3rd Issue (Jan 1996)

Editorial

Corruption and fraud are a financial plague. They feed on each other in the relentless and destructive pursuit of money. The perpetrators are a different breed from violent criminals : they are people in positions of trust, from ordinary staff to the top management. In this issue we examine the causes for these crimes and ways to prevent them. We also have advice from various experts who addressed the recent Corruption and Fraud Prevention Seminar for the accounting profession. The seminar was jointly organised by the Hong Kong Society of Accountants and the Hong Kong Ethics Development Centre (HKEDC).

We are also grateful for Professor Judy Tsui, Head, and Mrs Jeanette Wa, Lecturer, Department of Accountancy of the City University of Hong Kong for sharing their expertise in corruption and fraud prevention by the accounting profession through the article on 'Internal Control and Fraud Prevention : The Auditor's Responsibility'.

On the global front, Mr Herbert Liang, Chairman of the Hong Kong Ethics Development Advisory Committee, attended the 7th International Anti-Corruption Conference held in Beijing in October last year. He gave a talk entitled Corruption Control Through Ethics In A Market Economy - The Hong Kong Experience to more than 1,000 delegates from all over the world. In addition to greater international co-operation, the ICAC Commissioner, Mr B.E.D. de Speville, has been assured by Chinese authorities that the ICAC would continue to spearhead the fight against corruption in post-1997 Hong Kong in accordance with the Basic Law and existing legislation. Meanwhile, the HKEDC has been actively promoting work ethics among young people (see page 4).

A list of business organisations having drafted or reviewed their codes of conduct since the last issue is produced as a supplement to this newsletter. We have also enclosed a calendar card containing key points on preventing corruption and fraud. Contact our Centre for details and the System Control Guidebook, one of our many ways to prevent corruption and fraud.

System Control

Corruption and fraud from the boardroom to the storeroom will sink your company unless you act on them. The following cases show how your company can easily be tricked with disastrous consequences. They may just be the tip of an iceberg, said Mr Ng Kam-loy, Principal Investigator of the ICAC, and Mr Chung Hui-pang, Senior Superintendent of the Commercial Crime Bureau of the RHKPF, at a recent Corruption and Fraud Prevention Seminar.

• A bank lost more than $32 million in bad loans and credit because one of its managers was tempted into accepting bribes of $140,000 by two dishonest company directors.
• A finance and administration manager and an accountant in charge of issuing cheques defrauded their trading company of more than $10 million.
• Staff in the purchasing department of a catering company conspired to accept illegal rebates from food suppliers. They even set up bogus suppliers to cheat their company. In eight years they collected more than $3 million.
• A department store buyer and a warehouse supervisor conspired with suppliers to make fake orders and deliveries of goods amounting to more than $1 million.
• A caretaker at a construction site accepted $2,000 to clock-time for absent and non-existing workers. The company lost wages amounting up to 120 man-days a week.

Companies need various systems such as accounting, marketing and administration to run their businesses effectively. However, these systems are vulnerable to malpractice unless they are properly controlled. Where controls are absent or when they fail, employee integrity will be lost. This leads to abuse of trust, conspiracy and theft. In fact, poor controls account for most of criminal activities in business organisations.

At the seminar, Mr Ng Kam-loy said outdoor work, sub-offices and even overseas offices were more vulnerable because supervision was difficult. Malpractices were harder to detect, and easier to cover up with false records and reports.

Mr Chung Hui-pang emphasised the importance of proprietary or other valuable information. He cited cases of employees of credit card companies, hotels and retail outlets selling confidential client information to syndicates making and using counterfeit cards to defraud others of millions of dollars.

Another speaker at the seminar, Dr Matthew Lee, Head of Department of Information Systems at the City University of Hong Kong, warned of the increasing use of computers by white-collar criminals. The common cases are creating false accounts and records to spirit away money and "hacking" into real accounts to make illegal transfers.

Ms Lai Xin-hua, Deputy Chief Procurator of Guangzhou Municipal People's Procuratorate, warned businessmen about the high risks and serious consequences of breaking anti-corruption laws in both public and private sectors in China.

System Control

System Control is a mechanism to deter or prevent malpractice, corruption and fraud at all levels of a company's operations. Mr Donald Chia, member of the Corruption Prevention Advisory Committee, points out that setting up System Control is neither complicated nor costly. It requires for most part clear and simple rules for staff to follow.

The following are some System Control tips extracted from the Guidebook On Corporate System Control recently published by the Hong Kong Ethics Development Centre :

• Set up a clear chain of command and responsibilities for every unit or staff;
• Establish written work procedures and maintain proper records;
• Protect information and allow access only on a need-to-know basis;
• Watch out for warning signs and conduct spot checks;
• Provide adequate channels for internal and external complaints;
• Conduct periodic reviews of systems and procedures.

Internal Control and Fraud Prevention: The Auditor's Responsibility

The question of corruption and malpractice in business organizations has been the source of much concern and attention among business executives and accountants in recent years. Reported cases of business malpractice and corruption have been alleged in Carrian, Overseas Trust Bank with the most recent allegations being Barings Securities and the Daiwa Bank. These reports have prompted the business community to question the auditor's responsibility in terms of fraud prevention and detection. It is common knowledge that an effective system of internal control can go a long way in preventing fraud and irregularities. In this short note, we will discuss the functions of internal control in the context of the auditor's responsibility for fraud prevention.

Internal Control

An internal control system is defined as being: (HKSA Auditing Standards and Guidelines 3.240, para. 3, pp. 1)

"the whole system of controls, financial and otherwise, established by the management in order to carry on the business of the entity in an orderly and efficient manner, ensure adherence to management policies, safeguard the assets and secure as far as possible the completeness and accuracy of the records. The individual components of an internal control system are known as "controls" or "internal controls" emphasis added.

Recently, the Hong Kong Society of Accountants (HKSA) has promulgated twenty Exposure Drafts (ED)*1 one of which is the Statement of Auditing Standard (SAS) 110. It specifically dealt with the issue of fraud and error. The objective of this ED on SAS 110 is to provide guidance on the responsibility of the auditor on the occurrence of fraud and irregularities in the process of the audit of their client's financial statements.

The existing Auditing Guidelines (3.240) emphasizes that management has the responsibility to set up an internal control system and to ensure its effective implementation. The nature and extent of the internal control system according to the different characteristics of the business organization such as size, volume of transactions and geographical distribution of different operational units are within management's prerogative. Another important factor to take into account in determining the extent of any internal control system is that benefits obtained should exceed the cost expended in implementing any such system. Due to the recent upsurge in the occurrences of fraudulent practices within well established business organizations, attention has been drawn not only to the auditor's responsibility for fraud but to management's responsibility as well. Furthermore, the new ED on SAS 110 has also spelt out that directors should take reasonable steps to prevent and detect fraud. It emphasizes the delineation of the auditor's and management's responsibilities for fraud prevention and detection. The audit process should by no means relieve the director's responsibility to institute measures to prevent and detect fraud. This new ED on SAS 110 even went as far as recommending some steps whereby the directors may discharge the said responsibilities (HKSA ED on SAS 110, para. 12, pp.4):

1. "the steps taken to develop within the entity an appropriate control environment, which is itself dependent upon the attitude, awareness and actions of directors;
2. the development of a Code of conduct, ensuring employees are properly trained in and understand its provisions, monitoring compliance and taking appropriate disciplinary action in cases of non-compliance; and
3. the institution and operation of appropriate systems of internal control including monitoring their effectiveness and taking corrective action where necessary," emphasis added.

Though it is widely accepted that the audit may in itself act as a deterrent to fraud, the auditor does not have the responsibility to prevent or detect fraud. The responsibility in preventing and detecting fraud actually rests with management. However, the auditor has to be very cautious and aware of the possible occurrences of fraud. In particular, the auditor has to take extra care before relying on the client's system of internal control as a basis for his audit opinion. It is recognized in the auditing practice literature that fraud and irregularities can still occur within the most effective system of internal control and that there is no fool-proof internal control system since there is always some risks that the controls would not operate as planned. A good and strong system of internal control can, however, reduce the risk of fraud and irregularities. In the recent years, there is apparently an increase in the public's expectation on the auditor's responsibility. The recent ED on SAS 110 goes as far as attempting to address some of the circumstances whereby the occurrence of fraud may be reasonably expected. They are, for example, management introducing transactions without substance and collusion between employees or falsification of records. Then first empirical Hong Kong study conducted by Gul (1995) found two red flag factors namely misstatements in prior audits and indications of going concern problems to be important indicators when auditors evaluate the risk of fraud. Additional conditions which may indicate a higher risk of fraud suggested in ED on SAS 110 are (HKSA ED on SAS 110, para. 24, pp. 7):

1. "previous experience or incidents which call into question the integrity or competence of management or other staff;
2. particular financial or reporting pressures within a entity;
3. weakness in the design and operation of the accounting and internal control system;
4. unusual transactions;
5. problems in obtaining sufficient appropriate audit evidence; and
6. inadequate control over data in an information systems environment," emphasis added.

Conclusion

There is no perfect and effective internal control system. It is all very well that the internal control policies and procedures are well documented and high sounding. It is another issue altogether, whether they are implemented as designed and operate in an effective manner. In the last decade, the auditor has the responsibility to investigate further upon suspicious circumstances. Nowadays, the suspicious circumstances in terms of red flags are documented and the auditor has a greater responsibility to look out for the conditions that increase the likelihood of fraud occurrences. The approach to be adopted once there is a reasonable expectation of fraud occurrence is to be most alert and less reliant on management representations. In summary, it is reasonable to say that the auditor's responsibility has increased relative to that a decade ago where the extent and the total amount of loss in alleged fraud cases is much less.

References

F A Gul, A Research Note on the Effects of Selected Red Flag Factors on Auditors' Perceptions of Risk of Fraud and Material Irregularities, unpublished paper, 1995.

Hong Kong Society of Accountants Members Handbook, Statement 3.240, 1984, para. 3, pp.1.

Hong Kong Society of Accountant Members handbook, Exposure Draft, SAS110, 1995.

KPMG Peat Marwick, Fraud Survey Results 1993, New York, 1993.

Training and Seminars

The Centre and six leading chambers of commerce jointly hosted a luncheon meeting in October last year to enhance business ethics in the international market. Mr Gary Edwards, immediate past president, and now Senior Fellow of the Ethics Resource Centre in Washington, USA, shared his insights with a presentation, Global Ethics In A global Economy, to more than 130 Hong Kong businessmen.

Ethics for Youth

A new package, Ethics In Management - A Resource Portfolio For Hong Kong Universities, is now available. The portfolio, the first of its kind, aims to inject the subject of ethics into the curricula of tertiary Institutes. It provides reference materials for lecturers on business ethics for their classes. There are three parts : teaching materials, case studies and support materials. The package was prepared with Hong Kong as the business background. Free copies have been distributed to all universities in Hong Kong. Others who are interested can contact the Centre.

Publications and Consultancy

In response to increasing inquiries on legislation and problems relating to investments in China, the ICAC and the Guangdong Provincial People's Procuratorate have jointly published the A Legal Guide for Investors in Guangdong and Hong Kong. Free copies, in English and Chinese versions, can be obtained from the Centre.

The launch of Ethics Plus - a package of guidebooks to help companies implement their own Corporate Ethics Programme - prompted many requests for advice on customised codes of conduct, System Control and staff training programmes. There was also strong interest in the Centre's latest production, the Think Before You Leap training video depicting ethical dilemmas at the workplace. Human resources mangers and trainers suggested the videos be accompanied by user guides to help them with their training courses. The Centre has produced the guide and interested companies can contact us at 2587 9812 for details and free copies.