A rare change of heart

We need more clarity on what it means when an audit opinion is not valid anymore

BEING the fickle creatures that we are, we change our minds all the time. But when an audit opinion is withdrawn, that’s highly unusual. This is why there was much surprise when 1Malaysia Development Bhd and Deloitte Malaysia separately told the public on Tuesday that 1MDB’s audited accounts for 2013 and 2014 should no longer be relied upon.

Both 1MDB and Deloitte began their statements by referring to the US Department of Justice’s (DoJ) announcement on July 20 on a civil action to seize assets allegedly obtained using funds siphoned from 1MDB.

According to 1MDB, after reviewing and discussing the DoJ complaint, the board of directors remains confident that the company has done nothing wrong and that its past audited financial statements “continue to show a true and fair view of the company’s affairs at the relevant points in time”.

But as a precautionary measure, the board has decided that the 2013 and 2014 audited financial statements should no longer be relied on by any party, “pending final and conclusive determination by a court of law of certain alleged facts, as described in the complaint”.

In the Deloitte statement, the firm says:

“The complaint contains information, which, if known at the time of the 2013 and 2014 audits of 1MDB, would have impacted the financial statements and affected the audit reports and, accordingly, those audit reports issued by Deloitte Malaysia dated March 28, 2014, and Nov 5, 2014, respectively in connection with the 2013 and 2014 financial statements of 1MDB, should no longer be relied upon.”

Although 1MDB talks about its audited financial statements and Deloitte focuses on its audit reports, the warnings are interlinked. A set of accounts can’t be considered audited if the auditor no longer stands by its audit report on those accounts.

An audit report is the product of many hours of fieldwork, paperwork and deliberations. After all that, how is it that an audit firm can say months later that it’s not comfortable with its report anymore?

In fact, the auditing rules provide for such a thing.

The International Standard on Auditing 560 (ISA 560), approved by the Malaysian Institute of Accountants (MIA), covers what it calls subsequent events.

There are two categories of such events – those that occur between the date of the financial statements and the date of the auditor’s report, and facts that become known to the auditor after the date of the auditor’s report. It’s clear that the latter category applies in the 1MDB case because the 2013 and 2014 audited financial statements were issued months ago.

The ISA 560 spells out the auditor’s responsibilities relating to subsequent events.

For example, if an auditor becomes aware of a fact that might have caused him to amend the auditor’s report if he had known that fact at the date of the report, the auditor is obliged to discuss the matter with the company’s management, determine whether the financial statements need amendment; and, if so, inquire how management intends to address the matter in the financial statements.

However, the ISA 560 doesn’t elaborate on what constitutes a fact.

Sure, it’s a fact that the DoJ is taking civil action, but as 1MDB points out, the content of the complaint has not been proven in court. Deloitte itself describes the allegations in the DoJ complaint as “information”, which may or may not be facts.

So how has Deloitte established that its audit reports for 1MDB’s 2013 and 2014 accounts would have been different in light of this information? And at what point did the firm arrive at this conclusion? And what if other authorities come up with information that contradicts the content of the DoJ complaint? In other words, how would the firm deal with an event subsequent to a subsequent event?

We don’t know the answers because Deloitte declines to comment further on the statement.

So which regulator is in a position to clarify this situation?

The Audit Oversight Board can’t because it only looks at the audits of public-interest entities; 1MDB doesn’t come under the Securities Commission Act’s definition of a public-interest entity.

The MIA, which is both a regulator and a professional body, can investigate and punish members – these are individuals, not firms – for unprofessional conduct. But we’re jumping the gun here.

There’s no reason to speculate about such matters when it’s more important at this point to better understand what it means when it has been declared that the audited accounts of 1MDB can no longer be relied upon. That leaves us with the Companies Commission of Malaysia, which is charged with regulating companies according to the Companies Act. Will the commission say something anytime soon?

Executive editor Errol Oh has resumed writing after a five-week break from this column. He’s not ready to say it’s good to be back.