Last week Next Fifteen Communications Group delayed publication of its latest accounts after discovering a fraud. Bob Willott asks who should be accountable.
It’s surprising - and strangely reassuring - that no-one has yet questioned why the embezzlement at Next Fifteen’s US subsidiary Bite was not prevented by a zealous auditor discovering a weakness in the company’s internal controls.
It’s possible that the auditors discovered the fraud, but it’s highly unlikely that the auditors could have prevented it. That assumption would be based on an everlasting fallacy about the purpose of audit.
The official objective is to "obtain reasonable, assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an the applicable financial reporting framework".
To satisfy the above objective the auditors will need to check whether the financial statements are in accordance with the underlying records and whether those underlying records can be relied upon.
If the underlying records don’t reflect reality because it is discovered that someone has stolen all the cash, the company’s obligation is to ensure that those records are corrected and the auditors’ obligation is to ensure that the financial statements reflect the damage.
Auditors will usually inform a company’s management of any weaknesses in controls that are discovered in the course of an audit, and they may extend their audit tests to compensate, but responsibility for the effectiveness of those controls remains with the board.
So what can we deduce about the big cash bite out of Bite? The company remains tight lipped until the investigations are concluded. But shareholders will need to know whether the embezzlement was possible because controls were demonstrably weak or whether it can be put down to a very clever, determined, thieving internal accountant.
Clever people can usually commit fraud irrespective of the soundness of internal controls. But if the evidence suggests a laxness in the control systems or enforcement thereof, and if the amount of money involved proves substantial, someone will need to be called to account.