The bankruptcy of PFGBest and attempted suicide of its founder have reporters writing some interesting stories. New York Magazine says there were obvious red flags such as this detail posted by Reuters:
Jeannie Veraja-Snelling has been certified in the state of Illinois since 1999.
However, she does not list having any public company clients in her 2011 annual filing with the PCAOB.
On Tuesday night, she came to the door wearing a green sleeveless shirt and blue denim shorts. A stack of cardboard filing boxes was sitting just inside the door.
Why should we accept that the size of an audit firm or the clothes of an auditor are red flag signs?
I mean you always have to account for (pun not intended) the Enron fraud fiasco taking down the entire 85,000 employees of Arthur Andersen. And you also have to consider applying the same logic about size to other professionals such as doctors or dentists. An exit from large headquarters and staff to run a small practice is not necessarily a step down.
The future, ever more fueled by social network tools, could be argued to be headed towards umbrella firms of peer relationships between independent but small practitioners. Lower overhead yet more personalized service is a trend. Peer respect or presence in the market is not set by size alone. The age of “giant” corporations made sense when you were talking about smelting iron but in the information age a small firm may be superior to large ones in many ways.
Large firms, meanwhile, tend to face pressure to make money to cover their overhead. That pressure can often lead to fraud. PFGBest, for example, was very large. We know that the founder of the firm confessed to fraud and was known for excessive displays of wealth. The external auditor’s appearance pales in comparison, in terms of signs of fraud, to the corporate jets, giant gifts, large construction projects of the PFGBest founder.
That being said the true worry in the story is the independent auditor’s lack of records and lack of awareness. Also of concern, although I haven’t seen anyone report on it, is a lack of a peer network with other auditors or professionals in her area of expertise. Regulators definitely could have picked up on that, especially if they tested her annually. Did her skill and reputation match her responsibilities?
The PCI SSC regulates its auditors closely by regular tests and reviewing the reports on compliance. It’s a decent model for other regulators to follow. The quality assurance program for assessments and assessors is one of the primary factors that makes PCI DSS so much more rigorous than other regulations.
Another aspect of the PFGBest story is how the founder managed to hide his crime, as revealed by New York Magazine.
“I was able to conceal my crime of forgery by being the sole individual with access to the US Bank accounts held by PFG. No one else in the company ever saw an actual US Bank statement. The Bank statements were always delivered directly to me when they arrived in the mail. I made counterfeit statements within a few hours of receiving the actual statements and gave the forgeries to the accounting department.”
Later in the note, Wasendorf detailed how he had falsified bank documents “using a combination of Photo Shop, Excel, scanners, and both laser and ink jet printers” in order to fool regulators into believing that his firm, which is now bankrupt, had adequate money in its accounts.
Sole control? Financial companies usually force annual vacation, as explained by businessfinancemag.com, to let others run the numbers and verify controls.
Job rotation/mandatory vacation ranked second in effectiveness; companies with this control in place experienced a median loss 61 percent lower than the median loss incurred by the other organizations in the sample.
How did PFGBest avoid that time-honored practice? The excessive displays of wealth coupled with dictatorial control — accumulation of wealth coupled with lack of transparency — are the common red flags for corruption. Denim shorts and low overhead may not inspire confidence on their own but they tend not to show up in anti-fraud research.