Collin Greenland | Management override and fraud
Historically, literature on accounting, auditing, and corporate governance best practices have all pointed to the importance of internal controls to deterring and preventing fraud and other types of white-collar crimes in organisations.
However, in the Jamaican landscape, for example, how many times have we seen the nation rocked with scandalous accusations of fraud in companies replete with documented internal controls and established policies/procedures? These controls may have been, in some instances, outdated and ineffective, but close scrutiny would reveal that the management (or directors), driven by ego, greed, or other motivations, influenced/concocted schemes that resulted in raiding the coffers of institutions that they were ethically and legally obligated to protect and spearhead their success.
Many impressive frameworks have emerged over time to provide guiding principles regarding internal controls worldwide, with the most established including the Internal Control – Integrated Framework (COSO), established by the Committee of Sponsoring Organisations of the Treadway Commission in 1992; the Guidance on Control (CoCo), established by the Canadian Institute of Chartered Accountants in 1995; the Internal Control Guidance for Directors on the Combined Code (Turnbull, and the Information Technology Internal Control Framework (COBIT), established by the IT Governance Institute, United States in 2005.
Possibly the most known and practised, COSO defines internal control as a process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in categories such as effectiveness/efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations. Other sources provide more pointed characterisations, as Investopedia, for example, regard internal controls, inter alia, as the mechanisms, rules, and procedures implemented by a company to ensure that the integrity of financial and accounting information promote accountability and prevent fraud.
Controls come in many and varied types and forms. However, they occur, and regardless of how well designed and operated, they can provide only REASONABLE assurance to management and the board as they contain inherent limitations such as faulty human judgement and breakdowns from human failures from mistakes and errors. Possibly the most devastating limitation, however, is the fact that controls can be circumvented by the collusion of two or more people, especially management personnel who have the ability to override the internal control system.
Collusion is often a typical feature of management override involving a secret agreement between two or more persons intent on defrauding a third party and orchestrating a deceptive appearance of the transaction in which they engage.
FraudResourceNet, experts in this field, points out that in relation to the perpetration of a fraud scheme, the alleged fraudster will desire to carry out their scheme, along with convincing another individual to do the alleged fraudster’s bidding, without regard towards the other individual’s wishes or resistance. In so doing, they impose their undue influence by exerting power, influence, or coercion.
FORMS OF POWER
In exerting power, they may do so via reward power, i.e.,the fraudster’s ability to provide a benefit to the accomplice. It may be coercive power, i.e., the fraudster’s ability to punish the accomplice if there is resistance.
It may also be expert power, i.e., the fraudster’s perceived expertise or knowledge. Also it may be legitimate power, i.e, the fraudster’s legitimate right to exercise authority over the accomplice, and referent power, i.e., the extent of the accomplice to identify with the fraudster.
The reasons why managers override controls are, again, many and varied. They may include incentives or pressures for individuals to misrepresent the results or financial position of the entity for personal gain (salary, promotion, bonuses, continued employment, etc); for gain on disposal of the entity or its business; to meet expectations or targets; to avoid tax; to obtain finance; or to satisfy the requirements of lenders or other third parties.
Management override, quite understandably, is recognised by International Standards on Auditing (ISAs), which acknowledge the ability of management and/or those charged with governance to manipulate accounting records and prepare fraudulent financial statements by overriding these controls even where the controls might otherwise appear to be operating effectively. These overrides may include back-dating financial documents; adjusting entries during the financial close process; improperly reclassifying information based on activity or financial condition; adjusting accounts receivable to make the ageing look more favourable; recording non-existent sales; improperly manipulating inventory reconciliations; and recording false credits from vendors to lower expenses.
Overrides may also involve hiding documentation that could alert auditors to unrecorded liabilities at year end; capitalising expenses; underpaying investors’ dividends or other returns due to them; inducing customers or vendors to provide false responses to auditor confirmations; and lying about the true nature of a transaction (and, therefore, its accounting treatment).
There are numerous international case studies that provide examples of management overrides, including the infamous shenanigans of Worldcom, Enron, Computer Associates, Barings Bank, Cendant, Enron, Bear Stearns, AIG, and Comptronix.
In the Caribbean, we would do well to lear from the experiences of Stanford Financial Group, British American Insurance Company, Colonial Life Insurance Company Limited (CLICO), plus the Jamaican financial meltdown of 1996. CLICO, for example, was the largest insurance company in Trinidad and Tobago and the region; the flagship of the parent company, CL Financial (CLF), which was the largest privately owned conglomerate in the Commonwealth Caribbean.
It had operations spanning its core business of insurance, but which also included financial services, real estate development, manufacturing, agriculture and forestry, retail and distribution, energy, media and communications operating in 32 countries through its associated and joint-venture companies and more than 65 subsidiaries spanning the Caribbean, Florida, Europe, the Middle East, and Asia.
The conglomerate controlled assets in excess of TT$100 billion; owned 55 per cent majority ownership of Republic Bank, Trinidad’s largest commercial bank; had an imposing presence in Trinidad and Tobago and across the region, and coupled with its phenomenal business success, made it the entrepreneurial flagship of the entire Caribbean.
However, a variety of causes conspired to precipitate the collapse of CLICO – inadequate legislation, liquidity challenges, market decline in the prices of various services, and various questionable corporate governance indiscretions.
Jamaican organisations, regrettably, still operate without essential white-collar crime-fighting methodologies like a fraud policy, whistle-blowing policy, and fraud risk assessments (FRA). Although assessing the risk of management override can be very difficult to detect, audit committees should maintain an appropriate levels of professional scepticism on their financial statements. Particular attention should be directed to the procurement process, especially large or unusual transactions, vigilant monitoring of the controls over the authorisation and processing of journals, and other adjustments to the financial statements.
It should be noted that auditors (internal/external), whistle-blowers, and professionals with sound ethics and morals, may suffer repercussions from exposing management overrides. The fear of undermining, career damage, terminations, malicious litigations and even bodily harm may deter Jamaicans from exposing management override known to them. However, if management override continues unchecked, we may well experience our own version of CLICO sooner than later!