Chapter 11 - Obligation to Report Suspicions of Fraud

Navigation: Previous Page | Contents | Next Page

Chapter 11 - Obligation to Report Suspicions of Fraud

Whether the directors and executive officers of a company should be obliged to report to the auditor any suspicion they might have about any fraud or improper conduct involving the company

11.1      This proposal attracted little support from submissions and witnesses who appeared before the PJSC. The majority of submissions pointed out that arrangements currently exist for the reporting of criminal conduct and the proposal gave no guidance on the course of action to be taken once the auditor was apprised of any suspicions.

Arguments in favour of the requirement that directors and officers should be required to report suspicions to the auditor

Enhances the role of auditor

11.2      The proposal that directors and officers should be required to report suspicions to the auditor arose from an investigation of the “audit expectation gap” by a Working party established by the Accounting Bodies.[1] The Working Party identified irregularities which directors, executive officers and company staff should report to the auditor as part of the audit process. These included fraud or suspected fraud, non-compliance with applicable laws, regulations and the company’s constitution and misstatements or omissions from accounting records or disclosures from financial reports. The proposal was subsequently considered by a Task Force which advised the Accounting Bodies on the implementation of the Working Party’s recommendations.[2] The Accounting Bodies described the background to the proposed requirement:

Mr Parker-An unfortunate fact about the excesses of the 1980s was that directors and senior executives-in a very limited number of circumstances-withheld information from the auditors. Staff that processed certain transactions knew or at least had suspicions about what was going on. A number of those companies continued on for a number of years, and shareholders and creditors lost as a result of that.[3]

11.3      The PJSC was told that notification of irregularities would provide the auditor with valuable information to assist in planning and conducting the audit.[4] The requirement would also have “ a beneficial effect in empowering the auditor by having further access to information and giving those parties an obligation to report their suspicions to the auditor.”[5] The Accounting Bodies emphasised that the auditor was not responsible for detecting irregularities and that company management had overall responsibility for the detection and prevention of breaches, fraud or other improper conduct.[6] But once these irregularities have been reported to the auditor:

The auditor, under requirements of the Corporations Law, has then various options to consider: whether or not the matter can be adequately addressed by bringing it to the attention of the directors to resolve, whether or not he should comment in his audit report, whether or not he should refer the matter to ASIC. So there seems to be plenty of opportunities for the auditor to use his discretion. He is now informed; he has to do something; and he can weigh up the benefits of what he has been told.[7]

Another avenue for reporting misconduct

11.4      It was submitted that the requirement would provide the ASIC with another opportunity to prosecute directors who have acted corruptly. It may also encourage those directors who have suspicions but are unsure about reporting something because of the fear of prosecution.[8]

Qualified support

11.5      The Accounting Association of Australia and New Zealand (AAANZ) supported the suggested requirement on the basis that directors should have a mechanism for discussing concerns with the external auditor. However, the AAANZ advised that the wording of the requirement should be stricter. The wording should reflect the qualifications that any reported suspicions should be reasonably held, relate to material items and be confined to well understood sets of activities.[9]

11.6      According to the AAANZ, the words “improper conduct” could be read to include activities not related to the auditor’s duties. The AAANZ recommended replacing the words "involving the company" with "involving the financial affairs of the company".[10]

11.7      The Chartered Institute of Company Secretaries, Victoria Branch, gave qualified support for the requirement but queried whether a mere suspicion should attract the obligation to report:

Is a mere suspicion enough to attract this obligation or must there be a belief that there is at least a reasonable likelihood of the improper conduct having occurred?[11]

Arguments against the requirement that directors and officers should be required to report suspicions to the auditor

Why do companies attract special attention?

11.8      The PJSC was told that the mere fact that a particular enterprise or activity is organised as a company formed under the Corporations Law does not justify the perceived need for special regulation.[12] Laws exist to encourage persons across sectors to report wrongdoing. For example, section 316 of the Crimes Act 1900 requires that persons with information about the commission of a serious offence report it to the police. There is an argument, therefore, that there is no apparent reason to single out companies as needing special provisions for the reporting of any wrongdoing:

Fraud or improper conduct invasive of the rights of others or otherwise anti-social should attract the same requirement for reporting and the same protection for bona fide reporters whether it happens in the context of a company formed under the Corporations Law, a foreign company operating in Australia, a partnership, a body of charitable trustees, a government department or any other form of organisation – or even in the absence of any form of organisation at all. There is no apparent reason why someone with knowledge about possible corporate fraud should be in a position different from that occupied by someone with knowledge about possible social security fraud.[13]

The auditor is not the most appropriate recipient of such information

11.9        Several submissions argued that the auditor is not the appropriate recipient of such information because the independence of the auditor might be compromised by the terms of the auditor’s employment or appointment. Many auditors owe their position and income to the company. This concern also applies to directors and executive officers who owe their remuneration to management. A preferred course would be for suspicions to be confided to an authority independent of company management.[14]

11.10         The Australian Investors Association Ltd (AIA) advised the PJSC that it supported the proposed requirement only to the extent that it is not inconsistent with the joint policy of the AIA and the Australian Shareholders’ Association. That policy is concerned with ensuring the independence of auditors and the auditing process. According to the AIA, the independence of auditors is compromised as the remuneration of auditors is set by the directors and in practice auditors are appointed by directors. The AIA policy states:

To ensure that financial statements are reliable, auditors should be independent. Their appointment should be subject to approval by, and their reports copied to, a public authority; they should not be able to derive consulting fees from their audit clients; not auditor or associates of the auditor should conduct the audit of a listed company for more than (sic) consecutive years.[15]

11.11         Applying the AIA’s policy to the proposed requirement, the independence of audits and auditors should be enhanced before the auditor’s duties are expanded to include receiving reports about the suspicions of directors and company officers.

11.12         It was argued that the existing reporting responsibilities of auditors should not be automatically extended to more general reporting.[16] New section 311 of the Law requires an auditor conducting an audit or review to report to the ASIC any suspected contravention of the Law that the auditor believes will not be adequately dealt with by bringing it to the attention of the directors. Auditors enjoy qualified privilege under section 1298 in relation to such reporting.

11.13         Mr Barrett told the PJSC that these provisions do not justify the extension of that reporting role to a general policing role of the company. The proposed requirement would be much wider in scope than section 311 of the Law:

Section 311 would have no obvious operation in a case where an officer appeared out of the blue, as it were, and informed the auditor of some suspected fraud or improper conduct. The section is concerned only with matters emerging from the conduct of an audit or review called for by the Law, not information separately volunteered or otherwise obtained.[17]

11.14         A further problem raised is that the requirement leaves unclear what the auditor’s duties are in relation to the information. If the information were relevant to the proper discharge of the auditor’s functions and if the information were taken into account at that level and section 311 did not apply then the matter might end there.[18]

11.15         According to Arnold Bloch Leibler, section 311 of the Law recognises that in some circumstances a contravention is best dealt with by the directors of the company:

If the directors of a company reasonable believe that a matter can be adequately dealt with by them, then they should have the responsibility for doing so. The onus for dealing with a breach of the law should rest with the directors and not with the auditors.[19]

11.16         The Australian Institute of Company Directors (AICD) noted that auditors are under an obligation to report certain matters to the ASIC if uncovered during the conduct of an audit or review. The requirement would extend that obligation to matters confided in them beyond the ambit of an audit or review. According to the AICD, there is an implication that the auditor is the most appropriate person to deal with such suspicions:

This proposition suggests that the auditor becomes the “policeman” for the company, even outside the audit process. There is nothing to suggest that the auditor is in any position to handle the matters contemplated in any better way than directors or management for example via the audit committee. Indeed the auditor may lack the power to do anything beyond their existing audit powers or beyond the Corporations Law.[20]

11.17         The AICD suggested that the appropriate mechanism for the reporting of such matters already exists within the current arrangements. Directors and officers are under an obligation to act honestly and diligently and this includes an obligation to deal with any suspicion of fraud:

The AICD’s experience of these matters is that they can be, and are, dealt with in a number of ways, dependent upon circumstances. An appropriate mechanism is for the directors and officers to raise such matters with the audit committee, in the first instance via the Company Chairman.[21]

The requirement is ineffective unless the duties of the auditor are expanded

11.18         Mr Barrett queried whether some special whistleblower law would apply to company officers. If not, it was difficult to see that auditors would play any part unless, as part of the legislative package, the nature and scope of auditor’s duties and functions were expanded. Mr Barrett suggested that the ASIC would be a more appropriate recipient of the information in question.[22]

Undesirable consequences

11.19         The Australian Law Reform Commission (ALRC) argued that as well as there being circumstances where such a provision might be justified, the requirement had potential undesirable consequences. In the view of the ALRC the requirement needed further inquiry and discussion. The ALRC cautioned that:

The risk with such an unqualified requirement is that unwarranted, costly and possibly divisive audit enquires might unnecessarily arise from such reporting in circumstances where the working through of concerns at executive and/or board level would have been a more sensible way of dealing with the matter in the first instance, especially where there is found to be no ground for concern.[23]

11.20         On the other hand, the ALRC noted there might be good reason for a director or executive officer not to confide information about fraud or improper conduct to the board. In those cases, an appropriate recipient might be the ASIC, the police or the auditor.[24]

11.21         The Association of Mining and Exploration Companies Inc (AMEC) noted that directors are required to disclose improper conduct as part of their duties and extending the requirement could lead to unintended or disruptive consequences. One such consequence could be the making of vexatious accusations by disgruntled employees. To avoid vexatious disclosures, AMEC recommended that the requirement should have carefully defined criteria and the extent of the auditor's involvement should be determined by reference to those criteria.[25]

A mere suspicion is not proof of guilt

11.22         Arnold Bloch Leibler submitted that a mere suspicion did not justify an obligation to take action:

There must be a stronger basis, in fact, before they are obliged to take any action that may require costs and resources of the company to be expended and expose them and/or the company to liability, if their action unfairly damages another person’s reputation, not to mention the loss which could be occasioned to the company if the auditor was to initiate action (subsequently shown to be groundless, in fact) in consequence of such a report involving a mere suspicion.[26]

11.23         Coles Myer Ltd stated that many allegations are ill-founded and can have damaging consequences for the individual under suspicion:

Many allegations or suspicions are based upon a misunderstanding of what has occurred. They could be ill founded. To report them to external parties could clearly be damaging to the interests of individuals concerned. That is not to say that they ought not be investigated...but to require compulsory reporting of matters which, upon the most cursory investigation, can be seen to be without foundation is throwing into question the rights of individuals in the process.[27]

11.24         Similarly, Bristile Ltd opposed the requirement on the basis that a suspicion should not attract the obligation to report, whereas “an obligation to report to the auditor any verified fraud or improper conduct would be more appropriate.”[28]

Legal difficulties

11.25         The AICD indicated that the proposal might be superficially attractive as it appeared to improve the detection of improper conduct but there were unresolved legal issues that required clarification. Those difficulties include defining what is meant by 'suspicion' and 'improper conduct'.[29] Further, it was submitted that such an obligation may require a director to incriminate himself either directly or as having aided and abetted the commission of an offence.[30]

Current arrangements are adequate

11.26         A number of submissions stated that current arrangements exist for reporting suspicion of fraud or criminal conduct. For example, Mr JA Sutton stated that there “is an implied requirement of executives to report suspicion or fact of fraud and other misconduct that comes within various statutory and general law duties of all company employees.”[31] The Henry Walker Group Ltd noted that this is currently a fiduciary requirement.[32] Coles Myer Ltd questioned the benefit of a statutory requirement when current practices and “the requirements for continuous disclosure already ensure that major issues of fraud or improper conduct are brought to the attention of the auditor.”[33]

Cost of compliance

11.27         Coles Myer Ltd submitted that legislating such a requirement would impose compliance costs. In the case of Coles Myer Ltd which has a workforce in excess of 150,000 and its own internal processes for investigating fraud, the requirement would distract the company from its primary business activity:

Regarding reporting suspicion of fraud or improper conduct to the auditor, clearly it is critical that mechanisms exist for this to occur. I can speak only for a company like Coles Myer in its current structure. I believe it to be typical of most large listed organisations. There are very clear processes in place for dealing with these sorts of issues...But please do not cast upon us an obligation which is incapable of precise definition, particularly in a large organisation where we have in excess of 150,000 employees. These sorts of matters should produce reams and reams of pages and reports and additional cost to the way we do the business. These compliance costs are a constant issue for us. We are a company very much focused on complying with the law. We believe in good corporate governance, but there is a layer upon layer of these things creeping in and it makes it very difficult for us to get on and actually do what we are there to do and sell quality products to our customers.[34]


11.28         Directors have primary responsibility for the accounts and financial reports of a company. As the Accounting Bodies acknowledged, they also have responsibility for implementing internal control structures for the prevention and detection of irregularities. Auditors, on the other hand, play a key role in contributing to the effectiveness of financial reporting. In particular, auditors are obliged to state whether in their opinion accounts are “true” and “fair” and whether they comply with the Corporations Law and the applicable accounting standard. The compliance of financial reporting with approved accounting standards has been reinforced by the Parliament.[35] It is also noted that the auditor is bound by section 311 to report certain matters to the ASIC and in doing so has qualified privilege.

11.29         The Law requires directors and executive officers to act honestly and exercise care and diligence when performing their duties. As witnesses told the PJSC, if directors or officers suspect fraud or misconduct they already have a duty to take action. A director’s duty to act in the best interests of the company imposes the duty of disclosure to the board. This may or may not involve the auditor. For example, an internal investigation may be sufficient or, as suggested by the ALRC, working through concerns at the board level may be a more appropriate way of dealing with irregularities. In the view of the PJSC a legislative requirement that imposes a duty of disclosure to the auditor will reduce a director’s responsibilities under the Law. It will also place the auditor and not the board in the position of deciding how best to deal with suspicions of fraud or misconduct.

11.30         It was acknowledged that the requirement is too broad and unqualified and that the wording should to be stricter so that the reporting of improper conduct relates to the financial affairs of the company. It was also suggested that the independence of auditors should be enhanced before a requirement of this kind is legislated. Notwithstanding the suggested changes, the PJSC believes the requirement has legal difficulties as the words “suspicion” and “improper conduct” are open to subjective interpretation. As witnesses told the PJSC, the requirement must have more defined criteria for the reporting of misconduct than mere suspicion. It was also noted that the proposal overlooks the fact that many companies do not have auditors and would be unaffected by such a requirement.[36]


11.31         Recognising that directors and executive officers already have a duty to report suspicions of fraud and improper conduct involving the company, the PJSC recommends that the Corporations Law should not expressly require the reporting of such suspicions to the auditor.

Navigation: Previous Page | Contents | Next Page