PwC's FORENSIC REPORT ON NNPC – A JOB WELL DONE

The PwC report on the investigative forensic investigation into allegations of unremitted funds into the Federation Account by NNPC, recently released by the Office of the Auditor-General of the Federation has generated a lot of discussion.  A key component of the interest has been the caveat included by PwC in its report, and the impact that it might have on the applicability of the findings in the report.

I have read some of the comments in the papers challenging the manner of reporting by PwC and the inclusion of the caveat.  I had initially dismissed some of these articles as being largely pedestrian and lacking in depth until I realized that some the writers have quoted “reliable sources” including in some cases senior partners in small and medium firms of auditors (SMP's). Could these partners in some of these small and medium firms of accountants then be this ignorant or was this a deliberate attempt to misinform the public? We know that the big four firms are sometimes seen as unequal competition. Either way, these comments are capable of undermining our noble profession that we have worked so hard to build. Hence as a seasoned accountant having trained with PwC myself years back and now running my own practice, I feel constrained to educate the public as well as my fellow accountants on certain basic reporting concepts provided by the International Federation of Accountants in its various publications.

What PwC stated in its report
PwC stated in its report that “the procedures we performed did not constitute an examination or a review in accordance with generally accepted auditing standards or attestation standards. Accordingly, we provide no opinion, attestation or other form of assurance with respect to our work or the information upon which our work was based.”

What is an Opinion, Attestation, Assurance?
According to the International Framework for Assurance Engagements contained in the International Federation of Accountants (IFAC) Handbook of International Quality Control, Auditing, Review, Volume II 2014 Edition Volume II (which is available to all accountants) an assurance engagement is one where a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject against criteria. The framework specifies that five elements exhibited by assurance engagements as three party relationship, a subject matter, criteria, evidence and an assurance report.  There are two forms of assurance engagements  based on the form of conclusions. Firstly a limited assurance engagement in which the accountant expresses his conclusion in the negative form for example  “Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria”. Limited assurance is used for example in review engagements such as review of interim financial information. The second form is a reasonable assurance engagement in which the accountant asserts his conclusion in a positive form for example “In our opinion internal control is effective, in all material respects, based on XYZ criteria..” The Audit opinion is included in an Audit report.

IFACs Assurance Engagements other than Audits or Reviews of Historical Financial Information, defines Attestation engagements as an assurance engagement in which a party other than the practitioner measures or evaluates the underlying subject matter against the criteria.

Why I think NNPC did not contract PwC to provide Assurance 
An accountant cannot provide assurance until all five elements that I have enumerated above are present. From just a casual review of the report, I can conclude that a three party relationship (1.Practitioner:PwC, 2. Responsible party:NNPC, 3. Intended user:Auditor General's office),  existed and that there is a definite subject matter (Crude Oil revenues generated by the NNPC). I’m certain though that NNPC would have struggled to provide a clear criteria to PwC. For engagements reporting on compliance, relevant criteria would be things like applicable laws, regulations and contracts, those criteria have to exhibit all characteristics of; relevance, completeness, reliability, neutrality and understandability. From the PwC report, I can see NPDC did not provide access neither was Kerosene subsidy regulation clearly available. Limitations around access to NPDC would have limited the ability to generate complete reliable evidence so I can readily see why NNPC could not have contracted an Assurance engagement with PwC as they could not guarantee the presence of all five elements of Assurance engagements.


Why structuring the investigation as Forensic Audit makes sense
The free online business dictionary that I regularly use defines Forensic Audit as “The application of accounting methods to the tracking and collection of forensic evidence, usually for use in the investigation and prosecution of criminal acts such as embezzlement or fraud. It is also called forensic accounting.

I found that the US Public Company Accounting Oversight Board (PCAOB) Strategic Advisory Group panel discussion observed in 2007 that “Although forensic audits may examine financial reporting and internal control matters, the objective of a forensic audit is not expressly articulated in an established set of standards. Rather, users of forensic audits (e.g., audit or special investigative committees, management, and regulators) establish their objectives on a case-by-case basis.”

It therefore makes sense to me that the probable reason the engagement was structured by the Auditor General as a Forensic Audit which is a type of Non assurance engagement was to give NNPC the flexibility to establish its objectives for the PwC Forensic Accountants as is expected in an investigation of this nature.

What were PwCs Terms of reference?
The report quotes the terms of reference per their engagement letter of  5th June  2014 as follows:
a) Analyse and comment on submissions made by various parties in respect of  alleged remittance shortfalls.
b) Analyse all submissions made by key stakeholders in relation to these unaccounted funds
c) Produce an independent forensic investigation report

Given the enormous findings by PwC in this report despite obvious constraints, my personal view is that PwC adequately discharged their duties under the terms of reference given to them. This exercise should not be a one- off, but should be done regularly by them every few years and at least once during every administration perhaps targeting other areas not investigated in the current exercise. Indeed a Public Company Accounting Oversight Board (PCAOB) in the US November 2006 paper posited the idea of regular forensic audit as a way to improve detection of fraud at public companies and enterprises.  Indeed the new administration should re-engage PwC with wider terms of reference and with unlimited access and if so desired commission an “assurance” engagement.

Fuss over the Caveat …Much ado over absolutely nothing…
Accountants are in fact required to include such caveats when reporting on non assurance engagements. International Framework for Assurance Engagements paragraph 15 on 'reports on non-assurance engagements', states that a practitioner reporting on an engagement that is not an assurance engagement within the scope of this Framework, clearly distinguishes that report from an assurance report. So as not to confuse users, a report that is not an assurance report avoids, for example:

• Implying compliance with the International Framework for Assurance Engagements, International Standards on Auditing, International Standards on Review Engagements and International Standards on Assurance Engagements.
• Inappropriately using the words “assurance,” “audit” or “review.”
• Including a statement that could reasonably be mistaken for a conclusion designed to enhance the degree of confidence of intended users about the outcome of the evaluation or measurement of a subject matter against criteria.

I am convinced that all responsible Accountants worldwide producing forensic audit reports or any other type of non assurance report are expected to (and presently actually do) include similar caveats so as not to misinform the public. This does not take anything away from the content, value and applicability of the report themselves but only protects users in compliance with IFAC provisions.


Conclusion
In conclusion and in line with the terms of reference, readers of the report should be asking

a) Did PwC analyse and comment on submissions made by various parties in respect of alleged remittance shortfalls? The answer is an obvious “Yes”
b) Did PwC analyse all submissions made by key stakeholders in relation to these unaccounted funds? The answer is an obvious “Yes”
c) Did PwC produce an independent forensic investigation report? The answer is an obvious “Yes”

Given the views communicated by some senior audit partners in some of these SMP's, I think this underscores the need for continuous education on accounting, auditing and reporting and I  have cause to thank God once again for my quality training and background.

I believe this piece lays to rest the matter of the caveat which is in my view, probably a deliberate, needless diversion of the unassuming public away from the core issues raised in the PwC report - Issues that along with the passage of the Petroleum Industry Bill (PIB) should be on the fore-front of everyone’s mind at this time of dwindling revenues.

By Ijeoma Rita Obu (FCA)
Managing Partner 
IRO & Partners Chartered Accountants
Lagos
www.iro-accountants.com

MANAGING THE RISK OF ENTERPRISE NIGERIA- WHAT JONATHAN AND BUHARI NEED TO KNOW

As the Nigerian elections draw near it is time to look beyond the election itself to governance in the next four years. A May 27^th 2013 article published by This Day Live on its website and titled "Ministerial score card towards May 29^th" examined the performance of the current government of President Goodluck Jonathan by evaluating the performance of his ministries under the ministers, who are responsible for delivering on his transformation agenda.

The writer rated the ministries using a qualitative rating scale; ranging from the best performance of 'Good' through 'Above Average', 'Average but promising', 'Average' to 'Below Average' and 'Poor'. Reproduced below in table form is the rating assessment. I have taken the liberty of assigning numerical scores to his rating scale to enable a quantitative assessment.

S/N	MINISTRY	GOOD	ABOVE AVERAGE	AVERAGE BUT PROMISING	AVERAGE	BELOW AVERAGE	POOR
	Score	6	5	4	3	2	1
1	Aviation	6
2	Defence		5
3	Interior						1
4	Finance		5
5	Transport		5
6	National Plann.				3
7	Petroleum		5
8	Power			4
9	Trade & Inv.		5
10	Environment				3
11	Culture & Tourism				3
12	FCT		5
13	Special Duties	Not Decided	Not Decided	Not Decided	Not Decided	Not Decided	Not Decided
14	Communications & Technology				3
15	Education					2
16	Justice		5
17	Niger Delta					2
18	Labour				3
19	Youth Development					2
20	Foreign Affairs		5
21	Works			4
22	Agriculture		5
23	Information		5
24	Sports			4
25	Lands & Urban				3
26	Police Affairs					2
27	Water Resources				3
28	Health				3
29	Mines & Steel					2
30	Science & Tech					2
	Total = 105	6	50	12	24	12	1

Total Score of 105

Maximum scores obtainable= 180

Scaled score =58.33%

The majority of citizens eyewitness opinions (5 out of 9 commentators as at 28^th Jan 2015) as recorded by commentators on the article on This Day's site was that the assessment was generally fair and comprehensive overall. There were a few disagreements as follows; 2 out of 9 commentators felt that Education deserved a higher score, 1 out of 9 commentators felt that Mines, steel and solid minerals deserved a higher score and 1 out of 9 commentators felt that only Aviation had done well. The general sentiment was that ministers performing below average without substantiated reasons should be dropped from the cabinet.

My questions are the following; if we accept that performance rating of the Jonathan administration was 58.33% as at May 2013, what was the target and on what basis is that measured and evaluated? Are citizens measuring government on the basis of agreed performance contracts and targets? Did the citizenry have some input in the choice of performance measures? Were quality of life indices included in the key performance measures for each ministry? What is the quality of objective setting? Is the evaluation in line with performance indices earlier set? More importantly what is the explanation for variances and MOST importantly what were the identified risk factors and what plans were put in place to manage the risk inherent in achieving our corporate objectives? As we all know, "anything that can prevent you from achieving your objectives is a risk that must be managed".

Reproduced below are the top 15 Key performance indicators as disclosed in the 2012 National Planning Commission (NPC) performance Monitoring Report

For the reason that anything that can prevent you from achieving your objectives is a risk that must be managed, I visited the website of the National Planning Commission to find out how performance and risk are measured and managed. I was particularly interested in the department of Monitoring and Evaluation to see what early warning signals they are monitoring and evaluating to determine when triggers for key Risk Indicators are being pulled.

My first discovery is that no where in the objects clause is the measurement, management, monitoring or evaluation of risk mentioned. I have reproduced the objects clause below.

"Monitoring and Evaluation

The purpose of this department is to improve the availability, quality and dissemination of government performance information for accountability and policy improvement purposes.

The functions are as follows:

Develop and maintain a framework to support the monitoring, evaluation and reporting of government performance at the national and sub-national levels, in line with the national development goals and objectives; Monitor and evaluate government performance at sectoral level (to measure performance of government policies in each sector of the economy), institutional level (to measure performance of government institutions) and program level (to evaluate the effectiveness and impact of public programs); Develop and publish the Nigeria Country Report as the primary medium for the dissemination of performance information; Develop evaluation capacities across government at the federal and state levels to ensure that the quality, results, and

impact of programs and expenditure can be measured at reasonable cost;Collaborate with MDA's to develop results-focused, key performance indicators and clearly defined performance targets upon

which progress will be measured; Develop the data management system for the National M&E system, including data collection tools, identification of data sources, frequency of data collection and data transmission plan;"

I then reviewed the most recent National Planning Commission Performance Monitoring Report available on the website being that for 2012 to see how risk was reported. To my surprise again, in no section of the report was risk management addressed. To their credit, section 4 analysed the key strategic goals and the enabling conditions identifying KPI's but without identifying potential risk events and developing KRI's for them.

Risk management is an essential tool in tackling the uncertainty associated with any enterprise. Entities be they corporate organisations or nation states have always practiced some form of risk management, implicitly or explicitly. Enterprise Nigeria must be practicing some form of risk management, but it is clearly unstructured , not systematic, not holistic, not properly linked to performance and not integrated properly across policies and across Ministries, Departments and Agencies responsible for governance.

Nigerians are known to be very good at planning but not so good at implementation. From my review and analysis it would appear that Nigeria's main problem is a failure to Manage Risk Enterprise-wide and systematically..

MY RECOMMENDATION

Whoever wins this election should improve on the progress already made and the good work already done to date. This improvement should be by incorporating into NPC's object clause the enterprise-wide management of risk for Nigeria. Nigeria should deploy an Enterprise-wide Risk Management (ERM) framework and structure complete with three lines of defence. Ministries and ministers should also inherit Key Risk Indicators (KRI's) in addition to KPI's, which their performance should be measured against. If this is done we will have better achievement of targets and risks adequately mitigated, be they political risks, macro-economic risks, security risks, environmental risks, legal risks, social risks, financial risks, or regulatory risks et cetera,will would be routinely and properly managed preventing unwelcome surprises.

Author

Ijeoma Rita Obu, FCA, FIMC is the Managing Partner of Ijeoma Rita Obu & Co. (Chartered Accountants) and the CEO of Clement Ashley Consulting. For comments questions or enquiries regarding this article please send mail to robu@clementashleyconsulting.org or post a comment on her blog riskmanagementandperformance.blogspot.com