Turning Stones Blog
‘Trust but verify’ is a Russian proverb made famous by Ronald Reagan. Proverbs reflect hard-learned lessons and this one in particular is apt for shareholders.
Independent verification of a company’s numbers is the bedrock of investing. And still, by some accounts, the last two decades have seen some of the worst accounting scandals in history from Enron (US) and Carillion (UK) to Satyam (India), Luckin’ Coffee (China) and Wirecard (Germany). Whether it is related-party transactions, kickbacks, or overstating revenue, financial fraud creates billions in losses for investors who are both shocked that auditors missed the tricks and disgusted by the management team who misled them. With hindsight, the red flags always seem to be in plain sight. Rosy stories that didn’t match up with the numbers, ample profits but no cash, related-party transactions and other telltale signs.
Thankfully, for the most part, auditors deliver reliability and reduce risk for investors. There is, however, an important Achilles heel. Unlike other guardians of society, such as police departments or regulators like the SEC, the big accounting firms are run for profit. The so-called Big 4 (not so long ago the Big 8) is an elite cadre of accounting firms that run audits for essentially all public companies worldwide. The combined market share of these four firms across the MSCI All Country World Index, for instance, was 83%1. And in only 15 of the 50 countries did any firm have a market share below 10%.
The potential for a misalignment between a partner at an accounting firm and investors is further amplified because these firms do way more than just audit work: consulting fees and other lucrative non-audit services sold by the Big 4 lifted global revenues to a whopping $157 billion last year. The world’s biggest audit firms seem to be spread everywhere in equal thickness, with a highly profitable market stronghold that presents opportunities for conflicts of interest.
It doesn’t take a cynic to sense there’s probably many more shenanigans that will continue undetected. Do you ever wonder how many pennies of EPS might be syphoned off across a range of stocks? The possibilities are endless. The ones I chiefly worry about are run by iron-fisted leaders with weak governance standards who operate privately run enterprises on the side—a popular set up across some emerging markets.
Some tricks may never be caught, but there are actions that investors can take to minimize the risk. The key is an abundance of oversight that’s independent. Three main gatekeepers beyond a company’s internal systems will bolster those defenses:
Does the commercialization of audit verification work against the end customer, shareholders?
Worries over conflicts of interest have risen with the growth in the non-auditing business. In 1977, 70% of big accounting revenue came from audit services2. By 2020 it stood at 33%3 due to the growth in consulting and tax services. Cozy and dual business relationships on both sides of the audit-consulting fence between auditors and top management has led to conflicts in the past: It’s worth remembering the fifth member of the big accountant group, Arthur Andersen, came to a messy end in 2002 largely due to its aggressive pursuit of such side business. After the Sarbanes-Oxley Act passed in 2002, due to the Enron and Worldcom accounting scandals, non-audit fees fell as a proportion of total accounting fees in listed US companies – in contrast to the trends in other markets. It is difficult to see any benefit to shareholders when both consulting and auditing sit under the same roof – but it does, at least for now.
Truly independent auditors not only avoid conflicts of interest but bring a host of benefits. One less known example is how they are often used as a proxy for whistleblowers. In certain emerging markets, where regulations are not always enforced that strictly, and where whistleblowers have little effective protection against retaliation, auditors often provide the policing. Independent auditors are often trusted to take up sensitive issues from concerned employees in confidence. This function is helpful to line workers through to board members. High profile auditors have a red button on their desk. They can choose to drop a client, a powerful tool that sends an unspoken warning.
The audit committee is a sub-committee of the board, typically staffed by four directors. This committee is responsible for the selection of the independent auditor, and is in charge of financial reporting and internal audits. Thus, this key committee maintains the firewall between auditor and management interests.
Given the leverage on shareholder value, it’s hard to argue that anyone except independent directors4 should be members of the audit committee. Yet, some 37% of the MSCI ACWI companies have at least one non-independent director serving in these important roles. Of this group, 201 companies (7% of the companies) even have executives of the business on the committee. Over the years, the arguments you hear in support of insiders on the committee tend to focus on the benefits of having someone who knows the way around the accounts, or who knows where to find appropriate information and how to contact the right people. In my opinion, there’s really no good reason to swap independence in exchange for anything, let alone, say, so-called access to the email address of the head of accounting.
Regulations guiding the makeup of this committee are mixed by market. In the US and UK, all members of the audit committee are required to be independent. However, it’s not the case in Japan5, Germany6, China7 or India8. The board selects the audit committee. And given that the board comes up for vote, the policies followed by the proxy vote advisors should carry some weight. However, their basic policies on this too, tend to vary by market. In my view, independence is at risk if any link in the chain is compromised. To me, an audit committee with fewer than 100% independent directors is a red flag. The potential for an insider to influence either the selection of an independent auditor or the internal audit itself with an ulterior motive is higher if they are on the committee.
Following the epic scandals at Enron and Worldcom, whistleblowers made Time Magazine’s Person of the Year cover in 2002. Sherron Watkins, an accountant at Enron, and Cynthia Cooper, head of Internal Audit at Worldcom, reported their findings internally and not to the press. Both women reported their findings before the whistleblower protection of the Sarbanes-Oxley Act were in place. Brave actions. The Wirecard whistleblowers were Singapore EY employees, according to the Financial Times, and remained anonymous.
Both Enron and Worldcom were audited by Arthur Andersen. For a sense of trust stretched, the accountant generated $52 million in fees from Enron alone in 2002, with just over half coming from non-auditing services.
How important the whistleblower channel is in keeping problems both visible and identifiable early, is illustrated in the 2020 annual report9 from the Association of Certified Fraud Examiners (ACFE). This covered a study of 2,504 cases of occupational fraud between January 2018 and September 2019. Of the leads that brought the issues to light, 43% came through tips – half were from employees and a further fifth from customers. The next largest source of discovery came through internal audit at 15%.
In an ideal world, whistleblower discoveries will be investigated and settled before they become public and newsworthy. For this to happen, companies need a robust whistleblower program that provides easy-to-report channels, such as hotlines or online forms. The only way to create an effective program is allow for the whistleblower to remain anonymous with protection from retaliation if they disclose their identity. The ACFE study found the average fraud ran 50% longer at companies without a hotline.
The legal framework in a country makes a real difference and whistleblower protection laws are all over the place. The US has a long history of protecting and actively encouraging insiders through rewards programs. This was first established in 1986 with the amendment of the False Claims Act, which has produced a staggering $64 billion in recoveries through 2020. Whistleblowers have typically been rewarded in 15-30% of successful cases. The Dodd-Frank Act introduced a separate program protecting whistleblowers to the SEC in 2011, which also offers rewards. In the EU, rapid progress is being made following the passing of its Whistleblowing Directive in 2019, but the rules still need to be enacted by each member country by December, 2021. Russia still only offers protection to public employees. Low-crime Switzerland, despite much debate, offers no specific legal protection.
So how can an investor tie this into their research process? I have taken a look at the MSCI ESG metrics that categorize whistleblower programs. These, in effect, rank them into three buckets: 1) a formal anonymous whistleblower system with legal protection (the best option); 2) protection offered, but no details provided; and, 3) no evidence of a system, which is the worst option. Across the MSCI ACWI, 14% of the companies showed up with no evidence of a whistleblower program. It’s important to note that 347 of the 384 companies were Chinese. Excluding China, the rate falls to 2%. But an OK program is not as fine a filter as a strong one.
As always, you can run the data in a number of ways looking for areas of thin ice, from the top down. You can weight program strength alongside the number of non-independent audit committees, or high non-audit fees relative to audit fees (temptation risk). But, what matters here is how the companies you are invested in stack up. These are just helpful red flags, but not an answer in themselves. A red flag is a starting point for digging in and asking some questions of management and far from an end point – whatever the ESG quants tell you.
Trustworthy reporting is vital to investing and financial markets. Financial statements must present a true picture of a company’s health and vitality—otherwise what’s the point? Independent oversight is the only way we keep the cash and business practices inside the guardrails.
Of course, there is no way to completely eliminate the possibility of fraud. For our part, investors must hold the chairman and the entire board accountable for an independent audit committee and effective whistleblower program. Blindly trusting fiduciaries because of title and function is one thing, verifying they have a working system in place to foster trust is quite another.
1. Source FactSet. MSCI All Country World Index (MSCI ACWI)
2. Steven Harris, Chair of the Investor Advisory Group of the Public Company Accounting Oversight Board (PCAOB) https://pcaobus.org/news-events/speeches/speech-detail/the-rise-of-advisory-services-in-audit-firms_544
3. Big 4 global revenue split, source annual reports 2020; PwC, EY, KPMG, Deloitte.
4. Includes both ‘inside’ directors (current executives), and ‘outside’ directors (meets criteria such as ex-executive, current employee, controls more than 30% of the votes, founder, somehow related to an executive etc.).
5. Japan – companies are not required to seek shareholder approval to appoint an external auditor.
6. Germany - codetermination laws often have audit committee split between employees and shareholder representatives.
7. China - The Code of Corporate Governance for Listed Companies, Article 38, audit committee should consist of a majority of independent directors.
8. India - The Companies Act.
Certain information ©2021 MSCI ESG Research LLC. This report contains “Information” sourced from MSCI ESG Research LLC, or its affiliates or information providers (the “ESG Parties”). The Information may only be used for your internal use, may not be reproduced or redisseminated in any form and may not be used as a basis for or a component of any financial instruments or products or indices. Although they obtain information from sources they consider reliable, none of the ESG Parties warrants or guarantees the originality, accuracy and/or completeness, of any data herein and expressly disclaim all express or implied warranties, including those of merchantability and fitness for a particular purpose. None of the MSCI information is intended to constitute investment advice or a recommendation to make (or refrain from making) any kind of investment decision and may not be relied on as such, nor should it be taken as an indication or guarantee of any future performance, analysis, forecast or prediction. None of the ESG Parties shall have any liability for any errors or omissions in connection with any data herein, or any liability for any direct, indirect, special, punitive, consequential or any other damages (including lost profits) even if notified of the possibility of such damages.
The discussion of any investments in this paper is for illustrative purposes only and there is no assurance that the adviser will make any investments with the same or similar characteristics as any investments presented. The investments identified and described do not represent all of the investments purchased or sold for client accounts. The representative investments discussed were selected based on topics related to our ESG research. The reader should not assume that an investment identified was or will be profitable. There is no assurance that any investments identified will remain in client accounts at the time you receive this document.