Do external auditors have a duty to detect fraud? How about the internal auditors? What price do internal auditors and other compliance employees pay for following up on suspicions of fraudulent or unethical activity?
These are two of the most contentious questions I write about. We’ve seen the debate over fraud detection by external auditors in the Koss, Overstock, Satyam, Huron, and Madoff feeder funds cases.
I can cite GAAS and SAS all day long but if auditors accept engagements with sketchy clients, continue working for companies that are constantly in trouble or won’t spend time or money on proper controls, and allow these clients to nickel and dime them on their audit, what do you expect? You think auditors resign much these days?
You must be joking. They won’t even give “going concern” opinions.
We’ve also seen internal auditors get fired, take a beating, or be completely ignored in situations such as the Navistar whistleblower case, the Societe General rogue trader scandal, and AIG’s latest crisis, respectively. Recently, desperate attempts to get a story heard by insiders in the Boeing case via leaks to media were rebuffed by the courts as not worthy of Sarbanes-Oxley whistleblower protection. There are different standards that apply to each when it comes to duty, obligation, and liability for reporting. But the bottom line is the same: In an environment of cost-cutting, it’s hard out there for an auditor.
It’s tough to be the “good guy,” however you define “goodness” within your moral framework. It’s even tougher if you were never taught your duty to the public as a licensed CPA and if the firm or company punishes you, de-incentivizes you to do the right thing. Retired Trinity University Professor Bob Jensen talks about David Myers, the Controller of WorldCom:
David Meyers [sic] became a convicted felon largely because he did not say no when his supervisor (Scott Sullivan, CFO) asked him to commit illegal and fraudulent accounting entries that he, Meyers [sic], knew were wrong. David Myers tells audiences now that he still feels great guilt over how much he hurt investors. At the time he did wrong, he rationalized that he was doing good by shielding Worldcom from bankruptcy and protecting employees, shareholders, and creditors. However, what he and other criminals at Worldcom did was eventually make matters worse.
The “hero” in detecting the fraud at Worldcom’s was an internal auditor, Cynthia Cooper, who subsequently wrote the book, Extraordinary Circumstances: The Journey of a Corporate Whistleblower. However, if you have ever heard Cynthia Cooper speak you know that when she blew the whistle she was despised by virtually everybody at Worldcom. This is the fate of most whistleblowers.
I gave a presentation to a group of internal auditors last Spring and offered this advice:
• Choose your employer wisely – A troubled company can be very interesting but very risky. Do your homework. Know what you’re getting into. If you’re at the right level, demand an employment contract with a no-fault divorce clause.
• Choose your allies within a firm or company carefully.
• Document everything!
• As an internal auditor, seek to be part of the “privilege” inner circle – If not, you’ll be left out of anything important and not protected.
• Be careful of internal investigations – Align with outside attorneys. You may need their help for the whistleblower suit.
• If you’re not financially independent, don’t try be a hero – The book deal and speaking fees are not worth it. Only the very rich or very poor can speak truth to power. They have nothing to lose.
• Don’t be a scapegoat – If you see trouble, get the hell out of Dodge!
