Articles I Like: The first rule of fraud – blame the auditors?
I was a bit surprised by a recent Ontario Court of Appeal decision that upheld the 2014 decision against the accounting firm of Deloitte and Touche. Basically, the courts found them liable for auditing Livent Inc (Garth Drabinsky and company) and giving it an unqualified “clean audit” statement over several years despite the fact that Drabinsky and others involved were well-known for being creative with their financing and accounting. After Drabinsky sold off the business, it collapsed because it was a giant fraud.
Until these cases, there was a Supreme Court case (Hercules Managements Ltd. v. Ernst & Young) precedent that has generally been interpreted as saying “if a company goes belly up, even for fraud, you can’t sue the auditors for missing it”. Given this precedent, which has been binding for some time (1997), Deloitte might be surprised too, and chances are that an appeal will be launched to take it the Supreme Court — and with an $118M settlement against it, an appeal could be worthwhile.
Appeal court Justice Robert Blair ruled Friday that the original trial judge was correct in concluding Deloitte was negligent in its work on the audit of Livent’s 1997 year-end financial statements, as well as the interim statements for the second and third quarters of 1997. “In my view, the record amply supports the trial judge’s findings that Deloitte was negligent in the conduct of the 1997 audit and the Q2 and Q3 1997 engagement,” he wrote in a decision supported by two other judges on the appeal panel. “Indeed the evidence to that effect is overwhelming.” Justice Blair, however, rejected a counterclaim asking for greater damages to be awarded in the case, saying the original $118-million award was appropriate.
Ontario Superior Court Justice Arthur Gans ruled in April, 2014, that auditors at Deloitte & Touche breached their “duty of care” to investors. He initially awarded $85-million in damages to the company’s creditors, but increased the amount to $118-million in a subsequent ruling that added interest costs onto the original award, stretching back to March of 1998 when Livent released its inaccurate 1997 financial statements. In his original ruling, Justice Gans said that auditors “seemed to turn a blind eye to warning signs” about a controversial transaction in 1997 to sell air rights to develop a condominium-hotel above Livent’s Pantages Theatre in Toronto. He said he was “at a loss” to understand how Deloitte provided a clean audit opinion for 1997, and ruled that another decision to allow $27.5-million of writedowns in 1998 “left me breathless.”
…
Founders Garth Drabinsky and Myron Gottlieb were found guilty in 2009 of orchestrating a fraud that saw Livent’s financial statements misstated in every quarter between 1993 and 1998. They were sentenced to five years and four years in prison, respectively, but have since been released.
Court upholds ruling on Deloitte’s negligence over Livent – The Globe and Mail
Lots of public commentators have said, “well of course they are liable”, but that is based on a complete misunderstanding of what most auditors actually do. When the lay public thinks “audit”, they think it is like an Revenue Canada or IRS audit coming in and looking at every tax deduction, every receipt you have. That’s not what audits of institutions or businesses usually do, and it’s not what Deloitte was doing. There are three types of audits.
First and foremost is a management audit. While they exist in the private sector, it’s easier to understand a management audit for a public sector organization. Take a new policy and program for example…in an ideal world, it requires research, analysis, development of some options, a decision to carry out one option, the actual implementation of that option, and some form of feedback/evaluation at the end to feed in lessons learned, ongoing changes, etc. Six relatively discrete functions. A management audit will come in and ask:
- How did you conduct your research? Was it predetermined for the outcome? How reliable were your sources?
- When you did your analysis, did you consider all options, multiple viewpoints, have strong frameworks to guide your analysis?
- For the options, how did you choose which options to develop? Who did you consult?
- For the decision of which option to use, were the reasons clearly laid out? Were they well-communicated?
- In implementation, did you have clear criteria, goals, metrics, communications, frameworks, operational guidance, controls on disbursement, etc.?
- For feedback, how did you harness lessons learned and implement them in new iterative improvements?
Sometimes even auditors get confused with those questions to think they are substituting their judgement for the management’s judgement, but actually they aren’t — they’re not judging the outcome, they’re judging the process and whether all of it is clearly documented from one end to the other. In short, did you have a logical flow, fully documented, from one end to the other. If so, you’re a good little manager; if not, they suggest improvements for the future.
Second, there are financial audits. Most lay people would see that phrase, and think like they did before, “ah-hah! just like a tax audit”. Again, no. A financial audit is not an audit of every transaction, every entry in the accounting books. Instead, it is a three-tier system of review:
- A review of internal controls and processes in place — instead of checking every transaction, which would be literally of Herculean proportions and cost a fortune, they look at key internal controls like who has the authority to order stuff, who has the authority to sign contracts, who has the authority to authorize payments, and who has the authority to actually pay out money. And to make sure that all four of those functions are not given to the same person nor housed in the same office, if possible. If they find that you have good systems in place, and good accounting practices, then the first level of confidence is achieved i.e. you likely recorded things properly.
- A review of “highly material” expenditures and revenue — if you run a $1B company, and you spend $1M on paper clips, they don’t care, and they likely won’t check to see if that is the right amount or if it was recorded properly. However, if you bought a plane for $20M or another company for $150M, the auditors will review those large purchases because they can individually substantially alter income statements and balance sheets i.e. an amount material enough to warrant review.
- A spot-check of various transactions — often combined with (a) above, this is a review of some typical expenditures made by the company or organization, and it will often check not to see if the amount recorded is correct (it usually is) but if all the process controls were followed i.e. that John ordered it, Sally signed the contract, Mike authorized the payment, and Jane made the payment, all with duly filed paperwork all the way along. Various entities might end up with a 2-5% coverage in spot-checking.
Third, and final, is a forensic audit. This is an audit like what most average person think of audits, some combination of a digital rectal exam and the Spanish inquisition. The bean counters will go through every nook and cranny looking for something. What are they looking for? Whatever triggered the forensic audit — which is usually something that came up in one of the first two types of audits. You don’t do a forensic audit unless you have to, they’re not for fun and whim — they’re generally looking for fraud and criminal behaviour. Or they’re doing it because the company is going under or has gone under, and the creditors are looking for any penny they can recoup.
Now here’s the fun part. What information do auditors get for the first two types? They get documents given to them by the company. And they meet with the company’s management. Sure, the auditors ask probing questions, and they look for problems, but ultimately, if the company outright lies to them, the auditors have almost no way of knowing. The company could be giving them false documents, false records, false everything, and the auditors will say “Thank you, looks good.” Because a management audit and a financial audit are not forensic or lie detector tools, they are control process tools.
They basically ask, “Does your balance sheet and income statement accurately reflect your business?”. They ask the company the same question in 100 different ways, but if the company is actively lying, and doing it consistently, and it is at the senior levels, the answer the auditors come up with is going to be “yes”. And they give a clean audit statement that says “Yep, it reflects what you told us.”
It’s what the original Supreme Court decision recognized — if the company commits fraud, they defraud the auditors too. The auditors aren’t complicit, they’re not the accomplices, they are just one more victim. The Ontario Court decisions go further and say, “No, you should have asked more questions…you allowed some things that should have been questioned more strongly.”
Except most of them were within generally accepted accounting principles (GAAP), which are not as hard and fast as some business types like to think they are. Some of them openly conflict, most conflict indirectly…the whole basis for GAAP is that they are designed to help improve reporting in income statements (I/S) and balance sheets (B/S). But an I/S is designed to show income and expenses over a set period of time i.e. flow; a B/S is designed to show an accurate picture on a specific date, like a snapshot. Just about every GAAP that improves the I/S has a counter-balancing principle that will improve the B/S. It’s the nature of the beast.
In this case, the write-downs that left the judge breathless were designed to improve the I/S but it threw off the B/S. Was it fraud? Not that D&T could tell at the time. Because the company was lying to them too. Later, when it was determined that it was actual fraud, and people went to jail, the company sued D&T to say “You should have caught this.”
It is a bit of sophistry to permit the lawsuit, but it is a lot like someone buying a gun, shooting their parents with it, and then suing the retailer for making them an orphan.
Livent committed fraud when they filed the statements for the shareholders, and the shareholders should be able to sue them. But Livent also committed fraud when they gave those statements to the auditors and when they didn’t share all the info with auditors, who always ask the pregnant question, “Is there anything else you haven’t told us that might affect the true picture of the company?”. Which, interestingly enough, could be a lawsuit too — the auditors could sue them for false representation to the auditors.
Ultimately, the fraud rests on the shoulders of Livent. The shareholders should be able to sue Livent for the fraud. And if the shareholders relied on statements by the auditors, maybe they should be able to sue the auditors who would then pass on the liability to the company who made misrepresentations to them (again, back to Livent). Which is what the Supreme Court originally said.
Yet now the Ontario courts are saying the shareholders can sue Livent for fraud, and Livent can sue the auditors for not detecting their fraud? If I was Deloitte, I’d appeal. Otherwise, they’ll have no way to limit their liability in the future unless they get the company to indemnify them against fraud.