Navigation: Previous Page | Contents | Next Page
Chapter 11 - Obligation to Report Suspicions of Fraud
Whether the directors and executive officers of a company should be
obliged to report to the auditor any suspicion they might have about any fraud
or improper conduct involving the company
11.1
This proposal attracted little support from
submissions and witnesses who appeared before the PJSC. The majority of
submissions pointed out that arrangements currently exist for the reporting of
criminal conduct and the proposal gave no guidance on the course of action to
be taken once the auditor was apprised of any suspicions.
Arguments in favour of the requirement that directors and officers should
be required to report suspicions to the auditor
Enhances the role of auditor
11.2
The proposal that directors and officers should
be required to report suspicions to the auditor arose from an investigation of
the “audit expectation gap” by a Working party established by the Accounting
Bodies.[1]
The Working Party identified irregularities which directors, executive officers
and company staff should report to the auditor as part of the audit process.
These included fraud or suspected fraud, non-compliance with applicable laws,
regulations and the company’s constitution and misstatements or omissions from
accounting records or disclosures from financial reports. The proposal was
subsequently considered by a Task Force which advised the Accounting Bodies on
the implementation of the Working Party’s recommendations.[2] The Accounting Bodies described
the background to the proposed requirement:
Mr Parker-An unfortunate fact about the excesses of the
1980s was that directors and senior executives-in a very limited number of
circumstances-withheld information from the auditors. Staff that processed
certain transactions knew or at least had suspicions about what was going on. A
number of those companies continued on for a number of years, and shareholders
and creditors lost as a result of that.[3]
11.3
The PJSC was told that notification of
irregularities would provide the auditor with valuable information to assist in
planning and conducting the audit.[4]
The requirement would also have “ a beneficial effect in empowering the auditor
by having further access to information and giving those parties an obligation
to report their suspicions to the auditor.”[5]
The Accounting Bodies emphasised that the auditor was not responsible for
detecting irregularities and that company management had overall responsibility
for the detection and prevention of breaches, fraud or other improper conduct.[6] But once these irregularities
have been reported to the auditor:
The auditor, under requirements of the Corporations Law, has
then various options to consider: whether or not the matter can be adequately
addressed by bringing it to the attention of the directors to resolve, whether
or not he should comment in his audit report, whether or not he should refer
the matter to ASIC. So there seems to be plenty of opportunities for the
auditor to use his discretion. He is now informed; he has to do something; and
he can weigh up the benefits of what he has been told.[7]
Another avenue for reporting
misconduct
11.4
It was submitted that the requirement would
provide the ASIC with another opportunity to prosecute directors who have acted
corruptly. It may also encourage those directors who have suspicions but are
unsure about reporting something because of the fear of prosecution.[8]
Qualified support
11.5
The Accounting Association of Australia and New
Zealand (AAANZ) supported the suggested requirement on the basis that directors
should have a mechanism for discussing concerns with the external auditor.
However, the AAANZ advised that the wording of the requirement should be
stricter. The wording should reflect the qualifications that any reported
suspicions should be reasonably held, relate to material items and be confined
to well understood sets of activities.[9]
11.6
According to the AAANZ, the words “improper
conduct” could be read to include activities not related to the auditor’s
duties. The AAANZ recommended replacing the words "involving the company"
with "involving the financial affairs of the company".[10]
11.7
The Chartered Institute of Company Secretaries,
Victoria Branch, gave qualified support for the requirement but queried whether
a mere suspicion should attract the obligation to report:
Is a mere suspicion enough to attract this obligation or must
there be a belief that there is at least a reasonable likelihood of the
improper conduct having occurred?[11]
Arguments against the requirement that directors and officers should be
required to report suspicions to the auditor
Why do companies attract special attention?
11.8
The PJSC was told that the mere fact that a
particular enterprise or activity is organised as a company formed under the
Corporations Law does not justify the perceived need for special regulation.[12] Laws exist to encourage
persons across sectors to report wrongdoing. For example, section 316 of the Crimes
Act 1900 requires that persons with information about the commission of a
serious offence report it to the police. There is an argument, therefore, that
there is no apparent reason to single out companies as needing special
provisions for the reporting of any wrongdoing:
Fraud or improper conduct invasive of the rights of others or
otherwise anti-social should attract the same requirement for reporting and the
same protection for bona fide reporters whether it happens in the context of a
company formed under the Corporations Law, a foreign company operating in
Australia, a partnership, a body of charitable trustees, a government
department or any other form of organisation – or even in the absence of any
form of organisation at all. There is no apparent reason why someone with
knowledge about possible corporate fraud should be in a position different from
that occupied by someone with knowledge about possible social security fraud.[13]
The auditor is not the most
appropriate recipient of such information
11.9
Several submissions argued that the auditor is
not the appropriate recipient of such information because the independence of
the auditor might be compromised by the terms of the auditor’s employment or
appointment. Many auditors owe their position and income to the company. This
concern also applies to directors and executive officers who owe their
remuneration to management. A preferred course would be for suspicions to be
confided to an authority independent of company management.[14]
11.10
The Australian Investors Association Ltd (AIA)
advised the PJSC that it supported the proposed requirement only to the extent
that it is not inconsistent with the joint policy of the AIA and the Australian
Shareholders’ Association. That policy is concerned with ensuring the
independence of auditors and the auditing process. According to the AIA, the
independence of auditors is compromised as the remuneration of auditors is set
by the directors and in practice auditors are appointed by directors. The AIA
policy states:
To ensure that financial statements are reliable, auditors
should be independent. Their appointment should be subject to approval by, and
their reports copied to, a public authority; they should not be able to derive
consulting fees from their audit clients; not auditor or associates of the
auditor should conduct the audit of a listed company for more than (sic)
consecutive years.[15]
11.11
Applying the AIA’s policy to the proposed
requirement, the independence of audits and auditors should be enhanced before
the auditor’s duties are expanded to include receiving reports about the
suspicions of directors and company officers.
11.12
It was argued that the existing reporting responsibilities
of auditors should not be automatically extended to more general reporting.[16] New section 311 of the Law
requires an auditor conducting an audit or review to report to the ASIC any
suspected contravention of the Law that the auditor believes will not be
adequately dealt with by bringing it to the attention of the directors.
Auditors enjoy qualified privilege under section 1298 in relation to such
reporting.
11.13
Mr Barrett told the PJSC that these provisions
do not justify the extension of that reporting role to a general policing role
of the company. The proposed requirement would be much wider in scope than
section 311 of the Law:
Section 311 would have no obvious operation in a case where an
officer appeared out of the blue, as it were, and informed the auditor of some
suspected fraud or improper conduct. The section is concerned only with matters
emerging from the conduct of an audit or review called for by the Law, not
information separately volunteered or otherwise obtained.[17]
11.14
A further problem raised is that the requirement
leaves unclear what the auditor’s duties are in relation to the information. If
the information were relevant to the proper discharge of the auditor’s
functions and if the information were taken into account at that level and
section 311 did not apply then the matter might end there.[18]
11.15
According to Arnold Bloch Leibler, section 311
of the Law recognises that in some circumstances a contravention is best dealt
with by the directors of the company:
If the directors of a company reasonable believe that a matter
can be adequately dealt with by them, then they should have the responsibility
for doing so. The onus for dealing with a breach of the law should rest with
the directors and not with the auditors.[19]
11.16
The Australian Institute of Company Directors
(AICD) noted that auditors are under an obligation to report certain matters to
the ASIC if uncovered during the conduct of an audit or review. The requirement
would extend that obligation to matters confided in them beyond the ambit of an
audit or review. According to the AICD, there is an implication that the
auditor is the most appropriate person to deal with such suspicions:
This proposition suggests that the auditor becomes the
“policeman” for the company, even outside the audit process. There is nothing
to suggest that the auditor is in any position to handle the matters
contemplated in any better way than directors or management for example via the
audit committee. Indeed the auditor may lack the power to do anything beyond
their existing audit powers or beyond the Corporations Law.[20]
11.17
The AICD suggested that the appropriate
mechanism for the reporting of such matters already exists within the current
arrangements. Directors and officers are under an obligation to act honestly
and diligently and this includes an obligation to deal with any suspicion of
fraud:
The AICD’s experience of these matters is that they can be, and
are, dealt with in a number of ways, dependent upon circumstances. An
appropriate mechanism is for the directors and officers to raise such matters
with the audit committee, in the first instance via the Company Chairman.[21]
The requirement is ineffective
unless the duties of the auditor are expanded
11.18
Mr Barrett queried whether some special
whistleblower law would apply to company officers. If not, it was difficult to
see that auditors would play any part unless, as part of the legislative
package, the nature and scope of auditor’s duties and functions were expanded.
Mr Barrett suggested that the ASIC would be a more appropriate recipient of the
information in question.[22]
Undesirable consequences
11.19
The Australian Law Reform Commission (ALRC)
argued that as well as there being circumstances where such a provision might
be justified, the requirement had potential undesirable consequences. In the
view of the ALRC the requirement needed further inquiry and discussion. The
ALRC cautioned that:
The risk with such an unqualified requirement is that
unwarranted, costly and possibly divisive audit enquires might unnecessarily
arise from such reporting in circumstances where the working through of
concerns at executive and/or board level would have been a more sensible way of
dealing with the matter in the first instance, especially where there is found
to be no ground for concern.[23]
11.20
On the other hand, the ALRC noted there might be
good reason for a director or executive officer not to confide information
about fraud or improper conduct to the board. In those cases, an appropriate
recipient might be the ASIC, the police or the auditor.[24]
11.21
The Association of Mining and Exploration
Companies Inc (AMEC) noted that directors are required to disclose improper
conduct as part of their duties and extending the requirement could lead to
unintended or disruptive consequences. One such consequence could be the making
of vexatious accusations by disgruntled employees. To avoid vexatious
disclosures, AMEC recommended that the requirement should have carefully
defined criteria and the extent of the auditor's involvement should be
determined by reference to those criteria.[25]
A mere suspicion is not proof of
guilt
11.22
Arnold Bloch Leibler submitted that a mere
suspicion did not justify an obligation to take action:
There must be a stronger basis, in fact, before they are obliged
to take any action that may require costs and resources of the company to be
expended and expose them and/or the company to liability, if their action
unfairly damages another person’s reputation, not to mention the loss which
could be occasioned to the company if the auditor was to initiate action
(subsequently shown to be groundless, in fact) in consequence of such a report
involving a mere suspicion.[26]
11.23
Coles Myer Ltd stated that many allegations are
ill-founded and can have damaging consequences for the individual under
suspicion:
Many allegations or suspicions are based upon a misunderstanding
of what has occurred. They could be ill founded. To report them to external
parties could clearly be damaging to the interests of individuals concerned.
That is not to say that they ought not be investigated...but to require
compulsory reporting of matters which, upon the most cursory investigation, can
be seen to be without foundation is throwing into question the rights of
individuals in the process.[27]
11.24
Similarly, Bristile Ltd opposed the requirement
on the basis that a suspicion should not attract the obligation to report,
whereas “an obligation to report to the auditor any verified fraud or improper
conduct would be more appropriate.”[28]
Legal difficulties
11.25
The AICD indicated that the proposal might be superficially
attractive as it appeared to improve the detection of improper conduct but
there were unresolved legal issues that required clarification. Those
difficulties include defining what is meant by 'suspicion' and 'improper
conduct'.[29]
Further, it was submitted that such an obligation may require a director to
incriminate himself either directly or as having aided and abetted the
commission of an offence.[30]
Current arrangements are adequate
11.26
A number of submissions stated that current
arrangements exist for reporting suspicion of fraud or criminal conduct. For
example, Mr JA Sutton stated that there “is an implied requirement of
executives to report suspicion or fact of fraud and other misconduct that comes
within various statutory and general law duties of all company employees.”[31] The Henry Walker Group Ltd
noted that this is currently a fiduciary requirement.[32] Coles Myer Ltd questioned the
benefit of a statutory requirement when current practices and “the requirements
for continuous disclosure already ensure that major issues of fraud or improper
conduct are brought to the attention of the auditor.”[33]
Cost of compliance
11.27
Coles Myer Ltd submitted that legislating such a
requirement would impose compliance costs. In the case of Coles Myer Ltd which
has a workforce in excess of 150,000 and its own internal processes for
investigating fraud, the requirement would distract the company from its
primary business activity:
Regarding reporting suspicion of fraud or improper conduct to
the auditor, clearly it is critical that mechanisms exist for this to occur. I
can speak only for a company like Coles Myer in its current structure. I
believe it to be typical of most large listed organisations. There are very
clear processes in place for dealing with these sorts of issues...But please do
not cast upon us an obligation which is incapable of precise definition,
particularly in a large organisation where we have in excess of 150,000
employees. These sorts of matters should produce reams and reams of pages and
reports and additional cost to the way we do the business. These compliance
costs are a constant issue for us. We are a company very much focused on
complying with the law. We believe in good corporate governance, but there is a
layer upon layer of these things creeping in and it makes it very difficult for
us to get on and actually do what we are there to do and sell quality products
to our customers.[34]
Conclusions
11.28
Directors have primary responsibility for the
accounts and financial reports of a company. As the Accounting Bodies
acknowledged, they also have responsibility for implementing internal control
structures for the prevention and detection of irregularities. Auditors, on the
other hand, play a key role in contributing to the effectiveness of financial
reporting. In particular, auditors are obliged to state whether in their
opinion accounts are “true” and “fair” and whether they comply with the
Corporations Law and the applicable accounting standard. The compliance of
financial reporting with approved accounting standards has been reinforced by
the Parliament.[35]
It is also noted that the auditor is bound by section 311 to report certain
matters to the ASIC and in doing so has qualified privilege.
11.29
The Law requires directors and executive
officers to act honestly and exercise care and diligence when performing their
duties. As witnesses told the PJSC, if directors or officers suspect fraud or
misconduct they already have a duty to take action. A director’s duty to act in
the best interests of the company imposes the duty of disclosure to the board.
This may or may not involve the auditor. For example, an internal investigation
may be sufficient or, as suggested by the ALRC, working through concerns at the
board level may be a more appropriate way of dealing with irregularities. In
the view of the PJSC a legislative requirement that imposes a duty of
disclosure to the auditor will reduce a director’s responsibilities under the
Law. It will also place the auditor and not the board in the position of
deciding how best to deal with suspicions of fraud or misconduct.
11.30
It was acknowledged that the requirement is too
broad and unqualified and that the wording should to be stricter so that the
reporting of improper conduct relates to the financial affairs of the company.
It was also suggested that the independence of auditors should be enhanced
before a requirement of this kind is legislated. Notwithstanding the suggested
changes, the PJSC believes the requirement has legal difficulties as the words
“suspicion” and “improper conduct” are open to subjective interpretation. As
witnesses told the PJSC, the requirement must have more defined criteria for
the reporting of misconduct than mere suspicion. It was also noted that the
proposal overlooks the fact that many companies do not have auditors and would
be unaffected by such a requirement.[36]
Recommendation
11.31
Recognising that directors and executive
officers already have a duty to report suspicions of fraud and improper conduct
involving the company, the PJSC recommends that the Corporations Law should not
expressly require the reporting of such suspicions to the auditor.
Navigation: Previous Page | Contents | Next Page
Top
|