Essay: Whistle blowing procedures and programs

ASSIGNMENT I
QUESTION 1
The whistle blowing procedures are described in Section 301(4) of the Sarbanes Oxley-Act 2002. The section lists down the requirements of audit committee to establish procedures for receipt, retention and treatment of complaints received by the issuer (company) regarding accounting, internal controls or auditing matters.
Besides that, the section requires for the establishment of procedures to ensure submission of concerns/complaints regarding questionable accounting or auditing matters by employees of the issuer (company) remain confidential and anonymous.
QUESTION 2
Whistle-blower program is implemented in many organizations to act as a defence mechanism against management to perpetrate fraud. The program will able to avoid management from overriding organization’s internal control. The evaluation of the effectiveness of a whistle-blower program varies according to the nature of the organization.
In many organizations, hotlines are used as a primary source in the whistle-blower program. However, hotlines should not be the sole source of whistle-blower information. An effective whistle-blower program should consider and review information from other sources such as anonymous email/letters, lawsuits and social media. According to AICPA, organizations are also engaging third party vendors to collect whistle-blowers information and report them to the audit committee.
Therefore, it is important for the audit committee to establish proper control and leadership through monitoring and evaluating procedures established to enable whistle blowers to submit their information. The role is particularly more important when the administration of whistle blower program is outsourced to third party vendors. It is likewise important to insure that the procedures or control established will enable reports related to accounting; internal controls and auditing are automatically and directly submitted to the audit committee.
The operation of whistle-blower program is effective when the audit committee remains independent and objective. In certain organization, internal audit directly manages the whistle-blower processes or reviews and evaluate whistleblowing activities. To assure the independence or objectivity of audit committee and policies and procedures effectiveness, the whistle-blower program should be administered by a different party/division or bring in outside resources to audit the auditors involved in the program. These steps taken will be able to demonstrate and prove the transparency of the audit committee in the whistle-blower program.
An effective whistle blower program must be able to build employees trust of the internal policies. The audit committee must be able to ensure employees concerns and report will be given proper contribution and will not be subjected to retribution. Besides that, the audit committee must be able to demonstrate and create confidence among whistle-blowers ensuring confidentiality between two parties is maintained.
The effectiveness of the whistle blower program can be compromised if there is assumption that confidentiality between the two parties is breached. Once whistle-blowers lose their confidence in the process of the program, they will no longer feel secure to report potential or actual fraud activities. Besides that, the effectiveness of program will be affected if there is indication of senior management involvement in inspecting, filtering or tempering with reports or evidence submitted by the whistle-blowers. Furthermore, the effectiveness of the whistle blower program is compromised if the procedures or program do not compile with the standards or law establish.
Whistle blowers’ confidence will also be affected if no follow up actions are taken on complaints submitted.  Therefore, management must take measures to avoid the pitfalls stated above from affecting the effectiveness of whistle blower program operations.
QUESTION 3
Internal auditing is conducted in various businesses or regardless of the size, complexity, structure and nature of the business conducted. Internal audit play a primary role in providing an independent assurance that a company’s risk management, governance and internal controls are performing effectively.
In the International Standards for the Professional Practice of Internal Auditing (2012) released by The Institute of Internal Auditors, Section 1110 states that the Chief Audit Executive should directly report to the level of authority within the company that permits internal auditor to perform the internal audit activities in achieving its responsibilities. These internal audit activities should not be restricted or forbidden by the top management of the organization, hence they shall be free from interference in deciding the scope of internal auditing, carrying out internal audit work, and communicating the internal audit results to the relevant level of authority in the organization.
The internal auditors are encouraged to report directly to the audit committee seated in the
Board of Directors. An audit committee is a group of individuals or a standing committee that has been given authority by the Board of Directors to ensure the company has a reliable and effective mechanism in relations to the independence, internal control, the organization’s risk management, compliance, business ethics and any financial disclosures.
It is noted that the internal audit reports all matter in relation to the audit findings to the audit committee while they also frequently reports administratively to the Chief Executive Officer. Due to its independence from the control of the top management of the company, the audit committee’s team effectively established that the scope of the internal audit will not be restricted by the top management of the organization. In addition, this would ensure that the findings from the internal audit conducted, can be addressed appropriately by the higher management.
QUESTION 4
Whistle-blowers are employees working within an organization that pursue legal action or communicate publicly about any illegal or unethical conduct(s) which are happening within the organization. Such unethical acts are fraud, crime, thievery or any activities that are legally unsound and ethically dubious; hence bring a negative impact to the organization or stakeholders as a whole.
There are many cases in the business world where whistle-blowers admitted the act of blowing the whistle is one of the most stressful experiences of their lives. Ms. Cynthia Cooper, the former Vice-President of Internal Audit at WorldCom is one of them. Many of these individuals find themselves questioning in the beginning whether their claims are indeed accurate or valid. It is undeniable that certain individuals may have blown the whistle as a result of an emotional reaction to a personally undesirable event such as job dissatisfaction or a personal grudge. In these circumstances, the claims are often made based on individual perception, opinion and not based on facts which lead to falsehoods in a few cases.
As such, one can understand why whistle-blowers often encounter initial skepticism regarding their allegation. Thus, this resulted in whistle-blowers being ridiculed and are asked to back-up their allegations with evidence in most cases.
Another reason that whistle-blowers are the messenger of bad news which contributes to the reason why they faced tremendous obstacles in the workplace. People generally do not like negative revelations although the news may be true. In the case of WorldCom, Ms. Cynthia Cooper’s action eventually led to the unravelling of Mississippi’s largest public company in 2002. Due to this, thousands of telecommunication workers have lost their source of income. Coupled with the deterioration of pensions, stockholdings and other savings tied to the company, the loss of income creates a huge amount of stress in the ex-employees towards whistle-blowers.
Besides that, whistle-blowers are often forced to defend themselves, resulting in extensive legal cost. In addition, they may be ignored by the respective authority and be a social outcasts among their colleagues in the organization.
QUESTION 5
A whistle-blower is one who reveals wrong-doing within an organization to the public or to those in positions of authority. The person can be a current or past employee. Besides, the wrongdoing can be a past act, can be on-going, or can be in the planning stages.
Whistle blowers must have basic or proper knowledge or experience in the area/issue being reported.  Proper knowledge in the issue by whistle blowers will be able to avoid wrong information submission. Whistle-blowers will be able to recognise what is wrong and which information to be submitted to higher officers or audit committee and understand the impact of their actions. Besides that, whistle-blower should also understand and be alert with the requirement of the rule, standard or law established in relation of confidential disclosure of information.
Whistle-blowers should always have a strong stand in the information submitted. The information submitted should be supported with proper evidence. Besides that, whistle blowers should be independent in their report submission and should not be influenced by other parties or external factors that could compromise their reports. In the case of WorldCom, even the whistle-blower suffers similar consequences as all other employees, including loss of a job (due to the bankruptcy of the company) and loss of value in stock related holdings. Thus, whistle-blowers must possess the character to do what is right regardless the consequences. It is also important that whistle blowers do not have criminal or unethical conduct record to ensure their integrity is not compromised.
Effective communication is important in submission of complaints of reports, therefore it is important for whistle blowers to be an effective communicator. They need to be able to clearly express their claims and supported with valid proof of documentation. With the effective communication techniques and along with supporting documentation, it will increase the chances that higher officers/audit committee will consider their complaints as a serious issue.
In my point of view, even though whistle-blowers will benefit the organization by detecting the misconduct person, they still face some consequences which affect their families and career by their action. But our career is our passion. So when it comes to the professional, as effective whistle-blowers, we should always stand by truth and justice.
QUESTION 6
There are few processes and steps involved if whitsle blower wishes to submit report/complaints against employers or colleague that perpetrade fraud.
The first step that should be taken before reporting to the audit committee is identifying the purpose and type of fraud that was committed. Besides that, whistle-blowers should also consider conditions or external factors that led their employers or colleague to perpetrade fraud. Furthermore, whitsle-blowers need to identify if the fraud commiters were influced by external or internal party.
The second step involved is finding and gathering solid evidence in relation to the fraud commited such as supporting documents. If in need, whistle-blower can seek help from the superior to gather valid evidence that will be helpful for further investigation.
After gathering sufficient  evidence, next is filling a complaint against the person who committed fraud. When filing the complaint, whistle-blower should be more careful because they could be reporting  against the employees who are involved in higher management level. Therefore, it is very important for whistle-blowers to ensure all evidence submitted are appropriate to assist the audit committee to conduct further investigation.
However, it is advice for whistle blowers seek for legal advice before making report. Legal advice will be able to guide whitsle-blowers in submitting proper report and understanding the implications of making such report. The legal advice will be able to avoid whistle blower from making mistakes that may lead to legal charges against them.
QUESTION 7
The nature of Section 302 of SOX 2002 described that the highest-level executives in senior management which are chief executive officer (CEO), chief financial officer (CFO) and chief operations officer (COO) are directly responsible for the documentation, submission and accuracy for all the financial statement reports as well as the internal control structure to the Securities and Exchange Commission (SEC). (Section 302: Corporate Responsibility for Financial Reports, 2005-2016)
There are the two direct extract from the SOX 2002 report which are regarding to the regulations required and foreign reincorporation have no effects. The signing officers are certifying in each annual and quarterly financial statement report filed with the SEC as the following:
i. They have reviewed the report.
ii. Based on their knowledge, the report does not include any untrue statement of a material fact or omitted mistake until misleading report had been made.
iii. Based on their knowledge, the financial statements report should be presented fairly.
iv. The signing officers
a. Are responsible for building and preserving internal controls.
b. Have planning such internal controls to ensure that the material information is relevant to the company and its consolidated subsidiaries are made known.
c. Have evaluated the effectiveness of internal controls as of a date within 90 days prior to the reports.
d. Have presented their summaries about the usefulness of their internal controls based on their presentations and evaluations as of that date.
v. The signing officers have disclosed to its auditors and the audit committee
a. All significant deficiencies in the design or operation of internal control and identify material weaknesses in internal controls.
b. Any fraud, whether immaterial, that involves management who has an important role in the internal controls.
vi. The signing officers have indicated any important changes in internal controls which consider material that affect subsequent date of their evaluation.
In the facts, there is a bit hard to prove that the actions of Scott Sullivan should prevent or block from counterfeit the financial statement report. Nevertheless, Section 302 of SOX 2002 has reminded the importance and responsibility of the financial reporting process to the senior management. Moreover, there is the penalties incurred if the person has breached duties which the person subject to pay million dollar fines and up to 20 years imprisonment. Therefore, this action will alerting individuals, like Scott Sullivan, from involving any fraud in the reports. (Public Law 107-204, 2002)
 
QUESTION 8
Ethical and compliance are essentially different sides of the same coin which means both also are playing the important role in the world. The meaning of ethical is pertaining to or dealing with morals or the principles of morality whereas compliance is the act or process of doing what the individual have been asked or ordered to do which mean have to follow the law. Nevertheless, the distinction between ethical and compliance becomes even more interesting when the individual is dealing with a compliance issue that has an ethical component such as some corruption case. (Watson, 2014)
Many people argue and support that the provisions on the Sarbanes-Oxley Act 2002 (SOX 2002) have strengthened senior management’s engagement in the financial reporting process. For the Section 302 of SOX 2002, the responsibilities of the highest-level executives must take some actions to ensure that the flow from the disclosure objectives or processes is reliable and complete. Besides that, this section also requires that the highest-level executives have to advise the external auditor and audit committee of any situation regardless of materiality which indicates the dishonesty and also have to aware and clear about the control and reliability in the financial reporting process to take steps correct the way in order to prevent any fraud incurred. (Leech, 2003)
In contrast, Section 404 of SOX 2002 stated that the highest-level executives are required to release information in their financial report concerning the scope and adequacy of the internal control structure and procedure for financial reporting. It shows that they should indicate and report on the evaluation of the effectiveness on the internal control structure and procedures on the financial reporting process. Furthermore, this section shows that the extent of work involved to comply has been huge and blank management from monitoring more strategic decision that can affect shareholder value directly. Hence, the level of focus on internal controls which is too detailed and the auditors and management also are they key controls that have no actual effect on the prevention or deterrence of material misstatements in the financial statements due to fraud. (A Guide for Management by Internal Controls Practitioners, 2008)
Even though the moral and ethical values is a bit difficult for adult to follow and comply with so, nowadays individual should be taught since childhood to prevent any fraud occurred. Moreover, for adult their understanding and awareness is the key of ethical for them to make decision for preventing financial reporting fraud. Therefore, complying the regulation required and teaching the moral and ethical values are most effective than preventing or deterring the financial reporting fraud.
QUESTION 9
Whist blower Protection Act 2010 is an act that was specially designed to give the protection for the person who makes disclosures of improper conduct to an enforcement agency in both public and private sector. So, the investigation can be carried out once they have received the disclosed matter from the whist blower .The WPA 201 Act also empowers them to allow the court to order damages and compensation, in opposition to the party who makes the detrimental action. The ‘enforcement agency’ is defined in the Whistle-blower Protection Act 2010 which the whistle-blower can made the disclosure matters at any department, agency, ministry, other body set up by the federal, state or local governments. WPA 2010 was enacted by the Parliament of Malaysia and came into force on 15 December 2010.
The purposes of WPA 2010 is to provide the opportunities for the private and public sector entities to take the further action to eliminate the illegal and criminal activity before any irreparable damages happen. Moreover, these acts enabled them to be alerted of any fraud, corruption or other wrongdoing that may be taking place. Nevertheless, WPA 2010 act can also promote good corporate governance in Malaysia and allows them to combat corruption. Hence, it can significantly reduce the money laundering activities in Malaysia.
The potential problem in applying WPA 2010 is the powers of ‘enforcement agency’ to receive the whistleblower’s disclosures, enforce whistleblower protection and investigate disclosure of improper conduct and detrimental action has lead to an issue by which the ‘enforcement agency’ can be trusted to be objective if the whistleblower has confess all the truth to the party. What if a potential whistleblower has decided to make a disclosure to the enforcement agency but the improper conduct was actually conducted by someone from these agencies?  The whistleblower may hesitate or refuse to make a disclosure to the enforcement agency but ended up reported to the media or through internet. They may think that if they have reported the disclosure on the social media or internet, it might be less likely to be receiving any of negative action because the whole of the nation would be on him. Nevertheless, the WPA 2010 would not provide any protection because the disclosure of the matters should be made to ‘enforcement agency’ but no to others such as social media and internet.
Furthermore, another problem in WPA 2010 act is the protection of Whistleblower Protection Act has clashes with the laws which may outlaw the whistleblower, for instance; the Official Secrets Act 1972. According to Section 6 (1) of the WPA 2010 defined that “A person may make a disclosure of improper conduct to any enforcement agency based on his reasonable belief that any person has engaged, is engaging or is preparing to engage in improper conduct.” Which   WPA 2010 act is the disclosure made and must not be prohibited by any written law. Whereas, the Official Secrets Act 1972 are mostly include the classified information. But this provision will not allow the whistleblower to reveal any form of documents that has been classified in the Office Secret Act 1972. So, it would probably bar or eligible some of disclosures, mostly for the improper conduct that involve high levels of corruption. Therefore, OSA 1972 may weakens the efficacy of the Whistleblower Protection Act 2010 since the purpose of WPA act is to provide the protection to the whistleblowers but now has defeated by the threat of Office Secrets Act 1972.
 
ASSIGNMENT II
Introduction
Nowadays, auditing profession is important for each auditors when they performing their roles and responsibilities in relation to preventing and detecting fraud. It provides an independent view and objective assurance which helps an organization in achieving the objectives and also improves the effectiveness and efficiency of control and risk management. However, world corporate scandals such as WorldCom has revealed the truth of auditor’s profession and put an increase of auditor’s publicity. Consequently, this raises a serious question about the auditing profession and caught the public attention in determining the audit expectation gap between the roles of the auditor and public expectations.
According to the case, the company has revealed that further $3.3 billion in accounting errors were improperly recorded thus leading to overtstatement of profit.  As the external auditor of Worldcom, the firm’s auditors failed to determine the accounting anomalies and fraud which causes a big accounting scandal in year 2002.
The second part of the assignment diccusses on  the auditor’s roles and responsibilities in particular to preventing and detecting  fraud and other issues related to the role of auditors such as conflict of interest, low balling and breach of ethical principles that may cause some impact on the expectation gap are diccussed. Furthermore, we also provide some suggestion on international corporate scandals which may affect the audit expectations gap.
 
Role in Relation to Detection of Fraud & Error
Paragraph 5 of ISA 240 states that an auditor conducting audits in accordance with ISA standards is responsible for obtaining reasonable assurance that the financial statements are free from material misstatements due to fraud or error. There is some unavoidable risk that some material misstatements may not be detected due to inherent limitations of audit.  Material misstatements may not be detected even if the audit has been properly planned and performed in accordance with ISA. For example, a material misstatement may not be detected because of the nature of audit evidence or because the characteristics of fraud may cause the auditor to rely unknowingly on audit evidence that appears to be valid, but is, in fact, false and fraudulent (AICPA, 2016).
It is important that auditors maintain professional scepticism throughout the audit when obtaining reasonable assurance as stated in Paragraph 12 to 14 of ISA 240. Besides that, the auditor must consider the potential chances that management override control and recognize the fact that audit procedures that are effective for detecting error may be not be applicable in the context of detecting fraud. ISA 240 also provides additional direction in dealing with acceptance of documents for audit and inconsistent response upon management inquiries. ISA states that auditor should investigate further is there is inconsistency in management response and authenticity of documents is compromised.
If the auditor identifies a fraud, the matter should be communicated within a timely basis to the appropriate level of management to those with the primary responsibility for prevention and detection of fraud within the organization. However, if the management is being suspected of conducting fraud, then the matter should be communicated to those in charge of governance (paragraph 40-42, ISA 240). An auditor is advised to seek for legal advice for an appropriate course of action if the integrity of those in charge with governance is compromised.
The auditor must also consider their responsibility to report fraud related matter to third party, such as government bodies/governance/regulator. The auditor must take into consideration the importance of maintaining client’s confidentiality. Auditors  must report fraud if the law requires them to do so. However, it is advisable to search for legal advice before continuing with further action.
Expectation gap
Due to the recent deleterious effects of the Enron and Worldcom’s crisis, many issues arise concerning the audit expectation gap. Audit expectation gap is defined as the difference between the public’s (including financial statements’ users) perception on the role of auditors and what the auditors themselves believes what their responsibilities truly are.
Auditors are supposed to detect fraud
This seems to be a common misunderstanding among the public’s perception. Many believes that auditors are responsible to detect fraud in the financial statement. However, the truth is the primary role of the auditors are to detect material misstatements whether due to fraud or error. Fraud detection is not the main role of auditors. There are many reasons why public perception is so. Firstly, many investors, creditors and the publics believes that the organization will be held fully accountable for manners in which the monies are invested by these stakeholders. The management will handle the main responsibility in ensuring the shareholder’s fund is used with absolute integrity and properly for the organization’s investments and operations. Audit is a supplementary tool to trace the accountability of the financial statements and to uncover any financial and non-financial irregularities of the said statements. Thus, audit firms are the instruments hired by the shareholders, trust with such responsibilities to ensure the credit worthiness of the financial statements and increase the public confidence on the management. Hence, it is no wonder that such misconception arises which leads to the expectation gap of the role of external auditors.
Guarantee the financial statements are accurate
In one of the recent studies conducted by ICAEW (2005) on the expectation gap, approximately 47% of respondents wanted absolute assurance for material misstatement due to error. Over 70% believed that absolute assurance is a must in terms of auditors’ findings on material misstatements due to fraud are detected. These shows an expectation gap exists in the society and stakeholders have greater expectations on the assurances provided by the auditors that the auditors do. The investors do not want a standard unmodified audit report unless for one, there is absolute assurance on the findings.
However, auditors are unable to provide absolute assurance. One of the standards of International Standard of Auditing (ISA) which is ISA 200, states that there are 2 main objectives of an auditor. First, to obtain reasonable assurance if the financial statements of the client is free from material misstatement whether due to fraud or error, thus allowing auditors to express an opinion whether the financial statements prepared by their clients are prepared according to the applicable financial reporting standards. Secondly, to communicate these findings and the financial statements to the interested users are required by the ISAs.
The need for reasonable assurance arises due to the inherent limitation of audit. These are due to the persuasive evidence obtained, which are not conclusive. Besides that, only material transactions are tested instead of the entire population and auditors at time use their own judgement in matters without precise means of measurements. In addition, limitations forced by the management such as management override among others will prevent auditors from providing an absolute assurance as perceived by the public.