This is such a "this looks tough, I don't feel like doing it" take. Who is responsible? As others have said, the structure of a corporation defines that. If person A has to do what person B says, then B is responsible. If B "didn't know", then B has been lacking.
It also avoids sacking the "innocent people" and it sets an example for other companies. The greedy corporate culture really needs a bit of check-and-balance.
We do however have to allow for person A intentionally hiding from person B what they are doing. Person A should check, but it is impossible to see everything so we do have to allow for person B committing fraud to hide from audits.
Sure. But then B should prove that A did so. And even then, if B had threatened A, even implicitly, B can still be considered responsible for the fact that A didn't inform.
It also avoids sacking the "innocent people" and it sets an example for other companies. The greedy corporate culture really needs a bit of check-and-balance.