In the wake of the Senate’s historic vote to put corporate wrong-doers behind bars for up to ten years, a suggestion to change the reporting line of internal auditors seems sort of minor.
The suggestion tends to carry a lot more weight, though, when it comes from an internal auditor who helped uncover the biggest accounting error — perhaps the biggest accounting fraud — in U.S. corporate history.
Glyn Smith, a senior manager in WorldCom’s internal audit department, worked closely with Cynthia Cooper, the vice president of audit, in the investigation of that company’s capital expenditures and capital accounts. The duo’s probing eventually unearthed the telco’s treatment of line charges as capital investments. As a result of their work, WorldCom was forced to increase its previously stated expenses for 2001 by $3.01 billion and increase expenses for the first quarter of 2002 by $800 million.
In an exclusive interview with CFO.com late last week, however, the WorldCom employee voiced strong general views about the need for internal auditors to pursue their work without ties to finance executives or heads of operating units.
Indeed, by Smith’s lights, an internal auditor’s primary allegiance should be to the audit committee of the board of directors. “In the post-Enron, post-Andersen environment,” he says, “internal audit really needs to function independently of either the CEO or the CFO.”
At the Center of the WorldCom
According to sworn public documents filed by WorldCom, the telco’s internal audit team seems to have demonstrated why such a setup may be preferable.
On June 11, after Cooper discussed her investigation with then-CFO Scott Sullivan, Sullivan asked the head of WorldCom’s audit team to delay their review. But Cooper and Smith pressed on with the audit.
The next day, the two internal auditors called Max Bobbitt, the chairman of the audit committee, to discuss “questionable transfers” the company made during 2001 and the first quarter of 2002, according to the sworn statement. The two auditors apparently discovered that the company had begun accounting for its line costs (payments for network services and the use of third-party facilities) as capital expenditures — and not as expenses.
That treatment was out of whack with industry practice. It also didn’t jibe with GAAP.
The WorldCom SEC filing indicates that, during the call to the audit committee chairman, Smith himself told Bobbitt about the key points Scott Sullivan made in his discussion with colleague Cooper. The points included the CFO’s request for a delay of the audit review, and his claim that the capitalization issues would be cleared up in the second quarter of 2002.
Along with Cooper, Smith also interviewed WorldCom senior vice president and controller David Myers (who later resigned without severance). In addition, Smith attended the June 20 audit committee meeting where the expense transfers were described, according to the company’s sworn statement.
On June 26, WorldCom management announced the discovery of the expense transfers, along with the firing of Sullivan. The telco’s management also noted that the company would be forced to restate its earnings for the time in question.
All in all, company management believed the improper bookkeeping would trim nearly $4 billion from WorldCom’s previously reported EBITDA (over a five-quarter period). Without the line-charge transfers, WorldCom would have actually reported a net loss in 2001 and the first quarter of 2002, not a net profit.
Wake Up the Audit Committee
Given current Congressional investigations into WorldCom’s accounting, and the specter of shareholder and lender lawsuits, Smith understandably refuses to talk about any aspect of WorldCom’s current predicament. And he says his ideas about internal audit independence do not stem from his experiences at the troubled telco.
But the WorldCom auditor says that, in general, audit committees need to learn more about accounting — and should frequently freshen their perspectives. He also believes board audit committees should be equipped to take firmer control over both internal and external audits.
Toward that end, Smith believes audit committee members should be required to take at least 32 hours of continuing professional education courses in auditing and corporate governance a year. Such courses would help committee members “get enough color, enough background on the audit function to be able to ask intelligent questions, to be able to have a better understanding than most do now,” Smith asserts.
In addition, Smith says, directors often sit on audit committees for six years or more. That tenure can create problems, with long-timers apt to apply a rubber-stamp to audits. Therefore, Smith thinks audit committee terms should be limited to around three years.
Besides boosting alertness, regular audit committee shakeups would supply internal auditors with a changing group of bosses. That, in turn, would provide many inside auditors with more independence than they have today, according to Smith.
Fuzzy, Gray
Unlike many internal auditors, Smith is a C.P.A. He is also a certified internal auditor. While currently a member of the corporate world, Smith worked for seven years at Haddox, Reid, Burkes, and Calhoun, a public accounting firm in Jackson, Mississippi.
Smith left the small accountancy in 1997 to take an internal auditing job at giant SkyTel Communications. In 1999 SkyTel merged with what was then MCI WorldCom.
Smith readily concedes that most chief audit executives get their general marching orders and policy direction from board audit committees. But he says they tend to be managed on a day-to-day basis by CFOs. Typically, things like audit team budgets and auditor performance appraisals are handled by a company’s finance department.
But the WorldCom internal auditor believes such a setup can lead to problems. He says in some cases, an internal auditor can become too beholden to finance or operations.
If that occurs, the definition of “administrative” can easily get blurred by politics and turf wars. At that point, an audit team may wind up as a de facto unit of the finance department, thus threatening the integrity of a company’s internal financial controls.
Smith provides the hypothetical example of a vice president of internal audit whose bonus will be set by the CFO on April 1. In the course of a review he’s completing before that date, however, the auditor concludes that the company’s reserve for receivables is too low.
The auditor is then faced with a thorny decision: include the subject of receivable set-asides in his report and he risks incurring the wrath of the finance chief. But exclude the subject and he might betray his responsibility to board and the owners of the company.
Complicating the matter: Determining the proper reserve is almost always a judgment call. “When you estimate an allowance, it’s not an objective decision,” notes Smith. “It’s not a black-and-white thing.”
The small matter of the bonus only widens the gray zone. “What happens more often than not is that that administrative line is crossed,” says Smith, “and there is a little more [operational] control in determining what can and can’t be audited.”
Hole-Poking
Not exactly an ideal scenario for sound risk management. But Smith is quick to point out that finance chiefs and CEOs should have some input in determining the scope of a company’s internal accounting investigations.
But he goes on to warn that auditors often tread a fine line in deciding what to do with that input. “If you get to a point where you’re giving their input more weight than anybody else’s,” argues Smith, “then I think you’ve impaired your objectivity and your independence.”
To avoid conflicts, Smith predicts that some companies will begin to install a senior vice president of risk management or governance to oversee the audit department. Besides approving the work of internal auditors, such an executive could supervise areas like disaster recovery, commercial insurance buying, and ethics.
The real oversight power, however, should rest with the members of the audit committee. They should be “driving the internal audit plan and giving direction to the internal audit department,” says Smith.
That’s rarely the case, says the WorldCom internal auditor. What’s more, board audit committees should be questioning their external auditors more closely than they do, he believes.
In that effort, audit committees may begin to look to inside auditors for help. “Maybe one of the things the audit committee does is to say, ‘Hey, Mr. External Auditor, I would like you to sit down with our internal auditors and walk them through your work papers, your procedures on accounts receivable. Let them shoot holes through your procedures and see what you did.’ “
Based on recent developments, it seems Smith and Cooper are pretty good at shooting holes through procedures.