How companies can use blockchain to prevent auditing malpractice
Not too long ago, there was very little to link Wirecard, the disgraced payments platform in Aschheim, Germany, with Boohoo, the fast-fashion online retailer in Leicester, England, but both have recently been embroiled in high profile scandals.
By Nish Kotecha, Chairman and Co-Founder of Finboot and Bryan Foss, NED, Visiting Professor at Bristol Business School and member of the FRC Audit & Assurance Council
Wirecard’s recent collapse is a failure of audit to reflect a 'true and fair' review of accounts, as defined by The Institute of Chartered Accountants in England and Wales (ICAEW). Curiously, there is no statutory definition of 'true and fair', even though this concept of acceptable accounting conduct has been a part of English law and central to accounting and auditing practice in the UK for many decades.
Now apply this principle to Boohoo, the fast-fashion online retailer based in the English Midlands. Should the audit of Boohoo's financial statements have highlighted risks associated with sourcing 40% of its supplies from Leicester, a city that is home to a number of textile factories that have often been associated with labour malpractice?
Boohoo had indeed highlighted in its Section 54 filing under the UK Modern Slavery Act that it expects all its suppliers to sign a statement acknowledging their own full compliance with the legislation. In other words, the company expected its sub-contractors, whose products end up in fashion stores across the world, to be partners in eradicating modern slavery.
Boohoo also explicitly states in its 2019 Modern Slavery Statement that: "We continue to work with Leicester Council…highlighting the health and safety issues and risks to those vulnerable workers in buildings not considered fit for purpose and at risk of exploitation.”
Jaya Chakrabarti, CEO of tiscreport.org, a platform that campaigns for transparency in supply chains, said: "Modern slavery is difficult to detect in part because workers are forced to accept practices that are exploitative. Consequently, many companies indemnify themselves by shifting the legal responsibility for abuses onto suppliers, by making them sign declarations of compliance.
"However, this doesn't wash out the reputational stains on high profile brands. We know labour exploitation exists in every supply chain. Companies that have not found it will need to look much harder."
Why, then, did the market wipe away nearly half of Boohoo’s valuation following an expose by undercover reporters from The Sunday Times, if the retailer had flagged the risks in Leicester?
Is it because the risks associated with having Boohoo’s supply chain in Leicester were not included in the main financial statements and therefore beyond the usual diligence of auditors? Boohoo was certainly being transparent and compliant with the law in placing these risks in the public domain and noting: “Labour or environmental abuse in the supply chain could result in closure of supply or reputational damage” in its 2020 annual report, but perhaps it was also being artful in hoping the true risk, sitting at a distance with third parties suppliers, would not be spotted.
In the era of accelerated digitalisation, how can these federated actions be connected to ensure genuine transparency, visibility and a true and fair audit?
This is where technology, and specifically blockchain, can help.
Blockchain is the technology behind a distributed network of computers that can be used to store data securely but which, uniquely, has a single memory - a single source of truth. That means data cannot be freely copied and edited to create an alternative version of the truth, which is why blockchain technologists refer to it as the 'trust platform'.
How does a federated organism, such as a supply chain, comply with, say, listing rules to release material information? Surely a central depositary that is tamper-proof and tracked to ensure accountability is the right way to go?
This would get to the heart of the Boohoo issue, whereby output information can be in the public domain, yet its composition remains invisible or redacted. As an open society, we should not have to depend on the discretionary activities of journalism - however noble - to uncover such truths.
More validated, immutable information will generate trust in what companies are telling us and, that must be the goal. If investors trust what they hear, they will reward its source with a higher valuation. Consider the trust in Apple versus the skepticism in Facebook.
Blockchain creates transparency and tamper-proof accountability in the steps preceding and during an audit process. Imagine, if blockchain had been used by the auditors at Wirecard, where some €1.9bn has gone missing: the technology, connected to global banks, would have embedded the immutable verification of bank balances directly into the audit process, meaning that the balance sheet couldn’t have been inflated.
Instead, at Wirecard, auditors relied on the client for banking information and would then ask the same bank contact for verification.
This is ludicrously circuitous and hugely vulnerable to abuse - as it proved to be. The fraud at Wirecard cost shareholders €20bn.
The lesson here is to adopt relevant technology that addresses the gaps in the current auditing process, whether such gaps are caused by the subjective concept of materiality, human error or, worse, negligence or criminal intent.
A blockchain-based depositary of information from audit to financial statements to market would minimise risk, reduce costs, and provide wholesale visibility of all the information in every corner of a financial statement. This would mean that what is finally presented to investors can be traced back to its verified source.
Ultimately, trust requires transparency to validate integrity. Adopting technologies such as blockchain into the audit and reporting framework of public companies could provide much needed transparency so that investors can avoid being caught up in another Wirecard or Boohoo scenario.