When B. Ramalinga Raju, the disgraced former chairman of Satyam Computer Services, wrote a letter earlier this month confessing to a massive fraud, he exculpated senior executives, independent directors and his own family members. He made just two exceptions: Chief financial officer Srinivas Vadlamani and statutory auditors Price Waterhouse. With reason, perhaps. Vadlamani is now keeping Raju company in jail, and Price Waterhouse faces a barrage of questions about its inability to detect the fraud.

As India Knowledge at Wharton recently wrote, Raju admits to having manipulated Satyam’s accounts for several years. He says revenues have been overstated and profits inflated by more than US$1 billion. Worse, the company’s cash reserve of US$1.2 billion is non-existent. (See Scandal at Satyam: Truth, Lies and Corporate Governance.) Recent news reports note that Satyam inflated employee numbers — it had 40,000 employees rather than 53,000 as it claimed — to siphon off more than Rs. 200 million (US$4.5 million) a month.

Raju and his brother — Satyam managing director B. Rama Raju — are now being questioned by various investigative agencies in India. Little information has emerged so far beyond the fact that the money is indeed missing. One school of thought among observers maintains that Raju’s statement is a tapestry of fabrications. “Raju’s confession a pack of lies?” ran a front page headline in the Delhi-headquartered daily Hindustan Times. The newspaper says that a Registrar of Companies investigation has found that the reserves did exist, but were siphoned off by Raju and his colleagues to fund a network of companies promoted by the Raju family.

Others, too, find the statement hard to swallow. “If one analyzes Raju’s statement, there are a lot of inconsistencies,” says V.V.L.N. Sastry, country head of Firstcall India Equity Advisors, which offers private equity advisory and investment banking services. “Raju says cash and bank balances amounting to Rs. 5,040 crore (more than US$1 billion) are nonexistent. This brings into question the genuineness of the statement. No one can hold beyond a reasonable amount in the form of cash, and no one can inflate or overstate bank balances. At the time of preparation of the balance sheet, the auditors cross-verify the bank statements and tally them with the cash and bank balance numbers. Even if we presume that inflating cash and bank balance is possible, it cannot be of this volume. Inflating bank balances is not possible under any circumstances.”

Russell Palmer, former managing partner of Touche Ross (later Deloitte & Touche) and author of Ultimate Leadership, agrees. “Cash is easy to audit,” he says. “You count it and confirm it with a third party — such as the bank. It is precise enough that it would be unusual if large amounts were missing after an audit. The auditor has to have written confirmation from the bank that so much money exists.” Palmer adds that if bank regulations do not permit an auditor to verify — independently — material amounts of cash a company has in its bank accounts, “then the auditor cannot give an opinion. It is as straight-forward as that.”

Satyam had deposited money with various banks. Under Indian law, banks have to deduct tax at source (TDS) for any interest income that exceeds US$200 a year. This money has to be paid directly to the government. The banks have now been drawn into the investigation. But observers say it is impossible that the banks could have connived with Raju to produce false TDS certificates. And if the deposits did exist when the accounts closed on March 31 last year, the siphoning has been of recent vintage. Until the investigations are over, no one can quite say when the auditors took their eyes off the ball.

Faced with questions about its role in the Satyam debacle, Price Waterhouse, the audit arm of the global PricewaterhouseCoopers (PwC) group, initially claimed client confidentiality. Then, in a letter dated January 13 addressed to the new government-appointed Satyam board, the firm sought to absolve itself of all responsibility. “Financial statements were prepared by the management of the company,” read the letter. “We planned and performed the required audit procedures on such financial statements, and examined the books and records of the company produced before us by the company management. We placed reliance on management control over financial reporting, and the information and explanations provided by the management, as also the verbal and written representations made to us during the course of our audit.”

The Auditor’s Dilemma

Wharton accounting professor Brian Bushee doesn’t want to direct all the blame toward Satyam’s auditors. “If the management team wants to commit fraud, there is no way an auditor could pick it up,” he says. It would take too much time and effort for auditors to look at every single cost or item, which is why they conduct random checks, he adds. He offers the analogy of airplane crashes. “The Federal Aviation Administration puts in all sorts of checks and balances to ensure safety of air travel, but there is a human element you cannot control. Occasionally, you have crashes,” he says.

According to Palmer, collusive fraud is extremely difficult to detect during audits. “It is one of the most difficult areas to delve into. Consider, for example, that I sell an asset to a third party and an auditor reviews the transaction. But one thing the auditor does not know is that I have given the buyer a letter agreeing to buy back that asset a year later, compensating the buyer for interest and profit. How would the auditor know that this piece of paper exists? That is why collusive fraud is very hard to uncover.”

Price Waterhouse notes that after Raju’s letter — in which he claimed that the financial statements were inaccurate for several years — the firm could no longer stand by its audit. Price Waterhouse’s January 13 letter stated: “Our opinion on the financial statements may be rendered inaccurate and unreliable.” Does that give them a way out? Says Manoj Chakravarti, chief operations officer, Centre for Corporate Governance and Citizenship, IIM Bangalore (IIMB): “I don’t think the letter can help Price Waterhouse escape responsibility.”

Ravi Aron, a senior fellow at Wharton’s Mack Center for Technological Innovation, believes it is critical for auditors of outsourcing services providers like Satyam to “know the underlying cost structure of the business.” Satyam’s management appears to have both overstated revenue and understated expenses to inflate profits, according to Aron. Unlike a company with a domestic focus, cost recognition is a multi-shore activity at outsourcing services firms, and it is “fraught with dangers of flexible accounting practices,” he says.

In the IT services industry, overseas clients generally pick up the wage tab for the service provider’s staff stationed onsite and adjust it against the contract value, he says. A services provider like Satyam might choose to depress its costs by not treating those wage payments as a deferred expense, he adds.

It is also common for a service provider’s staff to receive a portion of their compensation in, say India, which they would collect as a lump sum when they return after a project’s completion. An employer might avoid reporting that as a deferred expense, thereby inflating revenues, according to Aron.

Client companies also occasionally ship their preferred hardware to their service provider with an understanding that it would be returned at depreciated value when the contract expires or a portion of its cost would be adjusted against the contract value. “Service providers can suppress costs by showing them as assets and not recognizing them as an expense on their profit-and-loss accounts,” says Aron. They could boost earnings by recognizing incentive components of a contract value as earned income, although that is contingent upon delivering successfully on the project, he adds.

What can an auditor do in such situations? “The duty of an auditor is to provide an independent opinion on the financial statements of an enterprise,” says Suresh Surana, founder of the RSM Astute Consulting, the Indian affiliate of RSM International, a U.S. based accounting and consulting firm. “The financial statements comprise the balance sheet, the profit and loss account and the cash-flow statement. The auditor needs to obtain ‘sufficient and appropriate audit evidence’ to draw conclusions on which he bases his opinion. The auditor needs to demonstrate that he exercised ‘due professional diligence’ and an attitude of ‘professional skepticism’ in discharging his duties and that he has not been ‘grossly negligent.’ At the same time, an auditor is not expected to have an investigative approach unless there is reason for suspicion. External evidence (confirmation received from a third party or banks) is usually more reliable than internal evidence. Examining corroborative evidence, such as interest earned on bank deposits and proof of TDS, provide increased assurance to the auditor. As such, the auditor can escape the responsibility only if he can demonstrate that he was not grossly negligent in conduct of the audit.”

Price Waterhouse’s Exposure

“Price Waterhouse cannot escape responsibility,” says Madhusudan Karmakar, associate professor (finance and accounting) at the Indian Institute of Management, Lucknow. “The auditor’s job is to examine the books of accounts prepared by the company. Only if it is fully satisfied with the accounts does it certify that the financial statements of the company reveal the true and fair view. The profit of the company has been inflated and the liability has been deflated for the past few years and Price Waterhouse has performed audits of the company from 2000 to 2008. Hence, the auditor has failed to reveal the true position of the company. If the auditor is found guilty, it should be banned by the Institute of Chartered Accountants of India (ICAI).”

“The role of the auditors is to verify the facts presented by the company,” says Chakravarti of IIMB. “While doing so they have to follow certain rules and processes. The verification is done by both looking at the sanctity of the documents presented by the company and also by going independently to the source. For instance, in the case of bank reconciliation, the banks are a very active partner in proving how correct the company statements are. Good auditors certainly do independent verification. If any auditors go only by the management statement and do not do this independent verification, then they have no right to audit anywhere.”

It isn’t easy for auditors to ask a company’s bankers for statements “without the client’s blessings,” according to Bushee. He says auditors tend to rely “very heavily” on the information the banks and the companies give them. “If they didn’t give the [client] company the benefit of the doubt, 99 times out of 100 you would just be antagonizing the company by suggesting that you suspect them of committing fraud,” he adds.

Bushee resists the characterization of Price Waterhouse in the Satyam case as India’s Arthur Andersen. The case with Satyam’s auditors is “very different” from Arthur Andersen’s role in the Enron scandal, he says. “Arthur Andersen worked with Enron to structure some of the accounting and hide some things off the balance sheet; it also tried to cover things up,” he says. “There isn’t any evidence that [Price Waterhouse] was involved in similar ways at Satyam.” Also, he says Arthur Andersen was the auditor for other companies like WorldCom where accounting frauds were discovered, and “it seemed more of a pattern.”

Palmer, who served on the committee headed by former U.S. Fed chairman Paul Volcker to investigate Arthur Andersen’s role in Enron, agrees that PricewaterhouseCoopers’ role in Satyam is very different. “Did Arthur Andersen do a good job auditing Enron? No. But did the firm deserve to go down? No. More than 80,000 people lost their jobs because of one audit. If you bring criminal charges against a Big Four professional services firm, it could go down. But I absolutely don’t see that happening at Price Waterhouse. It’s not in the same realm.”

Rajesh Chakrabarti, assistant professor of finance at the Hyderabad-based Indian School of Business (ISB), believes no proof yet exists of “any malafide intention, but there is absolutely no doubt that Price Waterhouse is at fault in terms of being negligent,” he says. “This whole issue of not having the bank documents verified by the banks themselves is a big omission. Auditors all over the world have to necessarily do a few things. For instance, when companies show accounts receivable, it is the auditors’ job to make a random check with a few of the debtors. Similarly, auditors need to verify bank accounts. That said, the general practice is that, when provided with a credible bank document, the auditors trust it and go with it. On the basis of what has come to light so far, I don’t think Price Waterhouse’s rigor in the audit was drastically looser than other auditors. Most of them are sleeping guards and any serious offender can pass through. However, that is hardly an excuse for Price Waterhouse. It is still an omission on its part. [The Satyam scandal] is a huge wake up call for all auditors and for every pillar of corporate governance. There are three levels of auditing that happens in any company. First is the internal audit. Then there are the external auditors. And finally there is the audit committee. The Satyam case has been a failure at all three levels,” he concludes.

The fraud at Satyam is similar to that of Italian diary and food products maker Parmalat, which was accused in 2003 of falsifying 3.9 billion euros in bank accounts, according to Bushee. “They basically produced forged statements. The auditor took those statements and went with them,” he says.

The Global Trust Bank Case

PwC in India has been in trouble before. In 2003, Global Trust Bank (GTB) collapsed following a stock-rigging scam masterminded by Ketan Parekh, a Mumbai-based broker. Price Waterhouse affiliate Lovelock & Lewis (both are part of PwC) was the auditor and certified a net worth of US$80 million for the financial year ended March 2002. A later investigation by the Reserve Bank of India (RBI) showed a negative net worth.

“Subsequent to the events relating to the erstwhile GTB — it was later merged with Oriental Bank of Commerce — RBI had advised the entities under its regulation that they may consider not to engage PwC for any audit work till further advice,” says RBI spokesperson Alpana Killawala. “RBI simultaneously referred the matter relating to deficiency in the conduct of statutory audit by PwC to the ICAI in August 2004 for taking suitable action against the audit firm. The disciplinary proceedings initiated by ICAI are still in progress. PwC represented to RBI in October 2007 requesting reinstatement as they had already been penalized by denial of audit for more than three years. Considering the representation of PwC, RBI decided to reinstate the firm with effect from April 1, 2008.”

The GTB instance raises one key question: Given the track record of Indian regulatory agencies, will anything really happen to Price Waterhouse? As it is, the ICAI has stirred up a can of worms by saying that it will hold the partners who have signed the Satyam account responsible; but it may not be possible to take action against the firm. If that is left to the courts, nothing may happen for years.

To be sure, Price Waterhouse’s troubles with Satyam aren’t unique. “If you look carefully, all of the Big Four auditors have had frauds like this in the past,” says Bushee. “It is part of the process. If you audit thousands of firms, every now and then you get one or two firms that have fraud.”

All the same, the Satyam episode has consequences for its investors in the U.S., who have filed several class action suits. Some investors have been talking about seeking damages from PricewaterhouseCoopers, the global parent firm. But the Indian affiliate has to be found culpable first. “The ICAI is the only body to whom the auditors are liable and only the ICAI can revoke their license,” says Chakrabarti of ISB. “But I don’t think it will go to that level. It all depends on how much noise is created. Internationally, sometimes auditors have a liability to the market regulators but that is not the case in India.”

“The proceedings regarding disciplinary action are carried out under the Chartered Accountants Act by the ICAI, and the proceedings are quasi-judicial,” says Surana of RSM Astute. “Further, the order of the ICAI is subject to appeal in the High Court. In India, the entire judicial system is overburdened with a plethora of cases and it takes several years for them to be finally adjudicated. The improvement of the system entails action at two levels — the ICAI and the judicial system in general.”

The new Satyam board has appointed two new auditors — Deloitte and KPMG — to restate the accounts. Here also a controversy has started, with ICAI claiming that KPMG is not authorized to carry out any audit work in India.

20-20 Hindsight

A bigger issue relates to how Satyam and Raju managed to get away with it for so long. With 20-20 hindsight it is easy to say — as many are doing today — that there were always doubts about Satyam. For years it had been trying to break into the ranks of the top IT companies. But the Big Three — Tata Consultancy Services (TCS), Infosys and Wipro —  never became the Big Four. Also, Satyam was never as highly rated by the stockmarkets.

“No one suspected, because there is still no clarity yet on what Satyam and Raju have done,” says an analyst. But there have been some murmurs in recent times. During a conference call on Satyam’s September 2008 quarterly results, Kawaljeet Saluja, an analyst from Kotak Securities, raised questions on the way investments were being handled. “If the figures are taken at face value, what this indicates is that Satyam’s management was incredibly lax about the returns from its investments, preferring to keep huge amounts in non-interest-paying current accounts,” says business daily Mint.

Was the Raju façade really so impenetrable? A straw in the wind indicates otherwise. After the December fiasco over the attempt to take over the Maytas firms (belonging to the Raju family), Satyam appointed DSP Merrill Lynch to explore strategic alternatives. On January 7, the financial house wrote to the Securities & Exchange Board of India (SEBI) stating that it had terminated its advisory agreement. The reason: “In the course of such engagement, we came to understand that there were material accounting irregularities.” It took Merrill Lynch only days to discover what Price Waterhouse couldn’t in years.

Analysts at institutional investors have an advantage in that they follow multiple companies in an industry and are able to spot discrepancies during their due diligence, says Bushee. But auditors are hampered by the fact that they cannot really transfer information gained from one company to another company’s audit. “It’s against their code of conduct,” he adds. “It has to be the whole system — auditors, financial analysts, regulators and the business media — no one party is going to have the incentive or the skills or the information to detect these frauds.”

What happens to Price Waterhouse now? “We will only find out after conducting our inquiry as to whether they knew about all of this or were simply negligent,” says ICAI president Ved Jain. “All the regulators must come together to identify and punish the guilty.”

Tight Corner

But there could be punishment beyond this justice in slow motion. Says Sabyasachi Satyaprasad, director and cofounder of Multiplex Consulting: “This puts Price Waterhouse in a very tight corner and could affect the other firms audited by them.” The current client list reads like a Who’s Who of Corporate India. There may be desertions even before legal action is taken. Recently, apex chamber FICCI has broken off an eight-year-old partnership with PwC for its annual media and entertainment survey and seminar. KPMG has been roped in instead.

In the immediate aftermath of the Satyam revelation, when the Bombay Stock Exchange Sensitive Index (Sensex) tanked 749 points, or 7.25%, in a day, two sorts of companies were under extra pressure. First, those whose corporate governance norms were suspect (the realty sector, for instance). Second, those audited by Price Waterhouse. As William Shakespeare’s Macbeth said: “In these cases, we still have judgment here.”

The Satyam case offers India’s IT and BPO services industry an opportunity to introduce audits that cover financial, operational, strategic and composite risks, according to Aron. “It will be a combination of Basel II (prudential banking regulation norms), Sarbanes-Oxley and CMM (capability maturity models, which are accepted performance benchmarks) rolled into one,” he says. “It will become an enormous source of competitive advantage for the top Indian companies in this business.” He feels the industry’s apex body National Association of Software and Services Companies (Nasscom) should take the lead in introducing these risk audits.

Meanwhile, the regulators are working on measures to prevent more Satyam-like scandals in the future. One solution proposed by SEBI is to subject audits to a peer review. That has been welcomed by some. “It’s a good idea,” says Chakrabarti of ISB. “It can only help raise standards.” Ashok Soota, chairman and managing director of MindTree, a Bangalore-based consulting firm, adds: “These are just early ideas and we have to see how they evolve.”

Sujjain Talwar, partner with Economic Law Practice, a leading Indian law firm, says it has a downside. “Who will bear the cost of the review?” he asks. “The shareholders? Another issue to consider is that of confidentiality as the peer review will allow auditors, other than the statutory auditor, to examine the financial statements. It is likely to have a conflict of interest with other audits conducted by the peer review firm.”

“Another option available to shareholders is to insist on not only approving the appointment of the statutory auditors but also the terms and conditions of the appointment as well as the remuneration payable to them,” adds Talwar. “Also, the auditors should not be allowed to limit their liability when it comes to instances of gross negligence, fraud and misconduct on their part.”

That may help. But the consensus opinion appears to be that you can’t stop a determined fraud no matter how watertight the rules. Says Chakravarti of IIMB: “The existing rules and regulations (regarding auditing) are pretty robust. SEBI’s peer review is more ammunition to strengthen the system. However, if someone is determined to cheat, then nothing is really adequate enough.” Adds Soota of MindTree: “One incident should not end up tarring everybody. If someone has made up his mind to do something wrong, then he will, and sooner or later there will be an Enron. The positive fallout of this is that now everyone will examine everything in detail and see how to make things foolproof.”

Others also advise caution; it is not necessary to throw out the baby with the bathwater. “We should let the investigations get completed,” says Ganesh Natarajan, chairman of IT apex body Nasscom, and CEO of Zensar Technologies. “Otherwise we might end up with some knee-jerk responses which are not appropriate to the situation. Then we will only add to the inefficiencies and not solve the real problem. We need to identify the root cause of the problem and then find solutions.”

N.R. Narayana Murthy, chairman and chief mentor of Infosys Technologies, is also a believer in a calibrated move forward. “Now that there is a board appointed [at Satyam], the rest of us should stop second-guessing,” he says. “I would rather we leave these issues to them.”

Bushee is unsure whether the Satyam case offers any larger lessons. “I am skeptical you can come up with a new red flag that would help take care of these problems, unless you want to go to 24-hour video and audio surveillance of the top management,” he says. Satyam’s shareholders, though, probably wish Raju had been under such scrutiny.