Trust is good but controls are better

Mubeen Khan - The most trusted man at a Japanese automobile giant, who was their Executive Chairman credited with turning their business around, suddenly fell from grace and fled from Japan on board a private jet. This was the ugliest face of greed and breach of trust that the business world had witnessed. A Chief Operating Officer (COO) who served at a European fin-tech giant for almost twenty years went untraceable after it was discovered that more than 1.9 billion euro that was shown to be in their overseas bank accounts, simply did not exist. However, their CEO was not lucky enough to board a private jet to a safe haven and rather landed in jail. The most worrying part of this fin-tech company story is that this massive fraud was not discovered by anyone else but by an investigative journalist. Another gem, this one discovered by a thankless market analyst and short-seller, was a multi-billion dollars thriller unveiled last year at a well-known health and financial services company in a neighbouring country where the Board suddenly woke up to an ultra-spicy sizzler of $6.6 billion in loan liabilities whereas their audited financials were showing some sweet $ 2.1 billion pie only. It is alleged that this unaccounted bank borrowings of more than $4.4 billion were secured and potentially diverted by their most trusted Chairman and his cronies. Bankers have reported severe heartburn if not critical heart attacks whereas shareholders of this LSE listed company were in shock after losing more than $5 billion when the share prices crashed. How did it happen? The common phenomenon in all three stories was a dominant blindly trusted individual who boasted to have built the business from scratch. This trusted individual was turned into a revered holy unquestionable cow, allowed to run his ‘One Man Show’. Anybody who dares question this holy cow is kicked out. I also had run into a few such holy cows during my career and pulled the carpet from beneath their feet to discover a lot of dirt. Even when the person pulling the carpet is often swallowed by the hovering ‘dust storm’ emanating therefrom, I do believe, such proverbial carpets are still worth being pulled. “Trust Vs Controls” The traditional approach has always been “trust” over “controls” which might prove to be fatal. There was an interesting fraud at a local entity where right from the tissue paper boxes to big plant and equipment were being purchased from one single supplier. The same supplier was also the marketing agent, wholesale buyer and supplied everything under the sun to this company. The magic behind this miraculous supplier was that the CEO of the buyer company was also the proud partner of the supplying company but the CEO of the buyer company never bothered to disclose this fact to his board that blindly trusted him. What happened next is history. The Role of Auditors The only way to prevent corporate fraud is the implementation of robust corporate governance mechanism. The basic pillar of Corporate Governance is the fearless auditor. Omani Law empowers the regulator to object to the unjustified removal of auditors. At the same time, Capital Market Authority (CMA) regulations mandate that auditors are rotated at least once in four years to protect their independence. Oman’s Corporate Governance framework and regulations are regarded as one of the best not only in the region but globally. The CMA brought a new Code of Corporate Governance in the year 2016 that had taken corporate governance to an entirely new level. Recently, CMA also issued another code applicable to Government Companies that will bring in unprecedented transparency, objectivity and discipline to these companies and help protect public money. Rotation of Auditors of LLCs Although this might be debatable, we need to carefully read Article 280 of the new Commercial Companies Law, which states that the regulations for the appointment of auditors of joint stock companies shall also be applicable to the appointment of auditors of Limited Liability Companies (LLC). One may interpret that even the LLC companies are required to follow the rotation of auditors every four years as per Article 280. This does not seem to be the industry practice as of now. I believe that compulsory rotation of auditors brings in more confidence of investors, bankers and other users of Financial Statements and strengthens corporate governance. Lenders might think of insisting Auditor rotation even for LLC borrowers. Regulatory Protection to Internal Auditors CMA Regulation 10/2018 prescribes that the Internal Auditors shall be appointed for a minimum period of four years and if the Internal Auditor is removed before the expiry of four years from the date of appointment, detailed reasons shall have to be provided. If the basis for removal is not found satisfactory, the Internal Auditor can be reinstated by CMA. This strengthens the most important pillar of Corporate Governance and the Internal Auditors can now discharge their statutory obligations without fear of reprisal. Conclusion An independent Internal Audit must be established even in family owned businesses that are not regulated by CMA as external audit scope is limited to the financial statements. Regulators and owners should protect external and internal auditors from unjustified removal. Only then quality audits can be expected. The trust based Delegation of Authorities by shareholders and owners should not be without effective segregation of duties, controls and monitoring. Controls are always better than trust. [Mubeen Khan (FCA, CIA, CISA and DISA) is a well-known fraud investigation and controls designing expert with more than 25 years of experience in this area. He is past Chairman of the Muscat Chapter of the Institute of Chartered Accountants of India (ICAI) and Ex-Vice President of the Oman Chapter of The Institute of Internal Auditors (IIA)]