Risk of Fraud (the balloon)
No one should believe that CSR / Sustainability reports will be Fraud-Free zones. Where there is a need or desire to provide reported outcomes that differ from actual outcomes, there will be mis-staement and fraud. Corporate officers are now required (under the US Sarbanes-Oxley law – “SOX”) to certify that the reported results are accurate. These officers face criminal and civil penalties if they knowingly certify inaccurate information in the reports.
While this has reduced the opportunity for direct financial statement fraud and misstatement, the concept of the balloon comes into play. Squeeze the balloon in one place, and it pops out in another. Misstatement of business information with the objective of misleading regulators, investors and analysts is a bit like the balloon. Tighter controls over financial reporting decreases the risk of misstatement of this information, but increases the danger of misstatement of unaudited information.
The fact of greater controls does not mean that the number of individuals willing, able or motivated to "fudge the numbers" has decreased, only that the opportunities have decreased.
Let us consider for a moment the reasons that information is misstated in the first place. Managers and executives in companies are given metrics and objectives that they need to achieve. These metrics could be operational, or could include improvements in share price or other external metrics. To commit fraud there need to be three factors; opportunity, reward and rationalization. Increased internal control quality under SOX has reduced the opportunity, but has done nothing to remove the other two motivations. Where the desire is to influence observers of a company's reported value in order to protect or increase personal reward, those who might have manipulated financial statements will find other externally visible measures they can manipulate. Unaudited information such as CSR/Sustainability information provides such an opportunity.
The investment analyst community use information well beyond the audited reports; non-financial or extra-financial information, projections, unaudited segment information, competitor profiles and performance and industry comparisons, to name a few. Unintentional reporting of inaccurate unaudited information can skew investor models, and intentionally misstated non-financial or extra-financial information could be used to intentionally alter analysts perceptions of a company.
Therefore we should not expect the tightening of systems of internal control and the introduction of penalties for the reporting of knowingly inaccurate information in audited reports to automatically reduce the volumes of intentionally misstated information.
To give an example, imagine a situation in which a company commits, at least in a CSR/Sustainability report, to reduce waste water by a given percentage or volume. Senior managers may have parts of their remuneration tied to achievement of these objectives. In such a case there is an incentive to influence reported results. As this information is not audited, but it is reported externally, senior management could decide to manipulate the results for both positive public relations and to meet personal targets and therefore protect bonuses and other remuneration. The resulting reports, while not audited, certainly are provided into a market place with the intent of influencing valuations of the company.
It should also be noted that we expect this risk to have a relatively short life, as we expect CSR/Sustainability information to become part of SEC and other regulatory reporting over the coming years. In the case of SEC registrant companies, the inclusion of CSR/Sustainability measures into mandated reports could result in this information becoming audited information under the reporting responsibility of the CFO or Finance Director. More importantly this information will become subject to two key sections of Sarbanes-Oxley; 302 and 404.
Under section 302 the CFO and CEO need to certify that the reported results are accurate, with penalties for knowingly reporting inaccurate information. Inclusion of CSR/Sustainability information under this section will result in this information coming under significant additional internal scrutiny, and review by the external audit community.
Should CSR/Sustainability information be considered part of the "Financial Statements" (or equivalent) then the creation of that information will become subject to section 404, and management will be required to both document and test the controls over the production of that information. In this scenario CSR/Sustainability information creation will become far more formalized and process driven, with correspondingly greater depth and quality, resulting in consumers of the information having greater confidence in that information.
While this has reduced the opportunity for direct financial statement fraud and misstatement, the concept of the balloon comes into play. Squeeze the balloon in one place, and it pops out in another. Misstatement of business information with the objective of misleading regulators, investors and analysts is a bit like the balloon. Tighter controls over financial reporting decreases the risk of misstatement of this information, but increases the danger of misstatement of unaudited information.
The fact of greater controls does not mean that the number of individuals willing, able or motivated to "fudge the numbers" has decreased, only that the opportunities have decreased.
Let us consider for a moment the reasons that information is misstated in the first place. Managers and executives in companies are given metrics and objectives that they need to achieve. These metrics could be operational, or could include improvements in share price or other external metrics. To commit fraud there need to be three factors; opportunity, reward and rationalization. Increased internal control quality under SOX has reduced the opportunity, but has done nothing to remove the other two motivations. Where the desire is to influence observers of a company's reported value in order to protect or increase personal reward, those who might have manipulated financial statements will find other externally visible measures they can manipulate. Unaudited information such as CSR/Sustainability information provides such an opportunity.
The investment analyst community use information well beyond the audited reports; non-financial or extra-financial information, projections, unaudited segment information, competitor profiles and performance and industry comparisons, to name a few. Unintentional reporting of inaccurate unaudited information can skew investor models, and intentionally misstated non-financial or extra-financial information could be used to intentionally alter analysts perceptions of a company.
Therefore we should not expect the tightening of systems of internal control and the introduction of penalties for the reporting of knowingly inaccurate information in audited reports to automatically reduce the volumes of intentionally misstated information.
To give an example, imagine a situation in which a company commits, at least in a CSR/Sustainability report, to reduce waste water by a given percentage or volume. Senior managers may have parts of their remuneration tied to achievement of these objectives. In such a case there is an incentive to influence reported results. As this information is not audited, but it is reported externally, senior management could decide to manipulate the results for both positive public relations and to meet personal targets and therefore protect bonuses and other remuneration. The resulting reports, while not audited, certainly are provided into a market place with the intent of influencing valuations of the company.
It should also be noted that we expect this risk to have a relatively short life, as we expect CSR/Sustainability information to become part of SEC and other regulatory reporting over the coming years. In the case of SEC registrant companies, the inclusion of CSR/Sustainability measures into mandated reports could result in this information becoming audited information under the reporting responsibility of the CFO or Finance Director. More importantly this information will become subject to two key sections of Sarbanes-Oxley; 302 and 404.
Under section 302 the CFO and CEO need to certify that the reported results are accurate, with penalties for knowingly reporting inaccurate information. Inclusion of CSR/Sustainability information under this section will result in this information coming under significant additional internal scrutiny, and review by the external audit community.
Should CSR/Sustainability information be considered part of the "Financial Statements" (or equivalent) then the creation of that information will become subject to section 404, and management will be required to both document and test the controls over the production of that information. In this scenario CSR/Sustainability information creation will become far more formalized and process driven, with correspondingly greater depth and quality, resulting in consumers of the information having greater confidence in that information.
Hello,
ReplyDeleteI am very interested in your topic and I am eager to find instances of fraud and how they may have been (or should have been) detected by auditors. Can you please send any useful sources you may have found to mjpomares@aol.com?
Thank you very much for your interesting take on this issue. I look forward to the progression of this topic and your subsequent analysis.
Mike
hi mike, this article help me too, just for share you can visit here http://www.moores-rowland.com/halaman/detail/sustainability-assurance.html if you mind.
Delete