In the governance section, often seen as squeezed between economics and grass growing in the stakes of dismality, we see an emerging trend to compare everything to Arthur Andersen. Of course, the collapsed audit house was a big (!) data point, one which everyone can agree with. So that makes it special. (Links 1, 2, 3, 4).
But let's get real. What Arthur Andersen actually did was a) obvious and b) routine. A little bit of pre-emptive shredding? Who in their right minds thinks this is not going on? By what theory of human action or agency theory or what-have-you can we show that auditors will not take the money and do the company's bidding?
As far as I can tell, what AA was caught for was some minor infraction. No doubt worse was going on under the covers. How can we tell? Because audits are mostly secret. (Read any audit report, and it doesn't really tell you what they did, and is covered by a whole bunch of weasel words.) If they are secret, then there are two possible reasons: one is to hide the information from you, and the other is .. to hide the information from you! Which is to say, they will tell you that it is competitively sensitive, but that's indistinguishable from "didn't do the job."
Which leaves us with yet another case of lemons. The market doesn't really rely on the audit report, other than its binary existence. The market does its own calculations, and looks to other fraud indicators to see what's what. (When was the last time you saw a company fail, and the auditor knew and warned?)
Which also brings us to the question of just what one is supposed to do about it. Basel II and Sarbanes-Oxley will add more and more regulation, but will not change the overall governance equation, except for the worst. That's because they make things more complex, and we are already seeing signs that boards are losing their original governance and strategic focus in a frenzy of CYA adjustment.
They also add costs, so they are 'bads' on two counts. What then is the underlying source of the rot? I believe it to be secrecy. Corporates that practice keeping things secret set themselves up for the rot to spread internally and eventually bring themselves down. The sunlight for secrecy is called disclosure, and if you look at the Enron case, it was disclosure that triggered the event: some member of the public scrutinised the _publically accessible filings_ of the company and realised that the numbers so filed didn't accord with reality.
In my emerging theory of open governance, anything that is disclosed is good, anything secret is bad. (How this theory stacks up against competitive intelligence is an unanswered question, for the moment!) In this sense, the existence of the SEC, FSA and various million or so filings that they mandate is a good thing. As long as they are public. Any rule that doesn't result in a public filing is a 'bad'.
Make no mistake, this is not a satisfactory state of affairs - the government has no clue how to mandate useful disclosure. Not because others are smarter, but simple market principles indicate that no one person knows such things. Disclosure is a competitive force, like all other 'goods' and thus an open governance society would encourage differentiation. In my favoured world, one company would decide on an audit, and another would not. Let the market judge.
(Indeed, in the evolving governance world of the 5PM, those practising it know that it costs a bundle to do it "fully," so the more realistic way is a graduated approach.)
Which brings us to Riggs Bank. It is looking like the rot was both secrecy borne of age and influence, and also a well known form of banking cancer is lurking within. The reason I say that is mostly intuition, but also, it transpires that Riggs Bank was also a favourite bank of the CIA. What this means is that aside from the normal secrecy infection leading to rot, the bank laboured under huge conflicts of interest. The CIA has a long history of infecting banks and running their own banks, and the result is never pretty, in governance terms (think Nugan-Hand, BCCI, ...).
Perversely, when the news of the CIA connection broke, Riggs shares rose heavily. This shows the market knows that the punishment will be relatively light, as Riggs now have a get out of jail card. This was already confirmed in the early plea bargain for a single criminal conviction - there is no way a bank would take a cop like that without fighting unless some other deal were done.
In closing, what can we say? Governance - it's a mess. If there are secrets there, don't expect it to be pretty when the sunlight hits. And don't expect any auditor to have picked up the Riggs situation. That's just naive.
Posted by iang at January 29, 2005 08:37 AM | TrackBackAudits should be checking the systems used to report to verify that the figures aggregated are accurate. Simple sampling should be used to determine this when the process is approved by the board.
What SOX lacks is a real time acounting system that cannot be changed or rendered useless by human whim. So the contracts of each entry to the charts of accounts should be minted at the functional level. The detail captured within a particular routine can then be layered into the overall charts of accounts to determnine the financial statements. This level of automation would require each phase of a process to be documented and Ricardo-ized then each Contract needs to be intergrated into the overall charts and ledgers.
This layering of contracts would create a real time aggregation that can be isolated down to its finite level of detail, avoiding the batching schemes and nightmares of old. So the isolation of the business process down to its accounting functions without grossed up entries would create a real time picture of an entity's financial well being.
The only thing left after the process is established is to check the layered contracts conform to the processes as observed. The contract and its action must be corrected by a corresponding anti-contract or reversal; the minting of reversals could provide information on processes and utilization of resources.
So clerk alice pays contractor bob for massage therapy, this bill is paid via a contract established by supervisor joe. When jo drafted the contract with bob it was for a time period to massage the staff's stiff necks. After the time period elapsed bob submitted the contract to alice. The supervisor joe had the contract in the system and alice credited it against a dda balance. The contract for bob's services, alice's action in paying upon acceptance of the bill, and joe's authorization are all in an array of contracts that live in the sub accounting routine in the charts of accounts. Of course joe the supervisor would have to have been authorized to mint a contract or transmit that information to the appointed minter.
The payment is the process and the point of capture. To audit this would take almost no time. The fact that bob and alice had a side deal along with joe that billed the company for services not really rendered and they all took the money and went on vacation is undectable and would never show up on any form of audit because the dishonest behavior of folks acting in concert is hard to detect unless as always happens once alice finds joe and bob are not to her liking she turns the crew in. So in the end the audit serves no purpose other than to ensure the process works the way they say it does. Most audits only verify process not balances.
Posted by: Jim at January 29, 2005 10:11 AM