Recognising the importance of Audit Committees as part of good corporate governance, the 15th Session of the Audit Committee Forum was hosted at KPMG recently on the theme ‘Significant repercussions of simple control lapses’.
Setting the platform for discussion, four case studies of control lapses and the serious impacts arising from them were presented by Ernst and Young Partner Averil Ludowyke. The case studies were on fraud in Sri Lanka due to falsification of financial statements, inappropriate related party transactions, inadequate cash controls, and inadequate control over inventory. Ludowyke noted that such lapses were common, often starting small and ballooning over time and were seen to be “simple schemes” in hindsight. She also commented on the increasing incidence of senior management involvement in frauds and also the use of journal entries to manipulate financial records.
The presentation was followed by an interactive discussion moderated by KPMG Partner and Head of Audit Suren Rajakarier. Commenting on deterring fraud through internal controls, Rajakarier suggested that the Internal Auditors’ mandate should include provisions to ensure sales cut-off is enforced, along with proper inventory records and the internal audit plans should include checking non-routine journal entries and the financial closure process. In addition, it was also noted that high-risk areas and also self-declarations of compliance are verified by Internal Audit.
The importance of Internal Audit along with empowering the Internal Auditors to do the right thing were stressed by many participants. Rajakarier also suggested that ensuring their independence from management is considered a best practice and noted that under a good governance set up, the Internal Auditor should report directly to the Audit Committee chair. Further, follow-up of issues raised by the Audit Committee were noted as critical to prevent the recurrence of issues reported to them.
In conclusion, Audit Committee members unanimously agreed that fraud cannot be dismissed as a potential one-off risk and treated as a remote possibility. Despite an increasing multiplicity of safeguards put in place, the recurrence of fraud in many companies indicates that only a proactive approach adopted by persons in charge of dealing with it, can help mitigate its risk. An Audit Committee should be sceptical and endorse the correctness of financial statements, where there are weak internal controls and/or where senior management consistently override controls in an entity. Therefore, Audit Committees should be ever on the alert about potential elements of fraud and red flags and also take serious note of minor control lapses that are recurrent.