By Mpho Mashatola
What is preventing another Steinhoff, Tongaat Hulett, African Bank, Eskom, or SAA from happening in South Africa? This is a question that should be top of mind for those who have invested hard-earned money in banks and large corporations, those who are saving for the future, those who seek employment, as well as communities that rely on corporate social expenditure.
The consequences of a corporate failure go far beyond adverse financial impacts and impact on the livelihoods of those the corporate world has influenced. When a corporate failure happens, the question to ask is whether we, as a country, have responded adequately in preventing future corporate failures. The same questions can be posed in the case of state-owned entities.
In 2002, the USA experienced the biggest corporate failure at that time – Enron Corporation. The scandal was so catastrophic that it contributed to the collapse of Enron’s external auditors, Arthur Andersen LLP, who were part of the Big 5. It was a spectacular debacle in which management failed to present the financial position and financial performance of the company in a fair and truthful manner in order to increase the share price and maintain Enron’s status as the then darling of Wall Street. Soon thereafter was another corporate failure, which overtook that of Enron in terms of the magnitude of the fraud which had taken place, WorldCom. These corporate failures prompted the enactment of a federal law called the Sarbanes–Oxley Act of 2002. The primary objective of Sarbanes–Oxley is to protect the stakeholders of companies, and I will name a few of the sections it brought in:
Section 302: This provision requires the accounting officers of a company (usually the chief executive officer and chief financial officer) to certify that the financial statements are truthfully presented and that the disclosure controls that were designed to achieve this are operating effectively.
Section 404: The provision requires that the management of an organisation certify that they have designed adequate internal controls to prevent and detect a material error in the financial statements.
For management to make this certification, the Act requires entities to follow an internal controls framework. Most listed companies in the US comply with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control − Integrated Framework 2013.
The importance of an engaged, robust, and independent audit committee was further emphasised. An audit committee holds management to account for their actions and challenges management on decisions that they make and the financial statements that they prepare. It was time for board members to transition from being merely attendees to directors who are proactively engaged in performing the fiduciary duties that they are appointed by shareholders to perform.
In the event of a corporate failure, there are punitive provisions in the Sarbanes–Oxley Act that could lead to the CEO or CFO spending up to 20 years in prison and/or paying a fine of up to US$5 million.
The Act also created the Public Company Accounting Oversight Board to oversee the auditing profession. The board requires auditing firms to be registered with it. In addition, they establish auditing standards including those related to ethics, auditor independence and quality control. The board is also responsible for conducting inspections/investigations and disciplinary actions on registered firms and enforcing compliance with the Sarbanes-Oxley.
The Sarbanes-Oxley Act (also known the SOX Act) may not have completely reduced the risk of corporate failures, but it created a shift in behaviour and corrected perceptions of the role of external auditors in the financial reporting process. Often there is justified social anger towards the external auditors after a corporate failure, and there are loud calls for stronger regulations of the auditing profession.
While we cannot absolve the auditors from their duty to perform their audits with professional scepticism and in accordance with auditing standards, there is no law or regulation in South Africa that puts the onus of preventing and detecting fraud or misleading financial statements on the external auditors. That onus lies with management.
International Financial Reporting Standards clearly state in International Accounting Standard 1, Presentation of Financial Statements (IAS 1), that financial statements must fairly present the financial position, financial performance, and cash flows of an entity. IAS 1 further requires management to assess the entity’s ability to continue as a going concern. The Companies Act 71 of 2008 requires companies to provide financial statements that ‘present fairly the state of affairs and business of company’ and that they must not be ‘misleading in any material respect’. It goes on to state that any person who is party of to the preparation, approval and dissemination or publication of financial statements that are materially false or misleading’ is guilty of an offence. The International Standard on Auditing 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements (ISA 240), states that “the primary responsibility for the prevention and detection of fraud rests with those charged with governance of the entity and management”.
ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with the ISAs, further stipulates that ‘“an audit in accordance with ISAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental to the conduct of the audit. The audit of financial statements does not relieve management or those charged with governance of their responsibilities.”
It is therefore clear that looking solely at the external auditors to protect stakeholder interests is not enough. We as society must understand that we have put our interests in the hands of management and the board of directors and that more must be done to hold management and the board of directors accountable for their obligations relating to the fairness and truthful representation of financial statements. Management are the implementers of strategy, the initiators of the same transactions that they fail to disclose adequately.
The watchdog over management is, firstly, the audit committee. An audit committee chair once said that when financial results are good (when profits are up), budgets are achieved, and valuations look positive, it is human nature to create confirmation bias when reviewing those financial statements. Those financial results are scrutinised less and challenged less compared to when financial results are not looking so good, which should not be the case. The role of the audit committee is to provide independent and objective oversight over the financial reporting process.
Are such confirmation biases not creating additional pressures on management to fraudulently present the financial position, financial performance, and cash flows of an entity? Should the common goal not be to create an environment whereby management and employees at large are encouraged to prepare the most accurate financial information in accordance with the relevant standards?
The second watchdog should be the internal auditors; the third is the external auditors. It is crucial that all role-players play their part to ultimately protect the interests of stakeholders of an organisation.
The creation of the financial reporting ecosystem
The US refers to a pre-SOX era and post-SOX era, highlighting the drastic measures mentioned above that were implemented to transform the accounting and auditing profession to restore investor confidence and protect the interests of stakeholders.
Have we done enough in this country to address unethical financial reporting and unethical corporate behaviour in both the private and public sectors? Even if those responsible for corporate scandals are brought to account, it is still after a blood bath of financial losses suffered by ordinary citizens of this country which may never be recovered. There should be growing calls for prevention. The JSE issued paragraph 3.84(k) of the listing requirements that mandates the CEO and the financial director to sign off on a statement on the effectiveness of financial controls. This is a good start, as it acknowledges and re-emphasises the fact that management is responsible for putting together financial reporting controls to prevent misleading financial statements or financial statements that are not prepared in all material respects in accordance with the applicable accounting standards.
However, what is the standard against which the CEO and financial director can measure the effectiveness of their financial controls? What are effective financial controls? If management is responsible for implementing financial controls, how will they be able to attest whether their own financial controls are effective in an unbiased manner? There is potential for internal auditors in South Africa to independently test these controls, but the question remains, against which standards?
Just like companies listed on the New York Stock Exchange use COSO 2013 as a framework for implementing an effective internal control system, South Africa needs a framework as well. We already have a set of good corporate governance principles in the form of the King IV Code of Corporate Governance to address a lot of our entity-wide controls, but we do not have one to assist management in implementing effective financial reporting controls. The framework should be founded on ethics and should ensure that qualified, skilled, and experienced individuals are performing their various roles. Management and employees at large should be empowered through the internal controls’ framework to ‘get things right’ internally through collaboration without shifting preparer obligations to the external auditors.
The ultimate pursuit is the creation of a culture of excellence, honesty, integrity, and pride of the organisations we work for, and for the country at large.
Mpho Mashatola CA(SA) is Financial Controller at DRD Gold Limited. The article first appeared in Accountancy SA, SAICA’s member magazine. Note that these are opinions of the author and not necessarily SAICA’s views or those of IOL.