE FORMER chief of internal audit at WorldCom who blew the whistle that exposed the biggest corporate fraud in history says there needs to be greater support for whistleblowers because it is rare that they are able to expose corruption without great personal sacrifice.
“It would be great if you could get some groups for whistleblowers that recognise whistleblowers; if some professional groups could recognise people [for their efforts],” said Cynthia Cooper. She believes such support is warranted because it takes great courage to question and expose corruption, especially among colleagues and superiors.
“It is important to practice finding our courage every day, [because] you need to just prepare yourself ahead of time,” she said on a visit to Sydney last month arranged by the Institute of Internal Auditors-Australia.
She said there had been a lot of worthwhile changes since she and her team exposed what amounted to an US$11 billion misstatement by WorldCom of its accounts — including the Sarbanes Oxley Act, more independent boards and a lot more support for internal audit — but that most exposures still failed in the courts.
“There are all of these laws, like SOX, but very few whistleblowers are successful, and most of the cases are thrown out — [and many ask] is it worth the personal price,” she said.
Often, she said, it was still the case that the press offered “more protection than any law”.
She said there were now obvious similarities between the bursting of the dotcom bubble and the housing bubble, and that large fraud cases may ensue again. “I would be surprised if we do not end up seeing some frauds exposed,” said Cooper.
“There’s been a lot of core strategic risk-taking, and banks have been taking risks that they shouldn’t have and passing that on to investment banks and the public. You have major [financial] instruments that really got away from the financial regulators.”
She advised internal auditors to keep their focus on financial statements because that is where the fraud usually resides.
Asked if she would have done anything differently while at WorldCom, she said: “I would be doing a lot more financial statement auditing.”
“A lot of internal auditors in America are still very focused on operational auditing. If you have a fraud, it is usually going to be in the financial statements.
“So I encourage you to really look at your audit plans to make sure that you are spending some time on financial auditing.”
Internal controls, however, only went so far, particularly when it came to overcoming collusion at the highest levels, she said. “One thing a lot of these big corporate frauds have in common is collusion — executives working together at the highest level.”
In her book, Extraordinary Circumstances, Cooper said external auditor Arthur Andersen made far more from consulting and tax fees than auditing financial statements. So external audits became the loss leader to win consulting contracts. This sometimes led to reduced testing, fewer, less experienced auditors and heavier reliance on internal controls as a result.
One of the factors that allowed WorldCom to fool external audits was that figures were added and moved to other accounts in between the periods when checks were made by Arthur Andersen, and it was known when they would be conducting an audit and on what accounts.
In her book, she said that when Arthur Andersen performed their quarterly reviews — for instance, comparing costs of line items as a percentage of revenue between quarters — the perpetrators of the fraud made sure the ratios remained the same with fraudulent entries. “It is important to maintain that element of surprise and not to share too much scope with your clients,” she said.
The Federal Government has asked the House of Representatives Standing Committee on Legal and Constitutional Affairs to consider legislation to protect employees or former employees of the public sector who make “public interest disclosures” and to report to the Cabinet Secretary, John Faulkner, by February next year.
The committee is considering whether to include compensation for victimisation, discrimination, discipline or an employment sanction, immunity from criminal liability and from liability for civil penalties; and immunity from civil law suits such as defamation and breach of confidence.
This article first appeared in Lawyers Weekly sister publication, Risk Management magazine