Carillion’s external and internal auditors, KPMG and Deloitte, respectively, were questioned by Members of the Work and Pensions and Business Committees last week.
A lot of ground was covered, but ultimately the session only revealed what is already known. Given the growing sense of investor concern about the reliability of audited financial statements, partially as a result of increased complexity, the immediate challenge is to repair the damage and this will require fundamental reform.
According to Rachel Reeves MP, “the fact that it was impossible to get a true sense of the assets, liabilities and cash generation of the business raises serious questions about Carillion’s corporate governance.”
From a fraud risk perspective, we were alarmed. The amount of goodwill, revenue recognition pertaining to major contracts were all discussed, but it is Carillion’s whistleblower function that requires further scrutiny. Post the collapse, a series of allegations have emerged (as reported in the media), which raise the question whether Carillion’s whistleblower policy was adequate, effective, or even tested.
The allegations that have emerged include:
Suppliers submitting invoices after key accounting dates; ‘bunching’ of supplier invoices was known and should have been questioned and reported.
Allegations by a former executive claiming that Carillion was in serious financial difficulty by the middle of 2016 but directors were “placating the City” by failing to disclose major problems. The former executive claims that ‘the supply chain wasn’t being paid, money was getting transferred between different parts of the group to pay salaries, loans were coming in from the UK to the whole of the Middle East. By mid-2016 we were already seeing these problems.”
The former executive’s claims that he considered becoming a whistleblower by flagging up his concerns with a non-executive member of the board but was concerned at what the outcome might be.
He should not have been. The law governing whistleblowers is contained in the Public Interest Disclosure Act 1998 which was implemented to protect individuals who make certain disclosures of information in the public interest and are consequently victimised or dismissed. Under the Employment Rights Act 1996, if an employee “blows the whistle” they will receive protection from being dismissed or victimised. This protection is a day one right. Whistleblowers have the right to tell their employer or a prescribed person anonymously, or give their name but request confidentiality.
When we analyse a company from a fraud risk perspective, we look closely at the company’s whistleblower policy and evidence of whether it is effective or not. We look for a clear policy, and an environment in which whistleblowers feel sufficiently confident to express concerns openly. We look for evidence that there is a clear process for promptly investigating and resolving expressions of concern regarding known or potential wrongdoing, and that the company has a plan that sets out what actions will be taken and by whom. As we have consistently repeated, the risk of fraud is growing rapidly and we need to know how seriously companies treat this. Do they treat it seriously, or just pay lip service to it ?
In the case of the former Carillion executive’s allegations, these are so serious that we need to know what communication and reporting lines were in place had he decided to blow the whistle. Was there an established, stated, clear line of communication to the Board or not? If not, why not?
Carillion is now dust. However, lessons can be learnt which may prevent another disaster. We have a suggestion. Every company that wants to be taken seriously by the investment community should appoint a Chief Fraud Prevention Officer. This role should have responsibility for identifying key fraud risks across a business and implementing necessary controls which should be regularly tested. It should also have responsibility for the whistleblowing function and ensuring that this is effective.