The prospect of an audit is likely to conjure up fears of blame, job loss, criminalisation and reputational damage; indeed, for some a visit to the dentist may seem preferable to a visit from the auditor. And there is a parallel; both professions are expert in carrying out preventative checks and identifying and remedying decay.
Auditors hold a privileged position, invited into an organisation and given full disclosure of financial information. Even lawyers do not get such disclosure.
They then go about their task of providing an independent opinion on financial information, providing assurance and credibility – and often helping avoid things going terribly wrong.
So why have an audit?
Auditors know what can go bad in businesses. They see it all the time. So when they come into a new business, they’ll quickly spot most warning signs.
Take the simple example of a business moving into the export market. The owner enters an agreement with a distributor to sell their products locally at an agreed commission. But often they do not include a ‘break-up’ clause covering who controls stock, promotions, etc, should their businesses move in different directions.
An auditor will often identify these sorts of ‘omissions’ straight away and advise on putting a clause in place (much like a pre-nuptial) to avoid unnecessary acrimony and loss down the track. In short, an audit will:
• Add credibility to your financial statements.
• Find weaknesses in your financial systems.
• Strengthen your financial systems.
• Give comfort to banks and silent shareholders.
• Act as a deterrent against fraud.
• Create a culture of trust in your business.
Fraud and the auditor
While audit is a powerful deterrent against fraud, its purpose is not to detect it – though it occasionally does so. Indeed, external audit discovers around five percent of fraud cases whereas in the majority: 36 percent are picked up through strong internal controls, 33 percent by tip-offs and 13 percent by internal audit. However, external audit is very successful as a means of controlling/deterring fraud – sitting at 70 percent, on a par with strong internal controls at 74 percent, internal audit 57 percent and tip-offs at ten percent. Why? Because in an audit environment, which has sound policies and procedures in place to prevent and manage fraud, people will not feel safe attempting to commit it.
Lessons from the field
Let’s explore a real fraud case where a business with an annual turnover of more than $1 million mysteriously lost $800,000 over a period of five years. How was it possible that no one queried the $250,000 being marked up in the books every year under ‘purchases’? If someone had done the sums they would have found that actual expenses totalled no more than $75,000.
The answer is that the environment was perfect for fraud – with a lack of internal controls and no one asking the right questions the fraudster was able to siphon off $170,000 a year until some fresh eyes arrived on the scene.
While it is the directors’ responsibility to look at financials and hold management accountable for any discrepancies, often board members don’t feel confident asking questions lest they appear ignorant. So in this case, trust was relied on. There was no segregation of duties, no second layer of control and no one asking the right questions – until it was too late. The business now owes Inland Revenue more than $100,000 in over claimed GST, a large forensic accountants’ bill and a long process of restoring workplace culture.
The lessons are clear: don’t play games with the bank; stay in touch with the bank; directors need to know the numbers and ask questions, and not rely on trust.
Then there’s the very public case of Ross Asset Management, a classic ‘Ponzi’ scheme touting a fund worth $400 million while in truth it had only $10 million. Again, no one asked questions. However, under an appropriate audit regime, Ross Asset wouldn’t get away with it. He’d need to regularly provide an audited certiﬁcation to be available stating that the appropriate systems and processes were in place and the $400 million was actually real. Ultimately audit teaches us that to avoid things going terribly wrong, we need to be smart, aware and ask questions. Indeed, it’s those seemingly ‘stupid’ questions that are sometimes the best.