The Right Way

March 26, 2018March 26, 2018 ~ C.O.R.E. Beliefs ~ Leave a comment

People’s reaction to conflict is often amusing. Last week’s battle with a management company is a great example.

When we first brought the issue to the attention of the management company, they told us that they had authorization to do the work and invoice for it. Never mind the fact that the minutes to the directors meeting didn’t say that the management company’s proposal was accepted and approved. The minutes were silent.

As I have pointed out in other blog posts, the minutes in this case were kept by the management company. This is so even though the bylaws state the board secretary is responsible for recording the meetings and securing the minutes. But even though the management company kept the minutes, the minutes did not provide approval.

They did the work anyways. And then billed extra. We questioned the transaction as we think any good auditor would.

The manager’s response? They updated the minutes.

Really? I know, it is wrong on so many levels. But even though they updated the minutes they still didn’t say that the board approved the transaction. Even they knew there is a line they can’t cross.

After that, we were met with silence. Three times we inquired as to additional proof that the transaction was valid and we were met with silence each time. They figured we would go away or worse, feel no choice but to accept their statement.

But there was a right way to handle this. First would have not been to do any work not explicitly authorized by the board. The management company, after all, works for the board the same as the auditor does. They have a contract which specifies the work they are to do and the compensation they are to receive. When there is work to be performed beyond the management agreement, that work needs to follow the basic rules the board has laid out.

The right way would have been to solicit three bids from reputable contractors. The manager would have presented these to the board so they could make an informed decision. The manager then would have contacted the awarded contractor and scheduled the work.

The right way would include not submitting a proposal from a contractor who didn’t agree to the terms that were apparently presented to the board. The right way would also not have the manager offer to step in to fulfill the service when the contractor said no.

From our perspective as the auditor, there is a right way and a wrong way. The right way means acting with integrity and intention. It means accepting responsibility when things go wrong and reconsidering your processes so that they can’t happen again.

The wrong way is to blame the CPA for questioning the transaction. The wrong way is to say that the board is wrong and to argue that everyone knew how hard you worked. The wrong way is to tell us that you can find five different CPA firms who will see it your way and that you will make sure we never audit another of your clients.

As auditors, C.O.R.E. Services follows a simple rule: Do it the Right Way. If at the end of the day, our clients, the boards of property owner associations and other entities, prefer to have us focus on their rules and compliance so they can feel good about the financial statements, then we will continue to offer our service. And if the market shifts and these same boards no longer want to know that things are done correctly, well then the market will win and we will have to find some other line of work where our integrity and intention will matter.

As we explained to this community manager, the cost for their referral was too high. I would rather starve then become beholden to a community management company who skates on ethical thin ice. And if the day comes when boards would prefer to have a community management company lackey as their auditor so they can avoid the conflict of challenging the manager’s decisions, then we will stand by waiting for the inevitable lawsuits to begin so we can offer our services in support of the litigation.

Do things the right way. Act with intention.

If you are a board who would like to ensure that your community manager is preparing financial statements you can rely upon, feel free to reach out to us. And, if you are a community manager who lives with intention and works with integrity, we would love to get to know you and help you by auditing your work on behalf of your boards. Our mutual client will be most grateful for the opportunity for us to work together on their behalf.

Have a great Monday.

The Possible

January 19, 2018January 19, 2018 ~ C.O.R.E. Beliefs ~ Leave a comment

There are times when I think we do not spend enough time thinking about the possible. What I mean to say is, we are almost always fixated on the probable, or most likely to happen, outcome. This is as true in accounting and auditing as it is in life itself.

One important aspect of our role as auditor though, is to consider the possible. For instance, theft of company assets. When we look at how assets are controlled, from their purchase to their ultimate disposal, we are looking for possible holes in that system. Who approves a bad debt write-off, who can set the selling price of a piece of equipment that is no longer in use; the issues which concern is are possibilities.

If we focused solely on the probable, we would potentially miss a warning sign. Is it probable that the purchasing agent is receiving a kick-back from a vendor for steering business their way? Maybe not. But what controls, what business process reduces the possibility?

It is one of the things that concerns us regarding condo and HOA audits. As the association’s independent auditor, we are first and foremost concerned with the financial statement and the fact that it is materially correct. But when you think about what provides a materially correct financial statement, it is all the controls and safeguards of the manager – who is charged with the board with carrying out the daily activity of the association.

This is the main reason we spend so much energy on understanding how the community manager does the job. Who has access to a checking account, who initiates the transaction, who approves it? These points reduce or increase the risk of misuse of the association’s assets. There are far too many stories about trusting a system that really did not provide any safeguards and addressing that possibility is the responsibility of the auditor.

For instance, what if employee A of the community manager could initiate a transaction for say, yard maintenance. Employee A contacts the maintenance company, negotiates the price and sets the contract. Employee A then reviews their work and approves payment. Finally Employee A can write the check and have someone else sign.

This seems harmless doesn’t it? After all, employee A can’t sign the check so the asset is safeguarded right? Not at all. Employee A could have created a fact maintenance transaction, set up a fake company, approved the work and, because everything was signed off on, the check is cut. To employee A.

Is it probably this happens in any particular association? No. But this scenario could result in this possible outcome. And the auditor should know that and make appropriate comment.

Community Managers will argue that this couldn’t happen. They are, however, arguing that it is not probable because they believe they know their employees. The fact that it could happen though is what we are concerned with when we try to determine the risks of weak internal controls. Boards need to be made aware that the risk exists so they can take steps, if they feel it necessary, to eliminate, or at least reduce, the risk of it happening.

As a director, make sure your auditor works to understand how the community manager is operating and how it impacts your association. Press them on their thoughts on what risks might exist to the assets of your association. Your auditor should have a good grasp of the fundamentals of the control system and can give you some good points to consider. And if they can’t, it may be time to switch auditors. C.O.R.E. is here to help you, the board, rely upon your manager. We do this by looking at the managers controls and how they impact your association. Feel free to contact us to schedule a conversation about how we can be of service to your association.

Have a great weekend.

Fraud and Auditor Negligence

December 21, 2017December 21, 2017 ~ C.O.R.E. Beliefs ~ Leave a comment

I received an interesting Google alert yesterday. The Supreme Court of Canada ruled that Deloitte should be held responsible for damages related to its audit work performed almost 20 years earlier.

The case centered on whether an auditor is responsible for catching fraud – and what happens when it is missed. In this case Deloitte was engaged to audit the financial statements of a theater production company. The audit was required by both its lending arrangement and because it had sufficient investors who demanded it. The financial statements understated certain expenses (see yesterday’s blog) and recording certain pre-sales as revenue – debt recorded as income.

There are two questions in these situations – the significance of the fraud and reliance upon the statements. In some trials it was proven that there was significant fraud but no one relied upon the financial statements. Without reliance, the auditor is not really responsible – after all, the purpose of the audit is to provide relevant information to stakeholders and if they choose to ignore it, that is their choice.

In this particular case there was substantial fraud. Deloitte’s procedures did not identify the activity, or if it did, the fraud was not brought to the attention of the appropriate level of management. Now, this case is interesting because the chairman and vice chairmen were the perpetrators of the fraud so really, who would have been the appropriate level of management? Technically the auditor should withdraw at that stage – which surprisingly was one of Deloitte’s defenses – that they were being punished for not withdrawing as the auditor.

But I digress as the court did not find that Deloitte discovered the fraudulent activity. Which, by the way, went on for 5 years.

Needless to say, the lenders and investors were decidedly unhappy to know their money disappeared with no likelihood of recovery. The Company, Livent, filed for bankruptcy and it was the bankruptcy trustee that sued. Their position is that the auditors’ failure to identify and report the fraud led to the 5 years of borrowing and additional investor funding which essentially went straight to the two chairmen charged with fraud.

The Supreme Court agreed that the auditor was responsible for not identifying the fraudulent activity and taking steps to correct it earlier.

As an auditor, this is one of those rulings that give us pause. If we perform the audit and gather, what we believe to be sufficient, audit evidence to support the conclusion, then there really shouldn’t be an audit failure. But actually, even if we gather lots of evidence, the reality is we ask questions of management. Sometimes, management lies. Or in this case, were probably instructed by their senior leadership to provide certain answers which proved to be incorrect in the end.

Or, in other words, the audit partner meets with the president and CEO. She has a list of questions that have filtered up from the audit team through various levels of audit management. One of those questions was probably, “We discovered certain transactions that were authorized by you, are you comfortable with how those transactions are recorded?” The answer was no doubt yes.

The auditors may have felt uncomfortable but what can they do? This type of activity probably doesn’t lead to issuing a qualified, adverse, or disclaimed opinion. The auditor’s only option is to withdraw because the reporting of fraud is not something you will find in the auditors’ report. Why? you may ask. Because fraud is a legal claim that would have to be adjudicated and proven and what the auditor discovers might be evidence of such activity but it hasn’t been proven in a court of law.

It is a terrible position for the auditor. It is also the risk of performing audits. I would like to tell you that, in that situation, we would resign. But because we have withdrawn from engagement before doesn’t mean that the evidence in every case is sufficient to draw that conclusion. Honestly, there were engagements that we completed that made us uncomfortable but that discomfort never rose to the level of us wanting to withdraw. This is ultimately what audit leadership is required to made the decision upon. It isn’t easy and sometimes auditors are wrong. But if we withdrew from every engagement that caused us to be nervous there would never be another audit performed.

An interesting story that I will still be thinking about for a few days.

Have an awesome day.