Or a Tongaat, an African Bank, an Eskom, an SAA − the list goes on. It is a question that should be top of mind of those who are employed and are seeking employment, those who have invested hard-earned money in banks and large corporations, and those who are saving for the future, as well as of communities that rely on corporate social expenditure
The consequences of a corporate failure go far beyond adverse financial impacts and impact on the livelihoods of those the corporate has influenced. When a corporate failure happens, the question to ask is whether we, as a country, have responded adequately in preventing future corporate failures. The same questions can be posed in the case of state-owned entities.
In 2002, the USA experienced the biggest corporate failure at that time – Enron Corporation. The scandal was so catastrophic that it contributed to the collapse of Enron’s external auditors, Arthur Andersen LLP, who were part of the Big 5. It was a spectacular debacle in which management failed to present the financial position and financial performance of the company in a fair and truthful manner in order to increase the share price and maintain Enron’s status as the then darling of Wall Street. Soon thereafter was another corporate failure, which overtook that of Enron in terms of the magnitude of the fraud which had taken place – WorldCom. These corporate failures prompted the enactment of a federal law called the Sarbanes–Oxley Act of 2002. The primary objective of Sarbanes–Oxley is to protect the stakeholders of companies, and I will name a few of the sections it brought in:
- Section 302 – This provision requires the accounting officers of a company (which is usually designated to the CEO and CFO) to certify that the financial statements are truthfully presented and that the disclosure controls that were designed to achieve this are operating effectively.
- Section 404 – The provision requires that management of an organisation certify that they have designed adequate internal controls to prevent and detect a material error in the financial statements.
For management to make this certification, the Act requires entities to follow an internal controls framework. Most listed companies in the US comply with COSO’s (the Committee of Sponsoring Organizations of the Treadway Commission’s) Internal Control − Integrated Framework 2013.
The importance of an engaged, robust and indepndent audit committee was further emphasised. An audit committee holds management to account for their actions and challenges management on decisions that they make and the financial statements that they prepare. It was time for board members to transition from being merely attendees to directors who are proactively engaged in performing the fiduciary duties that they are appointed by shareholders to perform.
In the event of a corporate failure, there are punitive provisions in the Sarbanes–Oxley Act that could lead to the CEO or CFO spending up to 20 years in prison and/or paying a fine of up to $5 million.
The Act also created the Public Company Accounting Oversight Board (PCAOB) to oversee the auditing profession. The PCAOB requires auditing firms to be registered with it. In addition, they establish auditing standards including those related to ethics, auditor independence and quality control. The PCAOB is also responsible for conducting inspections/investigations and disciplinary actions on registered firms and enforcing compliance with Sarbanes–Oxley.
The Sarbanes–Oxley Act (also known the SOX Act) may not have completely reduced the risk of corporate failures, but it created a shift in behaviour and corrected perceptions of the role of external auditors in the financial reporting process. Often there is justified social anger toward the external auditors after a corporate failure, and there are loud calls for stronger regulations of the auditing profession. While we cannot absolve the auditors from their duty to perform their audits with professional scepticism and in accordance with auditing standards, there is no law or regulation in this country that puts the onus of preventing and detecting fraud or misleading financial statements on the external auditors. That onus lies with management. International Financial Reporting Standards clearly state in International Accounting Standard 1, Presentation of Financial Statements (IAS 1), that financial statements must fairly present the financial position, financial performance and cash flows of an entity. IAS 1 further requires management to make an assessment of the entity’s ability to continue as a going concern. The Companies Act 71 of 2008 requires companies to provide financial statements that ‘present fairly the state if affairs and business of company’ and that they must not be ‘misleading in any material respect’. It goes on to state that any person who is party to the preparation, approval and dissemination or publication of financial statements that are materially false or misleading is guilty of an offence. The International Standard on Auditing 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements (ISA 240), states that ‘the primary responsibility of for the prevention and detection of fraud rests with those charged with governance of the entity and management’.
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with the ISAs, further stipulates that ‘an audit in accordance with ISAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental to the conduct of the audit. The audit of financial statements does not relieve management or those charged with governance of their responsibilities.’
It is therefore clear that looking solely at the external auditors to protect stakeholder interests is not enough. We as society must understand that we have put our interests in the hands of management and the board of directors and that more must be done to hold management and the board of directors accountable for their obligations relating to the fairness and truthful representation of financial statements. Management are the implementers of strategy, the initiators of the same transactions that they fail to disclose adequately.
The watchdog over management is, firstly, the audit committee. An audit committee chair once said that when financial results are good (when profits are up), budgets are achieved, and valuations look positive, it is human nature to create confirmation bias when reviewing those financial statements. Those financial results are scrutinised less and challenged less compared to when financial results are not looking so good, which should not be the case. The role of the audit committee is to provide independent and objective oversight over the financial reporting process. Are such confirmation biases not creating additional pressures on management to fraudulently present the financial position, financial performance and cash flows of an entity? Should the common goal not be to create an environment whereby management and employees at large are encouraged to prepare the most accurate financial information in accordance with the relevant standards?
The second watchdog should be the internal auditors; the third is the external auditors. It is crucial that all role-players play their part to ultimately protect the interests of stakeholders of an organisation.
The creation of the financial reporting ecosystem
The US refers to a pre-SOX era and post-SOX era, highlighting the drastic measures mentioned above that were implemented to transform the accounting and auditing profession to restore investor confidence and protect the interests of stakeholders.
Have we done enough in this country to address unethical financial reporting and unethical corporate behaviour in both the private and public sectors? Even if those responsible for corporate scandals are brought to account, it is still after a blood bath of financial losses suffered by ordinary citizens of this country which may never be recovered. There should be growing calls for prevention. The JSE issued paragraph 3.84(k) of the listing requirements that mandates the CEO and FD to sign off on a statement on the effectiveness of financial controls. This is a good start, as it acknowledges and re-emphasises the fact that management is responsible for putting together financial reporting controls to prevent misleading financial statements or financial statements that are not prepared in all material respects in accordance with the applicable accounting standards.
However, what is the standard against which the CEO and FD can measure the effectiveness of their financial controls? What are effective financial controls? If management is responsible for implementing financial controls, how will they be able to attest whether their own financial controls are effective in an unbiased manner? There is potential for internal auditors in South Africa to independently test these controls, but the question remains, against which standards?
Just like companies listed on the New York Stock Exchange use COSO 2013 as a framework for implementing an effective internal control system, South Africa needs a framework as well. We already have a set of good corporate governance principles in the form of the King IV Code of Corporate Governance to address a lot of our entity-wide controls, but we do not have one to assist management in implementing effective financial reporting controls. The framework should be founded on ethics and should ensure that qualified, skilled and experienced individuals are performing their various roles. Management and employees at large should be empowered through the internal control’s framework to ‘get things right’ internally through collaboration without shifting preparer obligations to the external auditors.
The ultimate pursuit is the creation of a culture of excellence, honesty, integrity and pride of the organisations we work for, and for the country at large.
Mpho Mashatola CA(SA), Financial Controller at DRD Gold Limited