This is Part 3 of my Carillion series. In this part, I look at what investigations will be going on and what the aftermath might be for the auditors and Carillion directors. Part 1 on the insolvency process can be found here. Part 2 on the accounting can be found here.
One lawyer with a briefcase can steal more than a hundred men with guns
– Mario Puzo, The Godfather
This post is in two halves. In the first half, I will look at the auditors, KPMG. In the second half, the directors. I’ve written about them together because they interlink in many ways.
Part I: The Auditors
The auditors’ work is governed by the Companies Act 2006 (CA 06) and is regulated by the Financial Reporting Council (FRC). Broadly speaking, the auditors’ job is to assess whether the accounts drawn up by management are ‘True and Fair’. Unfortunately, this is not a defined term. Our politicians and courts have continually refused to offer a definition. Generally speaking, ‘True and Fair’ is interpreted to mean ‘free from material misstatement’, which is jargon-speak for something along the lines of: “free from untrue information that could affect the decisions of somebody who uses the accounts.”
The auditors work to a set of standards which set out the principles of the work they should do, these are called International Standards on Auditing (ISAs). These ISAs are used to check the accounts are ‘True and Fair’ according to accounting standards, for a public company like Carillion, these are the International Financial Reporting Standards (IFRS).
Together, these two sets of standards will lead the auditor to undertake particular bits of work. The auditor will look for the areas that are at the biggest risk of being wrong, and spend more time checking them.
The Carillion audit
Carillion’s auditors were KPMG. By law, the auditors have to write about the biggest risks in the accounts. For the last set of accounts in 2016, KPMG said these were: “Recognition of contract revenue, margin, and related receivables and liabilities”; “Other revenue judgements”; and “Carrying value of goodwill” (things I talked in detail about in Part 2… hmm…)
The auditors will, of course, focus on the whole accounts, but by their own judgement, they need to be particularly careful on these self-identified items.
When an audit goes ‘wrong’, as with Carillion, the FRC has the power to investigate under what’s called their Audit Enforcement Procedure. The FRC publicly announce these investigations, you can see the list of ongoing ones here: https://www.frc.org.uk/auditors/enforcement-division/current-cases-audit-enforcement-procedure
The FRC will review the accounts and the audit files checking to see if the audit was conducted to the ISAs and in line with the requirements under the CA 06. In particular, they will look at what’s called the Audit Report, a report the auditors give to management (privately) setting out the detailed findings of the audit. There will be a specific focus on whether they found things in their report that are inconsistent with the published accounts.
The FRC will also look at emails, the audit file and accounting records to check the work KPMG was doing and if it was up to scratch. It’s a long process, involving 1,000s of man-hours. Sifting through 1,000s of inconsequential documents looking for important information.
At the same time, the FRC will be sharing information with both the Official Receiver (as representative of the Insolvency Service); the Serious Fraud Office (SFO) and Director of Public Prosecutions (DPP). The former will be looking for potential civil breaches of the Insolvency Act ’86. The latter will be looking to see if there are criminal breaches of the CA ’06 or Fraud. More on all that in a bit.
Overall the process looks like this:
- FRC decides to investigate
- Decides whether to bring proceedings
- Sets up a tribunal to rule on any wrongdoing
- Tribunal makes determination
The targets of the investigation have a right of response and are able to challenge any allegations and findings. This means that the process can take a long time. We’re often talking years in the most complex cases.
Generally speaking, the FRC will investigate each stage of the audit. Specifically focusing on: “did the auditors miss any big risks?” “did the auditors plan for the right checks given the level of risk?” “did the auditors do the checks properly?” “did the auditors explain any misstatements in the accounts, and if necessary ensure they were corrected?”
Most of the problem comes in the middle two questions: the audit was poorly planned and the audit work was done poorly.
An example from Carillion
In my opinion (and it is of course only my opinion going solely from the facts in the accounts), we can see a potential example in the Carillion accounts.
This is what KPMG said about their response to the biggest risk to the accounts, Revenue Recognition (2015, p77, on the left; 2016, p86, on the right, p.s. you don’t need to read it, only note that they’re different):
What’s important isn’t necessarily what’s said, but what isn’t said. For example, in 2015 KPMG said that they were “challenging these estimates with senior operational, commercial and financial management“, in 2016, this now says they had “conversations with senior…“ Likewise, “assessing whether or not these estimates showed any evidence of management bias” has been completely deleted. It would appear, from these statements that the auditors went from challenging both senior management and the Group’s estimates to just the Group’s estimates.
Sceptics amongst you might be thinking I’m reading too much into this. But I will say this, auditors *can* be lazy, they would not make more work for themselves by changing ‘standard’ text unless they needed to. For me, this is a potential indication that the auditors did not undertake any analysis to see if forecasts were upwardly biased.
That is a major worry. Firstly, because this is the self-identified biggest risk in the accounts – the auditors should be doing everything to make sure these numbers are robust. Secondly, this is a huge area of judgement (as noted in Part 2). Anybody who has ever worked in business knows that management tends to have ‘rose-tinted spectacles’, they think their business is the best in the world and will make lots of money. It’s the job of the auditors to make sure they aren’t going overboard with their forecasts.
[Tangent: An example of this in action is with BHS – the auditors didn’t sufficiently challenge forecast business estimates that BHS would significantly outgrow the UK retail market. It’s a minefield though, because, even the FRC fell into BHS’ trap. At first, it said these estimates were “unreasonable”. After being challenged by Philip Green in court, the FRC backed down in their report to say these appeared ‘optimistic’ (probably because it hadn’t undertaken the work to prove the estimates were unreasonable). It takes a lot of work to establish whether estimates are optimistic or unreasonable, it’s a grey area.]
Of course, I don’t know for certain what went on in the Carillion audit. So it isn’t right for me to speculate. But it’s safe to say the FRC will be investigating and will report their findings.
BUT! NO AUDITORS EVER GO TO JAIL!
The biggest charge at the FRC is that they are ‘soft-touch’ and that no auditors ever get ‘punished’ for ‘bad’ auditors. I’m sympathetic to these arguments, but there are some important things that the mainstream media don’t say.
The one that bugs me the most is about no auditors going to jail. For an auditor to go to jail, they need to be found guilty of a crime. The FRC cannot prosecute auditors for criminal actions. The government has not given them that power. A ha! you might say, that proves auditors can never go to jail. That is not true, and something I tell people time and time again. Auditors can be sent to jail if they “knowingly or recklessly causes a report … to include any matter that is misleading, false or deceptive in a material particular.” This has been the law for over a decade, and it was widely reported when first brought into legislation. But for an auditor to go to jail, it’s up to the SFO, DPP or the Secretary of State to bring the prosecution. In other words, not the FRC.
The problem is, successive governments have drastically cut funding to the SFO and Crown Prosecution Service (CPS) to enable them to bring such cases to trial. These investigations take a lot of time and a lot of money. You have to prove that the auditor knew beyond a reasonable doubt that the report was misleading, false or deceptive or recklessly so. That is a very high burden of proof. Again, that’s for the SFO and CPS to prove, not the FRC.
The FRC is still soft-touch
That said, it still leaves the civil element, which is in the FRC’s court. The FRC gets its powers from the Companies Act and statutory instrument. In other words, it’s allowed to do only what the government lets them. [Note: some powers are delegated to professional bodies to regulate, for example, the ICAEW to discipline Chartered Accountants, much in the same way as with other professional bodies.]
For as long as I can remember, the FRC has campaigned for more powers, more funding. But this has been refused by politicians. That is reflective of the prevailing political will that governments are reluctant to ‘overpower’ regulators in case they ‘chill business’. Unfortunately, this is nothing new. You can replace FRC with FCA with FSA with the Insolvency Service and the SFO. I’ll avoid delving into politics, but if you want regulators to get tough, you first need to get politicians to allow to them to be so.
Part II: The Directors
As I wrote about in Part 1, the Official Receiver (OR) will be performing an investigation into what went wrong at Carillion. They will produce a report that outlines their findings and recommends future actions. There are roughly five courses of action:
- Do nothing (very rare)
- Recommend disqualification of the Directors
- Recommend bringing a Wrongful Trading claim
- Recommend bringing a Fraudulent Trading action
- Find no specific breach of Insolvency Law, but potentially recommend further fraud investigation.
At this point, I should mention I’m not a lawyer or barrister. Rather an accountant who worked in the bizarro-world where law, accounting and finance overlap. I’ll try my best to use the right language, but I’ll no doubt get it wrong sometimes.
Each of these actions are covered by different bits of law, each with varying burdens or proof or evidence required. Let’s look at each of them.
1. Director disqualification
This comes from the Company Directors Disqualification Act 1986. In essence, the law here is designed to prevent abuse of the Companies Act and ensure Directors have fulfilled their fiduciary duties.
There are loads of grounds for disqualification ranging from not filing papers at Companies House through to Fraud. These are set out in the CA ’06.
For the lower ranking offences, the burden of proof is low. You either did something you shouldn’t or you didn’t do something you should have. As a civil offence, it runs on the balance of probabilities, was it more likely than not that you broke the rules. Generally speaking, if you were a director of a company that was insolvent, you get disqualified.
The Court will decide how long the directors should be disqualified for. It can be up to 15 years.
Despite sounding a bit wishy-washy, it can be quite severe. If you’re an accountant or a lawyer (or another professional) it almost always means being automatically booted out of your professional body. You’re also banned from being a director, trustee or governor (often the later two ends up being for life). If you try to become a director during disqualification you can be sent to jail.
2. Wrongful Trading
Parallel to disqualification is Wrongful Trading. This is also a civil offence, covered by the Insolvency Act 1986 (IA 86).
Wrongful trading occurs when the directors of a company have continued to trade a company past the point when they:
- knew, or ought to have concluded that there was no reasonable prospect of avoiding insolvent liquidation; and
- they did not take every step with a view to minimising the potential loss to the company’s creditors.
The Directors only need to have probably breached their duties in acting in the creditors’ interests (reflected in the language above). This is more serious than a simple disqualification. The directors can be fined. Most importantly, the directors can be made to be personally liable for the debts of the Company from the point they knew the company was insolvent.
Unlike disqualification, this is less rules-based. The liquidator will try to work out the date at which the company can be shown to be insolvent, and then show why it was unreasonable for directors to keep trading. It’s important to note that it is not an offence to trade while insolvent. In some situations, it can be the correct thing to do.
This is where it can take a lot of time to build the case, and it will often be an evidential and circumstantial case. The directors will get a right of reply. It’s common for such cases to take 2-3 years to reach fruition.
3. Fraudulent Trading
This is much more serious and is the big daddy of the IA 86. Unlike Wrongful Trading, Fraudulent Trading is a criminal act. Therefore, it’s much more serious. The big difference between Wrongful and Fraudulent trading is intent. Fraudulent Trading is when a company carries on business operations with the intent of purposefully deceiving and defrauding its creditors.
The punishments are much more severe:
- Directors are potentially liable for the Company’s debts (in a greater proportion than under Wrongful Trading)
- Longer disqualification
Being a crime, it must be proven to beyond a reasonable doubt (near certainty). Therefore a director must both have known and intended to be deceitful.
Proving intent is, therefore, the challenge. You’ve got to prove the directors were actively deceitful. To do so, forensic accountants will trawl emails and accounts to find evidence where the directors took actions to gain at the expense of creditors.
As with disqualification, and Wrongful Trading, it is the OR’s duty to investigate and then bring the matter before the Court. As this is a criminal offence, the SFO, Police and CPS may work with the OR to build the criminal case in the hopes of bringing a criminal trial against the directors.
The OR may find that the directors did not do any acts the contributed to the insolvency but nevertheless, they may have committed fraudulent acts. Where fraud is suspected, the OR will share information with the SFO, Police and DPP. In these cases, the law shifts to the parallel fraud under the Fraud Act 06. There are three types:
- Fraud by false representation
- Fraud by failure to disclose information
- Fraud by abuse of position.
Each has different circumstances and evidential requirements.
For fraud to have occurred the person must have acted dishonestly and with the intent of making a gain to themselves or others or inflicting a loss on others.
This is a criminal act and the burden of proof is beyond a reasonable doubt. It also runs alongside other potential offences such under the Proceeds of Crime Act or under the Financial Services and Markets Act.
For serious offences, the perpetrator can be sentenced to up to 10 years in prison.
Proving fraud is tough because you have to prove to near certainty the person did something that they knew might be untrue, that they did so to make a gain or inflict a loss and that was their intention.
Contrary to what you might read, there is a whole pyramid of accountants in any company. For Carillion it’d look something like this (from top to bottom):
- Chief Financial Officer (CFO)
- Segment Financial Directors (FD)
- Regional / Product Line Financial Directors
- Site Accountants
- Project Accountants
With potentially some more sub-steps in between these.
So for a hospital building, the chain might look like this:
- Project accountant responsible for accounting for their sub-part of the building
- Site accountant responsible for the overall accounting of the whole hospital
- Product line accountant responsible for all the hospital constructions of the company (or PPP work in say NE England)
- Segment FD responsible for accounting for all construction projects
- CFO responsible for all accounts
It’s important to note that responsibility never flows down. It always stays at the top. Bad managers forget that.
The glue that holds this all together are the systems and processes. These are designed to prevent mistakes and ensure the accounts are done properly.
Every single transaction is entered into a General Ledger. It used to be a physical book, as the name implies (and thus where ‘bookkeeping’ also comes from). Nowadays it’s a massive database. For example, paying the salary of a carpenter who worked on Hospital X will be entered like this: -£x cash; £x salary cost. Each transaction will be coded down to minute detail, something like this:
- Segment code: 123
- Sub-segment code: 45
- Site: 67
- Project: 89
There are billions of transactions and these are compiled together to create the accounts.
Discretion and valour
This is where judgement kicks in. For example, not all transactions are cash (very few are). Let’s look at our carpenter again. They may have worked on several projects during the month, so the accountant will need to allocate their salary cost across those projects. That could be on the basis of the work performed, the time spent, or on contractual terms. Thankfully, there are systems and process in place to make this all run smoothly, down to the timesheets we have all had to fill in at some point.
Each transaction should ideally be reviewed by more than one person, to stop one individual from doing whatever they want (like Barings Bank).
When it goes wrong
The formula for when it goes wrong is almost always the same:
- Senior management gets external pressure (recession, grumpy investors, cash/financing problems)
- They push on segment heads to ‘find’ as much money as they can
- Segment head pushes site managers: are you sure we are that far behind? can’t we find some ‘easy wins’?
- Project accountant is told by the site manager to find any areas where they can scrape money together.
Multiply this on an industrial scale and you have a recipe for disaster. It sounds silly, but it’s what happened at Enron (Jeffrey Skilling). It’s what happened at RBS (Fred “the shred” Goodwin). Dictatorial management scares the daylights out of staff who desperately scramble to keep their jobs and the lights on.
Proving a fraud
This is why it’s very difficult to prove fraud. Management might reasonably say: “I didn’t know there was wrongdoing. I didn’t tell anyone to cook the books.” “I was only pushing my team hard because the company was on the verge of going bust. I didn’t want people to lose their jobs.”
It comes down to intent, did management intend for their subordinates to make collective decisions that ultimately resulted in misstated accounts?
It is incredibly rare for management to write an email to the hospital site manager saying: “I know the hospital is behind schedule but please book an extra £5m in revenue because otherwise, we are going bust.”
In fact, from my experience, it’s rare to see management send any emails. I once had a case of a CEO of a multi-billion dollar financial services company who sent about a dozen emails over 10 years and signed only half a dozen letters. Apparently, everything was word of mouth or (believe it or not) by sticky notes. It’s hard to prove intent if the person barely exists…
So with Carillion, we have lots of the key elements for potential financial crime:
- A company that was severely struggling
- Significant grey areas of accounting judgement
- From insider reports, aggressive and dictatorial management
Right now, the forensic accountants will be sifting through the emails, correspondence and accounting records looking for evidence of wrongdoing. It takes a long time, we are talking years. That CEO I mentioned earlier, they are still investigating them 10 years later.
The OR will be investigating, and ultimately producing his report. Given Carillion went bust earlier this year, I’d expect at the earlier a report late 2018, probably well into 2019. The SFO and Police will also be investigating alongside, sharing information with the OR and vice versa. For a complex fraud, you will be talking about a minimum of 2 years of investigation work, that’s before any trial.
Having been there, nobody wants for the investigation to go wrong or peter out. They’ll be working very hard, trying their best to unravel an unimaginable mess. It requires high levels of patience and attention to detail. Following transactions as they explode through the accounts. This is why I get very frustrated with comments like: “nothing is being done”. It takes time. Rush it, mess it up and your shot at nailing the bad dudes is gone.
You might argue, so few people actually get done for fraud. I agree. There are a few reasons for this:
- The law itself is very strict, even compared to other countries. We try not to send people to jail unless we are absolutely sure they’ve done the crime. I think that’s a good thing.
- We don’t give enough time, money and resources to our investigators. The CPS, SFO, IS and the Police are underfunded. They try their best, but massive cuts to their funding mean they are doing the best they can with not enough. I’m sure there are inefficiencies in each of the services, like all organisations. But they don’t have the money and the talent (driven away with pay freezes or redundancies) to work these long, expensive cases.
- Politically, there’s a focus on ‘quick wins’. We like to nail our bad guys immediately, often before the facts are there. As we live in the UK and not some lawless country, we can’t send people to jail without evidence (even if some politicians wouldn’t mind that…) I think a lot of this is driven by the media and the “Something Must be Done Act“. Is it not rather odd that our parliament creates mountains of new crimes every year but is incredibly reluctant to even discuss the idea of new laws around directors’ criminal wrongdoing?
An ending comment
I’ll end with this, the final paragraph of the select committee report on Carillion:
Carillion was the most spectacular corporate collapse for some time. The price will be high, in jobs, businesses, trust and reputation. Most companies are not run with Carillion’s reckless short-termism, and most company directors are far more concerned by the wider consequences of their actions than the Carillion board. But that should not obscure the fact that Carillion became a giant and unsustainable corporate time bomb in a regulatory and legal environment still in existence today. The individuals who failed in their responsibilities, in running Carillion and in challenging, advising or regulating it, were often acting entirely in line with their personal incentives. Carillion could happen again, and soon. Rather than a source of despair, that can be an opportunity. The Government can grasp the initiative with an ambitious and wide-ranging set of reforms that reset our systems of corporate accountability in the long-term public interest. It would have our support in doing so.
All the best,
Young FI Guy
[p.s. now I really promise to get back to writing about financial independence again…]