As the story of Crane Bank alleged mismanagement and the resulting fraud continues to unravel, the reputation and quality of audits done by accountancy firms are increasingly becoming a subject of cynical discussions.
An audit is important because it provides reasonable assurance about whether the financial statements as a whole are free from factual misstatement, and whether the representations therein are from error or fraud.
Before the Central Bank pulled the curtains on Crane Bank, the locally-owned financial institution had, for years, been receiving a clean bill of health from auditors — accountancy/audit firms.
As is required by Bank of Uganda (BoU) regulations, before it approves financial statements of a commercial bank, an external auditor must have expressed an opinion to show that whatever was audited represents a true and fair view of a bank. Prior to Crane Bank’s takeover by BoU on October 20, 2016, the external auditors had expressed an opinion on April 29, 2016, that the financial statements were true and fair.
“In our opinion, the consolidated and separate financial statements give a true and fair view of the financial position of Crane Bank Limited as at 31 December 2015,” the external auditors, KPMG, read at the time. This is according to the 2016 annual report of Crane Bank.
Fast forward, Crane Bank is now no more after nearly two decades of operations. And importantly perhaps, its owner, Mr Sudhir Ruparelia, has been dragged to court by the regulator who is seeking to recover about Shs400b from the businessman.
The regulator claims that Mr Ruparelia fraudulently took out that money from the bank.
That is something that the Court will sooner or later pronounce itself on.
In June 2017, KPMG was seeking approval from dfcu shareholders to continue as their external auditors. What is often a process that goes on seamlessly, this time it was different.
“KPMG were the auditors of Crane Bank when it was taken over.
They are also our auditors and there is a proposal to keep them on. I have fears I would wish allayed because they are our auditors,” Mr Billy Birungi, a shareholder asked at the Annual General Meeting (AGM).
This is the same question that is being asked by some members of the public since at least 2006, PricewaterhouseCoopers (PwC), KPMG and Deloitte – considered to be among the top four accounting firms in the world – at least audited Crane Bank. At the same AGM, Mr Benson Ndung’u, a partner at KPMG defended their work at Crane Bank, insisting that they had played their role.
Although he did not delve into details of what happened at Crane Bank, Daily Monitor understands that KPMG had raised some red-flags. The red-flags were raised around the level of disclosures especially around non-performing loans (NPLs) in the bank.
More so, when BoU was taking over Crane Bank, they pointed out that the approved financial statements indicated that it was getting undercapitalised. What was published in the newspapers and annual report, did not represent the true and fair view of the Crane Bank financial position.
BoU chose to tell the International Monetary Fund (IMF) to indicate the situation around Crane Bank’s financial status.
“Crane Bank had underreported its NPLs and there were other problems with its financial reporting. Facing a steady deposit outflow, the bank was close to being illiquid, with signs of asset stripping. The ensuing corrections to the financial statements contributed to the worsening of financial soundness indicators of the banking sector,” the IMF disclosed in the 2017 Article IV Consultation and Eighth Review Staff Report of Uganda’s economy.
At the dfcu AGM, Dr Winfred Kiryabwire, a non-executive dfcu board member, pointed out that if KPMG had done anything wrong, it would have been suspended or sued by BoU.
“According to the Financial Institutions Act (FIA), if external auditors are accused of any wrongdoing, action would have been taken. As far as we are concerned, we have not seen this action taken,” she said.
It is not the first time auditors are questioned over the quality of their work. In Kenya, after the almost similar fraud was unearthed at Imperial Bank in 2015, the external auditors PKF were put on the spot to explain why they never identified the issues. Notably, the fraud at Imperial Bank was unearthed after the directors recommended that there be a forensic audit of the bank.
It took a forensic audit carried out by PwC – after being hired by BoU - to unearth the alleged fraud at Crane Bank.
When interviewed for this article, the Institute of Certified Public Accountants of Uganda, chief executive officer, Mr Nkajja Derick, said there is a difference between engaging in a fraud and carrying out an audit as per the agreed scope of work.
He said industry professionals who engage in fraud and related criminal activities should be dealt with according to the law. That is even before the institute comes in with its own sanction as per the professional code of conduct.
Although he said there is a possibility that an audit may not detect what is amiss, given that the scope of work may be restricted to matters that concern the financial statements, the blame should not entirely be heaped on the audit firms.
According to Mr Nkajja, annual audits done by external auditors alone do not tell the whole story.
He said: “There are levels of audits. But if you want to understand the whole story, then you should do a forensic audit which will investigate everything in detail, unlike the usual audit whose result is determined by a sample basis. With this, you may miss out on some things.”
He continued: “Normally, when the management set out to perpetrate fraud, they manipulate the internal controls, making it hard for an audit to quickly detect the anomaly. This could explain why some bad things may not be detected quickly.”
Not all hope is lost
Despite the industry being on the spotlight, thanks to some of the shady audits, Mr Nkajja says all is not lost yet.
He says the institute is doing all it can to uphold the ethics and standards of the profession, arguing that majority of the industry players are not only level-headed but also ultimate professionals.
Mr Nkajja also did not deny that collusion and fraud, leading to distrust of the quality of audits produced by the accountancy firms is increasingly becoming a matter of concern, although he stressed that it is something that happens with the knowledge of the organisation management. “We are going to investigate whoever is involved in that kind of fraud and we shall work with other regulators such as the Central Bank so that we tackle this matter to its logical conclusion.”
Directors hold the key
In most annual reports, it is highlighted that auditors rely on information provided for by the directors of a company. In most reports, there is always a section called director’s responsibility. For instance, in the 2015 Crane Bank Annual Report, the directors stated that they were “…responsible for the preparation and fair presentation of the consolidated and separate financial statements.”
Additionally, they also noted that their responsibility was also “designing, implementing and maintaining internal controls relevant to the preparation and fair presentation of these consolidated and separate financial statements that are free from material misstatement, whether due to fraud or error…”
Several auditors Daily Monitor spoke to suggest the same thing. They point to the fact that there is a gap between what the public expects them to do and what they (auditors) believe are responsible for. However, for the public, once firms approve statements, they believe all gaps have been filled.