A Q & A on the NMC Health Accounting Scandal
I have received many queries ever since my article on the NMC fraud was published by the CFA Institute on 19 May 2020 on the Enterprising Investor blog.
So, while a lot remains unknown, this piece is a detailed attempt to answer some of these questions. It also throws up some interesting questions.
Qn #1: Why didn’t the external auditors pick this up? (This was the most common query)
External audit is often unfairly blamed.
Firstly, an external auditor’s scope is quite narrow. This is statutorily prescribed and is deliberate. The scope is to attest whether the financial statements reflect the transactions during the year and the position of the company at the end of the year and whether these are reported as per the relevant accounting standards (IFRS). If the scope were broader the audit would take YEARS.
Audit is and has to be on a sampling basis for the sake of efficiency.
Auditors also cannot be expected to be detectives especially when the fraud is complex and off-balance sheet like NMC- that’s not their job. As a landmark English case laid out, “the auditor is a watchdog and not a bloodhound”.
Most readers and investors are unaware of the exact scope of an external auditor and hence the first reaction is to blame the auditors.
Qn #2: But doesn’t external audit have many serious inherent flaws which may have contributed to this?
Oh yes. Agreed. There are many flaws.
There is a huge conflict of interest. The auditors are paid by those they audit i.e. the company. Now you might think so what? But the auditor is not just another vendor. He was appointed by the shareholders to act as their eyes and ears and monitor management and is a critical part of corporate governance. But many auditors won’t speak up for fear of losing the audit or annoying some big shot. Not because it's lucrative (it’s usually low margin) but to get non-audit work where the real jam is. NMC was a fast growing FTSE 100 company promoted by well known and respected names so which auditor would be so brave?
There are regulations on what non-audit work auditors are allowed to do for the same client (thanks to Enron and the SOX Act). Also, all Big 4 firms have internal guidelines. But I researched and found that for non-US public companies there is a surprising amount of non-audit work that is permitted. For example, auditors can do valuation, due diligence, M & A advisory, IT advisory etc. And if the company is not publicly listed, then there is a lot more flexibility in terms of providing a host of non-audit services.
The auditors often have little idea about the business, and this is critical for identifying risks and challenging management. While the audit partner and manager may be the same for many years, it means nothing as these chaps oversee dozens of audits and don’t have the time to specialize in, keep track of or engage in depth with specific clients. It's worse for the juniors on the team doing the field work; these keep changing from year-to-year and are even more clueless. The result? Audit usually becomes a laughable box ticking affair, even among the Big 4.
Then you have the time issue. Audits are priced cheap, so auditors have tight timelines and measly cost budgets. There is always a tearing hurry to finish and move to the next audit. Many audits are severely under resourced with auditors wandering like zombies from one audit to the other. They simply do not have the time to sit back, look at the big picture, analyze patterns, run models, ask searching questions etc. If it’s a public company there is the added pressure of rushing to publish results which means, inter alia, a faster audit.
The above are probably the reasons why Bishop (2004) stated that fraud was most frequently detected by internal audit (23.8%) while the information of workers was the second most common detection method (23.6%). External audit did not even feature among the top 3.
Qn #3: Banks provide independent confirmations to external auditors about deposits, assets, and other facilities for the client as at the end of year. How is that the debt reported in the independent confirmation was reconciled with what reported in the audited financials?
The auditors are supposed to send requests for confirmations to banks. These are banks with which the company has said it has relationships with or the banks that appear in the books of account.
Also, confirmations are issued by a separate team inside the bank independent of the front-line staff and the possibility of collusion is much more remote now.
But bank confirmations are a test of accuracy, not completeness.
Also, NMC had borrowings from 80 banks. Given that a huge amount of debt was NOT reported on the balance sheet, the auditors would never know what was NOT there.
So, bank confirmation is not a bullet proof procedure.
Qn #4: From what I understood is that the auditor's mandate doesn’t include checking for fraudulent activities. But when auditors turn a blind eye, can they be held accountable and to what extent?
Correct.
If the fraud was obvious or a “reasonable man” should have suspected something and the auditor missed it, he could be in trouble. But it is quite difficult to prove that in a court of law as it’s quite a high bar.
It depends a lot on the situation as well. And we don’t yet know what happened.
Qn #5: Based on your auditor experience, what is the probability EY could have noticed indicators of what is going on?
I have of course no idea how EY conducted the audit, what they saw, what they didn’t see and what discussions they had with NMC’s management.
But you have to remember that each one of the red flags I mentioned in my article could have been explained away by the company to the auditors. I can imagine some of the answers to the auditors as set out below:
Question: Why the Acquisition spree?
Answer: Well we have ambitious growth targets and there is a lot of potential to grow in the GCC IF we grow inorganically through acquisitions. Organic growth will be too slow. There is nothing illegal or dangerous about acquisitions. It’s a legitimate and common business strategy. Plus, you auditors aren’t qualified or experienced enough to comment on business strategy, are you?
Question: Why the huge goodwill?
Answer: Yes, some of the acquisitions were expensive but these are well run businesses in lucrative niche markets with good reputation and high-quality people. You don’t get these cheap. Plus, the price will be paid for many times over in future. Here are the projections of revenue and profit. There is nothing illegal or dangerous about goodwill.
Question: Why the unsafe, high leverage?
Answer: Well we need to finance these acquisitions and our operating cash flows aren’t sufficient. Our forecasted cash flow from operations, especially when the acquisitions start generating cash for us, will be more than adequate to service the debt. Here are the projections of cash flow from operations. There is nothing illegal or dangerous about leverage. It’s a legitimate and common financial strategy.
Question: Why the unusually high margin?
Answer: We didn’t provide for receivables because we think the receivables are fully recoverable. In fact, here are the recent confirmations from all the major debtors. We have a good relationship with them as well. Your insistence on making a provision is based on lack of knowledge of the specific facts. Also, we buy some consumables from a related party who charges us lower than market rates and this is good for our margins and for shareholders.
So, it’s not that difficult to fool the auditors.
Yet….In financial analysis we have a framework called the Fraud Triangle- Incentives, Opportunities and Rationalizations. If all three exist at the same time, accounting fraud is likely.
My view is that there were several incentives (listed stock, rapidly increasing management compensation etc.) and also several opportunities (Huge goodwill, big related party transactions etc.). While this doesn’t make for a smoking gun, there were sufficient grounds for skepticism and increased diligence. The auditors should have dug deeper.
Qn #6: Aren't the auditors supposed to test Goodwill for impairment annually?
Yes, the auditors are supposed to test annually.
Goodwill is an intangible asset (essentially nothing but overpayment for a company you bought) but unlike other intangible assets it’s never amortized. Instead the acquiring company and their auditors must test goodwill annually for impairment. If it is impaired, you should record a loss. This loss has the effect of writing down the value of goodwill on your balance sheet and also reducing your profit.
Most management are reluctant to write off goodwill because apart from the above accounting effects it can make you look like a complete idiot for overpaying with shareholders’ money.
But how is this test for impairment done?
This is where it gets interesting!
Under IFRS Goodwill is impaired if the Recoverable Amount of the Cash Generating Unit (“CGU”) is less than the Carrying Value. In other words, we have an issue if the real value of the acquired unit is less than the book value of the acquired unit.
How to calculate the recoverable amount? One big element is what you call the Value In Use (“VIU”) which is nothing but the present value of estimated cash flows from the acquired company.
A clever CFO can show sufficiently high estimated cash flows and discount these using a suitably lower rate to get a high enough VIU that ensures there is NO impairment. Auditors of course should check this for "reasonableness" but how can they really “check” the cash flows and the discount rates when a) these are estimates and b) they know little about the business etc.?
Point- Impairment is based on estimates and assumptions which are difficult to challenge.
Qn #7: It is really strange that if the debt from banks is not completely reflected in the audited financials then what were the relationship managers and risk managers doing at the bank. They were not reviewing the financials?
We now know there were around 80 local and international banks (!!) involved.
It's most likely that most of the banks were regularly reviewing the financials.
It’s also most likely that the coordination among the banks was zero to low. Coordination amongst lenders is a problem. In the UAE we are seeing some consolidation and sharing of credit data, but sources tell me it is far from smooth.
You can imagine how terrible the coordination will be when banks from many countries outside the UAE are involved.
We know that NMC also borrowed from a syndicate of banks and the syndicate members would or should) know the borrowings taken by NMC from the syndicate as well as individual syndicate members.
But what if NMC also borrowed from many single banks that were not part of any syndicate? I bet that many of the relationships with the 80 banks were bilateral.
What if NMC borrowed using reverse factoring? The lender would pay the supplier on behalf of NMC and show the loan in the lender’s books but apart from the supplier, the lender and NMC no one would be the wiser.
What if the money borrowed never ever came into NMC’s books in the first place?
Bottomline- The banks may have been reviewing the financials, but the financials were incomplete, and the bigger issue was not on the balance sheet anyway.
Qn #8: Could this happen in the developed world?
Probably.
Everyone likes to point fingers at the UAE and talk about corporate governance etc. The implication is that this wouldn’t have happened in the developed world.
Sure, there have been a few local lapses. But let’s have a proper perspective.
NMC was a UK listed company. It was regulated by the UK regulator (the Financial Conduct Authority). NMC financials were signed off by a UK based audit partner of EY. NMC even had a few high-profile UK nationals on the board of directors, one of which (Jonathan Bamford) is a Chartered Accountant, an ex EY partner and also member of the …drum rolls please…. audit committee.
Qn #9: The Beneish model predicted earnings manipulation as early as 2016, perhaps these signs could have become a starting point of investigation for the analysts but were not done?
Probably.
But how many use this model?
The external auditors spent most of their time looking backwards. Hence it's highly unlikely that they would run this model.
The internal auditors are more likely to run such models, but they are employees of the company and hence conflicted although they are supposed to report to the board. Many boards in this region are ineffective.
The bankers want their loans back and care a lot about whether the company can service debt. They use their own ratios and models. The last time I checked, not even international banks used predictive models in company specific credit analysis. The other issue with many bankers in credit analysis is the lack of sophistication. As one senior banker laughingly said to me “Binod the depth and breadth of analysis in your article is far beyond what most bankers do!”
The regulators? Sure, they have supervisory staff but how many use the right tools? I don’t know about the FCA but the SEC uses the Accounting Quality Model (‘AQM”) to pick up accounting fraud and although they refuse to reveal the details ( obviously!) it’s quite likely that it shares a few factors with the Beneish model. But even if the FCA has the tools, how many companies will they dig into? They are probably overloaded, and I don’t think running and analyzing the Beneish model or any model ranks anywhere in their list of to do tasks.
Qn #10: Do you think so we need to focus more on predictive modeling techniques in future?
I don’t think it’s as simple as that. For many reasons.
Beneish M-score is a probabilistic model, so it cannot detect companies that manipulate their earnings with 100% accuracy. Hence there will be missed cases.
Predictive models are simply one of the many tools at the disposal of the analyst. If you look at my article, I first covered the acquisition spree, obscenely high goodwill and leverage and high profit margins before coming to the two models. You look at many things and must pick and choose what tools you want to use.
Some of these tools (which I didn’t use) include a host of measures around the concept of Earnings Quality that include the Accruals Ratio and discretionary vs non-discretionary accruals.
Predictive models can be gamed as all these models are public knowledge and almost all the information comes from the published financial statements. Hence cunning CFOs can try and fudge numbers so that the models don’t flash red. As a result, the power of these models has been declining over the last 30 years.
Also, while these models may work (and should be applied) for large and listed companies, the models require far more accounting information which small and mid-size companies cannot provide.
Qn #11: I liked the models you presented but still they proved to be working because we now know the scale of the hidden debt.
Not at all.
Yes, I agree the Altman model didn’t work.
But the Beneish model was giving alarm signals in 2016, 2017 and 2018. All this WITHOUT the extra huge debt included in the calculations.
By the way Prof Masood Beinish recently proposed -1.78 as the cut off. Interestingly, even if you use this, NMC was in the red zone in 2016 and 2017 but not in 2018 although it was close to the cut off (score of -1.85 vs cut off of -1.78).
I hope this clarifies the issue somewhat.
But I am as keen as you are to find out how this fraud was done.