HPE has 'substantially succeeded' in its £3.3bn fraud trial against Autonomy's Mike Lynch – judge Hewlett Packard Enterprise "substantially succeeded" in its multi-billion pound lawsuit against Autonomy founder Mike Lynch for fraud over that startup's accounts. Giving a summary of his full judgment this morning, High Court trial judge Mr Justice Hildyard said HPE "substantially succeeded" in its case in England against the …
Given that what's described is effectively large scale alleged fraud, Mike Lynch and his execs belong in prison.
The HPE execs all deserve to be fired for gross incompetence and sued by HPE shareholders for abusing their position and misusing company funds.
Neither side comes out look great
It is one year since I read the FRC Disciplinary Tribunal report following the sanctions against Deloitte and former partners for audits of Autonomy. Having just read the Summary Of Conclusions by Mr Justice Hildyard for the first time I now feel some sympathy for Deloitte.
Sympathy because of the scale of the fraud: the Hardware case: the VAR case: the “reciprocal transactions case; The "hosted case"; the OEM case". All found to be strategy/programmes that were dishonest, and that were accounted for through dishonest presentations. This means the CEO and CFO skewed the whole business, distorted its success and its value. Deceive everyone. Yes their Auditors failed. But so did their Audit Committee and so did their Board.
Rather than throwing stones at 'stupid Americans' we Brits should be asking how can we ensure this level of fraud never happens again to a public company? Because this level of fraud reduces confidence in the UK public market place and that ultimately reduces the market capitalisation of those listed companies, reducing their ability to leverage funds and invest and grow. This hurts - ultimately - this country. It's a sad bad story.
"this level of fraud reduces confidence in the UK public market place and that ultimately reduces the market capitalisation of those listed companies, reducing their ability to leverage funds and invest and grow. This hurts - ultimately - this country. It's a sad bad story."
Yes but no but ...
That's the way the City, and in particular its dodgy dealers and its puppets in Westminster, wants to work.
And the City must be given what it wants, or there will be no Nice Things for our Tory politicians (it is mostly Tories with their snouts in the trough though some of them have been (New) Labour MPs).
We need answers to a considerable number of questions, all of which stem from my understanding of the past history of corruption within the civil service. Starting from the founding of many companies here in the UK who will have approached the civil service for a grant. If their experience was anything like mine, to get a grant, I was presented with a stark choice, hand over shares in my company, or no grant. So now understand that, if they took the deal offered; they were from that moment onward; under the complete control of the civil service holders of their company stock. Did Autonomy receive any such grants, under similar conditions regarding holdings of stock in their company? Were members of the civil service appointed to the management of Autonomy? Were any of the founders of Autonomy members of the civil service? Turning to the long delays of the judgement, has the judge been placed under any pressure to revise, or redact his judgement, from anyone within the civil service? Are such attempts to so revise, or redact . . . legal? If any of these questions can be answered in the positive, surely it is in both the interest of the reputation of the United Kingdom; and the interest of HP to find out if they reflect the true nature of the underlying corruption?
Has there been any major case of fraud in the business world in which auditors were not, effectively, complicit? After all, they know that if they enquire too deeply they can and will be replaced, and that's likely to lose some juicy consultancy contracts from the other side of the Chinese wall.
How much is 2+2? How much do you want it to be?
I don't think it's an either/or to be honest.
I agree that HPE _should_ have paid more attention and applied a more common sense, but that doesn't and shouldn't let Lynch off the hook.
Take this as an example
> there was a carousel of cash flowing back and forth to generate a fake impression of real sales and real revenues
That's not the action of a company acting in good faith.
We're not talking about a bloke who was simply offered an unbelievable sum and went "Oh, all right then", the allegation is that he went out of his way to artificially inflate the perceived value.
If you apply caveat empor and let him off the hook, then you're saying it's OK for others to do similar with all the fallout that potentially entails.
Essentially, HPE's auditors failed to do their jobs properly, and in doing so, failed to pick up on stuff that Autonomy should not have been doing in the first place. They're both in the wrong.
Whether it should be extraditable is a whole other matter, of course.
I don't think anyone is saying Lynched should be off the hook. It seems more like people are saying both sides + the auditors should all be on the hook. As has been said further up, no one has come out of this looking good. Fraud by Lynch, failure to spot issues by Deloitte and lack of due diligence and eagerness to make a killing despite warning signs on the part of HP.
... doing your own research and paying attention to due diligence isn't worth the paper its printed on.
Indeed.
Screw up as you pay US$ 11 billion while ignoring your advisor's warnings then blow 8.8 billion from the books because they just happened to be right and then ...
Get a DH judge to agree with your claim that you were misled.
I think this sets a very bad precedent.
O.
Well, you have also the Theranos example, or Enron (with Arthur Andersen in the role of Deloitte...) - that's how fraudsters work, they have to convince a few people everything's alright (especially, exploiting their greed), and make them not listening to those telling them something isn't as shiny as it looks.
Still fraud is a crime even if gullible people fall for it, and it would be a very bad precedent to assert that if a fraud works very well is not a crime. Don't complain then if your shares of pension fund suddenly has no value because of it. Or you bank fails, hoping it would be bailed out or you may lose part of your money.
And why not a Masterchef run dedicated to those who cook the books better? Make them a celebrity?
You are right - even the situation was a bit different since most of the practices that brought to the collapse were not illegal because actually the laws protecting from the were lifted, due to pressure from bankers lamenting they could not grow enough.
And it is true that when there are many, many culprits, including the government, its agencies, and the politicians, nobody has really interest to get to the bottom.
The problem with Due Dilligence in this case is that it was relying on a tainted source. The fraud was deeper, in the business practices. So even if HP had read the documents, it may well have not made that much difference. After all, Deloitte were deceived / allowed themselves to be deceived, and they (should have) had a closer handle on the Autonomy business than would be in the due dilligence documents alone.
We 'll see what the Judge thinks when he announces the amount of damages. I'm guessing he will give some discount for HP's carelessness, but maybe not that much. But even if he discounts by say only 10%, that is a larger sum of money than I can imagine, lost for lack of reading the paperwork.
I still think the problem was the lack of due diligence. Plus a bit of VAR norms.
So my take is much of the fraud relied on HP thinking it was buying a software business, not an HP reseller. So HP could have some inkling by looking at what they were invoicing for tin. Which should have been pretty simple. Then looking more closely when it came to closing on it's offer.
HP should also have been aware of common challenges with VARs. When that works well, it can reduce SG&A. When it doesn't, it trashes margin instead. So reseller doesn't add any value, but expects discounts to boost it's own margins. The fact that Autonomy supplied tin didn't really suprise me as that's pretty normal, ie ship system installed on certified hardware. The suprise could have been avoided just by looking at the details for a few large deals.
But I'm guessing HP also suffered from target fixation. It announced a pivot away from low margin tin to high margin services. So the market would expect results, especially when HP's strategy was the usual buy revenues. So it really should have been more cautious.
After all, Deloitte were deceived / allowed themselves to be deceived
Precisely - if there is systematic collusion at the senior management level to deceive the auditors deliberately then there is not much the auditors can do about it, unless they get lucky and pick up on inconsistencies and start digging deeper.
Additionally a substantive testing approach (aka ticking and bashing transactions back to invoices/assets etc.) vs. a controls-based approach (i.e. rely on internal controls by testing those internal controls) could give differing results in a case of deliberate collusion to mislead.
Burglary. : the act of breaking and entering a dwelling at night to commit a felony.
Like 'murder' and 'rape', 'burglary' can be re-defined by statute, or by common agreement the word can mean anything you want, but I would have written
If you leave your front door open and someone steals from you, you your failure to secure your property doesn't negate the fact he's a thief.
I'm in England and in English law:
(1) A person is guilty of burglary if—
(a) he or she enters any building or part of a building as a trespasser and with intent to commit any such offence as is mentioned in subsection (2) below; or
(b) having entered any building or part of a building as a trespasser he steals or attempts to steal anything in the building or that part of it or inflicts or attempts to inflict on any person therein any grievous bodily harm.
(2) The offences referred to in subsection (1)(a) above are offences of stealing anything in the building or part of a building in question, of inflicting on any person therein any grievous bodily harm ... therein, and of doing unlawful damage to the building or anything therein.
(3) A person guilty of burglary shall on conviction on indictment be liable to imprisonment for a term not exceeding—
(a) where the offence was committed in respect of a building or part of a building which is a dwelling, fourteen years;
(b) in any other case, ten years.
(4) References in subsections (1) and (2) above to a building, and the reference in subsection (3) above to a building which is a dwelling, shall apply also to an inhabited vehicle or vessel, and shall apply to any such vehicle or vessel at times when the person having a habitation in it is not there as well as at times when he is.][2]
You're splitting hairs. Using your (quite narrow) definition of "burglary", if you leave the front door open and someone breaks a window around the back to enter, it's still burglary. The key point is that the status of the front door isn't relevant...
What? Well, obviously HP and anyone should learn the lesson that you better do your due diligence otherwise you could have a huge and drawn out legal case to fight to get your money back and even then the reputational damage is big and you might not recover all the money.
Fraud is fraud. Don’t do it. Otherwise you could end up like Lynch.
Not a lawyer or a judge.
But the application of basic common sense to all that has transpired tells me that this outcome is outrageous.
If HPEs lawyers, 15 banks and the auditors said there were no problems and that the purchase could go through, how is it that Lynch is guilty of anything at all?
He actually managed to con everyone* in a very long list of reputed banks and lawyers as well as the auditors?
Auditors that were eventually fined a hefty sum by regulators for screwing up royally?
If he really managed to pull such a trick, he deserves a prize.
Like I said, absolutely ourageous.
* UBS, Goldman Sachs, Citigroup, JPMorgan Chase, Bank of America, Slaughter & May, Morgan Lewis and Deloitte among them.
O.
From the tech side I've found bi-annual audits to simply be box-ticking with so little value other than satisfying shareholders that you're not a bunch of fly-by-nights chancers playing at IT.
"Says in this document you do backups? Can you give us a few sample logs spanning this date range. Also can you do a sample restore and give us the logs"
"Says in this document you have XYZ batch processes. Can you supply the run logs including some samples of failures and emails showing they were handled by the teams is says should."
One month later...
"Thanks for the info. All done and see you in 6 months!"
This post has been deleted by its author
Was in one of my first retail jobs and acting as support for a company involved in selling larger pieces of furniture. The woman from the company’s risk management team turned up at the branch i was at and asked to see the stock. Manager was busy with other things so I was thrown in at the deep end and told to assist her. After I said no to three very big items she wanted to see she asked if we sold a lot of stock ex-display? I said “no” again and then item number four was also not in the store. I asked how old her stock list was and it had been printed 2 weeks earlier. I said that explained it, we had had a showroom change since then and her list would have maybe 10% of the items still here. Those would mostly be things like picture frames, plant pots with fake plants in them etc.
She wasn’t in a good mood at this point as her report would look rubbish if it just said she’d located the grey marble effect vase and the fake tulips contained within. I said to just generate a new list but she didn’t know how to. I offered to show her how and take her round with the new list pointing out items. She still wasn’t 100% happy but her mood improved as everything turned out to be there. I knew it would because I’d just finished (that morning) entering it all into the stock management prog and cross checked it. That wasn’t really my job but I was the only one there who understood how to import from a CSV file. That was the CSV file I’d prepared earlier which again was beyond everyone else. That was so much quicker than doing each item individually on the prog.
An accountant usually visited the store once or twice a year to do something similar and I asked about this duplication of work. She said they didn’t 100% trust the the accountants and hence did spot checks themselves. We took her to the pub after work to drown her sorrows.
Stock-takes are usually given to the junior trainees since it often involves being on a remote, cold
industrial site at an early hour at a weekend or public holiday, up a ladder or in a warehouse trying to find a serial number for a widget or dipping the level in a huge oil storage tank.
Then they take you for a cuppa while they pump whatever was in the tank into the next one so that's full too when you get to it....
Or when counting vehicles, they drive them round for you to tick off the reg numbers, and then drive them round the corner and back past you again after swapping the plates over...
Or Trainee:"what's your stock valuation policy? FIFO/LIFO/Weighted Average". FD "FOFO - F@ck off and find out""
Or (possibly my favourite), a car factory says that there are some cars with luminous paint destined for the Scandinavian market parked amongst all the others (hundreds). The trainee doing the stock-take is given a torch and a blanket to go and find them. After 30 minutes they happen to glance back at the main factory windows to see most of the workforce laughing at them....
But I digress (I was a Coopers & Lybrand audit trainee nearly 30 years ago....)
I still remember an auditor's request: "You bought a DEC Fortran compiler this year. Show it to me."
I was asked to show the auditor the many ”Delboxvend” listed on the stock report. Not very impressed to find out that referred to Delivery Box from Vendor and the whole load were at the warehouse. She also didn’t like that they were listed as zero cost and asked why we kept the bloody things anyway.
From the tech side I've found bi-annual audits to simply be box-ticking
Auditor: Do you use Grandfather - Father - Son backup rotation for your database?
IT Manager (Me): We take log backups hourly, retained for three days, daily backups retained for a week, weekly for a month then monthly for a year. Annual year end backups are retained permanently. All backups are off-sited daily.
Auditor (Putting cross in box): You must use Grandfather - Father - Son in future.
I should have just said yes!
@AC, shut the fsck up! You're ruining my career with such gross defamationtruth!
On a less serious note, a lot of the auditor's job is expectation management: a client expects that we thouroughly "x-ray" their whole IT infrastructure, down to the last bit. What we actually do is, drinking tea, lots of it, and if we do actual auditing, focus striktly on financially relevant systems and controls. Which is, more often than not, rather disappointing for both the auditee and the auditor. And within this very limited realm, the auditor's question you pointed out might be perfectly valid and sufficient.
Btw, any chance that we've met in the past?
As much as I dislike to admit it - its your "common sense" again the experience and expertise of a top tier Judge for which these matters are one of his specialties.
HPE being a gang of clowns and Auditors either not doing their jobs or doing them incompetently doesnt stop there actually being Fraud committed - which is what the Judge has ruled.
True, but he was conning a US company, so the "victim" is American.
I don't disagree that he _could_ have been prosecuted in the UK. But whether he _should_ have is a much more nuanced question (and if the USA is willing to pay the huge cost of running the prosecution, the CPS is probably going to be on the "knock yourselves out" bench...)
The problem I have is the asymmetry here. Were Lynch to be American, and HP a UK company, it is beyond belief that Lynch would be extradited to the UK to face trial for acts committed on US soil.
The US, IIRC, is relying upon its catch all "wire fraud" statutes, coupled with this idea that any offence alleged to be committed using US dollars is inherently of US jurisdiction, both of which are tenuous at best.
cf the Natwest Three, extradited to the US and found guilty of committing offences whilst in the UK, offences which were not in fact offences at the time in the UK.
That's the bit that's stood out for me.
I've been largely going 'HPE brought this on themselves' but the judge has heard evidence and confirmed that irrespective of that, someone acted contrary to the law.
HPE's incompetence should hopefully be reflected in the amount awarded.
"He actually managed to con everyone* in a very long list of reputed banks and lawyers as well as the auditors?"
Yup. That's how it works. What do you think the auditors and the "very long list of reputed banks and lawyers" look at???
They're all looking at the same tainted accounts. The auditors should be closest to the business and should be most able to spot the problems. The others are looking at the audited accounts, and are subject to a huge dose of confirmation bias: if there were huge problems, then Deloitte would have caught them, so there were not huge problems!
[That just leaves the possibility of minor issues... and those are the sorts of things that people protect against by devaluing the numbers slightly e.g. "reduce the balance-sheet figures by 10%, does this deal still make sense??"].
The problem was that the balance-sheet was deliberately and fraudulently constructed to be massively inaccurate, and the audits didn't spot it. This is quite likely because Lynch was actively structuring things in a way that he knew the auditors wouldn't catch... and that's why the United States Department of Justice wants to put him on trial.
Quoted just to save people the effort, the link above is the Judge setting out the findings of the case.
This has been an unusually complex trial, 93 days long. Dr Lynch was cross-examined for 20 days. There was a database of many millions of documents from which there was extracted a trial bundle containing more than 28,000 documents. These documents have been the most reliable source of evidence. But there were also hundreds of pages of hearsay evidence, largely comprised of transcripts from previous proceedings in the United States, both civil and criminal.The determination of this matter in its plainly natural forum has been made the more difficult by the concerns I have had about the reliability of some of the Claimants’ witness and hearsay evidence, which bore signs of having been fashioned, rehearsed and repeated in the course of multiple previous proceedings in the US and the preparatory stages for them, and in some cases, of the constraints (such as the terms of promised immunity) under which it had been given.
The level of concern recorded as to the reliability of HP's witnesses is pretty damming to HP.
But enough so that it might actually provide sufficient grounds to prevent extradition? Not sure on that. I'm pretty sure that Lynch's legal team will be mentioning it though, it's not as if they have much to lose.
Also, this is of interest:-
I have however provisionally determined that even if adjusted to take account of the fraud, HP would still have considered Autonomy, with its signature product, IDOL, a suitable acquisition whereby to effect transformational change. I would expect the quantum to be substantially less than is claimed.
For "quantum", read "damages".
My first thoughts are that HP doesn't really have a great basis from which to celebrate.
Good point about the quality of evidence, but that's not a factor in the extradition process.
If he gets extradited and the criminal case falls apart, well too bad. But it's not the job of the UK system to weigh the quality of the US prosecution's case, just the validity of the charges!
[This is the flaw of many of the Assange supporter's arguments: freedom of speech and the press is protected to a much, much higher standard in the USA than in the UK, so if there are problems with the US's case against him -- and it does seem really very likely -- then the best way to make it all go away is to get in front of any judge who understands that New York Times vs Sullivan 376 U.S. 254 is settled law, and they're all in the USA... although Trump's legacy seems to be an effort to overturn that case, so the sooner Assange starts, the better!]
>But it's not the job of the UK system to weigh the quality of the US prosecution's case, just the validity of the charges!
Thats a simple determination!
For the charges to be valid, fraud must have taken place. For fraud to have taken place the evidence there must be evidence, for there to be sufficient evidence - in the absence of substantive new evidence, there must be sufficient evidence for UK procescutors to undertake criminal proceedings; they didn't because they determined there was insufficient evidence. So the charges aren't valid and are therefore fabricated and thus be constructed to be vindictive.
Which puts Patel in an interesting position. By agreeing to the extradition, she is in effect saying UK law and enforcement is a joke - which as a Brexiteer...
Similar to the recent US court case that the UK courts had previously found the defendants guilty of insider trading, but later prosecutions in the US (of US residents) found the defendants innocent as it was standard practice over there on share dealing.
I worked for these clowns back in the day (circa 2005). Serious culture problem, really grim atmosphere inside those shiny offices in Cambridge. Was very glad to escape, as just another sysadmin from the "burn them out like matches" disposable team. Lynch may be reaping what he sowed...
It appears I, and most commentards were wrong about this story.
However, it raises an awful lot of questions and issues for the future. I know the auditors have had several very public slappings, but the Judge being so critical of the hardware sales when the auditors ignored them as "standard inductry practice" opens a few cans of worms to say the least.
HP(E) and their former board will no doubt engage in a round of back slapping and "we told you so" to try and rehabilitate their reputations, but they just look like idiots for all being taken in and not bothering to properly do their due-diligence (even if that was tainted, as now appears to be the case). Cathie Lesjak was the only one on the board to be against the purchase and Apotheker wanted to fire her for it.
Hmmm - DarkTrace as a company seems to be marketing-heavy. There are apparently good techies there also but the overall concept seems dubious.
As I understand it they place sensors in an organisation's IT infrastructure and collect data which is used to enable a machine leaning engine to identify "normal" behaviour. Subsequently any abnormal behaviour is flagged for attention.
The implication is that you get rapid results without all the complexity and costs of detailed risk analyis.
Let's be generous and assume the sensors reliably capture activity and that the machine leaning/AI engine is a good one. Most organisations have seasonal variations in terms of their activity - good and bad selling periods, effects of holidays etc. So it will take you a minimum of 12 months to learn about "normal" behaviour. What happens if this is a reasonably dynamic and innovative organisation so that there are changes in the IT infrastructure and use?
And then there's the classic problem of all anomaly detection products - how do you set the threshold for alerts? False positives / false negatives?
Hmmm......
Everyone knew back then Autonomy wasn't real; stories abound of Mike regularly looking down on Covent Garden snorting from a balcony. Everyone knew. HPE buyout was a showcase of bad due diligence. Should HPE burn for it? Yes! Should HPE be punished for being a halfwit company, YES. Every company suffers the same from bad decisions, so should they.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
