Scandals make for good headlines. Be it politics, showbusiness or the Royal Family, newspapers will seize on any suggestion of impropriety and make the most of it.
Business is no different. Scandal sells. Scandal makes exciting reading. Scandal is good box-office – and the past few years have offered plenty of material for scandal-watchers to feed on. Take two notable examples.
Carillion, a construction and outsourcing firm that provided a host of services to the public sector, issued a profit warning in July 2017. Within six months it had collapsed. This was no small matter. Carillion had 43,000 employees, 19,000 of whom were in the UK; the government had to deal with the sudden loss of a major supplier; some companies that had provided goods and services to Carillion were themselves forced into bankruptcy as their bills went unpaid; and there was a hole in the Carillion pension fund that had to be plugged by other, quite blameless, businesses that contributed to the pool underpinning pensions.
There was a further dimension to this particular scandal: despite the pressing need to plug the pensions gap, the company continued to pay out generous dividends – dividends far exceeding the sums it set aside to replenish the pension fund.
Meanwhile, a second scandal was bubbling up. In October 2018, AIM-quoted Patisserie Holdings, owner of the Patisserie Valerie chain, delivered a shock. The company said it had been “notified of significant and potentially fraudulent accounting irregularities and therefore a potential material misstatement of the company’s accounts.” Within a few months, the company was in administration. There were allegations – as yet to be tested in court – that fictitious sales had been recorded, minutes had been forged to secure overdrafts and invoices for shop refurbishments had been faked.
Just the sort of scandals that provide a rich diet for the financial press, the cases triggered a flurry of headlines, many blaming the firms’ auditors. But the two cases are very different.
At Carillion there was no suggestion of outright fraud. A cursory examination of the company’s financial results would not have sounded alarm bells: operating income appeared to cover interest expenses. But digging a little deeper revealed signs of financial fragility.
There was the pension deficit, equivalent to six years’ net earnings. Goodwill was shown as a significant balance-sheet asset – greater than the value of the equity. This goodwill was supposed to represent the future profits of businesses that Carillion had acquired over previous years, although many were actually unprofitable. Cash flows were substantially lower than the results implied by net income. And gross margins were only 7%.
But perhaps most revealing was the basis on which revenues and costs were being recorded. They were based on management estimates – projected performance of complex long-term outsourcing and construction contracts. Put simply, there was a lot that could go wrong. And this, remember, was a company operating on slender margins. If revenues or costs were misjudged by a relatively small amount, profits could be wiped out.
Why wasn’t this spotted? In fact, it was. KPMG, Carillion’s auditor for the 19 years since the company had started business, identified contract estimates as the biggest single risk in the declared financial figures. Nevertheless, KPMG signed off the accounts year after year. This was despite some queasiness within Carillion itself about the stated value of some of its contracts.
Take one instance. Carillion’s financial statements recognised revenues and profits on a construction project for a Liverpool hospital. The company had an internal process under which contracts were subject to a peer review to estimate likely profitability. The peer review concluded that Carillion should record a loss of 12.7% on the hospital contract’s value. Management disagreed: it estimated a profit margin of 4.9%. Crucially, it was management’s version that was recorded in the financials presented to investors.
With hindsight, it is easy to suggest that KPMG should have been tougher in challenging management’s estimates, insisting that they account better for contract values at an earlier date. Both management and KPMG insist that the conditions that triggered the write-down on the Liverpool contract materialised only in early 2017 and could not have been foreseen any sooner. It was only with an internal review of contract valuations that write-downs were disclosed in the July 2017 profits warning. KPMG had signed off Carillion as a going concern just a few months earlier.
"In Britain, no director of a publicly listed company has ever been imprisoned for failing to spot fraud in their business"
The Carillion collapse prompted a joint investigation by two House of Commons committees. The conclusions were damning, finding that:
The fall-out from the Patisserie Valerie collapse was very different. The company’s accounts had been audited by Grant Thornton since 2006. In the most recent financial statements before the collapse, the audit report said that impairment of non-current assets such as property, plant and equipment, as well as intangibles, was a key audit matter. It also highlighted revenue recognition.
But Grant Thornton said there were not material errors or deficiencies. Management override of controls was also mentioned. That, said the auditors, had a high potential impact on the financial statement, but it wasn’t a key concern. After Patisserie Valerie disclosed the alleged fraud, the Financial Reporting Council (FRC) said it would look at Grant Thornton’s 2015, 2016 and 2017 audits of the company.
The Carillion and Patisserie Valerie affairs prompted calls for change. In both cases, something had gone drastically wrong. Could these failures not have been prevented? The FRC found itself in the crosshairs of the fallout.
A House of Commons report on the Carillion affair concluded that the FRC had been unwilling to use its powers effectively and other regulators overseeing directors had failed to impose sanctions. The FRC’s role was to apportion blame after a failure, but not to prevent such a failure before it took place. The committee also recommended that the statutory audit market should be referred to the Competition and Markets Authority, with the aim of breaking up the oligopoly of the Big Four firms.
Furthermore, the report also recommended that the audit arm of professional service firms should be detached from the parts of those businesses providing other services.
In December 2018, a Government-commissioned report by Sir John Kingman gave its verdict on the FRC. It said: “Two major select committees have accused it, in the strongest terms, of timidity, a lack of pace and excessive closeness to those it regulates… [The FRC] is a rather ramshackle house… built on weak foundations ... It is time to build a new house.”
Crucially, the Kingman report said the new body should be “firmly focused on the interests of consumers of financial information, not producers… where necessary feared by those it regulates.”
The recommendations were accepted by the Government and the FRC is now being replaced by a new Audit, Reporting and Governance Authority, ending self-regulation of the major audit firms.
The pattern is a familiar one: something goes seriously amiss in the corporate world; a scandal ensues; the regulatory framework is changed. But how effective are such changes in preventing a recurrence?
The crystallisation of modern accounting practice in the US came as a result of a scandal. Ivan Kreuger was the Jeff Skilling and Bernie Madoff of the 1920s. His once-lauded companies – Kreuger & Toll, Swedish Match and International Match – turned out to be a complex, global Ponzi scheme. Depending on how you do the sums, the value of Kreuger’s securities issued in the US and worldwide amounted to between US$2 billion (£1.52 billion) and US$20 billion in today’s money. All seemed well until the crash of 1929.
Kreuger faced a cash crunch. Some of the Kreuger companies did not own the collateral they claimed. The value of Kreuger securities cratered. In 1932, Kreuger committed suicide in a Paris hotel room.
The businesses had been cursorily audited by a single individual, Albert Berning, a partner at Ernst and Ernst. His relationship with Kreuger was cemented by gifts of luxury travel and an entrée into global society. Kreuger was his only client.
The collapse of the empire was one of the areas examined in 1933 as part of Senate hearings on Wall Street’s banking and securities practices relating to the 1929 crash. It seems strange in hindsight, but in the Roaring Twenties, – an era when swindlers flourished – US Federal law made no requirement for a company to provide accounts.
The Kreuger scandal and the wider issues associated with the 1929 crash led to the US Securities Act of 1933 and the Exchange Act of 1934. Much later – in 2002 – came the Sarbanes-Oxley Act, covering areas such as company internal controls and record-keeping and making officers of a company personally liable if they knowingly falsified financial information. (It is striking that in Britain, no director of a publicly-listed company has ever been imprisoned for failing to spot fraud in their business.)
The thrust of much of the regulatory legislation has been to compel greater disclosure. Not surprisingly, company reports are now huge tomes: by 2014, the average annual report of a US company ran to 42,000 words.
"Investors should also accept that regulation cannot simply eradicate all bad outcomes and should accept some risk of financial statement errors and even fraud"
Does increased regulation prevent financial scandals? Clearly not. Think Enron, WorldCom, Bernie Madoff, AIG, Lehman Brothers and many more – including Carillion and Patisserie Valerie.
There are ironies in the quest to improve regulation. The FRC has said auditors should up their game and improve the quality of their work. Some challenger audit firms – those outside the big four of EY, PwC, KPMG and Deloitte – have already said they will drop some clients where the audit risk is reckoned to be high: the risk to a firm’s reputation is just too great. (As this article was published, Sports Direct was still struggling to find an auditor willing to take on the job of looking at its books.)
Yet it is exactly these ‘high-risk’ companies where investors most crave the reassurance of a thorough audit.
There is a further, curious aspect to increased regulation. LBS’s Ahmed Tahoun has found that over the years, financial regulation has followed accounting scandals. That much is understandable. But bizarrely, in some jurisdictions, increased regulation is followed by an uptick in scandals. Does this mean regulation causes fraudulent behaviour? Not necessarily. It may be that with tighter regulation comes greater opportunity for enforcement: misdeeds are more likely to be discovered and subsequently punished.
Don’t forget that regulation in the wake of scandals is based on the availability bias. By regulating in response to a recent but rare scandal, we ignore the virtues of a system where there were 999 quiet successes, but one glaring failure. And, of course, compliance with tighter regulation costs money. In the US today, there are now four layers of checking a company’s books:
Yet still scandals happen. Auditing can achieve only so much. An auditor can challenge a company’s version of events, but it can’t force a company to be upfront, honest and transparent with their information.
Furthermore, it doesn’t matter how many layers of oversight a company is subjected to if the auditor is simply presented with bogus information. Investors may expect that auditors guarantee that published financial information is correct; in truth, that expectation is unrealistic.
Auditor reports specifically tell investors that financial statements are the responsibility of management and that the role of the auditor is to give an opinion as to whether they are accurate. This opinion is based on the relevant accounting standards, using accepted auditing practices. These practices are designed to reduce the risk of error and fraud to a suitably low level – they are not designed to eliminate risk.
Post-failure investigation is important: it is not acceptable for auditors to fall short of professional standards. But neither should we rush to judgement that a business failure, a financial misstatement, or even a fraud is necessarily an auditor failure.
Investors accept risk that a business can fail due to competition or other economic forces. Investors should also accept that regulation cannot simply eradicate all bad outcomes and should accept some risk of financial statement errors and even fraud.
And how many investors are going to read, analyse and fully digest the implications of a 42,000-word annual report, so they can say they truly relied on it when making their investment decision?
Senator Paul Sarbanes of Sarbanes-Oxley fame put it well: “The Act is not an absolute guarantee. You will always have some sharp operators trying to get away with something. But hopefully, the Act will screen a lot of that out and they will be punished if they are caught.”
James Ryans is Assistant Professor of Accounting at London Business School
İrem Tuna is Professor of Accounting at London Business School