AUDITING INFORMATION SYSTEM

Name: Christian Lloyd B. Ogabang Course: BSAIS

Instructor: JT Punayan, CPA Year: 4th Year

Case I. DEUTSCHE BANK: A RUSSIAN AFFAIR

As directed by the German law that implemented in 1870, the Deutsche bank

established a dual board structure. A dual board structure or two-tier board

encompasses supervisory board and management board, and their mandates are kept

separately which means that members of the supervisory board cannot be the members

of management board at the same time. Within the mandatory of a two-tier or dual

board structure is that the executive directors in the management board decide about

the company’s objective and implement the necessary measures, while, the

management board also represents the company in and out of court and provides the

strategic direction for the company through careful planning of operations. An

advantage of dual board structure is that the board of the directors has more prominent

freedom corresponding to the executives and dual board structures typically grant

employees more influence over the appointment of supervisory board members who

best represent their interests. There are also disadvantages in a dual board structure

such as it can make the company to have risks of dominating the board by majority

shareholder and lacks information to carry out its business functions.

In the case of Deutsche Bank, its supervisory board consists of 20 members and

established seven standing committee. DB also had a Group Executive Committee that

consists of the members of the management board and senior representatives

appointed by management board but was soon dissolved due to reduce its

organizational complexity of DB. Also, there were board structure issues that has been

established during the mirror trades scandal of DB such as in June, 2015, with strain

from shareholders strengthening over the mirror trades and different outrages, the co-

C.E.O.s of Deutsche Bank, Anshu Jain and Jürgen Fitschen, declared that they would

leave. They were replaced by John Cryan, whose transmit was to clean up the bank.

DB was also fined by the U.S. and U.K. regulators for more than US$2.5 billion over

alleged benchmark interest rate rigging this because of the reason that more than two

thousand transactions did not comply with the internal AML control procedures during

the scandal of the mirror trades in DB.

There were many lapses in DB’s KYC procedures and investigations found out that it

was ineffective and understaffed such as customers were to provide informal

documentation on the source of funds. Deutsche Bank supervisory board regularly

monitors the risk and capital profile. However, in the AML framework it resulted in

inconsistencies in the formulation and application of policies and procedures. The DB

adopted a “Three Lines of Defense” as their risk management model wherein the 1 st line

of defense are all of the business divisions and service providing infrastructure areas,

2nd line of defense are all the independent risk and control infrastructure functions and

lastly the 3rd line of defense is a group audit which assures the effectiveness of the DB

controls. All three lines of defense that are stated by the DB are free of each other and
responsible for keeping up with structures that guarantee adherence to the plan

standards at all levels. The DB’s failure on the third line of defense according to the

case, it was unable to fulfil its key role of ensuring compliance and effectiveness of

controls. DB did not have an automated system to monitor securities transactions,

which further increased the risk of using the remote booking model.

Deutsch Bank has a whistleblower policy. In this case, there were no whistleblower

during the case of mirror case it is because that the issue was found out during the

internal investigation called the “Project Square” wherein it was confirmed that Wiswell’s

desk had indeed helped to expatriate billions of Russian rubles out of the country

through mirror trades. Also, DB’s onboarding staff as stated in the case study faced

threats when they did not expedite processes to facilitate the mirror trade transactions.

It is apparent, though, that Deutsche Bank is well aware that its compliance culture

needs to improve and is making changes accordingly such as by adopting compliance

as a cultural practice to really find gain the agility and efficiency for long-term success in

the organization.

Banks and other financial institutions such as Deutsche Bank are legally obligated to act

in accordance to the Anti-Money Laundering (AML) Regulations to ensure that the

institutions do not support money laundering activities. AML guidelines expect banks to

gather client data, monitor and screen their transactions and report dubious action to

financial regulatory authorities. Furthermore, the AML holding period requires deposits

to stay in a record or account for something like five trading days. Banks can enhance

through utilizing the holding period to help in AML and risk management. Also under

know-your-customer procedure, financial institutions can strengthen their KYC

Procedure by establishing a legitimacy of customer’s identity and banks should make

the necessary steps, both in terms of compliance frameworks and related cycles, to

comprehend the risks inherent in the payment flows of not only their own clients, but

also their clients’ clients. In the case of DB, these risk-based approach was not truly

effective during the mirror trading scandal by not appropriately performed by onboarding

customers and there were inadequate documentation by DB Moscow’s securities desk

and there were many lapses in DB’s KYC procedures.

According to the article I read online, Deutsche Bank directed the finger of blame toward

Wiswell. The organization's initiative likewise blamed him bribes to facilitate the trades.

However, in my opinion, the blame should not only be on Wiswell and to the two of his

team members because of the reason that there was also a failure on the group audit

wherein it was unable to fulfil its key role to ensure effectiveness and compliance

controls to DB. There was also a lack of clear delegation of roles and responsibilities in

the dual reporting structure such as the London supervisor of Wiswell failed his

supervisory role in DB. It is a disadvantage also to the dual board structure that the

information will have no clear delegation as to where the board members will be

responsible to their actions. Institutional Shareholder Services (ISS) said that a special

audit could lay such concerns to rest. The concrete solution to help Deutsche Bank

overcome from any mirror trading or money laudering activities is to strengthen their

policy in internal controls and risk management issues and establish clear delegation of

roles and responsibilities to the board.

Case II. BT GROUP: THE ITALIAN JOB

BT Group is the UK's leading provider of business broadband and business phone

services. BT group of companies provides communications services solutions, serving

customers in more than 180 countries. BT appoints KPMG as its auditor, following the

Italian outrage, when the organization declared unseemly conduct in the Italian

business when a whistleblower from BT Italia reported various inconsistencies such as

improper accounting practices and a complex set of improper sales, purchase,

factoring, and leasing transactions. In my opinion, BT Group plc didn't maintain its

effective internal control over financial reporting because of the impact of material

shortcomings on the accomplishment of the targets of the control criteria. Often, many

companies do not know how to implement internal controls much less on how to

improve internal control, when they are scaling their business. BT group and BT Italia

should always ensure the accuracy and timeliness of their financial reports to avoid any

problems in accounting inconsistencies. The company should also assess their critical

risk factors in order to improve their internal control. BT Group can also follow the

“Sarbanes-Oxley Act of 2002” wherein it will help a companies to relieve ethical

dilemmas, increase accountability, deter fraud and improve the quality of financial

information.
It was Nick Rose, the Chairman of the Audit and Risk Committee that raised internal

control issues in the Italian subsidiary wherein there were inappropriate accounting

practices and complex sales, purchase, factoring and leasing transaction that take place

in BT Italia. The accounting misstatement or irregularities in a company is a risk factor

because it can also result to fraudulent actions which can be a big factor of the board of

directors to assess and investigate this kind of situation. If the board of directors cannot

fulfil its roles and responsibilities in the organization, then perhaps a change in

leadership is truly the solution that a company needs. As in the case to the BT Group’s

Chief Executive in view of the Group’s chairman that there is really a need to change in

leadership.

BT Group has picked KPMG as its new auditing firm, ending a 33-year relationship with

PricewaterhouseCoopers (PwC), in the wake of an accounting scandal in the

telecommunications giant's Italian unit. If the company has a good auditor with a solid

understanding of the company, the benefits of sticking with them often outweigh any

advantages of switching. There will be also no risk involved if the auditor is compliant

with the rules that they should already be monitoring and minimizing the risk of bias in

the audit but in some companies there will be trust issues between the client-auditor

relationships when they go through a longer standing relationship. When the lead

auditor changes, the company must really “start from scratch” with their client, which

means no longstanding relationship is intact. In other words, the audit firm will have to

spend less time on the audit than if it were entirely new company, which saves massive

amounts of time, and most importantly, money.

In accordance to the European Commission rules, all public interest entities must tender

for a new auditor every 10 years, and rotate their auditor after a maximum period of 20

years. In my opinion, changing to a different auditor or bringing someone new to the

company means that there is also new perspectives and fresh ideas on how things

could work in the company. Auditor changes often are linked to financial restatements

and discoveries of weak accounting controls inside the company.

There are two investors, a pension fund and an individual sue the BT Group along with

its several of its officers and directors for the misbehavior in the management resulting

in fraud. The investors allege that BT Group overstated profits for several years and

when it eventually reported its profits accurately, its share price fell due to fraudulent

accounting at one of its subsidiaries in Italy, BT Italia. In addition, BT Group repeatedly

disclosed concerns about BT Italy to the SEC, it also investigated the reports of

workplace bullying at BT Italia. Since then, BT Group’s financial statements reported

improvements in the control environment at BT Italy in 2014, 2015 and 2016. I guess

there were also changes in the leadership structure of BT Group that is why investors’

trust and confidence will ever be regained and remains unanswered.

BT policy is to achieve best practice in their standards of business integrity in all of their

operations such as a commitment to maintain highest standards of corporate

governance throughout the group. As other company group establishes its subsidiary

governance framework, it enables them to be in an appropriate level of control to remain

at the center or within head office. BT Group on the other hand, establishes its

governance over its subsidiaries by ensuring that they are always acting in the best

interests of and in accordance with their board of directors’ duties in relation to the
extent of their entity as to which they are taking decisions. BT Group’s accounting

scandal can be sort out through a change in auditor and a good practice on internal

control and corporate governance with its subsidiaries. Lastly, every business owner or

board of directors can achieve accounting fraud prevention by evaluating the accounting

transactions, restrict user access (this means that to have no system of internal control

should be built in trust and the company must have the custodial responsibility for

assets in each accounting transactions), and know their employees. Small and mid-

sized business are more valuable to fraud than larger organizations, and it can greatly

affect the whole operation and objectives of the business. Therefore, it is very vital or

important for companies to take action to deteriorate fraud and to investigate it as soon

as possible.