Posts Tagged ‘Internal Controls’

Madoff – where was audit?

In Audit, Finance, Internal Controls on December 16, 2008 at 6:45 am

First of all, for those wondering about my name – I am Madhav. Not Madoff ! Some might find the pronounciation similar, but I am different guy!!!! Now that’s off my chest and  I feel better 🙂 

The first and the foremost thing I always ask when something big goes wrong about a company is- “Where was audit?”.

Definition and roles of audit – easy read for the layman.

I am not going to conjecture what happened, as it is a only evolving story. But in a nut shell, the hedge fund is a poorly regulated industry. Much of that could probably be attributed to the fact that most of the people or companies handing in their(?) cash did not think twice about the role of audit before dropping the cash on the table. They probably assumed that Madoff’s name and reputation was enough to convince them and their investors of the wise decision they had made.

Boring as it is to most people, audit should be seen as a key and critical part of investing. I am not going to waste my breath arguing that the hedge funds should be regulated…forgive me for being blunt, but without proper regulation one could equate hedge funds to a Swiss bank, giving you much a higher rate of interest right in the heart of the US.

Audit is the heart and soul of controls in a well organized company. The internal audit would have the mandate and the power to identify issues before they can happen, when they happen, or after they happen, report it to the management so that appropriate actions can be taken to prevent them from recurring. Do hedge funds have internal audit department? Did Madoff’s security firm have an internal audit department?

All securities firms registered with the SEC have financial statements that are certified by external auditors. Do hedge have financial statements that should be certified by external auditors? When Enron went down, they took Arthur Anderson, their external auditing firm, down with them. That is a deterrent to the external auditors from colluding with the management.

Do hedge funds have to adhere to the SOX 404 standard? By putting their name against the SOX 404 document, the management of the company (CEO, CFO and COO) would certify that the financial statements were accurate as far as they knew, and if the regulators proved otherwise, they might find themselves in a dark prison. So, they would stand to loose a lot and so would be (at least to some extent) deterred from wrong-doing.

Does SEC regulate and audit the hedge fund industry? No? Well, then who does? Do you think if they have sums like $50 billion invested in them, they should be regulated? Should there be a baseline amount after which some mandatory controls apply irrespective of the industry?

Normally when a “transaction” like a substantial investment is to be made by a big firm (like investment bank, retail bank), there typically will be a committee which has to approve such an invesment. Additionally these committee participants will include key management personnel and also senior representatives from Internal Audit, Compliance and Legal. Did the companies now reporting an exposure to Madoff, have such internal committees that reviewed an approved the investment risks before the cheque was signed?

In conclusion, audit is a critical component of controls in a well managed company. An absence of the same in a industry of this nature (like hedge funds) with billions invested in it, raises the question, why does not the Government want this industry to be regulated? Will the investors who have burnt their fingers now push for regulations in the hedge fund sector? Or, the rich and mighty investors have their way and shrug this off as a bad judgement and continue to invest in other hedge funds as long as their investment grow unquestioned?

Disclaimer: The author is an auditor by profession and values his role in the company and also the society.