Speaking in a recent Aquila webinar, Aquila Super lead SMSF audit partner Chris Levy said that with the alleged victims of phony adviser Melissa Caddick including SMSF trustees who had their funds audited by professionals, this raises some important considerations around how auditors can identify potential fraud.
ASIC launched an investigation into Melissa Caddick’s wealth management firm Maliver in 2020 in response to concerns that she was providing financial services without an AFSL, had used another company’s AFSL without authorisation and had misappropriated investor funds. Melissa Caddick disappeared from her Dover Heights home in November 2020.
Mr Levy said he has had a handful of the SMSFs impacted by the alleged scam come across to his firm.
“Fortunately, we had nothing to do with them before, but I imagine there are a handful of very worried auditors out there that were involved in this,” said Mr Levy.
“Basically what [Ms Caddick] was doing was tipping all the money into an SMSF, dumbing up CommSec reports which she would hand to the accountant, the auditor and the members, and the auditors were just signing off on that.”
While many people are under the impression that these funds weren’t audited, Mr Levy clarified that they were, in fact, given to audit professionals who weren’t picking up that they were fraudulent.
“When this came out, I thought about how as an auditor would you identify this and how would you solve it,” he said.
In terms of broker-style reports, Mr Levy said a solution would be to perform PIN checks and to check dividends.
“Going forward, it is imperative that this additional audit work is done, if it wasn’t done before,” Mr Levy stressed.
“So with those broker-style reports, it’s just a matter of doing that extra audit work, and it should be fine. What concerns me, though, is that if she had taken it to a different level and instead of using CommSec, she was using some of those portfolio-type reports where everything is contained within the one set of reports.”
Mr Levy said that type of scenario is far more problematic for SMSF professionals and auditors as the fraud is harder to identify.
“We have attempted to obtain PIN numbers to try and do checks of the underlying investment balances, but often we just can’t do it, especially when there is a custodian in place,” he said.
The best option, Mr Levy said, is to check the data feeds and look through actual bank statements to try and tie up transactions.
“It does represent a risk area where fraud could be successful,” he cautioned.
the audit report only requires “reasonable assurance” that the financial statements are correct. What is reasonable though is sometimes is subject to different interpretations. My opinion is that auditors should be sceptical and should always be on the look out for tell-tale signs that fraud exists. If signs do not exist, then I do not think auditors are liable. But I do think that if the auditors suspect that if a fraud exists, then it is their responsibility to disengage with the client. Proving to the courts though the auditors did their work will be a bit tricky.
“True and correct” subject to the limitations of their testing and review procedures. No audit, SMSF or otherwise, can give a guarantee that fraud has not occurred.
It bemuses me that investors go after auditors well after the crooked horse has bolted, in an attempt to claw back funds lost due to their own stupidity or naivety
It’s not the auditor’s job to protect your SMSF. That’s your job as the Trustee.
Agreed!!!!!!
That was my understanding too DavidL. I thought the role of SMSF auditing is to confirm compliance with accounting, tax and superannuation rules. Confirming the appropriateness, effectiveness, and authenticity of the SMSF’s investments is the trustee’s job. The big problem with many SMSFs is that trustees don’t even realise they are the trustee, let alone have the ability to properly perform that role.
David are you an SMSF auditor if so you have no idea what you should be doing,
The SMSF auditors were totally a sleep at the wheel, just ticking boxes, its not rocket science to determine that commsec accounts are fake anybody with half a brain could have done this
The SMSF Auditors job is to verify that the investments in the fund are actually there first and foremost and then check compliance with SIS act, if the SMSF auditors actually did their job this fraud could not have been conducted.
these auditors need to be prosecuted held accountable for their part of the scam be banned from the industry and punished accordingly
This is exactly why the ATO has said that SMSF auditors need to be independent from accountants who prepare financial statements for SMSFs and no SMSF auditor can receive more than 20% of their clients from 1 firm.
If an SMSF auditor receives the majority of their clients from 1 firm do you think that SMSF auditor will ever raise any red flags with that firm of course not they dont want to bite the hands that feed them.
I have worked as a financial planner and an Accountant.
The clients are at fault, Melissa Caddick is at fault and the SMSF auditors are at fault.
equal blame for everyone
Quite a few comments about having to manually verify documents and the cost of audits rising. The solution was mentioned in the article. Data Feeds! BGL, Class and SuperMate provide them. Data feeds not only reduce the cost to process the fund, but provide balance data to verify the bank balance and investment holdings at 30th June. Each software has reports that can be provided to the auditor confirming the data.
Maybe these platforms that produce volumes of reports should also include the relevant CHESS statements in the period. If DRPs are used, they won’t go to the bank, but will generate a CHESS statement. Even though the CHESS statements are in the custodian’s name the auditor can do testing of these to get the assurance needed. Thinking about the above article, it is so very easy for fraud to happen on these software platforms. For us accountants preparing the figures, we need to be mindful of this. Thanks for the article.
And if you verify every dividend to a bank statement, the audit will have to cost thousands! Perhaps ASIC’s huge cost to run an SMSF was closer to the mark than we thought even if it used faulty reasoning.
I think an SMSF audit should cost at least $2K and always should have! Auditors have cut their own throats with this race to the bottom and one size fits all audit fees. ASIC should NOT be granting SMSF Auditor registration to those who are NOT Australian residents either. Those audit sweatshop prices are half the problem!
CommSec reports have the HIN at the top of the first page! How easy is it to verify the holdings on a share registry? Auditors can’t sign off on broker reports, they never could as they are not “sufficient appropriate audit evidence”. Which raises the new spectre of cryptocurrency and trading in international shares. Auditors can’t confirm them other than the broker report. This is another scam waiting to happen!
Nice article , auditors need to think like these scammers – the whole focus should be how do I prove these funds are correct, why is it set up this way etc
checking dividends banked should help
But the bank statements were fake too.
Do you mean “dummying” (faking) statements, and “HIN” checks?
We don’t audit for fraud – however if fraud is detected then it must be followed. Independent sourcing of asset confirmations is the only way and especially not from investment advisors.
But the auditor is signing off a statement certifying the financials statements are true abs correct and not mishearing statements abs meeting the Sis act