Transcript Slide 1
Forensic Accounting: Strategies for Detecting & Controlling Fraud Basic D. Larry Crumbley, CPA, CFF, Cr.FA, CFFA, FCPA KPMG Endowed Professor Department of Accounting Louisiana State University Baton Rouge, LA 70803 225-578-6231 225-578-6201 Fax [email protected]
Dr. Crumbley is the Editor of the
Journal of Forensic Accounting: Auditing, Fraud, and Risk,
Former chair of the Executive Board of Accounting Advisors of the American Board of Forensic Accountants
,
Member of the NACVA’s Fraud Deterrence Board, and On the AICPA’s Fraud Task Force (2003-2004). A frequent contributor to the
Forensic Examiner
and
Value Examiner
, Professor Crumbley is a co-author of CCH
Master Auditing Guide
, along with more than 50 other books and 350 articles. His latest book entitled
Forensic and Investigative Accounting
accountant and litigation consultant.
is published by Commerce Clearing House (800-224-7477). Some of his 12 educational novels have as the main character a forensic accountant. His goal is to create a television series based upon the exciting life of a forensic 1
Forensic Report
2
TALLY STICKS
“External auditors come down the hill after the battle and bayonet the wounded. Forensic accountants are the guys and girls who follow behind them, going through the soldiers’ pockets looking for money.”
3
Puff Adder
“What the use of finger prints was to the 19 th century and DNA analysis was to the 20 th , forensic accounting will be to the 21 st century.”
- Gordon Brown, Chancellor of the Exchequer, 10 October 2006.
4
Glimpse Forward
Overview of Forensic Accounting Panel of Auditing Effectiveness Persuasiveness/ Costs of Fraud/ Abuse Some Fraud Surveys Fraud Multiplier COSO’s Model Risk Assessment Misappropriation of Assets/ Cooking the Books Detection, Investigation, and Deterrence Types of Misappropriations Earnings Management Seven Investigative Techniques Five Magic Ratios Using Technology Best Fraud Auditing Techniques ---------------------------------------------------------- Now John at the bar is a friend of mine.
He gets me my drinks for free .
Sing us a song, you’re the piano man.
“Piano Man”Billy Joel 5
Some Fraud Figures
Australia’s annual fraud, 2003, $5.8 billion or 1.147% of GDP.
Malaysia’s telecom operators lose 3% of revenue to fraud each year.
A KPMG Malaysian survey found that more than a third of the polled companies lost over RM 1 million from fraud in 2 years.
Fraud and abuse in U.S. is about $1 trillion annually.
The quantity of corruption crimes has continued to rise in China after the market liberalizations in 1978 (because so much more money involved).
An employee at the Australian mint stole $100,145 over ten months by hiding bills and coins in his lunch box and boots. He carried away on an average 150 coins in each boot every day.
6
Fannie Mae Forensic Probe BOD hired investigators who cleared the current management of Fannie Mae of knowingly participating in any wrongdoing.
The report took 17 months; 616 pages plus 2,000 plus pages of supporting documents.
Cost of $60 million to $70 million.
The fraud was estimated to be $11 billion.
Former N.H. Senator Warren Rudman used The Huron Consulting Group.
7
E&Y Counts Macca Fortune
Big Four firm hired in high-profile divorce of former Beatle Sir Paul McCartney and ex-wife Heather Mills Penny Sukhraj, Accountancy Age , 18 Mar 2008
Sir Paul McCartney instructed Ernst & Young to value his business assets as part of his divorce proceedings, it has emerged.
The Big Four firm put a value of
£400m on his fortune
, a figure accepted by the court over valuations carried out by ex-wife Heather Mills' accountants.
E&Y director, Alan Wallis performed the valuation which showed the Beatle's business interests as at 11 June 2002 and 28 April 2006 at £242,900,000 and £240,900,000 respectively.
Mills claimed for £125m following her short four-year marriage but a judge awarded her only £24.3 million from the star's wealth.
According to court papers, Wallis valued McCartney's property holdings at £33,979,000, with £15,159,000 in bank accounts in the UK and USA. His investments were valued at £34,319,000. He was owed a total of £3,687,000. He held £6000 in cash. Paintings which he had painted, works of art, musical instruments, jewellery, furniture, house contents, motor vehicles and horses were valued professionally at £32,269,000.
He disclosed tax liabilities of £9,615,000. He put in as the value of his business interests Mr Wallis’ valuation of £240,920,000. His pension assets were valued at £36,288,000. Accordingly he disclosed total net assets of £387,012,000. He disclosed his total net income for the next 12 months at £5,357,000.
Mills' forensic accountants
Lee and Allen made a preliminary report of the her former husband's business interests and also requested further information so that they could check, comment on, differ from, or agree with Ernst and Young’s valuations.
But a senior district judge disallowed several of the requests.
In addition, the court rejected the opinion on multiples used in valuations by Lee and Allen.
Mr Justice Bennett said: 'Having listened to both accountants giving evidence I unhesitatingly accept that of Mr Wallis. I am grateful to Mr Allen for his assistance but on this issue Mr Wallis is in a different league of expertise to Mr Allen. Mr Wallis told me he has 25 years experience in musical and media work. In stark contrast Mr Allen, a forensic accountant mainly concerned with claims for damages and with share valuations,
candidly admitted that he had never valued a catalogue
. ' Read the McCartney-Mills judgment in full here Permalink: http://www.accountancyage.com/2212273 8
Definition of Forensic Auditor Someone who can look behind the facade--not accept the records at their face value--someone who has a suspicious mind that the documents he or she is looking at may not be what they purport to be and someone who has the expertise to go out and conduct very detailed interviews of individuals to develop the truth, especially if some are presumed to be lying.
Robert G. Roche, a retired chief of the IRS Criminal Investigation Division of the IRS 9
Narrow vs. Broad Definition
Narrow: Fraud detection is major area.
Broad: Employed to seek, interpret, and communicate transactional and reporting wrongdoing Edwards).
event is evidence such that in an objective, legally sustainable fashion, not only in situations where there are specific allegations of wrongdoing, but also in situations where interested parties judge that the risk of loss from proper prudence requires legally sustainable evidence to support the conclusion that no wrongdoing is occurring (James 10
Narrow Approach
Accounting
Internal and External
Auditing
Planning Risk Assessment Internal controls Audit Evidence Reporting
Fraud
Prevention and Deterrence Detection Investigation Remediation
Forensic Accounting
Accounting Litigation Matters and Investigations U.S. Dept. of Justice, Education and Training in Fraud and Forensic Accounting: A Guide for Educational Institutions, Stakeholder Organizations, Faculty and Students, Draft Copy, December 23, 2005.
11
Broad Approach
“
I liken it to ‘CSI’ or ‘Law & Order,’ but instead of figuring out the trajectory of a bullet, you’re trying to find out how a transaction occurred
.” Terry McCarthy 12
Definition of Forensic Accounting
Forensic accounting is the application of accounting, tax, auditing, finance, quantitative analysis, investigative and research skills, and an understanding of the legal process for the purpose of identifying, collecting, analyzing, and interpreting financial or other data or issues in connection with: 1) Litigation services
: providing assistance for actual, pending or potential legal or regulatory proceedings before a trier of fact in connection with the resolution of disputes between parties, or
2) Non-litigation services
: performing analyses or investigations that may require the same skills used in 1, above, but may not involve the litigation process.
13
Definition of Forensic Accounting Litigation Service
Forensic services accounting
are the
litigation
professional assistance accountants provide related to the litigation process.
These services may involve accounting, financial, auditing, tax, quantitative analysis, and investigative and research skills, as well as an understanding of the legal process to provide assistance for actual, pending, or potential legal or regulatory proceedings before a trier of fact in connection with the resolution of a dispute between parties.
14
Definition of Forensic Accounting Non-Litigation Services
Forensic accounting non-litigation services
are the professional assistance accountants provide not related to the litigation process. These services may involve accounting, financial, auditing, tax, quantitative analysis, and investigative and research skill as well as an understanding of the legal process to provide assistance in connection with matter or issues not involving the litigation process.
“You’re trying to
piece together a puzzle where you do not have the picture on the box
to know what it’s going to look like. The facts are not settled, and actually it’s the facts that are in dispute.” Andrew Bernstein 15
Short History
1. Late 1800’s – Find fraud 2. 1930’s- Puff Adder –encyclopedia 3. 1933-1934-independent audits 4. 1950’s-Eighth edition Montgomery auditing reduced formal stress on fraud detection.
5. January 1957- H.W. Bevis, AR, questioned the benefit of discovering minor employee thefts.
6. 1960s-auditors claimed no responsibility.
7. Financial audits: Consistency.
8. Audit surveillance: test of details (disappeared).
9. Stock market bubble 10. Panel on Audit Effectiveness (2000) 11. Enron/ WorldCom/ Parmalat/ HealthSouth 12. Sarbanes-Oxley/ PCAOB 13. SAS No. 99 14. Global Capital Markets and the Global Economy: A Vision from the CEOs of the International Audit Networks, November 2006.
15. Managing the Business Risk of Fraud: A Practical Guide, IIA, AICPA, ACFE, 2008.
16
Why Growth in Forensic Accounting 1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Increase in fraud.
Less loyalty to organization.
Employee mobility.
Change in societal values.
a.
b.
c.
Break-up of family unit.
Less religious.
Less ethics.
Computers replacing accounting functions. External accountants are looking for new jobs.
Higher insurance premiums for auditing.
Auditors became sales people.
Grade inflation/coursework deflation.
Enron/WorldCom/Xerox.
SOX/ SAS No. 99.
17
4.
6.
7.
9.
11.
12.
14.
15.
16.
17.
19.
20.
162.
Country rank 1.
168.
172.
175.
177.
178.
179.
Country Denmark Finland New Zealand Singapore Sweden Iceland Netherlands Switzerland Canada Norway Australia Luxembourg United Kingdom Hong Kong Austria Germany Ireland Japan France USA Bangladesh Cambodia Central African Republic Papua New Guinea Turkmenistan Venezuela Congo, Democratic Republic of Equatorial Guinea Guinea Laos Afghanistan Chad Sudan Tonga Uzbekistan Haiti Iraq Myanmar Somalia 2007 CPI Score 9.4
9.4
9.4
9.3
9.3
9.2
9.0
9.0
8.7
8.7
8.6
8.4
8.4
8.3
8.1
7.8
1.8
1.7
1.7
1.6
1.5
1.4
1.4
7.5
7.5
7.3
7.2
2.0
2.0
2.0
2.0
2.0
2.0
1.9
1.9
1.9
1.9
1.8
1.8
18
States Corruption Index
Most corrupt: 1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Mississippi North Dakota Louisiana Alaska Illinois Montana South Dakota Kentucky Florida New York Least corrupt: 1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Nebraska Oregon New Hampshire Iowa Colorado Utah Minnesota Arizona Arkansas Wisconsin 19
The Bubble Deception
There are 14,000 publicly traded companies in the United States. Expecting all of them to be honest is unrealistic. Like any town of 14,000, the market is bound to have its share of grafters and shoplifters. By January 2001, all manner of companies were abusing accounting rules to mislead their investors, seemingly without fear of being caught. A strange madness had gripped the market. Even its most solid citizens were running red lights and breaking windows. And the police were nowhere in sight. Alex Berenson, The Number, Random House, 2003, p. xxiii.
20
Enriching Insiders
I know that sounds crazy, but the stock market has gone from a place where investors actually own part of a company and have a say in their management to a market designed to enrich insiders by allowing them to sell shares they buy cheaply through options.
Companies continuously issue new shares to their managers without asking their existing shareholders. Those managers then leak that stock to the market a little at a time. It’s unlimited dilution of existing shareholders’ stakes, dilution by a thousand cuts. If that isn’t a scam, I don’t know what is.
Individual shareholders have nothing but the chance to sell their shares to the next sucker . A mutual fund buys one million shares of a company with your and your coworkers’ money. You own 1 percent of the company. Six weeks later you own less, and that money went to insiders, not to the company.
Alex Berenson, The Number, Random House, 2003, p. xviii.
21
Forensic Accounting Factors
Time:
Forensic accounting focuses on the past, although it may do so in order to look forward (e.g., damages, valuations).
Purpose:
Forensic accounting is performed for a specific legal forum or in anticipation of appearing before a legal forum.
Peremptory
proactive).
: Forensic accountants may be employed in a wide variety of risk management engagements within business enterprises as a matter of right, without the necessity of allegations (e.g., ---------------------------------------------- With a single clue a forensic accountant can solve a fraudulent mystery.
22
One Small Clue
A former Scotland Yard scientist tried to create the world’s biggest fraud by authenticating $2.5
trillion
worth of fake U.S. Treasury bonds.
When two men tried to pass off $25 million worth of the bonds in Toronto in 2001, a Mountie noticed the bonds bore the word “dollar” rather “dollars.” Police later raided a London bank vault and discovered that the bonds had been printed with an ink jet printer that had not been invented when the bonds were allegedly produced.
Zip codes were used even though they were not introduced until 1963.
Sue Clough, “Bungling Scientist Is Jailed for Plotting World's Biggest Fraud,” News.telegraph.co.uk, January 11, 2003.
23
Forensic Accounting Defined
Forensic accounting is the action of identifying, recording, settling, extracting, sorting, reporting, and verifying past financial data or other accounting activities for settling current or prospective legal disputes or using such past financial data for projecting future financial data to settle legal disputes.
Source: Forensic and Investigative Accounting (CCH) --------------------------------------------------------
When the death of a company occurs under mysterious circumstances, forensic accountants are essential. Other accountants look at the charts but forensic accountants actually dig into the body.
Douglas Carmichael 24
Forensic Accounting Areas
Investigative Auditing
Litigation Support Forensic: Latin for “forum,” referring to a public place or court.
Black’s Law Dictionary: Forensic, belonging to the courts of justice.
Note: Corporate spooks are used to check on competitors.
25
Forensic Auditing
Forensic auditing is a type of auditing that specifically looks for financial misconduct, and abusive or wasteful activity.
It is most commonly associated with gathering evidence that will be presented in a court of law as part of a financial crime or a fraud investigation.
Source: B.L. Derby, “Data Mining for Improper Payments,”
Journal of Government Financial Management
, Winter, 2003, pp. 10-13 -------------------------------------------------------------- “ Forget the stuffed white shirt, forensic accountants are more parts Philip Marlowe than Casper Milquetoast. They open the books and crack the code resolution.” , transforming a dull science of numbers into a suspenseful mystery with a logical, even riveting Cory Johnson 26
Top Niche Services - 2008
1. Attestation Services 2. Business Valuation 3. Estate/Trust/Gift 4. Forensic/Fraud 87% 82% 82% 75% 5. Litigation support 6. International tax 7. Bus. Mgt. for wealthy individuals 71% 8. Industry specializations 63% 14. Sarbanes-Oxley compliance 75% 72% 53% Source:
Accounting Today.
27
Forensic Accounting vs. Fraud Auditing
Fraud Auditor:
An accountant especially skilled in auditing who is generally engaged in auditing with a view toward fraud discovery, documentation, and prevention.
---------------------------------------------- “Economic crimes and fraud often do not involve obvious evidence like the smoking gun. Forensic accountants look behind the deals and handshakes and probe beyond the numbers to uncover the reality of financial situations.”
Source: D.W. Squires, “Problems Solved with Forensic Accounting: A Legal Perspective,”
Journal of Forensic Accounting
., Vol. IV (2003),. p. 131.
28
Forensic Accounting vs. Fraud Auditing
Forensic Accountant:
A forensic accountant may take on fraud auditing engagements and may be a fraud auditor, but he or she will also use other accounting, consulting, and legal skills in broader engagements. In addition to accounting skills, he or she will need a working knowledge of the legal system and excellent communication skills to carry out expert testimony in the courtroom and to aid in other litigation support engagements.
Crumbley, Heitger, Smith,
Forensic and Investigative Accounting (CCH)
29
AICPA’s Position
Public accounting firms could use forensic accountants to help revise their approach to planning and fieldwork on all audits, while requiring forensic accountants only on high risk audit clients to aid in the interpretation of forensic testing results and preventive control enhancements.
Does not require auditors to carryout specific forensic procedures, but rather provide guidance on how to include forensic techniques within processes outlines in SAS 99. This combination will enhance the detection and prevention of fraudulent financial statement reporting and misappropriation of assets; thus protect investors and financial statement users.
The inclusion of audit procedures focused towards detecting misappropriation of corporate assets may lead to the identification of weaknesses within corporate governance or control weaknesses. Frauds that are identified which represent a material misappropriation of assets could significantly impact public perception.
30
AICPA’s Position (cont.)
Professional forensic accountants can best be used by ensuring such procedures are properly developed and executed in-line with internal audit and audit committee concerns. Forensic accountants could then be engaged in high-risk situations, or when a fraud is suspected.
Companies should not use the forensic services of their outside audit firm, unless it pertains to the annual audit.
Putting a price on a substantive test or forensic auditing procedure may be smart for business; however, the inherent risk is that short-cuts geared towards reducing audit costs may eventually cause investors to question the companies’ true financial position.
AICPA – Discussion Memo Question Responses 31
Big-Six's Position
A forensic audit is akin to a police investigation.
All public companies should have a forensic audit on a regular basis. Companies would be required to have such an audit every three or five years or face these audits on a random basis.
Forensic auditors scrutinize all records of companies, including emails, and would be able, if not required, to question all company employees, and to require statements under oath.
Might be necessary for an audit network or a specialized forensic auditor to complete a forensic audit with the aid of independent attorneys (not these who have represented the audit client in the other engagements).
Source: “Serving Global Markets and the Global Economy: A View from the CEOs of the International Audit Networks, November 2006, p. 13.
32
Catch Me If You Can
Numbers Don’t Lie.
Criminals are another story.
Money talks. But more often it whispers. When shady characters are up to no good, they often
leave a trail of questionable financial transactions
. Use your skills and smarts to trace the money trail back to the crooks in the all-new version of Catch Me If You Can. Now more interactive and exciting than ever. You could win up to $2,000 in cash or other prizes. And have a lot fun doing it.
Register to play at www.CatchMeGame.com/college 33
Forensic vs. Fraud Audit Google result, September 14, 2008: Forensic Audit, 78,700 hits Fraud Audit, 26,100 hits Fraud Examination, 58,900 hits Fraud Accounting, 25,400 hits Forensic Accounting, 1,200,000 hits Fraud Investigation, 497,000 Forensic Investigation, 290,000 Fraud Auditing, 27,100 --------------------------------------------- I don’t care what they say, but [forensic accounting] is here to stay.
Danny & the Juniors ---------------------------------------------------------------------------------- I see skies of blue and clouds of white, and I think to myself, what a wonderful world.
Louis Armstrong 34
Specialties Within Forensic and Investigative Accounting
Employee Crime Specialist.
Asset Tracing Specialist.
Litigation Services Specialist and Expert Witness.
Insurance Claims.
Valuation Analysis.
False Claims Act Violations.
Due diligence investigations.
35
Asset Tracing
Three Italian lawyers said in a filing to be presented to a bankruptcy court that they had traced $7.7 billion in missing Parmalat funds.
“We are preparing a filing in which we are asking for the insolvency status to be revoked because the money was robbed and not lost,” lawyer Carlo Zauli told Reuters.
But he said it would be an
found
recoverable.
illusion to believe proof of electronic transfers of the funds could be
and the lawyers representing the Parmalat Creditors Committee did not say where the money was being held or if it was An Italian website, TGfin ( www.tgfin.it
), said a company linked to Parmalat founder Tanzi was holding the funds in the form of U.S. bonds in an account with Bank of America.
Source: Emilio Parodi and Stefano Bernabei, “Wrap-up 2: Paramalat Fraud Probe Widens to Auditors, Ex-Banker, “forbes.com, January 8, 2004.
36
Gross Profit Comparison In a divorce situation, a business owner claimed only about $75,000 annual income.
He claimed he had borrowed and not paid back huge sums.
Wife said he was spending about $400,000 per year more than his salary.
Four schedules for the courtroom: 1.
What was known and alleged about husband’s expenditures.
2.
3.
Schedule comparing income with expenditures.
Amounts husband claimed he had borrowed.
37
Gross Profit Comparison (cont.) 4.
Company’s income statements side by-side: New Gross Profit His Per Industry --- ----- --- $75,000 ----- $475,000 Husband had overstated COGS. Checks issued to vendors, into COGS.
Some of the vendors cashed the checks and returned the money to husband.
Mark Kohn, “Unreported Income and Hidden Assets,”
Forensic Accounting in Matrimonial Divorce,
Philadelphia: R. T. Edwards, 2005, pp. 49-57.
38
Unreported Beer Sales
Business owner reports only $50,000 business income, but has expensive cars, private schools, buying significant real estate.
Subpoenaed records of local beer distributors. Then went to the club and ordered some drinks, noting the pricing of the beer, etc.
1,000 cases of Miller’s 24 bottles 24,000 x $2 $48,000 per year Found that reported sales were underreported by $500,000.
Mark Kohn, “Unreported Income and Hidden Assets,”
Forensic Accounting in Matrimonial Divorce,
Philadelphia: R.T. Edwards, 2005, pp. 49-57.
39
Home Improvements
Massive improvements to personal home, not paid for by personal funds.
Company showed many corporate payments to home remodeling contractors/landscapers.
But the industrial park
not
owned by company.
Only photocopies of invoices provided.
FC demanded original documents.
Finally, the original documents had white-outs of job locations and work descriptions.
Could turn over the originals and read the real data from the back side.
Mark Kohn, “Unreported Income and Hidden Assets,”
Forensic Accounting in Matrimonial Divorce,
Philadelphia: R.T. Edwards, 2005, pp. 49-57.
40
Finding Unreported Income/Hidden Assets
1.
2.
3.
4.
5.
6.
7.
Look at the lifestyles.
Look at the expenses.
Look at the cash flow.
Look at the business operations.
Look at the industry ratios.
Consider using private investigators.
Use the net worth method.
Mark Kohn, “Unreported Income and Hidden Assets,”
Forensic Accounting in Matrimonial Divorce,
Philadelphia: R.T. Edwards, 2005, pp.49-57.
41
Fiction v. Reality
The main difference between fiction and reality is that instead of using mask and gun, today’s villains use mouse and keyboard. Instead of hiding behind a lamppost in a trench coat and fedora, today’s forensic accountants are more likely to be hiding behind their own computers, searching for clues amid mountains of data.
Source; “Book ‘EM! Forensic Accounting in History and Literature,” The Kessler Report, Vol.1, No. 2.
----------------------------------------------------------------------------------- “Every investigation I did as a prosecutor, you have a particular target, but it always branches off because something else gets your attention. And that’s what is going to happen with a forensic accountant.” Tom Carlucci: E-library Rueter Library September 20, 2002 42
Forensic Techniques Become Popular “In many of the large accounting blow-ups, auditors knew what was happening,” says Charles Niemeir, “but they were willing to look the other way.” There is a need to provide “incentives for people finding problems,” says Douglas Carmichael. “Right now there are no incentives for finding problems, and one who does is treated as a trouble maker.” Source: Cassell Bryan Low, “Accounting Firms Attempts to Dispel the Cloud of Fraud,”
Wall Street J.
, May 27, 2003.
Doug Carmichael, Chief Auditor for Peek-uh-boo, faults auditors for not adopting forensic techniques .
Carmichael wishes more “test of details,” not relying on test of controls.
He wishes more shoe-leather work.
Shoe-leather work is what we do!
Kris Frieswick, “How Audits Must Change,”
CFO
July 2003, p.48
43
Popular (cont.)
E&Y’s forensic accounting team is comprised of 350 practitioners in the U.S. alone, and focuses on strategies to mitigate and manage conflict in bankruptcy disputes, financial and economic damages, fraud and investigations, government contracts and grants, insurance claims, intellectual assets, and legal technology.
Deloitte’s forensic accounting expertise includes anti-money laundering, the Foreign Corrupt Practices Act, purchase price disputes, arbitrations, construction fraud, health care fraud, construction oversight, intellectual property theft, and misdirected royalty revenues, to name just a few.
They have forensic labs in nine major cities across the U.S. and an additional 18 cities around the world, including Hong Kong, London, Amsterdam, Frankfurt, Cape Town and Melbourne.” All FAS labs meet the FBI’s chain of custody requirements. “They are secure, state-of-the-art, and house advanced systems for storing and accessing data, including dedicated servers and fire-resistant safes.
Stuart Kahan, “Sherlock Holmes Enters Accounting,”
WebCPA
, February 11, 2007.
44
This need for the forensic accountant is demonstrated by this passage from
The CBS Murders
: Margaret Barbera was very good with numbers. She could take a balance sheet, a set of account books, invoices, bills, and more, juggle and manipulate the figures and, presto, thousands become millions, losses become profits, profits become losses, sales soared or fell, whatever her employer desired, and it would take an expert auditor knowing precisely where to look and what to look for to figure out what she’d done, and even then, it still might slip by. Professor Cramer was in front of the auditing class quoting a passage from
The CBS Murders
, by Richard Hammer. [p. 67 in
Trap Doors
].
45
Forensic Accountants
“Rather than combing torn clothing,” forensic accountants “comb through corporate books, looking for oddities that could signal swindles,” says Bruce Dubinsky. Investigations can be extremely complex, with crates and crates of documents and thousands of computer files. Investigators look for flags or patterns that would not normally occur.
Source: Mark Maremont, “Tyco Is Likely to Report New Woes,”
Wall Street Journal
, April 30, 2003, p. C-1.
46
Potpourri Deutsche Bank is being sued for $1.3 billion Bruce Winston (one of the heirs of Harry Winston diamond dynasty) for priceless gems disappearing from a trust under their control.
by A Burlington, Kentucky city finance director is accused of embezzling more than $1.2 million support his estranged wife and his girlfriend.
to Martin Frankel vanished with between $200 million in cash and diamonds one day. He accomplished this insurance fraud by buying poorly capitalized insurance companies, cooking the books to show increased premium value, and by including non-existing real estate and leases on the balance sheet.
Bank of China’s Mr. Wu allegedly embezzling up to $18 million from a bank branch, using improper bills of exchange. BoC has a number of cases involving the embezzlement of $737 million from branches in the Southern Guangdong Province.
A U.S. Lime officer embezzled nearly $2.2 million by forging signatures of other company officers on checks, and falsifying the company’s check register to create the impression that the amounts he received went to U.S. Lime creditors.
47
Potpourri (contd …) The Chairman of Hyundai Motor, Chung Mong Koo, was sentenced in February 2007, to 3 years in prison for embezzlement ($100 million) and breach of trust at South Korea’s largest carmaker.
Spanish authorities shut down Afinsa’s Forum stamp-investing programs with several hundred thousand of small investors. Alleged investments in overvalued stamps and suspected pyramid scheme. Eight officials jailed.
In 2000, Rent Way’s CAO artificially reduced the company’s expenses by $127 million.
WorldCom’s external auditors missed about $11 billion improperly booked items.
Ahold NV, a Dutch company, said a U.S. unit had overstated revenues by $880 million by booking more discounts from suppliers than actually received.
One Philippine peso coin has the same size as 1 dirham, but worth only 7 fils. Thus, dispense machine fraud.
48
Careful With Property Tax Refund Checks Supervisor of the Real Property Tax Adjustment Unit in Washington, D.C., Harriette Walters, used at least 92 payments to dummy corporations in a scam to obtain $31.7 million.
Fraud was never noticed by city officials, internal, or external auditors. Auditors never examined why the city’s property tax refunds were steadily rising.
Sham companies ’ bank accounts were controlled by Walters’ brother.
Many applications for refund were identical to prior ones.
In a FBI raid of her house, 100 pieces of jewelry, a mink coat, 90 designer purses, 68 pairs of shoes, designer luggage, Rolex watch, silver bar cart, and more were found. She had a $1.4 million in bills at Neiman Marcus on a $81,000 yearly government salary.
49
Definition
A forensic accountant has extensive experience in investigations to determine solutions to disputed accounting matters, to write expert reports on their investigation, and to appear in court as expert witnesses.
Zeph Telpner and Michael Mostek A normal accountant is like a guard-dog (e.g., a bulldog); a forensic accountant is like a bloodhound; an internal auditor is like a seeing-and-eye dog (e.g., monitoring and guiding management), a corporate accountant is a mix breed, and a governmental accountant is an afghan.
D. Larry Crumbley 50
Auditors Blamed: Deep Pockets Trustee for United Companies (UC) said that Deloitte and Touche was guilty of negligence, malpractice, misrepresentation, breach of duty, and fraud.
D & T failed to warn United Companies of all of the losses it would absorb if the people who took out the loans defaulted, because the accounting firm was making millions and millions of dollars in fees.
Loan practice called securitization or bundled high-interest loans.
$685 million in liability damages.
Plaintiff’s Attorney: Role of auditors is to act as watchdogs for companies. “A good watchdog barks when somebody comes into the yard. D & T is supposed to bark when there is a problem.” Defendant’s Attorney: “The problem was much larger than a watchdog could handle. Can a watchdog stop your house from getting hit by a hurricane? Of course not.” Source: Adrian Angelette, “Auditors Blamed, “
Baton Rouge Advocate
, October 23, 2003, pp. A-1 and a-8 51
Auditors Blamed (cont.) As part of the securitization agreement, UC agreed to pay the principal and interest on defaulted loans.
Creditors contend that UC failed to account for the interest it was paying, and D&T should have caught the mistake earlier.
After UC wrote off $605 million in debt, the company filed for bankruptcy.
Confidential mid-court settlement.
Source: Adrian Angelette, “United Companies Settlement Reached,”
Baton Rouge Advocate
, October 31, 2003, pp. A-1 and A-12 52
Find It, or I’ll Sue
Accountants must be attuned to detecting fraud at every level of service, including standard accounting services, compilations, reviews, and bank reconciliations. If there is fraud and you don’t detect it, you are going to be sued, and you will likely lose, as the public perception is the accountant is the watchdog.
Robert J. DiPasquale, Parsippany, N.J.
Source: H.W. Wolosky, “Forensic Accounting to the Forefront,”
Practical Accountant
, February 2004, pp. 23-28.
53
Forensic Accounting Knowledge Base
Silk, Silk, Silk
54
Threads of Forensic Accounting
Forensic accounting (or at least accounting expert witnessing) can be traced as far back as 1817 to a court decision. [
Meyer v. Sefton
] In 1824, a young accountant by the name of James McCleland started business in Glasgow, Scotland and issued a circular that advertised various classes of expert witness engagements he was prepared to undertake.
In 1856 in England, the audit of corporations became required.
55
Investigative Accountants
Initially called investigative accounting, many of the forensic techniques, such as the net worth method, were developed by IRS agents to detect tax evaders.
Infamous mobster, Al Capone, was caught when Special Agents of the IRS stepped in and charged him with tax evasion.
Accountants
caused the crime czar’s career to come to an end.
56
Al Capone Caper
“Perhaps the most celebrated case of an accountant nailing a famous criminal was the case of Al Capone. For all of Capone’s colorful history of violent crime, the FBI could never gather enough evidence to convict him until FBI agent Eliot Ness had an idea.
He gathered special agents of the IRS to track the flow of cash from Capone’s illicit activities evasion.
. When the mobster failed to pay taxes on those earnings, the IRS nailed him for tax Capone went to jail and was never a factor again. IRS recruitment posters boast till this day: ‘Only an accountant could catch Al Capone.’” Source: “Book ‘Em! Forensic Accounting History and Literature,”
The Kessler Report
, Vol. 1, No. 2.
57
Investigative Techniques
“You know how it goes,” I said. “You get a case. You just keep poking around, see what scurries out.” p. 144.
----------------------------------------------------------- “How,” Susan said, “on earth are you going to unravel all of that?” “Same way you do therapy,” I said.
“Which is?” “ Find a thread, follow it where it leads, and keep on doing it .” “Sometimes it leads to another thread.” “Often,” I said.
“And then you follow that thread.” “Yep.” “Like a game,” Susan said.
“For both of us,” I said.
Susan nodded. “Yes,” she said, “tracking down of a person or an idea or an evasion.” pp. 270 – 271.
------------------------------------------------------------------------------- Source: R.B. Parker,
Widow’s Walk
, Berkley Books, 2002.
58
Father of Forensic Accounting:
Maurice E. Peloubet (1946) Pretenders :
Max Lourie (1953) Robert Lindquist (1986)* * Repeated, First sentence in N. Brennan and J. Hennessy,
Forensic Accounting
, 2001, p. 5.
59
The Essence of Forensic Accounting by Maurice Peloubet (1946): “The preparation of data for and the appearance before government agencies as a witness to facts, to accounting principles, or to the application of accounting principles is essentially forensic accounting practice rather than advocacy.” Modern Version “Let’s face it, we in the forensic profession labor in an obscure corner of the vineyard. We are the carefully selected, trusted, highly trained guardians of one of the last great secrets remaining on the face of the earth - - the $600 billion [now $652], more or less annual problem nobody knows about.” Joseph W. Koletar,
Fraud Exposed
, John Wiley & Sons, Inc 2003, p. 228.
60
Be like
61
Fictional Hero
“Forensic accounting is turning up more frequently in the world of fiction, too. The financial intrigue of fraud and the investigative process of forensic accounting are a natural fit with mystery of suspense novels. Add exotic locations, colorful characters and a murder or two, and you have all the elements of a classic thriller.
There is a selection of books featuring forensic accountants as the heroes of their own stories, as well. Lenny Cramer, perhaps the most prominent of this fictional group, is the star of a series of novels written by I.W. Collett and various co-authors.
In one of these novels, Cramer religion treasures conducting an audit at Coca-Coca, skills to tracks forged receipts to uncover a plot to steal Burmese . Another features Cramer, while uncovering a scheme to steal the company’s secret formula . In yet another, Cramer uses his forensic accounting solve a series of murders in the New York art world .” Source: “Book ‘em! Forensic Accounting in History and Literature,”
The Kessler Report
, Vol. 1, No. 2.
62
Panel on Audit Effectiveness In 1998, the Public Oversight Board appointed the Panel on Audit Effectiveness to review and evaluate how independent audits of the financial statements of public companies are performed and to assess whether recent trends in audit practices serve the public interest.
In 2000, the Panel issues a 200-page report,
Report and Recommendations
auditors should perform forensic-type the prospects of detecting material financial statement fraud.
, which includes a recommendation that procedures during every audit to enhance Did not believe a GAAS audit should become a fraud audit.
In all audits the degree of audit effort in forensic- type steps should be more than inconsequential [p. 24].
63
AICPA Fraud Task Force Report
In 2003, the AICPA’s Litigation and Dispute Resolution Services Subcommittee issued a report of its Fraud Task Force entitled, “Incorporating Forensic Procedures in an Audit Environment.” The report covers the professional standards that apply when forensic procedures are employed in an audit and explains the various means of gathering evidence through the use of forensic procedures and investigative techniques.
64
Required Forensic Audits Coming?
The accounting profession may be making a strategic shift as they see that SAS No. 99 and the other rules are not protecting them from being the insurer of last resort. The Big Four along with Grant Thornton and BDO International recently released a report entitled “Serving Global Capital Markets and the Global Economy.” November 2006.
In the report, one of the things they are suggesting is for companies to have a forensic audit. Companies would be required to have such an audit every five years or face these audits on a random basis.
Standing Advisory Group (PCAOB) was not enthusiastic about a mandatory forensic audit: not cost-effective or effective at all. February, 2007.
“Auditing Firms Urge New Ways to Detect Fraud,” NYSSCPA.org News Staff. Posted on November 11, 2006.
65
Fraud Strategies Differ
1.
2.
3.
4.
5.
6.
7.
8.
Forensic Accountants Internal Auditors External Auditors Certified Fraud Examiners Certified Financial Forensic Analysts (CFFAs) Certified Forensic Accountant (CrFA) Forensic CPA Society (FCPA) Certified in Financial Forensics (CFF)
66
Opportunities for Forensic Accountants FAs may provide perspective in situations evaluating whether accounting information is presented fairly without GAAP – based constraints: Identification of financial issues.
Knowledge of investigating techniques.
Knowledge of evidence.
Interpretation of financial information.
Presentation of finding.
Sources: G. Bologna and R. Lindquist,
Fraud Auditing and Forensic Accounting
, New York City: John Wiley, 1995. F. T. DeZoort and J. D. Stanley, “Fair Presentation in the SOX Era: An Assessment Framework and Opportunities for Forensic Accountants,”
J of FA
, Vol. 7, 2006, p. 289.
67
Predication
The ACFE group indicates that in the private sector, a fraud investigation should not be conducted without proper predication.
Examples: Anonymous tips, complaints, audit inquires, conflict of interest.
Thus, predication is the basis for undertaking a fraud investigation.
Without predication, the target might be able to sue for real or imaginary damages.
68
Who Do You Call?
Detection v. Deterrence Proactive v. Reactive
69
Three Classes of Controls
Preventive controls: These controls are first in line to prevent errors, omissions, or security incidents from occurring. Examples include controls that restrict access to systems to authorized persons such as intrusion prevention systems and firewalls, and integrity constraints that are embedded within a Database Management System. Most Efficient Detective controls: These controls detect errors or incidents that have eluded the preventative controls. Examples include controls that test whether authorization limits have been exceeded, or an analysis of activity in previously dormant accounts. Important when preventive controls weak. Examples include situations where the transactions are derived from third party reports such as sales reports from franchisees, warranty claims reported by auto dealers, baggage claims reported by passengers at airports, and reports of coupons or rebates redeemed by redemption processors.
Corrective controls: These controls correct errors, omissions, or incidents after detection. They vary from simple correction of data-entry errors, to identifying and removing unauthorized users from systems or networks. Corrective controls are the actions taken to minimize further losses.
Sources: IIA, 2005, Global Technology Audit Guide: IT Controls, Altamonte Springs, Fl; M. J. Nigrini, “Monitoring Techniques Available to the Forensic Accountants,”
J. of Forensic Accounting
, Vol. 7, 2006, p. 322.
70
Where Fraud Prevention and Security Meet
Fraud Prevention Security Sarbanes-Oxley Compliance Data Mining for Fraud Ethics Policy Anonymous Tip Line Risk Assessment Fraud Policy Background Checks Site Security Survey Loss Prevention Strategy Information Security Investigations Interviews Screening Tools for External Fraud Guards Closed Circuit TV Swipe Cards Locks Fences Badges Disaster Recovery
Source: M.T. Biegelman and J. T. Bartow,
Executive Roadmap to Fraud Prevention and Internal Controls
, John Wiley, 2006, pp. 325-326.
71
Balancing Risks and Controls
Excessive Risks
• Loss of Assets • Poor Business Decisions • Noncompliance • Public Scandals • Increased Regulations
Excessive Controls
• Increased Bureaucracy • Reduced Productivity • Increased Complexity • Increased Cycle Time • Increase of no-value activities 72
Types of Controls
Preventive controls
• Segregation of duties • Required approvals • Securing assets • Passwords • Using document control numbers • Drug testing • Job rotation • Computer backup
Detective controls
• Reconciliations • Reviews • Event notifications • Surprise cash count • Counting inventory
Corrective controls
• Training • Process redesign • Additional technology • Quality circle teams • Budget variance reports 73
James Bond – Type Security
The TIAA-CREF’s Charlotte building is covered with green faux windows and comes with security features such as a revolving door that weighs visitors when you go in and out, cameras that track them throughout the building and security badges that won’t let them leave if they stay longer than expected.
The James Bond technology protects a financial service entity’s most precious commodity: cartridges containing customer data. “These are our crown jewels.” CTO Sue Kozik said.
The data center could be guarded better only if it was buried underground.
Source: Rick Rothacker, “Charlotte Site Has Quickly Become the Firm’s Largest,”
Charlotte Observer
, December 28, 2006, p. 2D.
74
Industry Sources: Need a Certification
American College of Forensic Examiners (2750 E. Sunshine, Springfield, MO 65804; 800-423-9737; www.acfei.com
. DABFA and Cr.FA; 2000) Certified Fraud Examiners (Association of CFEs, The Gregor Bldg., 716 West Avenue Austin, TX 78701; 800 245-3321; www.cfenet.com
).
Certified in Financial Forensics (CFF), AICPA, Fall 2008, www.aicpa.org.
Forensic CPA Society (FCPA); formed in July 2005, Spokane, WA. [email protected].
Certified Forensic Financial Analyst (NACVA, Salt Lake City, Utah 84106; 801-486-0600). Also, Certified Fraud Deterrence (CFD) analyst. [CFFA and CFD have merged.] National Litigation Support Services Association (NLSSA, III East Wacker Drive, Suite 990, Chicago, IL 60601; 800-869-0491). Not-for-profit. About 20 firms. $1,825.
Canadian Institute of Chartered Accountants (CICA) – CA.IFA – Alliance for Excellence in Investigative Accounting.
Certified Forensic Investigator (CFI) – Canada Early 1980’s. www.homewoodave.com
Certified Fraud Specialist (CFS), not-for-profit, educational anti-fraud corporation located in Sacramento, Calif., for those dealing in white-collar crime, fraud, and abuse issues. Association of Certified Fraud Specialists. http://acfsnet.org
.
75
76
77
Fraud
Some accountants believe that ethics is a place in England.
Essex, U.K.
----------------------------------------------------- A statement made by Mark Twain about New England weather applies to fraud and corruption: “It’s hard to predict, but everyone agrees there’s plenty of it.”
-------------------------------------------
As Sherlock Holmes said, “the game is afoot.” ------------------------------------------------- Read My Lips; It’s The Fraud, Stupid.
78
Termites, Rust, and Fraud
• Just as termites never sleep, fraud never sleeps.
• Just like termites, fraud can destroy the foundation of an entity.
------------------------------------------------------------ Like rust, fraud never sleeps.
------------------------------------------------------------ "It is simply impossible to eliminate economic crime. It's like fighting the mythical Hydra, cutting off one form of fraud merely allows another to grow. Controls alone are not enough. The answer lies in establishing a culture that supports control efforts and whistle-blowing with clear ethical guidelines. Companies need to build loyalty to the organisation give employees the confidence to do the right thing, and identify clear sanctions for those who commit fraud, regardless of their position in the company." Steven Skalak 79
Quality Staff An Issue
Bruce Dubinsky emphasizes that although forensic accounting is currently on the “hot” list of client services, there are plenty of accountants getting involved who shouldn’t be, because they don’t understand the ins and outs of the niche . “The only limit to our size is finding competent professionals.” He explains that just being an accountant is no longer enough to do this work – the person has to understand the legal system, and what the law says. How to interrogate and interview people are musts. Tracking leads and obtaining legally usable intelligence is also crucial. “Many accountants think it is simply fraud investigation and it’s not. It really is much more than dealing with the numbers. It’s no longer just basic fraud work.” Laurie Hotz admits that there are fewer and fewer people to do it : “It’s simply very hard to find qualified people.” He looks for a good auditor who has a solid background for forensic accounting. He says there must be awareness of public fraud, and notwithstanding some teeth being put into new regulations, there is still plenty of fraud going on.
Stuart Kahan, “Sherlock Holmes Enters Accounting,”
WebCPA
, February 11, 2007.
80
Fraud is Possible
The motto of a fraudster: Anything is possible. The impossibility simply takes longer.
-------------------------------------------- Biggleman’s Safe – a safe builder wrote blueprints of a unbreakable safe and locked the blueprints inside the safe.
---------------------------------------------- Internal controls can be broken, often by top executives .
---------------------------------------------- Just as a pitcher tries to fool batters, financial statements may be misleading or wrong (baseball or cricket).
81
White-Collar Crime: Rich People Steal
• Edwin Sutherland coined the term “white-collar crime.” [Indiana University sociology professor.] • Sutherland believed that white collar crime is a
learned behavior
, a consequence of corporate culture where regulations are regarded as harassment, and profit is the measure of the man.
• “White-collar crime violates trust and thus creates distrust, and this lowers social morale and produces social disorganization on a large scale.
Cynthia Crossen, “A Thirties Revelation: Rich People Who Steal are Criminals, Too,”
Wall Street Journal
, October 15, 2003, p. B-1.
82
White-Collar Crime By the Advantaged
“Crime is the most
flourishing lucrative
and business in America… I speak now not only of the crime in the streets, the burglaries and the robberies, which represent tens of billions of dollars each year; I speak of the crime which we call ‘white collar’ – the crimes committed by the
advantaged
, not the disadvantaged; the crimes committed with pen and pencil, not with gun or ‘jimmy’;
under the bright lights of the executive offices, not by stealth in the dark
.” Herbert Stern, from his discussion of prosecutorial philosophy in the 1973 book
Tiger in the Court
, by Paul Hoffman.
83
FBI Crime Classification Manual
1. Personal Cause Homicide.
2. Sexual Homicide.
3. Group Cause Homicide.
4. Criminal Enterprise Homicide • Contract killing.
• Gang-motivated.
• Criminal competition.
• Kidnap murder.
• Product tampering.
• Drug murder.
• Insurance/ inheritance.
• Felony-murder.
• Commercial profit .
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ “People do not normally kill you for doing their taxes, but forensic accounting is a whole new ballgame.” Adam Piore, “Fraud Scene Investigator,” March 20, 2008.
84
Red-Collar Crime
• A person who physically harms someone that may have, or is on the verge of detecting their fraudulent behavior.
• Fraud-detection homicide.
• Myth: White-collar criminals not violent criminals.
• Forensic accountants may be used in a homicide investigation when fraud detection may be the motive for the murder.
• Fraud-detection motive may be important when a prosecutor has weak direct evidence.
Source: F.S. Perri and T.G. Lichtenwald, “A Proposed Addition to the FBI Criminal Classification Manual: Fraud Detection Homicide,”
The Forensic Examiner
, Winter 2007, pp. 18-30.
85
Tyco Prosecutor’s Closing Argument
“
Remember, these are two very, very smart men; they are not charged with being stupid men,” she said of Mr. Kozlowski and Mr. Swartz. “These crimes have an element of sophistication so you can be sure that when they were committing them they built in an element of deniability.” She added: “Every good scheme has it. That is how white-collar criminals work.” • Mistrial on April 2, 2004.
Source: A.R. Sorkin, “Talk of Greed and Beyond at Tyco Trial,”
N.Y. Times
, March 17, 2004, p. C-1.
86
Michael Comer’s Types of Fraud
1.
2.
3.
Corruptions (e.g., kickbacks).
Conflicts of interest (e.g., drug/alcohol abuse, part-time work).
Theft of assets.
4.
5.
False reporting or falsifying performance (e.g., false accounts, manipulating financial results).
Technological abuse (e.g., computer related fraud, unauthorized Internet browsing).
Comer’s Rule: Fraud can happen to anyone at anytime.
Source: M.J. Comer,
Investigating Corporate Fraud
, Burlington, Vt.: Gower Publishing Co., 2003, pp. 4-5.
87
How Corruption Occurs
Category Conflicts of Interest Bribery Illegal Gratuities Extortion % 61.6% 42.7% 29.8% 16.9% Source: 2006 Wells Report, ACFE.
88
CFEs’ Ranking of Controls’ Importance in Detecting or Limiting Corruption Schemes Control Internal Audit/ FE Department Fraud Hotline Surprise Audits Management Review of IC Rewards for Whistleblowers Mandatory Job Rotation/ Vacations Audit of F/S Audit of ICOFR Average Score 3.83
3.48
3.41
3.14
3.11
2.87
2.66
2.63
Source: 2008 Wells Report, ACFE.
89
TRUTH
Given the right pressures, opportunities, and rationalizations, many employees are capable of committing fraud.
Bev Harris says that fraudsters and embezzlers are the nicest people in the world: Wide-eyed mothers of preschoolers. Your best friend. CPAs with impeccable resumes. People who profess deep religious commitments. Your partner. Loyal business managers who arrive early, stay late, and never take a vacation. And sometimes, even FAMILY MEMBERS. So if you’re looking for a sinister waxed mustache and shifty eyes, you’re in for a surprise – scoundrels come in every description.
Source: “How to Unbezzle A Fortune,” www.talion.com/embezzle.htm
, p. 1.
90
Starwoods Hotels Poll of Executives
Starwoods Hotels interviewed
401
top executives who golf. The results are surprising.
99% Consider themselves to be honest in business Played with someone who cheats at golf Cheated themselves at golf Hated others who cheated at golf Believe that business and golf behaviors are parallel 87% 82% 82% 72% Source: Del Jones, “Many CEOs Bend The Rules (of Golf),”
USA Today
, June 26, 2002, p. A-1.
91
The Cost of Fraud
Organizations lose 7 percent of annual revenue to fraud and abuse.
Fraud and abuse costs U.S. organizations more than $994*
billion
annually (about $6,860 per employee).
The average organization loses more than $
18.30
a day per employee due to fraud and abuse.
* $652 billion in 2006.
Source: 2008 Wells Report
92
The Trillion Dollar Gorilla
U.S. Business 1 Federal Government 2 State Government 3 Tax-exempts 4 Local Government 5 Annual Fraud ( trillion ) (in Billions) $256.32
239.75
354.21
134.5
68.4
$ 1.053
1. 2002
Statistics of Income
, $1,281.6 trillion time 20%.
2. $2.3975 trillion budget times 10% 3. $3,542.1 million times 10% 4. $897 billion in revenue times 15%.
5. $684.6 billion times 10%.
93
Fraud Multiplier
Employee Fraud = $ for $ reduction in net income Suppose $100,000 bottom line reduction.
Suppose 20% profit margin How much new revenue needed to offset the lost income?
$100,000 = $500,000 20% So ACFE says $994 billion* lost per year (2008).
$994 billion = $4.97 trillion needed 20% revenue ---------------------------------------------------- The FBI estimates that white collar crime is $300 billion each year in the U.S.
94 * $652 billion in 2006.
The Cost of Fraud (cont.)
Over
90%
of occupational frauds involve
asset misappropriations
.
Average length of a fraud scheme is
17 to 30 months
.
Most common way of detecting occupational fraud is by
tips
from employees, customers, vendors, or anonymous sources.
Second way, by
accident
.
Third, internal controls.
Fourth most common detection:
internal audit (2
nd
in 2004)
.
The most targeted asset is cash
.
Source: 2008 Wells Report
95
Ernst & Young Study (2000)
Leading companies and public bodies in 15 (82) countries More than 82% (50%) have been victims of fraud in the past year.
82% (84%) of total losses can be attributed to staff.
33% (50%) of the most serious frauds were committed by the organization’s own management.
Most with company more than 5 years (25% more than 10 years).
Theft of cash schemes
and
purchasing
(i.e., employee kickbacks) constituted the
majority
of frauds.
Reasons: Poor internal controls
and
finance directors had a limited knowledge of internal controls.
96
Ernst & Young 2002 Survey
• More than
20 percent
of the respondents were aware of fraud in their workplace.
• Nearly 80 percent would be willing to turn in a colleague thought to be committing a fraudulent act.
• Employers lose a staggering
20 percent of every dollar
earned to some type of workplace fraud.
• More frequently committed frauds are theft of office items, claiming extra hours worked, inflating expense accounts, and taking kickbacks from suppliers.
•
Women
are more likely than men to report fraudulent activities.
•
Older
employees were more likely to report fraudulent activities than younger employees.
Ernst & Young. “American Works: Employers Lose
20 Percent
of Every Dollar to Work Place Fraud.” (2002) Available at http://www.ey.com/global/Content.nsf/US/Media_Release_-_08 05-02DC 97
Advantage of Compliance Spending General Counsel Roundtable says that each $1 of compliance spending
saves
the average, organizations, on $5.21
in heightened avoidance of legal liabilities, harm to the organization’s reputation, and lost productivity.
Source: Jonny Frank, “Fraud Risk Assessments,”
Internal Auditor
, April 2004, p. 47.
98
Comparison of Selected Fraud Surveys Type Time Period Number of participants (population) Response Estimated fraud in U.S.
% of companies experiencing fraud Highest fraud industry KPMG Questionnaire 2005-2006 4,056 (6,797) 59.7% Not given 74% reporting misconduct Public sector Second highest fraud industry Top – Fraud detection – Tips Fraud detection – Internal audits Fraud detection – by accident Some recover of fraud Gender of perps - male Likely age Fraud by senior mgt.
Fraud by Accounting dept.
Fraud with undergraduate degree Best control measure Second best control measure Global Manufacturers Not given Not given Not given Not given Not given Not given Not given Not given Not given PwC 2005 3,634 Interview ACFE Questionnaire 2008 1,117 (16,606) Unknown $1.7 million per company 45% tangible fraud 6.7% $994 billion (revenue) Unclear (959) Retail/ Consumers Financial Services Banking/ Financial Services Government 28% 26% 46.2% 19.2% 6% 47% 87% 31-40 (38%) 24% Not given 52% External audits Internal audits 20% 57.9% 59.1% 41-50 37.1% 28.9% 34.4% Hotlines/ surprise audit Job Rotation/ mandatory vacation 99
Frequency of Anti-Fraud Controls*
* ”External Audit of F/S” = independent external audits of the organization’s financial statements “Internal Audit / FE Department” = internal audit department or fraud examination department “External Audit of ICOFR” = independent audits of the organization’s internal controls over financial reporting “Management Certification of F/S” = management certification of the organization’s financial statements “Management Review of IC” = regular management review of internal controls Source: 2008 Wells Report, ACFE.
Source: 2008 Wells Report, ACFE .
Source: 2008 Wells Report, ACFE .
Primary Internal Control Weakness Observed by CFE
Source: 2008 Wells Report, ACFE .
PWC 2007 Survey
Fraud's pervasiveness
Over
43 percent
reported suffering one or more significant economic crimes. of the companies interviewed
The average loss from fraud per company increased nearly 40 percent
US$2.4 million in 2007.
in two years
from roughly US$1.7 million in 2005 to approximately Over
80 percent
of our respondents who suffered fraud also stated that this had caused damage — or significant damage — to their business. No industry is immune from the threat posed by economic crime although different sectors are impacted by different types of fraud.
Management's impact
The level of collateral damage is directly proportional to the seniority of the perpetrator. In
29 percent
of the occasions where senior managers were involved, the collateral damage to the brand was very significant.
Controls and culture
Internal controls are not enough. An ethical corporate culture plays an equally important role in deterring fraud. Companies with both ethical guidelines and compliance programs report suffering fewer economic crimes.
104
PWC 2007 Survey (cont.)
.
Emerging markets Over 43 percent of the companies interviewed reported suffering one or more significant economic crimes in the past two years. Companies in which parent and subsidiaries employed different accounting systems where more susceptible to fraud ( 61 percent of cases) than those operating a unilateral system ( 52 percent ). E7 'experts' perceive significant risk associated with levels of corruption, staff integrity and legal environment in the emerging markets. Actual levels of reported fraud in the E7 countries are consistently high in the area of asset misappropriation. 44 percent of IP infringement cases (worldwide) that involved a perpetrator overseas involved a perpetrator from China.
Source: PWC Global Economic Crime Survey 2007 97
Scienter
Necessary
To prove any type of fraud, prosecutors must show that
scienter
was present.
That is, the fraudster must have known that his or her actions were intended to deceive.
------------------------------------------------ The allure of numbers to most of us, is like the excitement of settling sand--a narcoleptic surety. Crafty criminals prey on this boredom. They pile on the numbers, spewing meaningless records in the false books.
Cory Johnson 106
Fraud
Legally,
Black’s Law Dictionary
All multifarious means which human ingenuity can devise, and which are resorted to by one individual to get an advantage over another by false suggestions or suppression of the truth, and includes all surprise, trick, cunning or dissembling, and any unfair way by which another is cheated.
The four legal elements to fraud are defines fraud as: A false representation or willful omission regarding a material fact.
The fraudster knew the representation was false.
The target relied on this misappropriation.
The victim suffered damages or incurred a loss.
-------------------------------------------------------------------- Institute of Internal Auditors definition: Any illegal acts characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the applications to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.
107
Some Fraud Definitions
The primary factor that distinguishes fraud from error is whether the underlying action is intentional or unintentional. Fraud is an intentional act that results in a material misstatement in financial statements that are the subject of an audit. Two types of misstatements are relevant to the auditor’s consideration of fraud-misstatements arising from financial reporting and misstatements arising from misappropriation of assets.
AICPA, SAS #99/ PCAOB ------------------------------------------------- The deliberate misrepresentations of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users.
ACFE 108
How Fraud Occurs
Source: KPMG Fraud Study
109
Types of Fraud
Source: KPMG Fraud Study
110
Certain Fraud is Increasing
Source: KPMG Fraud Study
111
Source: 2008 Wells Report, ACFE.
112
Source: 2008 Wells Report, ACFE.
113
COSO’s Most Common Fraud Methods
1.
2.
3.
4.
5.
6.
7.
Overstatement of earnings.
Fictitious earnings Understatement of expenses.
Overstatement of assets.
Understatement of allowances for accounts receivables.
Overstatements of the value of inventories by not writing down the value of obsolete goods.
Overstatement of property values and creation of fictitious assets.
114
COSO’s Major Motives for Fraud
1.
2.
3.
4.
Cover up assets misappropriated for personal gain.
Increase the stock price to increase the benefits of insider traders and to receive higher cash proceeds when issuing new securities.
Obtain national stock exchange listing status or maintain minimum exchange listing requirements to avoid de-listing.
Avoiding a pretax loss and bolstering other financial results.
115
COSO Survey (1999) • Financial pressures were important contributory factors for the commitment of financial statement fraud (FSF).
• Top executives (e.g., CEOs, CFOs) were commonly involved in FSF.
• The majority of alleged FSF were committed by small companies.
• Board of directors and audit committees of the fraud companies were weak and ineffective.
• Adverse consequences for fraud companies were bankruptcy, significant changes in ownership, and delisting by national stock exchanges.
• Cumulative amounts of FSF were relatively significant and large.
• More than
half
of the alleged FSF involved overstatement of revenues.
• Most FSF were not isolated to a single fiscal period.
•
Fifty-five opinions.
percent of the audit reports
issued in the last year of the fraud period contained unqualified
•The majority of the sample fraud companies (56 percent) were audited by Big Eight/Big Five auditing firms.
116
1.
2.
3.
4.
5.
6.
Business Fraud Survey (1999) Nearly 15 percent reported management misappropriation as the greatest fraud risk to their organization.
Sixty
percent of the respondent reported their department’s
fraud risk analysis process
as being
reactive
in nature.
The majority of respondents (72 percent) reported that their organization did not have fraud detection and deterrence programs in place.
The majority of respondents (68 percent) reported that they never felt pressured to compromise the adherence to their organization’s standard of ethical conduct.
The majority of the respondents reported their organization’s
external auditors
as being
ineffective in preventing and detecting fraud
.
The majority of the respondents believed that more budgets should be devoted to fraud-related activities and training in department.
The Institute of Management and Administration (IOMA) and the Institute of Internal Auditors(IIA). “Business Fraud Survey.” (1999). Available at http://www.theiia.org
117
One Piece at a Time
Johnny Cash (1976)
118
One Piece At A Time
Well, I left Kentucky back in '49 An' went to Detroit workin' on a 'sembly line The first year they had me puttin' wheels on cadillacs Every day I'd watch them beauties roll by And sometimes I'd hang my head and cry 'Cause I always wanted me one that was long and black.
One day I devised myself a plan That should be the envy of most any man I'd sneak it out of there in a lunchbox in my hand Now gettin' caught meant gettin' fired But I figured I'd have it all by the time I retired I'd have me a car worth at least a hundred grand.
CHORUS
I'd get it one piece at a time And it wouldn't cost me a dime You'll know it's me when I come through your town I'm gonna ride around in style I'm gonna drive everybody wild 'Cause I'll have the only one there is a round.
So the very next day when I punched in With my big lunchbox and with help from my friends I left that day with a lunch box full of gears Now, I never considered myself a thief GM wouldn't miss just one little piece Especially if I strung it out over several years.
119
One Piece At A Time
The first day I got me a fuel pump And the next day I got me an engine and a trunk Then I got me a transmission and all of the chrome The little things I could get in my big lunchbox Like nuts, an' bolts, and all four shocks But the big stuff we snuck out in my buddy's mobile home .
.
Now, up to now my plan went all right 'Til we tried to put it all together one night And that's when we noticed that something was definitely wrong .
The transmission was a '53 And the motor turned out to be a '73 And when we tried to put in the bolts all the holes were gone.
So we drilled it out so that it would fit And with a little bit of help with an A-daptor kit We had that engine runnin' just like a song Now the headlight' was another sight We had two on the left and one on the right But when we pulled out the switch all three of 'em come on.
The back end looked kinda funny too But we put it together and when we got thru Well, that's when we noticed that we only had one tail-fin About that time my wife walked out And I could see in her eyes that she had her doubts But she opened the door and said "Honey, take me for a spin." 120
One Piece At A Time
So we drove up town just to get the tags And I headed her right on down main drag I could hear everybody laughin' for blocks around But up there at the court house they didn't laugh 'Cause to type it up it took the whole staff And when they got through the title weighed sixty pounds
CHORUS
I got it one piece at a time And it didn't cost me a dime You'll know it's me when I come through your town I'm gonna ride around in style I'm gonna drive everybody wild 'Cause I'll have the only one there is around.
(Spoken) Ugh! Yow, RED RYDER This is the COTTON MOUTH In the PSYCHO-BILLY CADILLAC Come on Huh, This is the COTTON MOUTH And negatory on the cost of this mow-chine there RED RYDER You might say I went right up to the factory And picked it up, it's cheaper that way Ugh!, what model is it?
Well, It's a '49, '50, '51, '52, '53, '54, '55, '56 '57, '58' 59' automobile It's a '60, '61, '62, '63, '64, '65, '66, '67 '68, '69, '70 automobile.
121
Missing Fraud
Auditors will
continue to miss fraud
because much of their work is predicted on the
assumption that separation of duties prevents fraud (i.e., one person
hold the money and another person keeps track of it). The Equity Funding case shakes the foundations of auditing in that so much is based on the
assumption that people don’t collude
very long. These people work together as an efficient team for a very long time [9 years].
Lee Seidler ------------------------------------------ “When the sun goes down, then the sneaks will play at night.” From Porter Wagoner “Sneaks Crawl at Night.” 122
The Perpetrators
First-time offenders (93% 2008).
Losses from
fraud caused by managers and executives were 3.5 times greater than those caused by non-managerial employees [2002].
Losses caused by men were 3 times those caused by women [53% males]; [Male, 59.1%, 2008]. Losses caused by perpetrators 60 and older were 27 times those caused by perpetrators 25 or younger [2002].
Losses caused by perpetrators with post-graduate degrees were more than 3.5 times greater than those caused by high school graduates [2002].
Acted alone (63.9% in 2008).
Source: 2008/ 2002 ACFE Report 123
FBI Part 2 Offenses — Female
Embezzlement
Fraud
Forgery
Larceny – theft
Serial Killer (62) 41% 39% 36% 33% 20%
124
White-collar criminals have these characteristics:
Likely to be married.
Member of a church.
Educated beyond high school.
No arrest record.
Age range from teens to over 60.
Socially conforming.
Employment tenure from 1 to 20 years.
Acts alone 70% of the time.
Source: Jack Robertson,
Fraud Examination for Managers and Auditors
(1997).
125
Other Characteristics of Occupational Fraudsters : Egotistical Risk taker Hard Worker Greedy Disgruntled or a complainer Overwhelming desire for personal gain Pressured to perform
Inquisitive Rule breaker Under stress Financial need Big spender Close relationship with vendors / suppliers
Source: Lisa Eversole, “Profile of a Fraudster,” Some Fraud Stuff, http://www.bus.lsu.edu/accounting/faculty/lcrumbley/fraudste r.html
126
Quotes
To be a forensic auditor, you have to have a knowledge of fraud, what fraud looks like, how it works, and how and why people steal.
Robert J. Lindquist
"Finding fraud is like using a metal detector at a city dump to find rare coins. You're going to have a lot of false hits."
- D. Larry Crumbley
“Fraud can be best prevented by good people asking the right questions at the right time.”
- Michael J. Comer
127
“Finding fraud is like trying to load frogs on to a wheelbarrow.” Larry Crumbley It’s easy to fall in love; It’s easy to commit fraud; It’s hard to catch the fraud.
128
Fraud Catching
Finding fraud is like trying to herd cats and chickens. There is a chicken catching machine (150 chickens per minute),* but there is no perfect fraud catching machine.
D. Larry Crumbley * PH2000 mechanical chicken harvester. Scott Kilman, “Poultry in Motion: Chicken Catching Goes High Tech,”
Wall Street Journal,
June 4, 2003, p. A-1. Human can catch about 1,000 an hour. $200,000 cost.
129
How Fraud Is Detected
1.
2.
3.
4.
5.
6.
Tips By accident Internal audit Internal controls External audits Notification by police 2008 46.2% 20% 19.4% 23.3% 9.1% 3.2% 2006 34.2% 25.4% 20.2% 19.2% 12.0% 3.8% Source: 2008/ 2006/ 2004 Wells Reports, ACFE.
2004 39.6% 21.3% 23.8% 18.4% 10.9% 0.9%
A British publication suggests that prosecutors think that accountants have x-ray vision. “It is assumed that if an accountant stares really hard at a set of accounts, then somehow, magically, information will appear before his/ her eyes that are invisible to lesser mortals.”
NIFA News, Number 10, p.1.
130
Sources of Tips
Employee Customer Vendor Shareholder/ owner Anonymous Competitor 2008 57.7% 17.6% 12.3% 9.2% 8.9% 1.0% 2006 64.1% 10.7% 7.1% NA 18.1% NA Source: 2008/ 2006 Wells Report, ACFE.
131
Tips Are Important Some of the biggest recent accounting scandals (e.g., HealthSouth, Xerox, Waste Management) involve situations where the auditors were tipped off or otherwise alerted to possible frauds but they failed to investigate them deeply enough.
In her book
Power Failure
, Sherron Watkins says she talked to Jim Hecker, at Arthur Andersen, on the phone about the dangers of the Raptors and Fastow’s inherent conflict. Hecker wrote a memo to the files and forwarded copies to David Duncan and Enron’s audit partner, Debra Cash. His note: “Here is my draft memo, for your review, for ‘smoking guns’ that you can not extinguish.” p. 285.
132
Finding Fraud In The Midst of a Conspiracy When speaking about the fraud of HealthSouth, a spokesman for Ernst & Young emphasized the difficulty of detecting accounting fraud in the midst of a conspiracy of senior executives and false documentation. An accountant testified that HealthSouth employees would move expenses of $500 to $4,999 from the income statement to the balance sheet throughout the year. Overall the SEC said about $1 billion in fixed assets were falsely entered. The employees moved only those expenses
less than $5,000
, because Ernst & Young automatically looked at those expenses over $5,000. An ex-bookkeeper even sent Ernst & Young an e mail flagging one area of the fraud, but E & Y still did not catch it. Employees actually produced false invoices when the accounting firm asked for back-up.
Source: Charles Mollenkamp, “Accountant Tried in Vain to Expose HealthSouth Fraud,”
Wall Street Journal
, May 20, 2003, pp. A-1 and A-13.
133
Quotes
You should attack fraud problems the way the fictional Sherlock Holmes approached murder cases
D . Larry Crumbley --------------------------------------------
To be a good fraud auditor, you have to be a good detective.
Source: Robert J. Lindquist -------------------------------------------------------
Many lap-dog internal and external auditors need to be replaced with junkyard dogs.
D. Larry Crumbley 134
Difficult Task
More forensic techniques should become a part of both external and internal auditing. But Stephen Seliskar says that “in terms of the sheer labor, the magnitude of effort, time and expense required to do a single, very focused [forensic] investigation -- as contrasted to auditing a set of the financial statements -- the difference is incredible.” It is physically impossible to conduct a generic fraud investigation of an entire business.
Source : Eric Krell, “Will Forensic Accounting Go Mainstream?”
Business Finance Journal
, October 2002, pp. 30-34. www.investigation.com/artilces/library/2002Articles/15.ht
m .
135
Stealth
Once a forensic accountant [e.g., Cr.FA, CFE, CFFA] is engaged, Michael Kessler says that they should not be disruptive. Most employees are not aware that an investigation is taking place. We go in as just another set of auditors, favoring a Columbo-esque investigative style. “We don’t wear special windbreakers that say ‘forensic accountant.’” Source: Eric Krell, “Will Forensic Accounting Go Mainstream?”
Business Finance Journal
, October 2002, pp. 30-34. www.investigation.com/articles/library/2002Articles/15.ht
m 136
Kessler Survey (2001)
About 13% of employees are fundamentally
dishonest
.
Employees out-steal shoplifters.
About 21% of employees are
honest
.
But 66% are encouraged to steal if they see others doing it without repercussion.
Source: “Studies Show 13% of employees are fundamentally dishonest,”
KesslerNews,
November 1, 2001, www.investigation.com/articles/library/2001articles .
-------------------------------------------------------------------------------------- 30% of people in U.S. are dishonest.
30% situational dishonest.
40% are honest all of the time.
Source: R.C. Hollinger,
Dishonesty in the Workplace
, Park Rider, N.Y.: London House Press, 1989, pp. 1-5.
137
Little Has Changed: CFO Survey Nearly half of CFOs – 47 percent – report they still feel pressure from their superiors to use aggressive accounting to make results look better. What is worrisome is that the pressure to make the numbers hasn’t abated much. Of these who have felt pressure in the past, only 38 percent think there is less pressure today than there was three years ago, and 20 percent say there is more .
Few finance executives have much confidence in the numbers their colleagues are reporting. Only 27 percent say that if they were investing their own money, they would feel “very confident” about the quality and completeness of information available about public companies.
Source: Don Durfee, “It’s Better (and Worse) Than You Think,” CFO Magazine, May 3, 2004 .
138
Some Infamous Financial Statement Frauds Tyco • Large interest-free loans to officers; then forgiven ($87.1 million).
• • • • • • Unauthorized bonuses (no approval of BOD).
Fake documents showing no loans outstanding.
SEC found that PwC had prior knowledge of fraud back to 1998.
Undisclosed real estate transaction with related parties.
False entries in books to cover-up bribes given to foreign officials.
If numbers did not meet expectations, Richard Scrushy told employees to “fix them.” Adelphia [Greek for brothers] • • • Moved debt to subsidiaries which were not consolidated.
Personal loans to the Rigas family (self-dealing).
Falsified operations statistics and inflated earnings.
Xerox • Accelerated revenues from leasing equipment.
• Cookie jar reserves.
Sunbeam • • • • Cookie-jar restructuring reserves.
Channel stuffing.
Guaranteed sales.
Improper bill and hold.
139
Some Infamous Financial Statement Frauds Waste Management • Reduced depreciation expense by inflating salvage value and extending useful lives.
• • • No write-offs for unsuccessful land projects.
Improperly capitalized a number of expenses.
Made top drawer adjustments.
HPL Technologies (2001-2002) • • • Created many fake purchase orders from Canon sales (a Japanese distributor). Printed and pasted Canon signatures on the documents.
Altered bank records to create millions of dollars in nonexistence customer payments.
Borrowed millions from his brokerage account (secured by HPL stock) and channeled the funds into the company in the form of payments.
Baptist Foundation of Arizona • • • • Set up subsidiaries owned by insiders to buy real estate (which had crashed in value) from BFA.
BFA then recorded notes receivables in the amount of the book values.
Ran a ponzi scheme using new investors’ money to pay old investors high returns.
Refused to give Arthur Anderson financial statements of the subsidiaries.
140
D.R. Cressey’s Fraud Pyramid
Don’t think you’re the only ones Who bend it, break it, stretch it some.
We learn from you.
Girls lie, too Terri Clark 141
SAS No. 99 Characteristics of Fraud
Incentives / pressures Attitude / Rationalization Opportunity
142
Everyone Has A Price?
President Abraham Lincoln is supposed to have thrown a man out of his office
after being offered a bribe
. The bribe involved a substantial sum, and Lincoln was
very angry
. His anger was directed at the man in question, but also at himself. He is reputed to have said, “
Every man has his price, and he was getting too close to mine
.”* The “price” where a person will act dishonestly (e.g., steal, cook the books) varies from person to person.
What is your price?
In a scene from the movie,
The Family Man
, an angel stands behind the counter of a convenience store and takes a $1 bill from a young woman who is purchasing a $0.99 beverage. The angel counts out change for $10 and hands the overpayment to the woman. The customer stares blankly at the clerk, takes the money and the beverage, and leaves. The angel is left to lament the lack of ethical behavior for just $9.
“Character, and for what, $9; that is so disappointing”
.** * From a speech by Lynn Turner, former chief accountant of U.S. Securities and Exchange Commission, given at the 39 th Annual Corporate Counsel Institute, Northwestern University School of Law, October 12, 2000.
** MCA Home Video 2000.
143
Fraud Pyramid
Motive Excessive spending to keep up appearances of wealth.
Alcohol, drug or gambling abuse problems.
Opportunity Other, outside business financial strains.
An illicit romantic relationship.
Lack of internal controls.
Perception of detection = proactive preventative measure.
Rationalization (reduces offender’s inhibitions) “Borrowing” money temporarily.
Justifying the theft out of a sense of being
underpaid
. (“I was only taking what was mine.”) Depersonalizing the victim of the theft. (I wasn’t stealing from my boss; I was stealing from the company.”) 144
Psychology of Fraud
Fraud can be explained by three factors: • • • Supply of motivated offenders.
Availability of suitable targets.
Absence of capable guardians (e.g., internal controls).
The three B’s -- babes, booze, and bets.
Some fraudsters wish to make fools of their victims. They take delight in the act itself.
Risk of fraud is a product of both personality and environmental (or situational) variables.
Grace Duffield and Peter Grabosky, “The Psychology of Fraud,” Australian Institute of Criminology, No. 19.
145
The Fraud Diamond
Incentive/ Pressures Capacity Opportunity Rationalization/ Integrity
Capacity: Necessary traits; abilities; can pull it off; positional authority D.T. Wolfe and D.R. Hermanson, “The Fraud Diamond: Considering The Four Elements of Fraud,”
The CPA J.
, December, 2004, pp. 38-42.
146
Greed
“ I don’t see many ways to eliminate greed; it is an inherent part of the human character. So antifraud measures must be aimed at educating people on the risks and the type of technical controls that they can implement.” Alan Oliphant Source: David G. Banks, “The Fight Against Fraud,”
Internal Auditor
, April 2004, pp. 36-37.
------------------------------------------------ “It was definitely the perfect fraud……..
unfortunately they hired the perfect investigator.” Cartoon in M.J. Comer’s book 147
Example of Greed (or Incentive) Three Duke Energy employees were charged in April 2004 for allegedly ginning up “phony electricity and material-gas trades to boost trading volumes” and inflating “profits in a trading book that was the basis of their annual profits.” “The trading schemes are alleged to have inflated their bonuses by at least $7 million” between March 2001 and May 2002. There were 400 rigged trades that produced a $50 million profit in the trade books.
Duke used mark-to-market accounting to record profit and loss contracts that might not be settled for years.
So called “round-trips trades (or wash sales) were used to jack up reported trading volumes.
Source: Rebecca Smith, “Former Employees of Duke Charged Over Wash Trades,” WSJ, April 22, 2004, p. A-15.
148
KPMG’s Causes or Indicators of Fraud (1998) Personal financial pressure.
Substance abuse.
Gambling.
Real or imagined grievances.
Ongoing transactions with related parties.
Increased stress.
Internal pressures to meet deadlines/budgets.
Short vacations.
Unusual hours.
Source: KPMG’s
1998 Fraud Survey
149
How Fraud is Discovered-Singapore 2002 Management investigation (41%).
Anonymous letter/informant (35%).
Internal controls (33%).
By chance (26%).
Internal auditor review (12%).
Source: KPMG Fraud Survey Report, 2002.
-----------------------------------------------------
I’m gonna keep follow’ a feelin.’ Till I find what I’m looking for. Austin Sherrie 150
Singapore Fraud Survey, 2002
Management investigation, informant notification, and good internal controls rank highly as methods of fraud detection.
76% of the frauds were perpetrated internally [management (41%) and non management employees (35%)] Poor internal controls, override of internal controls, and collusion between employees and third parties were the top three reasons cited as to why frauds were allowed to take place “Red flags,” which should have alerted respondents to the fraud, were present and ignored in 29% of cases.
The main reason for not reporting fraud was lack of evidence The typical fraudster is predominantly male within the age group of 26-40 years and has an annual income between $15,000 to $30,000. 44% of fraudsters have tertiary educational qualifications.
151
Rationalization Sherron Watkins provides an excellent comment about rationalization with respect to Enron’s Jeff Skilling and Andy Fastow. At what point did they turn crooked? “But there is not a defining point where they became corrupt. It was one small step after another, with more and more rationalizations. There was a slow erosion of values over time.”
Source: Pamela Colloff, “The Whistle Blower,”
Texas Monthly
, April 2003, p. 141.
152
Fraud’s Fatal Failings
85% of fraud victims never get their money or property back.
Most investigations flounder, leaving the victims to defend for themselves against counter-attacks by hostile parties.
30% of companies that fail do so because of fraud.
Source: Michael J. Comer,
Investigating Corporate Fraud
, Burlington, VT: Gower Publishing, 2003, p. 9.
153
Importing Sarbanes-Oxley?
One-size-fits-all approach.
Resulted in a loss of foreign listings on U.S. exchanges.
U.S. exchanges seek to acquire foreign exchanges.
Market consolidations may impose U.S. regulatory standards across national boundaries.
Foreign companies listed on U.S. exchanges are subject to SOX.
Once 500 Americans hold shares in a foreign-listed company, if separate platforms not maintained, subject to U.S. laws and rules (including SOX).
Harvey Pitt, “Sarbanes-Oxley Is An Unhealthy Export,” Financial Times, June 21, 2006, p.15.
154
Sarbanes-Oxley Act (7-30-2002)
Most significant change since 1934 Securities Exchange Act New five-member Public Company Accounting Oversight Board (PCAOB) Authority to set and enforce auditing, attestation, quality control and ethics (including independencies) standards for auditors of public companies.
Empowered to inspect the auditing operations of public accounting firms that audit public companies as well as impose disciplinary and remedial sanctions for violations of the board’s rules, securities laws and professional auditing and accounting standards.
Rotation of lead and concurring audit partners every five years (5 year time-out period).
155
Sarbanes-Oxley Act (7-30-2002)
Eight types of services outlawed: + Bookkeeping.
+ Information systems design and implementation + Appraisals or valuation services, fairness opinions, or contribution-in-kind-reports.
+ Actuarial services + Internal audit outsourcing + Management and human resources services + Broker/dealer, investment adviser, and investment banking services + Legal or expert services related to audit services Applies to foreign accounting firms filing with SEC after July 15, 2006.
http://www.pcaob.us
, to get free subscription to PCAOB Update.
156
Sarbanes-Oxley Act of 2002
If you are going to be an auditor, you have to be an auditor, not an auditor and a consultant [Senator Jack Reed].
In order to be independent, an accounting firm should
not
Audit ones own work.
Function as part of management or an employee.
Act as an advocate.
No limitations are placed upon accounting firms in providing non-audit services to public companies they do not audit
or any private companies
.
Audit services and non-audit services (e.g., tax) must be pre-approved by the audit committee, if not prohibited by the Act (
before
the service commences).
Auditor must report to the audit committee on a timely basis.
Cooling off period of one year before a member of the audit engagement team can begin working for the registrant in certain positions.
There is
no
requirement to rotate the auditors.
There is discussion of requiring a forensic audit irregularly. Harvey Pitt suggested this proposal.
157
Sarbanes-Oxley (contd.)
Many of the Sarbanes-Oxley’s provisions became effective July 30, 2002.
www.tnwinc.com
Thus, the SEC will control the auditing standards, not the AICPA.
Auditors to report to audit committee, and audit committee must approve all services.
Crime to corruptly alter, destroy, mutilate, or conceal any document with the intent to impair the object’s integrity or availability (up to 20 years).
Statute of limitations for the discovery of fraud is now
two
years from the date of discovery and 5 years after the act.
Maximum penalty for mail and wire fraud is increased from 5 to 10 years.
Financial statement filed with SEC: certified by CEO and CFO. Maximum penalties for willful and knowingly violation: fined not more than $5 million and/or imprisonment of up to 20 years.
Sense of Congress: CEO should sign the Federal income tax return.
158
SOX’s Effects on Smaller Firms
1.
2.
3.
4.
5.
6.
Smaller firms have incurred higher SOX related costs.
Larger increase in audit fees – ineffective internal controls.
Complex standards affect smaller firms because they lack in-house staff.
Larger firms stopped working with smaller firms.
Larger non-audit fees.
Directors fees much higher.
Potential benefits for smaller firms are higher for small firms.
Overall, SOX imposes a net loss on all firms.
CEOs and CFOs spent as much as 90% of their time on compliance, forcing them to defer investments.
SOX reduced the value of small firms—no effect or positive for large firms.
Source: E. Kamar, P.K. Mandic, and E. Talley, “SOX’s Effects on Small Firms: What Is the Evidence?” June 2007.
159
Sarbanes-Oxley Act Creates Need For Forensic Accounting
1.
2.
To assist corporations in their quest to ensure compliance with the mandates of S-O.
Public accounting firms must introduce forensic techniques into audits, and they may request help from forensic experts .
-------------------------------------------------
Robbers do not need guns. Pencil and paper will do. Opportunity and greed are thievery’s driving forces. Put enough zeroes behind a number, and it’s amazing how flexible morals become. How many years in prison would you do to accumulate a half a billion dollars in your bank account?
John H. Bolt 160
Section 404-Sarbanes-Oxley
Beginning June 2004, large companies must have in place tight internal controls, assess the effectiveness of these controls annually (and issue a report of their effectiveness), and pay for an independent assessment by external auditors.
Need an internal control framework (e.g., COSO or similar).
Companies are paying steep fees to fund the PCAOB.
Audit fees have increased by as much as 30% since S/O.
161
FEI’s Costs of Compliance
Revenue Less than $25 million $25 to $99 million $100 to $499 million $500 to $999 million $1 to $4.9 billion Over 5 billion First-Year Costs $.28 million $.74 million $.78 million $1.04 million First-Year Hours 1,996 3,080 5,118 6,950 $1.83 million $4.67 million 13,355 41,201 • Audit fees have increased about 50%.
• First year spending around $10 billion. Steve Watkins, “For Some, SOX Is No Hassle at All,”
IBD
, January 14, 2005, p. A6.
• About $100,000 each year for insuring Board members.
Source: Financial Executive Institute 162
Six-Legged Table of Financial Statements
Audit Committee Board of Directors Top Manageme nt PCAOB and SEC
External Auditor
Internal Auditors
In a baseball analogy, think of the pitcher as the auditee, the catcher as the internal auditor, the manager as top management, the scorekeeper as the external auditor, and the umpire would be PCAOB (SEC). The scoreboard could be the general ledger.
The Big “R” 163
Parallel Universe: Two Opinions
External auditors must do a regular audit of a company (e.g., financial statements are fairly stated) and must also audit the internal controls that are to ensure that the financial statements are accurate (e.g., issue two opinions).
Prior to the external auditors’ arrival, the company itself must review its internal controls and issue a report on the effectiveness of these controls.
There will be two external opinions: on management’s assessment of the internal controls over financial reporting and another one on the effectiveness of the internal controls themselves (e.g., statements are fairly stated).
PCAOB Release 2004-001.
164
Anti-Fraud Strategy
The company’s stance on fraud and other breaches of the ethical code.
What will be done and by whom in the case that frauds or other breaches are suspected.
The key initiatives which the company proposes; Who will lead these initiatives.
Clear deadlines and measures for monitoring effectiveness of implementation.
Source: David Davies,
Fraud Watch
, 2 nd Edition., London, ABG Professional Information, 2000, p. 77.
165
Anti-Fraud Program
An auditor must perform “company-wide anti-fraud programs and controls and work related to other controls that have a pervasive effect on the company, such as general controls over the company’s electronic data processing.” Further, the auditor must “obtain directly the ‘ principal evidence ’ about the effectiveness of internal controls.” PCAOB endorses the COSO Cube [pp. 24-26 and A-25 and A-26] Source: PCAOB Release 2004-001.
166
Several Strategies
1. Establishment
of responsible corporate governance, a vigilant
board of directors
and
audit committees
,
diligent management
, and adequate and effective
internal audit functions
.
2. Utilization
of an alert, skeptical
external
audit function, responsible legal counsel, adequate and effective internal control structure, and external regulatory procedures.
3. Implementation
of appropriate
corporate strategies
for correction of the committed financial statement fraud, elimination of the probability of its future occurrences, and restoration of confidence in the financial reporting process.
------------------------------------------------------ Financial statement fraud
occurs
when one or a combination of these strategies are relaxed due to self-interest, lack of due diligence, pressure, over-reliance, or lack of dedication.
S ource: Crumbley, Razaee, Ziegenfuss,
U.S. Master Auditing Guide
, Chicago, CCH, pp. 689-690.
167
Frameworks Being Used by CFOs
•
COSO 82%
•
Auditing Standard No. 2 28%
•
COBIT (Control/ Objectives for Inf./ Related Technology) 33%
•
SAS 55/78 (AICPA) 13%
•
Others 2%
168
COSO CUBE
(5 components of internal controls)
169
HIERARCHY OF INTERNAL CONTROL NEEDS 170
The COSO Model
1.
2.
3.
4.
5.
Control environment – management’s attitude toward controls, or the “tone at the top.” Risk assessment – management’s assessment of the factors that could prevent the organization from meeting its objectives.
Control activities – specific policies and procedures that provide a reasonable assurance that the organization will meet its objectives. The control activities should address the risks identified by management in its risk assessment.
Information and communication – system that allows management to evaluate progress toward meeting the organization’s objectives.
Monitoring – continuous monitoring of the internal control process with appropriate modification made as deemed necessary.
www.erm.cosous.org
171
COSO New Cube: Enterprise Risk Management Source: erm.coso.org. See Apostolou and Crumbley, “ Sarbanes-Oxley Fall-out Leads to Auditing Standards No. 2: Importance of Internal Controls,”
The Value Examiner
, November/December 2004, pp. 55-60.
172
Management Control Philosophy
Fraudulent Financial Reporting more likely to occur if Firm has a poor management control philosophy.
Weak control structures.
Strong motive for engaging in financial statement fraud .
Poor management philosophy: Large numbers of related party transactions.
Continuing presence of the firm’s founder.
Absence of a long-term institutional investor.
Source: Paul Dunn “Aspect of Management Control Philosophy that contributes to fraudulent Financial Reporting,”
Journal of Forensic Accounting,
Vol. IV (2003), pp. 35-60 173
CONTROL ACTIVITIES
Segregation of Accounting Duties
Effective segregation of accounting duties is achieved when the following functions are separated:
Authorization
—approving transactions and decisions.
Recording
—Preparing source documents; maintaining journals, ledgers, or other files; preparing reconciliations; and preparing performance reports.
Custody
—Handling cash, maintaining an inventory storeroom, receiving incoming customer checks, writing checks on the organization’s bank account.
If any two of the preceding functions are the responsibility of one person, then problems can arise.
Source: Accounting Information Systems, 10e Romney/Steinbart, PH 174
• • • • • •
CONTROL ACTIVITIES
CUSTODIAL FUNCTIONS Handling cash Handling inventories, tools, or fixed assets Writing checks Receiving checks in mail
• • • •
RECORDING FUNCTIONS Preparing source documents Maintaining journals, ledgers, or other files Preparing reconciliations Preparing performance reports EXAMPLE OF PROBLEM: A person who has custody of cash receipts and the recording for those receipts can steal some of the cash and falsify accounts to conceal the theft.
SOLUTION: The
pink fence
(segregation of custody and recording) prevents employees from falsifying records to conceal theft of assets entrusted to them.
•
AUTHORIZATION FUNCTIONS Authorization of transactions
Source: Accounting Information Systems, 10e Romney/Steinbart, PH 175
• • • •
CONTROL ACTIVITIES
CUSTODIAL FUNCTIONS Handling cash Handling inventories, tools, or fixed assets Writing checks Receiving checks in mail
• • • •
RECORDING FUNCTIONS Preparing source documents Maintaining journals, ledgers, or other files Preparing reconciliations Preparing performance reports
•
AUTHORIZATION FUNCTIONS Authorization of transactions
• •
EXAMPLE OF PROBLEM: A person who has custody of checks for transactions that he has authorized can authorize fictitious transactions and then steal the payments.
SOLUTION: The
green fence
(segregation of custody and authorization) prevents employees from authorizing fictitious or inaccurate transactions as a means of concealing a theft.
Source: Accounting Information Systems, 10e Romney/ Steinbart, PH 176
CONTROL ACTIVITIES
• • • •
CUSTODIAL FUNCTIONS Handling cash Handling inventories, tools, or fixed assets Writing checks Receiving checks in mail
• • • •
RECORDING FUNCTIONS Preparing source documents Maintaining journals, ledgers, or other files Preparing reconciliations Preparing performance reports
• •
EXAMPLE OF PROBLEM: A person who can authorize a transaction and keep records related to the transactions can authorize and record fictitious payments that might, for example, be sent to the employee’s home address or the address of a shell company he creates.
SOLUTION: The
purple fence
(segregation of recording and authorization) prevents employees from falsifying records to cover up inaccurate or false transactions that were inappropriately authorized.
•
AUTHORIZATION FUNCTIONS Authorization of transactions Source: Accounting Information Systems, 10e Romney/Steinbart, PH
177
Risk Assessment Benefits
A major step in a forensic audit is to conduct a risk assessment, which entails a comprehensive review and analysis of program operations in order to determine where risks exists and what those risks are.
Any operation developed during the risk assessment process provides the foundation or basis upon which management can determine the nature and type of corrective actions needed.
A risk assessment helps an auditor to target high-risk areas where the greatest vulnerabilities exist and develop recommendations to strength internal controls Source: B.l. Derby, “Data Mining for Improper Payments,”
Journal of Government Management,
Winter 2003, Vol.52, No. 4, pp. 10-13.
178
Fraud Risk Assessment
Ernst & Young report found that organizations that had reviews were almost J.W. Koletar, p. 167.
not
performed fraud vulnerability
two-thirds
more likely to have suffered a fraud within the past 12 months. A company should have a fraud risk assessment performed of their controls, procedures, systems, and operations. J.W. Koletar, p. 166.
Sources: J.W. Koletar,
Fraud Exposed,
John Wiley & Sons, 2003 179
Fraud Risk-Assessment Process
1.
Organize
the assessment – integrate into organization’s existing business cycle or establish a separate cycle.
2.
Determine
areas to assess – conduct at company wide, business-unit, and significant-account levels.
3.
Identify
– typically affecting the industry or locations.
potential schemes and scenarios Fraudulent financial reporting.
Misappropriation of assets.
Expenditures and liabilities for an improper purpose (cash kickbacks and corruption).
Organization commits a fraud against employees or third parties.
Tax fraud.
Financial misconduct by senior management.
180
Fraud Risk-Assessment Process
4. Assess likelihood of fraud Remote Reasonably possible Probable 5. Assess significance of risk Inconsequential More than inconsequential Material 6. Link antifraud controls – identify the control activities for fraud risks that are
both
more than likely to occur and more than inconsequential in amount.
7. Apply assessment results to the audit plan – consider and document the results of the fraud assessment when developing the audit plan.
Source: Jonny Frank, “Fraud Risk Assessments,”
Internal Auditor
, April, 2004, pp. 43-47.
181
Swimming Lanes
Mary Ben Jane Sam Controls Cash Entries in Books Deposits Checks Does Reconciling Controls Accounts Receivable X X X X X X X X X X X X 182
Sophisticated Approaches
1.
2.
3.
The Quad Method The Staggered Box Method The Chessboard Method
183
COSO Guidance
Risk Assessment Matrix See COSO, “Guidance for Smaller Public Companies,” www.ic.coso.org
184
1.
2.
3.
4.
5.
6.
7.
PCAOB’s AS2 Report: Hindrances
Failure to coordinate or integrate the AS2 audit of internal controls with the financial audit.
Doing detail testing before the top down audit looking for the high risk areas (e.g., fishing).
Inadequate consideration of the unique risk factors of the company (e.g., avoid the checklist mentality). Do not audit the low risk areas.
Inefficient walkthroughs of transaction controls.
Too little reliance on others.
Insufficient evaluation of compensating controls when there is a discovery of control deficiencies.
Inadequate testing of controls over financial statement presentation and disclosures.
185
GAP Analysis Actual Internal Controls Organization’s Stated Internal Controls Best Practice Internal Controls
186
SAS No. 99 Types of Fraud
Unlike errors, fraud is intentional and most often involves deliberate concealment of facts by management, employees, or third parties Fraudulent Financial Reporting: does not follow GAAP (e.g., recording fictitious sales) Misappropriation of Assets: embezzling receipts, stealing assets, or causing an entity to pay for goods or services that have not been received.
Often accomplished by false or misleading records or documents, possibly created by circumventing internal controls.
187
Fraudulent financial reporting may occur by the following:
Manipulation, falsification, or alteration of accounting records, or supporting documents from which financial statements are prepared.
Misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information.
Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.
Source: SAS No. 99, “Consideration of Fraud in a Financial Statement Audit,” New York: AICPA 188
Falsification
Enron’s crude oil trading operation based in Valhalla, New York was fictitious, according to one auditor. “It was pretend. It was a playhouse. There were a lot of expensive people working there, and it was impressive looking, but it wasn’t legitimate work. The traders were keeping two sets of books, one for legitimate purposes – to show Enron and auditors from Arthur Andersen – one other set in which to record their ill gotten gains.
Source: Mimi Swartz and Sherron Watkins,
Power Failure
, New York: Doubleday, 2003, p.31.
189
SAS No. 99 Ways to Overcome the Risk of Management Override of Controls
Examining journal entries and other adjustments.
Reviewing accounting estimates for bias, including a retrospective review of significant management estimates.
Evaluating the business rationale for significant unusual transactions.
190
Parmalat Deceptions
Parmalat, an Italian diary company, had a nonexistence Bank of America bank account worth $4.83 billion . A SEC lawsuit asserts that Parmalat “engaged in one of the largest and most brazen corporate financial frauds in history.” Apparently, the auditors Grant Thornton relied on a fake Bank of America confirmation prepared by the company.
SAS No. 99 does not prohibit clients from preparing confirmations.
The fraud continued for more than a decade. At least $9 billion unaccounted for.
Therefore, the audited company should not be in control of the confirmation process.
The owner treated the public company as if it was his own bank account.
An unaware phone operator was the fake chief executive of more than 25 affiliated companies.
Some $3.6 billion in bonds claimed to be repurchased had not really been bought.
191
Examples
Enron issued $1.2 billion of stock to special purpose entities and recorded a $1.2 billion notes receivable (rather than a contra account to stockholders equity). Both assets and owners equity were overstated by $1.2 billion.
HealthSouth allegedly overstated profits by at least $14 billion by billing Medicare for physical – therapy services the company never performed. The company submitted falsified documents to Medicare to verify the claims over 10 years.
E&Y collected $2.6 million from HealthSouth (as audit-related fees) to check the cleanliness and physical appearances of 1,800 facilities. A 50 point checklist was used by dozens of junior-level accountants in unannounced visits. For 2000, E&Y audit fee, $1.03
million; other fees, $2.65 million.
192
Embezzlement and Slush Funds
Chung Mong-Koo, chairman of Hyundai Motor , South Korea’s largest carmaker, was sentenced to three years in prison in February 2007, for embezzlement, breach of trust, and secretively setting up slush funds.
Mr. Chung embezzled about $100 million of company funds and inflicted about $224 million of damage on group affiliates during rights issues.
Convicted of using deals to boost his financial gains and those of his son, who runs affiliate Kia Motors.
Welcomed by corporate governance campaigners which showed that Korea would no longer tolerate chaebol owners using their companies to pursue their personal interests.
Although he owned only 5%, he ran it as a family business . Employees were terrified of him. Whistleblower alerted authorities of the slush funds.
Song Jung-a, “Hyundai Chief’s Prison Term Compounds Woes of Car Giant,”
Financial Times
, February 6, 2007, p. 15.
193
Journal Entries at Year End: Those Magic Changes Apparently, Arthur Andersen was given
limited access
to the general ledger at WorldCom, which had a $11 billion fraud (largest accounting fraud in history). Most of the original entries for online costs were
properly placed
into expense accounts.
However, near the end of the period these entries were
reversed
. One such entry was as follows: Other Long-term Assets $629,000,000 Construction in Progress $142,000,000 Operating Line Costs $771,000,000 The support for this entry was a
yellow post it note
.
WorldCom’s outside auditors refused to respond to some of Cynthia Cooper’s questions and told her that the firm had approved of some of the accounting methods she questioned.
194
Those Magic Changes: Yellow Peril
Fourth Quarter of 1999:
"The $239 million [international line cost accrual release] was entered in WorldCom's general ledger ... The only support recorded for the entry was '$239,000,000,' written on a Post-it Note and attached to a printout of the entry."
Third Quarter of 2001:
"Myers gave Sethi a Post it Note that said 'Assume $742 million.' Later, Myers and Sethi had a conversation confirming that $742 million identified on the Post-it Note was the line cost capitalization entry for the quarter.” http://thestreet.com/pf/markets/dumbestgm/10093441.html
---------------------------------------------------- Those Magic Changes “Oh my heart arranges, oh those magic changes, oooh yeah.” Grease 195
Yellow Peril
First Quarter of 2002:
"In Capital Reporting, Myers told Sethi to go see Vinson, who would have the amount to be capitalized. When Sethi did so, Vinson handed him a Post-it Note that had the $818 million adjustment on it. Brian Higgins once again refused to make the necessary allocation for the first-quarter 2002 capitalization entry . Despite his growing concerns, Sethi made the allocation because he was concerned that his immigration status would be jeopardized if he lost his job."
First Quarter 2002:
"$109.4 million was taken from the general accrual account that Vinson set up and reclassified to several SG&A balance sheet accounts in five large, round-dollar amounts. The only supporting documentation that we were able to locate for these entries was a Post-it Note listing the various SG&A accounts and the amounts that should be taken from the Vinson account." http://thestreet.com/pf/markets/dumbestgm/10093441.html
196
Cooking-the-Books Often Collaborative Effort • For restatements between January 1, 1997 to June 30, 2002, 45% were accused of securities fraud and subject to shareholder suits.
• Average of 7 individuals were implicated, including CEOs CFOs COOs General counsel Directors Internal/external auditors Source: Robert Tillman and Michael Indergaard, Control Overrides in Financial Statement Fraud.
197
WorldCom Fraud Massive
At least 40 people knew about the fraud.
They were afraid to talk.
Scott Sullivan handed out $10,000 checks to 7 involved individuals.
Altered key documents and denied Andersen access to the database where most of the sensitive numbers were stored.
Andersen did access.
not
complain about denied Company officials decided what tax rates they wanted and then used the reserves to arrive at the tax rates.
Source: Rebecca Blumenstein and Susan Pullian, “WorldCom Fraud Was Widespread,”
Wall Street J.
, June 10, 2003, p. 3.
198
WorldCom Fraud Massive (contd.)
David Schneedan, CFO at a division, refused to release reserves twice.
E-mail from David Myers, WorldCom comptroller, to Schneedan: “I guess the only way I am going to get this booked is to fly to DC and book it myself. Book it right now; I can not wait another minute.” Buddy Gates [director of general accounting] said to an employee complaining about a large accounting discrepancy: “Show those numbers to the damn auditors, and I’ll throw you out the f_____ window.” Source: Rebecca Blumenstein and Susan Pullian, “WorldCom Fraud Was Widespread,”
Wall Street J.
, June 10, 2003, p. 3.
199
Differences Between Auditing/Forensic Accounting Auditing Forensic 1. Recurring 2. Express an opinion 3. Follow GAAS and SAS 99 4. Materiality important 5. Sampling activity 6. Use professional skepticism 7. Audit program 1. Non-recurring 2. Resolve an allegation or deterrence review 3. Follow consulting standards 4. Materiality not important 5. Detailed financial analysis 6. Establish
scienter
7. No set of rules 200
Financial Audit v. Forensic Audit The typical financial audit is a sampling
activity
that doesn’t look at every transaction and can therefore be exploited by someone who knows how to rig the books. Forensic accounting focuses on a specific aspect of the books and examines every digit. While the average accountant is trying to make everything add up, a forensic accountant is performing a
detailed financial analysis
to find out why everything doesn’t or shouldn’t add up. It’s a far more time-consuming enterprise and can be significantly
more expensive
than regular auditing work.
Jake Poinier, “ Fraud Finder,”
Future Magazine
, Fall 2004, http://www.phoenix.edu/students/future/oldissues/Winter2004/fra ud.htm
201
Pre SAS 99 Consulting Standards Auditing Standards
Traditional Investigati on Traditional Audit
Consultin g Standards Post SAS 99 Auditing Standard s
Traditional Investigatio n Forensic Procedures in the Audit Environmen t SAS 99
Source:AICPA, “Forensic Services, Audits, and Corporate Governance: Bridging the Gap,” Discussion Memorandum, 2004.
202
Steps Toward Forensic Audit
Traditional audit [forensic techniques & fraud prevention program].
If suspect fraud, bring in-house forensic talent into the audit.
If no in-house talent or fraud complex, engage an outside forensic accountant (e.g., Cr.FA, CFFA, or CFD).
As audit moves toward forensic investigation, auditor must comply with litigation services standards (consulting).
203
Inexperienced Forensic Auditors
Find out who did it. Do not worry about all the endless details.
Be creative, think like the fraudster, and do not be predictable. Lower the auditing threshold without notice.
Take into consideration that fraud often involves conspiracy.
Internal control lapses often occur during vacations, sick outages, days off, and rest breaks, especially when temporary personnel replace normal employees. H. R. Davia,
Fraud 101,
New York: John Wiley & Sons, 2000, pp. 42-45.
204
AICPA Audit Committee Toolkit “In some situations, it may be necessary for an organization to look beyond the independent audit team for expertise in the fraud area. In such cases, CPA forensic accounting consultants can provide additional assurance or advanced expertise, since they have special training and experience in fraud prevention , deterrence , investigation , and detection .
Forensic accounting consultants may also provide fresh insights into the organization’s operation, control systems, and risks. The work of forensic accounting consultants may also provide comfort for the organization’s CEO and CFO, who are required to file certifications under Sarbanes-Oxley.” 205
Types of Forensic Engagements
Determine if fraud is occurring.
Support criminal or civil action against dishonest individuals.
Form a basis for terminating a dishonest employee.
Support an insurance claim.
Support defense of an accused employee.
Determine whether assets or income were hidden by a party to a legal proceeding (such as a bankruptcy or divorce).
Identify internal controls to prevent it from happening again.
Source: D.R. Carmichael, et. al,
Fraud Detection
, 5 th , Fort Worth: Practitioners Publishing, 2002, p. 2 – 4.
206
Engagement Letters Are Important •For claims to Continental Casualty Company the national provider of CPA malpractice insurance, in 2003:
Tax, 48%
Compilation and bookkeeping, 15% Consulting, 11% Audit, 10% Fiduciary, 6% All Others, 5% • Most accounting malpractices claims involve inadequate documentation.
• In claims re business tax, 54% of the time no engagement letter.
• For individual tax claims, no engagement letters 78% of the time.
• Estate-related tax services, none, 63%.
• The
most costly malpractice claims area is audit practice.
• Almost 40% of all audit claims allege that an auditor either failed to detect fraud or failed to inform the client of internal control weakness to reduce the risk of fraud.
Source: Joseph Wolfe, “Accounting for Malpractice,” AICPA, http://www.cpai.com/newsletter_indexadminP.php?id=107 207
Two Major Types of Fraud Investigations
Reactive: Some reason to suspect fraud, or occurs after a significant loss.
Proactive: First, preventive approach as a result of normal operations (e.g., review of internal controls or identify areas of fraud exposure). There is no reason to suspect fraud. Second, to detect indicia of fraud.
Source: H.R. Davia, “ Fraud Specific Auditing,”
Journal of Forensic Accounting,
Vol. 111, 2002, pp. 111-120 208
Proactive Is Beneficial
The threat of a future investigation reduces the occurrence of fraudulent behavior from 75% to only 43%.
The larger the pay-off, the more likely a person will commit fraudulent behavior.
Give the fox a key to the hen house and he/ she is going to eat hens.
Source: S. L. Tate et. al, “The Small Fraud Paradigm: An Examination of Situational Factors That Influence the Non-Reporting of Payment Errors,”
J. of Forensic Accounting
, Vol.7, 2006, p. 406.
-------------------------- The greater the risk of detection, the less likely a person is to violate the law.
Jeremy Bentham 18 th Century Philosopher 209
Proactive vs. Reactive Approaches Proactive approaches include
Effective internal controls,
Financial and operational audits,
Intelligence gathering, Logging of exceptions, and Reviewing variances.
Reactive detection techniques include
Investigating complaints and allegations,
Intuition, and Suspicion.
Jack Bologna and Robert Lindquist,
Fraud Auditing and Forensic Accounting,
2d Edition, New York: John Wiley, 1995, p. 137.
210
Proactive Is Best
When the IRS began requiring banks to issue Form 1099s reporting interest, the reported interest income increased by $8 billion (even though for 3 years the IRS did not have computer matching capacity).
When the IRS began to require taxpayers to list a social security number for dependents, the next year the number of reported dependents dropped by seven million. More than 11,000 of these taxpayers claimed seven or more dependents in 1986, but they claimed none in 1987.
When the IRS began to require taxpayers to list a name, address, and social security number for babysitters, two years later 2.6
disappeared .
million babysitters 211
Fraud Deterrence Better Than Fraud Investigation
1.
2.
3.
4.
5.
Fraud deterrence less expensive.
Deterrence is more comprehensive.
Fraud deterrence produces greater savings.
Deterrence is faster.
Fraud deterrence promotes better customer relations.
Daniel Finnegan, “Deterring Fraud,” Quality Planning Corporation, 1991.
212
Insurance Fraud Equations
1 st Law of Fraud Control: An illusion of effective investigation deters fraud, in turn making possible the reality of effective investigation, thereby perpetuating deterrence.
Evil Twin Corollary: When deterrence fails, fraud grows to levels that overwhelm enforcement capacities, in turn undermining deterrence.
2 nd Law of Fraud Control: Fraud happens when anticipated income is greater than expected costs.
Anticipated income = Award x Opportunity x Racketeering 2 nd Corollary: Fraud is eliminated when potential perpetrators believe the costs of fraud are greater than income.
Daniel Finnegan, “Deterring Fraud,” Quality Planning Corporation, 1991.
213
Is Company Proactive?
Fraud hotline (reduce fraud losses by 50% re Wells 2002 Report).
Suggestion boxes.
Make everyone take vacations.
People at top must set ethical tone.
Widely known code of conduct.
Check those employee references.
Reconcile all bank statements.
Count the cash twice in the same day.
Unannounced inventory counts.
Fraud risk assessment (CFD).
214
$7.4 Billion Losses at Societe Generale • • • • • • • • Jerome Kerviel evaded all of the French bank’s controls to bet
$73.5 billion
on European markets – more than the bank’s market value. Six year employee; junior employee.
Kerviel reported to work early, stayed late, and took only 4 days off in 2007. In France six weeks of vacation is fashionable.
Starting in
early 2005
, he made
small unauthorized
trades. The bank missed the illicit trades and the red flags.
Kerviel described
growing increasingly daring
after no one at the bank detected a series of small, unauthorized trades that he placed.
He entered
fictitious and offsetting trades
to minimize the odd of big losses.
He
stole
other people’s computer access codes, falsified documents, and employed other methods to cover his tracks.
He had an
excellent understanding of the bank’s processing and control procedures
so he could circumvent all of the controls.
His motive: quest for glory and a bonus.
215
Some Hints
Need to really understand the business unit. What they really do.
Have a
mandatory
vacation policy.
Rotation
of assignments.
Have a written/signed ethics policy.
Do things differently each time you audit a unit.
Do
not
tell client what you are doing.
Hard to find fraud in the books. Look/listen. Look for life style changes.
Do not rely on internal controls to deter fraud.
Auditors must have control of the confirmation process.
Careful of related parties.
Careful of “trusted” employees.
Pay employees to report fraud.
216
Related Parties
Nikko Cordial (Japan) fined for failure to consolidate a special purpose entity that was 100% owned by its subsidiary and for falsifying the timing of an exchange bond issue (2007).
Created Y14.5 billion in net profit. Independent panel reviewed 507,000 e-mails.
217
Stamp Mates
Afinsa, a Spanish stamp company, controls 72% of Escala, a U.S. company (formerly Greg Manning Auctions).
Escala says all sales to Afinsa takes place at independent established prices.
But Escala’s reported gross margin on stamp sales to Afinsa exceeds 44% [like land flipping].
Compared to less than 14% on those to other clients.
Therefore, Escala was manipulating the value of stamps sold to Afinsa to artificially boost its own bottom line.
Escala’s stock fell from $32 to $5 in five days after the May 8, 2006 arrests of seven executives. Police found $12.6 million behind one dealer’s freshly plastered walls in his home (e.g., unreported profits?).
Escala owns A-Mark Precious Metals, which buys and distributed more than one-half of the gold coins handed each year by the U.S. mint.
218
Fraud Deterrence Review
Analysis of selected records and operating statistics.
Identify operating and control weaknesses.
Proactively identify the control structure in place to help prevent fraud and operate efficiently.
Not an audit; does not express an opinion as to financial statements.
May not find all fraud especially where two or more people secretively agree to purposely deceive with false statements or by falsifying documents.
[Always get a comprehensive, signed engagement letter defining objectives.] 219
Fraud Detection Process
1.
2.
3.
4.
Discuss facts and objectives with client/attorney (e.g., conflict of interests).
Evaluation whether to accept the engagement.
Prepare a work program.
Develop time and fee schedule.
5.
Obtain approval of work program, staff assignments, and fee estimates.
6.
Obtain an engagement letter.
7/8. Identify fraud exposures and symptoms.
9/10. Evaluate evidence obtained and determine if more evidence is needed.
11/12. Search for and evaluate additional evidence.
13.
14.
15.
16.
17.
Discuss preliminary findings with client/attorney.
Draft a final report.
Review the report and work papers.
Resolve professional disputes.
Clear review points and open items.
18.
19.
20.
21.
Communicate report or findings.
Help attorney prepare court case/testify.
Perform follow-up procedure.
File work papers/report.
Source: Carmichael et. al, PPC Fraud Detection, Vol.1, Ch. 2 (2002). 220
Financial Audit v. Forensic Audit “ During one investigation, we found in the auditing working papers written in the margin of the internal audit working papers by the internal audit manager: ‘Conceal from bankers,’ says Nicholas L. Feakins, CPA, partner at San Mataeo, Calif based forensic accounting firm Feakins & Feakins. “ It sounds amazing, but the [third-party] auditors has put B-level staff on the project who simply didn’t read the documents and missed it.” ---------------------------------------------------------------- MiniScribe, one of the world’s largest disk-drive makers, which in the late 1980s was surreptitiously shipping bricks instead of disk drives to the Far East and receiving credit from the bank for the amount of the shipments. “After all,” he says “it’s going to be 90 days until they ship the brick back to you. “MiniScribe’s public accounting firm, Coopers & Lybrand, didn’t catch the false revenue scam during its regular audits-but a forensic accountant did.” Jake Poinier, “ Fraud Finder,”
Future Magazine
, Fall 2004, http://www.phoenix.edu/students/future/oldissues/Winter2004/fra ud.htm
221
Materiality Unimportant “
Auditing is governed by materiality. In investigative accounting, it is the opposite. I am looking for one transaction that will be the key. The one transaction that is a little different, no matter how small the difference, and that will open the door.” Lorraine Horton, owner of L. Horton & Associates in Kingston, R.I.
---------------------------------------------------------------------------------------------------- “Fraud usually starts small. It begins with little amounts, because the perpetrator is going to test the system. If they get away with it, then they keep on increasing and increasing it.” Robert J. DiPasquale Source: H.W. Wolosky, “Forensic Accounting to the Forefront,”
Practical Accountant
, February 2004, pp. 23-28.
222
Forensic Accounting v. Auditing
“Forensic accounting is very different from auditing in that there is no template to use. There are no set rules. You don’t know when you go into a job how it is going to be.”
Lorraine Horton, Kingston, R.I
------------------------------------------------------------------------------
“Forensic accounting “is a very competitive field. What is interesting is that you may be a good accountant, but not a good forensic accountant. The training and the way you look at transactions are different.”
Robert J. DiPasquale, Parsippany, N.J.
----------------------------------------------------------
“Unlike auditing, lower-level staff often can’t be used for an engagement. They normally will not spot anything out of the ordinary, and an experienced person should be the one testifying as well as doing the investigative work.”
Lorraine Horton, Kingston, R.I.
Source; H.W. Wolosky, “Forensic Accounting to the Forefront,”
Practical Accountant
, February 2004, pp. 23-28.
223
SAS No. 99 Recommendations
Brainstorming.
Increased emphasis on professional skepticism.
Discussions with management.
Unpredictable audit tests.
Responding to management override of controls.
224
SAS No. 99: SKEPTICISM
An attitude that includes a questioning mind and a critical assessment of audit evidence.
An auditor is instructed to conduct an audit “with a questioning mind that recognizes the possibility that a material misstatement due to fraud could be present, regardless of any past experience with the entity and regardless of the auditor’s belief about management’s honesty and integrity.” “Things are not always as they appear, sonny boy.” James Patterson,
Honeymoon
, Warner Books, 2006.
225
SKEPTICISM
Ronald Reagan said with respect to Russia, “
Trust, but verify
.” FA’s motto should be “
Trust no one; question everything; verify
.”
-----------------------------------------------------
This ain’t my first rodeo I didn’t make it all the way through school.
But my mama didn’t raise no fool.
I may not be the Einstein of our time.
But honey, I’m not dumb and I’m not blind.
Vern Gosdin 226
SAS No. 99: Questions for Management Whether management has knowledge of any fraud that has been perpetrated or any alleged or suspected fraud.
Whether management is aware of allegations of fraud, for example, because of communications from employees, former employees, analysts, short sellers, or other investors.
Management’s understanding about the risks of fraud in the entity, including any specific fraud risks the entity has identified or account balances or classes of transactions for which a risk of fraud may be likely to exist.
Programs and controls the entity has established to mitigate specific fraud risks the entity has identified, or that otherwise help prevent, deter, and detect fraud, and how management monitors those programs and controls.
For an entity with multiple locations, (a) the nature and extent of monitoring of operating locations or business segments, and (b) whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist.
Whether and how management communicates to employees its views on business practices and ethical behavior.
227
BE SKEPTICAL
Assume there may be wrong doing.
The person may not be truthful.
The document may be altered.
The document may be a forgery.
Officers may override internal controls.
Try to think like a crook.
Think outside the box.
228
SAS No. 99: Brainstorming
Aims to make the auditor’s consideration of fraud seamlessly blended into the audit process and continually updated until the audit’s completion.
Brainstorming is now a required procedure to generate ideas about how fraud might be committed and concealed in the entity.
No ideas or questions are dumb.
No one owns ideas.
There is no hierarchy.
Excessive note-taking is not allowed.
Source: Michael Ramos, “Auditors’ Responsibility for Fraud Detection,”
J. of Accountancy
, January, 2003, pp. 28 – 36.
229
More Brainstorming
Best to write ideas down, rather than say them out loud.
Take plenty of breaks.
Best ideas come at the end of session.
Important to not define the problem too narrow or too broad.
Goal should be quantity, not quality.
Geniuses develop their most innovative ideas when they are generating the greatest number of ideas.
No such things as bad ideas.
Many companies are great at coming up with good ideas, but lousy at evaluating and implementing them.
Source: A.S. Wellner, “Strategies: A Perfect Brainstorm,”
Inc.
Magazine
, October 2003, pp. 31-35 230
Potential Pitfalls
Group domination: one or two participants dominating the process can quickly squelch the creative energies of the groups as a whole, reducing the likelihood the team will identify any actual fraud risks .
Social loafing: participants disengage from the process, expecting other team members to pick up the slack.
Groupthink: team members become so concerned with reaching consensus that they fail to realistically evaluate all ideas or suggestions.
Group shift: avoid allowing the team to take an extreme position on fraud risk.
Source: M.S. Beasley and J.G. Jenkins, “A Primer for Brainstorming Fraud Risks,”
Journal of Accountancy
, December 2003, pp. 33 34.
231
Three Types of Brainstorming
Open brainstorming: unstructured; few rules; free-for-all; someone should record ideas.
Round-robin brainstorming: start with no talking, silent period; assigned homework ahead; each individual presents own ideas; each member has a turn.
Electronic brainstorming: shortens meetings, increases ideas, and reduces personalizing ideas because an idea’s author remains anonymous.
Source: M.S. Beasley and J.G. Jenkins, “A Primer for Brainstorming Fraud Risks,”
Journal of Accountancy
, December 2003, pp. 33-34.
232
How Management Overrides Controls (SAS No. 99)
Recording fictitious journal entries (especially near end of quarter or year).
Intentionally biasing assumptions and judgments used to estimate accounts (e.g., pension plan assumptions or bad debt allowances).
Altering records and terms related to important and unusual transactions.
233
Bias Assumptions
There are almost as many oil/gas reserve definitions as there are countries.
During the first week of January 2004, Royal Dutch/Shell Group slashed its estimates of oil reserves by 20% or about 3.9 billion barrels of oil .
Stock fell 9%.
Shell, Exxon/Mobil, and Chevron/Texaco make the estimates themselves.
By the end of 2002, a total of 4.47 billion barrels cut; another 1.4 billion barrel cut in 2003.
Source: Susan Warren and P.A. Mckay, “Methods for Citing Oil Reserves Prove Unrefined,” 2005, p. A-3
Wall Street Journal
, January 14, 2004, p. C-4. Chip Cummins, “Shell Slashes Oil Reserves Again, News Overshadows Profit Surge,” WSJ, February 4, 234
Shell Board Kept In the Dark
One memo drafted on February 11, 2002, warned that about one billion barrels of oil-equivalent reserves appeared not to be in compliance with SEC guidelines.
Board learned of information only in early January 2004.
Chairman Sir Philip was ousted in early March 2004.
Most of the misstated reserves were recorded from 1997 to 2000, when Sir Philip was in change of exploration and production.
Oil/gas reserves were increased (not by discovery) by changing its accounting.
Source: Stephen Labaton and Jeff Gerth, “At Shell, New Accounting and Rosier Oil Outlook,”
New York Times
, March 12, 2004, pp. A-1 and C-4.
235
Wildcatting
The SEC has recently adopted the proactive strategy of “wildcatting” where investigations into entire industries and business sectors are begun after evidence emerges from only one company in the group regarding financial reporting problems.
Over time, the PCAOB will probably be able to identify peculiarities within existing or evolving industries that require either standard setting or regulatory attention, or both.
Source: Berton, L., “U.S. Accounting Watchdogs Try to Shut Barn Door,”
Bloomberg.com
, April 2, 2004; J.H. Edwards, “Audit Committees: The Last Best Hope,”
Journal of Forensic Accounting
, Vol. IV (2004), pp. 1-20.
236
Walkthroughs
An auditor must perform a walkthrough of a company’s significant processes (each major class of transactions).
Can not be achieved secondhand.
According to PCAOB, in a walkthrough an auditor traces “company transactions and events – both those that are routine and recurring and those that are unusual – from origination, through the company’s accounting and information systems and financial report preparation processes, to their being reported in the company’s financial statements.
” Auditors should perform their own walkthroughs which provides auditors with appropriate evidence to make an intelligent assessment of internal controls.
Source: PCAOB Briefing Paper, Proposed Auditing Standards, October 7, 2003.
237
Slot Machine Example
238
Revenue Flows
239
Wandering Around
• Informal observations while in the business.
• Especially valuable when assessing the internal controls. • Observe employees while entering and leaving work and while on lunch break.
• Observe posted material, instructions, job postings.
• Observe information security and confidentiality.
• Observe the compliance with procedures.
• Appearance is not necessarily reality.
Man of La Mancha
240
New Terms in Financial Reports: Deficiencies Have No Bright Lines Control deficiency – one that might allow a bad number to get into the financial reports (e.g., the likelihood that a company misstates reports is remote– 1 out of 20). Example: company does not check changes made by a salesman in a minor contract.
Significant deficiency – more serious flaw or a number of flaws that increase the chances that wrong numbers will significantly distort financial statements (e.g., more than remote).
Example: company not checking for changes to terms of several key contracts. Need only to report to BOD, but some companies are making them public.
241
Deficiencies Have No Bright Lines Material weakness – deficiencies are so bad that there is more than a remote change of a material misstatement in financial statements.
Example: a bank does not regularly check for errors in estimating loan-loss expenses (i.e., Fannie Mae reported a $1.3 billion error from its computer model, many in an uncontrolled environment). They must be reported.
David Henry, “How Clean Are the Books?” Business Week, March 7, 2005, pp. 108-109.
---------------------------------------------------- Firms that reported material weaknesses in tax accounting lost an average of 5.8% of their stock value 60 days after the announcement.
---------------------------------------------------- As of 11-14-05, 695 companies have disclosed material weaknesses in their annual report.
242
Material Weakness Areas
AREAS OF FAILURE Tax accruals/ deferrals Revenue recognition Inventory/ vendor cost of sales Fixed/ Intangible assets Leases or contingencies Cash flow (FAS 95 error) Consolidation (Fin 46 issues) 2005 34.5% 28.4
23.7
16.0
9.3
8.8
6.7
2004 32.0% 31.3
27.4
18.6
16.8
- 9.0
*10% of corporate filers in 2005 and 16% in 2004.
In 2007, 400 companies reported them.
In 2008, only 14 material weaknesses at 11 companies.
Source: AuditAnalytics.com
243
Think Like A Crook
Know your enemy as you know yourself, and you can fight a hundred battles with no danger of defeat.” Chinese Proverb.
Military leaders study past battles.
Football and basketball teams study game films of their opponents.
Chess players try to anticipate the moves of their opponent.
Examples: If contracts above $40,000 are normally audited each year, check the contracts between $30,000-$40,000.
FAs must learn the tricks of the trade as well as the trade. 244
Think Outside the Box American astronauts returning from space complained that they could not write with their pens in zero gravity. NASA set aside $1 million to develop a sophisticated pen that would function in space.
The Russians encountered the same problem. What did they do?
245
Investigative Techniques
“Facts weren’t the most important part of an investigation, the glue was. He said the glue was made of instinct, imagination, sometimes guesswork and most times just plain luck.” (p. 163).
------------------------------------------------- “In his job, he [Bosch] learned a lot about people from their rooms, the way they lived. Often the people could no longer tell him themselves. So he learned from his observations and believed that he was good at it.” (p. 31).
------------------------------------------------- Michael Connelly,
The Black Ice
, St. Martin’s Paperbacks, 1993.
246
Three Major Phases of Fraud
1.
2.
The Act itself.
The concealment of the fraud (in financial statements).
3.
Conversion of stolen assets to personal use (interest free loans to Tyco executives forgiven).
One can study any one of these phases.
Examples: Things being stolen: conduct surveillance and catch fraudster.
If liabilities being hidden, look at financial statements for concealment.
If fraudster has unexpected change in financial status, look for source of wealth.
Source: Cindy Durtschi, “The Tallahassee Bean Counters: A Problem-Based Learning Case in Forensic Audit,”
Issues in Accounting Education
, Vol. 18, No. 2, May 2003, pp. 137-173.
247
Fraud Hypothesis Testing Approach Here a forensic accountant attempts to pro actively detect fraud that is still undiscovered by formulating and testing null hypotheses. This
proactive technique
requires an forensic investigator to 1. Identify the frauds that may exist in a particular situation.
2.Formulate null hypotheses stating that the frauds do not exist.
3.Identify the red flags that each of the frauds would create.
4.Design customized queries to search for the specific red flags or combination of red flags.
In a refinery, three authors report that after a
formalized pro-active search for red flags
, some unknown frauds were discovered. But applying generic data mining programs to the company’s database to detect fraud resulted in a number of Type II errors. So in order to be useful the red flags had to be fraud and company specific.
C.C. Albercht, W.S. Albercht, and J.G. Dunn, “Conducting a Pro-Active Fraud Audit: A Case Study,”
Journal of Forensic Accounting
, Vol. 11, 2000, pp. 203-218 248
The Methods - Frequency
Asset misappropriation accounted for more than four out of five offenses or 88.7% in 2008 (91.5% in 2006) (92.7% in 2004). $150,000 Bribery and corruption constituted about 27.4% (30.8% in 2006) (30.1% in 2004) of offenses. $375,000 ($538,000) Fraudulent statements were the smallest category of offense 10.3% in 2008 (10.6% in 2006) (7.9% in 2004) (most costly). $2 million per scheme.
Source: 2008 Wells Report, ACFE.
249
Restatements of Financial Statements 2007 1,109 2006 2005 1,420 (10%) 1,195 (8.5%) 2004 650 2003 514 2002 2001 1999 1998 330 270 216 158
Average restatement
2005 $21.33 million 2006 17.8 million 2007 3.64 million General Electric, 2007, $341 million adjustment.
250
Class Action Securities Fraud Actions Year 2007 2006 2005 2004 2003 2002 2001 176 118 182 237 226 266 498 Year 2000 1999 1998 1997 1996 1995 216 209 242 173 111 188 Although the number of shareholder class action lawsuits have gone down, settlements are now much bigger (average $65 million). Unions and retirement funds are playing an increasing role, resulting in much higher settlements.
Stanford Law School Securities Class Action Clearing House, securities.stanford.edu/index.html; “Classier Actions,”
The Economist
, February 17, 2007, pp. 76-77.
251
Auditors Must be Alert for:
Concealment Collusion Evidence Confirmations Forgery Analytical relationships
Source: Gary Zeune, “The Pros and Cons.” ---------------------------------------------- “Things are not what you think they are.” Al Pacino, “The Recruit.” 252
An Average of Seven People Involved
Authors Robert Tillman and Michael Indergaard found that of the 834 companies that issued restatements between January 1, 1997 and June 30, 2002, 374 or 45% were accused of securities fraud.
An average of 7 persons were normally involved – CEOs, CFOs, COOs, general counsel, directors, and internal and external auditors.
253
Anti-Fraud Measures – Months to Detect – Median Loss 4.
5.
1.
2.
3.
Hotlines Internal audits External audits Surprise audits Fraud awareness/ Ethics Training YES $100,000 (15) $120,000 (18) $181,000 (23) $100,000 (15) $100,000 (15) NO $200,000 (24) $218,000 (24) $125,000 (18) $200,000 (24) $200,000 (24) Source: 2006 Wells Report, ACFE.
254
Median Duration of Fraud Based on Scheme Type - 2008
Source: 2008 Wells Report, ACFE.
Executions for Fraud?
In September 2004, Wang Liming, a onetime accounting officer at China Construction, and two other bank employees were executed for defrauding the bank of $2.4 million. In an unrelated corruption case, an officer at the Zhuhai branch of the Bank of China was put to death.
John Goff, “Bank Fraud Brings Executions,” CFO, November 2004, p.20.
---------------------------- “Nail them to the wall.
Give me the hammer, and I’ll Nail them to the wall.” Willy Stark (Governor Huey Long) in “All the Kings’ Men.” 256
Roadmap For An Embezzler: 14 Ways 1.
2.
3.
4.
Sam diverted payroll taxes meant for the IRS to himself through a dummy account. He switched the IRS correspondence address to his home, hiding the default letters. He carried on an extensive letter-writing campaign with the IRS to confuse and delay action. He made back payments, disguising them to us as current payments.
He set up dummy bank accounts to skim funds before they made their way into legitimate accounts.
Sam got one employee fired for doing “sloppy management,” which “lost” some deposits. Of course, Sam gave me the “proof” that this employee was incompetent.
He refocused attention by pointing fingers at “slow payers” on our accounts receivable. He claimed that some people had never paid (they had) and that he had sent them to collections (he hadn’t). Of course, his records showed that their payments had never made it into our account (they went into a dummy account.) Source: Bev Harris, “How to Embezzle a Fortune,” www.talion.com/embezzle.htm
. 257
Roadmap For An Embezzler: 14 Ways (contd …) 5.
6.
7.
8.
9.
10.
He stole postage and then “reported” it, to alert me that he was honest; if anything was amiss, I would then blame others (and he offered his opinions on the least trustworthy employees).
He diverted bank statements to his home and altered them before filing them at the office.
Sam volunteered to run daily deposits to the bank, skimming off the cash and changing the deposit tickets.
He made reimbursements to himself and his wife for “business expenses” that didn’t exist.
Sam set up his landlord, once or twice a year, as an accounts payable.
A fax machine was stolen from the office. Also a TV and VCR. He was supposedly the first to arrive; he hastened to point out the broken window. He personally handled the police report. (I doubt that anyone broke in; the window was high up and fairly small.) Source: Bev Harris, “How to Embezzle a Fortune,” www.talion.com/embezzle.htm
. 258
Roadmap For An Embezzler: 14 Ways (contd …) 11.
12.
He put his wife on the payroll (a sweet woman who divorced him when she found what he really was). He “miscalculated” withholding to overpay her, and adjusted her W-2s downward to match. She was hourly, so he also padded her hours by $20 to $50 per pay period, and altered the time log sheets. We figured that over the course of four years, he overpaid her by at least $3,000. Of course, he was in charge of their family finances, and he deposited all her checks.
Sam double-reimbursed himself for legitimate expenses.
Here’s how: He would list perhaps four expenditures on one voucher, three on another. So the first would say “Office Depot, $21.64; Kinkos, $18.92; Office Depot, $39.12; Office Depot, $16.10.” A month or two later, one would show up like this: “Kinkos, $11.30; Office Depot, $39.12; Shay Office equipment, $26.20.” Source: Bev Harris, “How to Embezzle a Fortune,” www.talion.com/embezzle.htm
. 259
Roadmap For An Embezzler: 14 Ways (contd …) 13.
14.
Yes, receipts were stapled to the voucher, and all the vouchers/receipts added up. Here’s how he handled that: for some vendors he copied receipts by running them through an old fax machine that used thermal paper. He made two copies for double submissions. Many cash registers use thermal paper, so the receipts looked real.
This technique survived an outside audit
.
Increasingly arrogant, he began making “phone-authorized” wire transfers out of company accounts into his personal checking account.
Sam did an amazing job of doctoring the financial statements. (If this man spent half the effort on legitimate pursuits that he did on embezzling, he’d be a millionaire instead of an ex-con).
Source: Bev Harris, “How to Embezzle a Fortune,” www.talion.com/embezzle.htm
. 260
Code of Ethics Required by Sarbanes-Oxley Section 406: Public issuer has to adopt a code of ethics for senior financial officers to deter wrong – doing and to promote 1.
Honest and ethical conduct.
2.
Full, fair, accurate, timely and understandable disclosure in SEC filings.
3.
4.
5.
Compliance with government laws, rules, and regulations.
Prompt internal reporting code violations; Accountability for adherence to the code.
261
More Hints …
Check employee references/resume.
Stop giving the employee/client the answer when you ask a question.
Zero tolerance for allowing employee/executive to get away with anything.
Always reconcile the bank statements.
Try to think like a criminal.
Get inside the criminal’s mind. Be a detective.
Do not assume you have honest employees.
Bond employees.
Uni-ball gel pens.
Source: Gary Zeune 262
Auditing Hints
• SAS No. 99 does
not
require auditors to make inquiries of “others,” as opposed to management. Auditors must talk to and interview others below management level. If asked, employees may be willing to report suspicious activities.
• Use independent sources for evaluating management (e.g., financial analysts).
Surf the internet
.
• Auditors need to follow the performance history of managers and directors.
• If a company has an anonymous reporting system,
obtain information about the incidents reported
and consider them when assessing fraud risk.
• Be sure to perform analytical procedures, and the work should be reviewed by senior members of the audit team.
263
Auditing Hints (cont.)
• Auditors should select sample items
below
their normal testing scope (e.g., HealthSouth).
• Fraud procedures should be
more than checklists
. Audits should focus on finding and detecting fraud.
• Ask for and review all “top drawer” entries.
• Ask for and review all side agreements.
264
Check References and Resume
Fraud 101: Fraudsters can change their job and address, but they can not change who they are.
265
Integrity Testing
Pre-employment drug testing.
Post-employment drug testing more sensitive.
Pre-employment polygraph tests prohibited by 1988 Act (Federal, State, Local Governments and Federal Contractors exempted from the Act).
Written integrity tests.
266
Lavish Executive Pay
Many of the companies indicted by the SEC after Enron had one thing in common: CEOs were making about 75% above their peers.
The common thread among the companies with the worst corporate governance is richly compensated top executives, as per the Corporate Library, Portland, Maine governance-research firm. Hefty pay checks and perks to current or former chief executives.
Poor BODs have in common: an inability to say no to current or former chief executives.
Source: Monica Langley, “Big Companies Get Low Marks for Lavish Executive Pay,”
Wall Street J.,
June 9, 2003, p. C-1.
267
Compensation Facts
• CEOs compensation components have increased dramatically in the 1990 [mean of $1.68 million in 1992 to 43.2 million in 2000] even after the passage of IRC Section 162 (m) in 1993 [$1 million limit].
Balsam, S. 2002.
An Introduction to Executive Compensation
. San Diego, CA: The Academic Press.
• Compensation increases when the CEO has influence over the outside directors, as measured by the percentage of outside directors appointed by the CEO.
Core, J.E, Holthausen, R and Larcker, D. 1999. Corporate governance, chief executive officer compensation, and firm performance,
Journal of Financial Economic
51: 371-406 • CEO compensation is higher when the CEO’s tenure is greater than the chair of the compensation committee.
Main, B., O’Reilly, C, and Wade, J. 1995. The CEO, the board of directors and executive compensation: economic and psychological perspectives,
Industrial and Corporate Change
4: 293-332.
• The relation between the change in CEO cash compensation and stock returns weaken with tenure.
Hill, C. and Phan, P. 1991. CEO tenure as a determinant of CEO pay. Academy of Management Journal 34: 707-711 • The greater the percentage of outside board members appointed after the CEO, the more likely the CEO will have a golden parachute.
Wade, J., O’Reilly, C, and Chandratat, I. 1990 Golden parachutes: CEOs and the exercise of social influence.
Administrative Science Quarterly
35:587-603 268
External Fraud-Shoplifting
It’s not just stars (e.g., Bess Myerson, Hedy Lamarr, and may be Winona Ryder). Why, each year, ordinary people shoplift $13 billion of lipstick, batteries, and bikinis from stores (last year $26 to $33 billion). May account for one-third of total inventory shrinkage.
800,000 times a day the thrills and temptations win over fear – a product of the late 19
th
century with the larger stores.
Source: Jerry Adler, “The Thrill of Theft,”
Newsweek,
February, 2002.
269
Impaired Independence
The independence of the auditor will probably be impaired and reduce the quality of financial statement audits, if any of the following conditions occur during financial statement audits: 1) 2) 3) 4) 5) auditor’s excessive personal loyalty to the audit client, auditor’s fear of losing client to a competitive CPA, auditor’s fear of a lawsuit if CPA withdraws from audit engagement, auditor’s fear of harming client with audit opinion other than unqualified, and auditor’s conflict between consulting and auditing services offered.
G. D. Moyes and A. Anandarajan, “CPAs’ Perceptions of Factors Influencing the Quality of Financial Statement Audits: Substandard Performance and Impaired Independence,”
J. of Forensic Accounting
, Vol. 7, 2006, p. 133.
270
Earnings Management
Earnings management may be defined as the “purposeful intervention in the external financial reporting process, with the intent of obtaining some private gain.” – Katharine Schipper, “Commentary on Earnings Management,”
Accounting Horizon
, December 1989, p. 92.
Earnings management occurs when managers use judgments in financial reporting and in structuring transactions to alter financial reports to either mislead some stakeholders about the underlying economic performance of the company, or to influence contractual outcomes that depend on reported accounting numbers.
P. Healy and J. Wahlen 271
Earnings Management The difference between earnings management and financial statement fraud is the thickness of a prison wall.
D. Larry Crumbley
The difference between earnings management and financial statement fraud is like the difference between lightning and a lightning bug.
D. Larry Crumbley 272
Capital Market Incentives to Manage Earnings
1.
2.
3.
4.
5.
6.
7.
8.
9.
Management buyout firms, on average, manage their earnings downward prior to the buyout.
Roughly 12 percent of firms making seasoned or initial equity offerings manage their earnings upward by about 5% of total assets prior to the offers.
Firms who are in danger of failing to meet management earnings forecasts, on average, manage their earnings upward prior to releasing the annual earnings figure.
Firms, on average, manage their earnings to meet or beat expectations of financial analysts.
Firms that meet or beat analysts’ expectations earn about 8% incremental annual market-adjusted returns relative to firms that fail to do so.
Firms with zero or a positive earnings surprise earn incremental quarterly returns of 2.3%, and firms with positive earnings surprise earn further incremental quarterly returns of 3.4%.
About 40% of firms confronted with reporting slight losses tend to manage their earnings in order to report positive earnings.
About 12% of firms confronted with reporting slight earnings decreases tend to manage their earnings in order to report small earnings increases.
Investors do not see through most earnings management as evidenced by the fact that firms flagged for earnings management by regulators show an average stock price decline of 9%.
Source: Masser Spears, “The Impact of Earnings Mgt. on the Credibility of Corporate Financial Reporting,”
Petroleum Acctg. and Financial Mgt.
, Summer 2007, pp. 47-48.
273
Contracting Incentives to Manage Earnings
1.
There is no evidence of earnings management behavior by firms close to their dividend covenant. Instead, these firms tend to manage their cash flows.
2.
There is inconclusive (mixed) evidence of earnings management behavior by firms to other debt covenants, such as interest coverage or leverage ratios.
3.
Some managers manipulate earnings to increase bonus awards. There is no evidence on the pervasiveness or the stock market impact of this form of earnings management.
Source: Masser Spears, “The Impact of Earnings Mgt. on the Credibility of Corporate Financial Reporting,”
Petroleum Acctg. and Financial Mgt.
, Summer 2007, pp. 47-48.
274
Regulatory Incentives to Manage Earnings
1.
There is strong evidence that suggests that firms manage earnings (a) to avoid regulatory constraints, (b) to take advantage of governmental benefits, and (c) to avoid regulatory exposure.
2.
There is no direct evidence about how and whether regulators impound those forms of earnings management behavior.
Source: Masser Spears, “The Impact of Earnings Mgt. on the Credibility of Corporate Financial Reporting,”
Petroleum Acctg. and Financial Mgt.
, Summer 2007, pp. 47-48.
275
Management or Manipulation?
More than one-half of CFOs say they can legally influence reported earning by 3% or more.
Operational levers: delaying operational spending, accelerating order processing, and driving sales force more.
Accounting steps: changing the timing of an accounting change and adjusting estimates.
One-third of CFOs would try to influence results: 24% upward or 8% would try to cut them.
Few CFOs think their auditors would catch them.
If the auditors caught it, they probably would not bring it up to management.
Don Durfee, “Management or Manipulation?”
CFO
, December, 2006, p. 28.
276
Financial Statement Fraud Schemes Category Concealed Liabilities Fictitious Revenues Improper Asset Valuations Improper Disclosures Timing Differences % 45.0% 43.3% 40.0% 37.5% 28.3% Source: 2006 Wells Report, ACFE.
277
Good Earnings Management
Careful timing of capital gains and losses; Use of conferencing technology to reduce travel costs; and Postponement of repair and maintenance activities when faces with unexpected cash flow declines.
L. G. Weld et. al, “Anatomy of a Financial Fraud,” The CPA Journal, October 2004.
278
Abusive Earnings Management
Improper revenue recognition (e.g., bill and hold sales).
Improper expense recognition.
Using reserves to inflate earnings in years with falling revenues (cookie jar accounting).
Shifting debt to SPE.
Channel stuffing.
Capitalizing marketing costs rather than expensing.
Extending useful lives and inflating salvage values.
Cookie jar reserves.
Accelerating revenue from leasing equipment.
SPEs not consolidated.
279
Early Warning Signs of Earnings Management
Cash flows that are not correlated with earnings; Receivables that are not correlated with revenues; Allowances for uncollectible accounts that are not correlated with receivables; Reserves that are not correlated with balance sheet items; Acquisitions with no apparent business purpose; and Earnings that consistently and precisely meet analysts’ expectations.
Magrath and Weld, “Abusive Earnings Management and Early Warning Signs,” The CPA Journal, August 2002.
280
Some Red Flags of Earnings Management 7.
8.
9.
10.
1.
2.
3.
4.
5.
6.
11.
CEO is also Chairperson of BOD (e.g., Parmalat).
Insiders have majority control of BOD.
Weak system of internal controls.
Performance emphasis on short-term goals.
Weak or non-existent Code of Ethics (e.g., Parmalat).
Questionable business strategies with opaque disclosures (e.g., special purpose entities).
CEO is uncomfortable with criticism (Enron’s Jeff Skilling).
CEO or other senior management turnover (Qwest’s CFO).
Insiders selling stock (Enron’s Ken Lay).
Independence problem from large non-audit fees paid to external auditors (e.g., HealthSouth).
Company’s investment banker has independence problems (e.g., Parmalat, Enron).
281
Earnings Management
Companies that consist solely of independent directors and meet at least four times a year are likely to have lower non-audit service fees.
L.J. Abbott et.al, “An Empirical Investigation of Audit Fees, Non Audit Fees, and Audit Committees,”
Contemporary Accounting Research,
Summer, 2003, p. 230.
An auditor who is also an industry specialist further enhances the credibility of accounting information (e.g., less earnings management).
G.V. Krishnan, “Does Big 6 Auditor Industry Expertise Constrain Earnings Management?”
Accounting Horizons
, Vol. 17, Supplement 2003, p. 15.
282
Earnings Management
Lower perceptions of earnings quality lead investors to more thoroughly examine a firm’s audited financial statements. A more thorough analysis of a firm’s financial statements lead investors to lower their assessment of the firm’s earnings quality. F.D. Dodge, “Investors perceptions of Earnings Quality, Auditor Independence, and the Usefulness of Audited Financial Information,” p. 46.
Found no evidence that short sellers trade on the basis of information contained in accruals. Scott Richardson, “Earnings Quality and Short Sellers,” p. 49.
283
Earnings Management
Small companies tend to more frequently manage earnings to avoid losses than large companies.
Auditors type appears insignificant.
Brain Lee and Ben Choi, “Company Size, Auditor Type, and Earnings Management.”
Journal of Forensic Accounting,
Vol. 3 (2002), pp. 27-50 284
Professor Ketz’s Shoddy Accounting Practices Pro forma means “as if,” so pro forma earnings means earnings that would have been reported had the corporation been using alternative methods (e.g., everything but the bad stuff).
“Today, however, pro forma numbers are seldom published for the purpose of informing investors and creditors in a better manner. Instead, these disclosures have become a way of under-minding orthodox accounting by not recognizing a variety of items as expenses.” Examples: Goodwill never declines. Moving expenses and losses from operating items to so-called nonrecurring items.
Contrast the income with the firm’s operating cash flow.
Source: J.E. Ketz,
Hidden Financial Risks
, John Wiley & Sons, 2003 285
Hiding Debt
Companies hide debt by these techniques: 1.
Using the equity method (rather than Trading Security and Available for Sale methods). Nets the assets and liabilities of the investee.
2.
Lease accounting (arguing that leases are operating leases). Understates 10 to 15% .
3.
4.
Pension accounting – netting of the projected benefit obligation and the pension assets. Must un-net them.
Hiding debt inside Special – Purpose Entities – trillions of dollars of SPE debt is off the books (e.g., securitization, SPE borrowings, synthetic leases). Enron, REFCO, Adelphia.
Readers can make analytical adjustments by searching footnotes for 1,2, and 3. But no disclosures for asset securitization, SPE borrowings, and synthetic leases.
Source: J.E. Ketz,
Hidden Financial Risks
, John Wiley & Sons, 2003 286
Types of Financial Statement Fraud Schemes Three professors have broken financial statement fraud schemes into these ten types: 1.
2.
3.
Fictitious and/or overstated revenues and assets (e.g., non-ordered or cancelled goods). Sunbeam created revenues by contingent sales, a bill-and-hold strategy, and accelerated sales. Digital Lightware, Inc. recognized fraudulent billings. Cendant Corporation created fictitious revenues, and Knowledge Ware inflated revenues with phony software sales. Xerox, Bristol-Mayers, Merck.
Premature Revenue Recognition (e.g., holding books open). 35-day month.
Misclassified Revenues and Assets (e.g., combining restricted cash accounts with unrestricted cash accounts). School districts and universities may engage in this strategy with dedicated funds.
Source: S.E. Bonner, Z. Palmrose, and S.M. Young, “Fraud Types and Auditor Litigation,”
The Accounting Review
, October 1998, pp. 503-532.
287
Types of Financial Statement Fraud Schemes (contd …) 4.
5.
6.
7.
8.
9.
10.
Fictitious Assets and/or Reductions of Expenses/Liabilities (e.g., recording consigned inventory as inventory). WorldCom.
Overvalued Assets or Undervalued Expenses/Liabilities (e.g., insufficient allowance for bad debts). Enron.
Omitted or Undervalued Liabilities (e.g., understated pension expenses). Hiding losses (Allied National Bank).
Omitted or Improper Disclosures (e.g., stock option expense estimates).
Equity fraud (e.g., recording nonrecurring and unusual income or expense in equity).
Related-Party Transactions (e.g., fictitious sales to related parties). Enron had many related-party transactions. REFCO, Adelphia.
Financial Fraud Going the Wrong Way (e.g., for tax purposes reducing income or increasing expenses). 288
Wrong Way Earnings Management
Freddie Mac
understated
past earnings as much as $5 billion.
Certain transactions and accounting policies were “implemented with a view to their effect on earnings” (e.g., to smooth earnings).
Restatements will result in
higher
earnings in prior periods but
lower
earnings in future periods.
Employees appeared to knowingly violate accounting rules in an effort to manipulate earnings.
Source: Patrick Barta and J.D. McKinnon, “Freddie Mac Profits May Have Been Low By Up to $4.5 Billion,”
Wall Street J.,
June 26, 2003, pp. C-1 and C 11. Bethany McLean, “The Fall of Fannie Mae,”
Fortune
, January 24, 2005, pp. 123-140.
289
Fannie Mae’s Problem
• Fannie Mae was ordered by the SEC [2004] to a restatement of earnings of $ 9 billion (reducing earnings since 2001). Misuse of hedge-accounting transactions and improper accounting for loans.
• CFO J. Timothy Howard resigned with an annual pension of $400,000 and lifetime access to Fannie Mae’s Medical benefits. Plus $ 4 million of stock options.
•CEO Franklin Raines was paid more than $60 million over a 6 year period. On Dec. 21, 2004, Raines took early retirement. $ 1 million annually for life.
•The Board replaced KPMG as Fannie’s auditor.
Source: Bethany McLean, “The Fall of Fannie Mae,”
Fortune
, January 24, 2005, pp. 123-140. Mike McNamee, “Franklin Raines Lost Gamble,”
Business Online
, December 22, 2004.
290
Lessons From Enron
Enron’s management figured an ingenious method of overriding the double-entry of accounting. They simply ignored it.
It remains the simplest, most elegant financial fraud. Enron created special purpose entities (SPEs) and pledged Enron stock – just pieces of paper.
If the SPE was successful, they recognized income.
When the SPE had huge losses they issued more paper. Debts were filed off balance sheet in the partnerships.
Source: Joe Anastasi,
The New Forensics
, John Wiley & Sons, 2003, p. 92-93.
291
Cooking the Books-Symbol Technologies From 1998 through February 2003, Symbol used a so called “Tango sheet” process through which fraudulent “topside” accounting entries were made to reserves and other items to conform the unadjusted quarterly results to management’s projections; Fabrication and misuse of restructuring merger and other non-recurring charges to artificially reduce operating expenses, create “cookie jar” reserves (overstating inventory write-offs) and further manage earnings; Channel stuffing and other revenue recognition schemes, involving both product sales and customer services; stuffed the channel by granting resellers return rights and contingent payment terms in side agreements.
Manipulation of inventory levels and accounts receivable data to conceal the adverse side effects of the revenue recognition schemes.
292
Cooking the Books-Symbol Technologies Warehouse arrangement with a large foreign distributor that served as a vehicle for improperly recognizing several millions of dollars.
Directed employees to refrain from scanning new components or returned goods into the automated accounting system.
Backdated (cherry picked) stock option exercise dates.
When “days sales outstanding’ because too large because of fraudulent revenue recognition, reclassified past due trade accounts receivable into notes receivables. A growing DSO figure is often a sign that receivables are impaired due to channel stuffing, etc.
Deferred $3.5 million of FICA insurance costs to a later year.
Recognized revenue that was processed in one quarter, but shipped the next quarter.
293
Seven Investigative Techniques 1.
2.
3.
4.
5.
6.
7.
Public document review and background investigation (non financial documents).
Interviews of knowledgeable persons.
Confidential sources.
Laboratory analysis of physical and electronic evidence.
Physical and electronic surveillance.
Undercover operations.
Analysis of financial transactions.
Source: R.A. Nossen,
The Detection, Investigation and Prosecution of Financial Crimes
, Thoth Books, 1993 .
294
Financial Fraud Detection Tools
Interviewing the executives Analytics Percentage analysis Horizontal analysis Vertical analysis Ratio analysis Using checklists to help detect fraud SAS checklist Attitudes/Rationalizations checklist Audit test activities checklist Miscellaneous fraud indicator checklist
“Objectively obtaining and evaluating evidence is the essence of auditing.”
(AAA, Committee on Basic Auditing Concepts, 1973, 2) 295
Investigative Techniques Public Document Review
Real and personal property records.
Corporate and partnership records.
Civil and criminal records.
Stock trading activities.
Check vendors.
Laboratory Analysis
Analyzing fingerprints.
Forged signatures.
Fictitious or altered documents.
Mirror imaging or copying hard drives/company servers.
Use clear cellophane bags for paper documents.
296
Analytical Procedures
Analytical procedures involve the study or comparison of the relationship between two or more measures for the purpose of establishing the reasonableness of each one compared. Five types of analytical procedures help find unusual trends or relationships, errors, or fraud: Horizontal or Percentage Analysis Vertical Analysis Variance Analysis Ratio Analysis or Benchmarking Comparison with other operating information Source: D.L. Crumbley, J.J. O’Shaughnessy, and D.E. Ziegenfuss,
2002 U.S. Master Auditing Guide
, Chicago: Commerce Clearing House, 2002, p. 592.
297
Sales v. Net Income
Forensic accountants should compare the trend in sales with the trend in net income. For example, from 1999 to 2001, HealthSouth’s net income increased nearly 500%, but revenues grew only 5%. On March 19, 2003, the SEC said that HealthSouth faked at least $1.4
billion in profits since 1999 under the auditing eyes of Ernst & Young. The SEC said that HealthSouth started cooking its numbers in 1986, which Ernst & Young failed to find over 17 years. HealthSouth also inflated its cash balances.
298
Beware Inter-company Entries
HealthSouth used PeopleSoft, with at least 2,000 different ledgers.
Suspense Account Revenue xx xx Accounts Receivable xx Inventory Property Suspense Account xx xx xxx Most of the entries were inter-company entries.
During 2005, 2004, and 2003, professional fees associated with the reconstruction of HealthSouth’s financial records and restatement of 2001 and 2002 consolidated financial statements approximated $206.2 million and $70.6
million, respectively.
299
Financial Statement Fraud Audit
1.
2.
3.
4.
5.
6.
7.
8.
Obtain current year’s financial statements.
Obtain prior 3 years’ financial statements.
Perform vertical/ horizontal analysis of the 4 years, plus all current quarters.
Pay attention to footnotes.
Analysis of %s and footnotes by senior auditors.
Nonsense %s and footnotes inquire explanations from financial management.
Interview lower level financial employees who approved questionable journal vouchers.
Combine explanations with visits to accounting records/ source documents.
300
Horizontal Analysis Suppose advertising in the base year was $100,000 and advertising in the next three years was $120,000, $140,000, and $180,000. A horizontal comparison expressed as a percentage of the base year amount of $100,000 would appear as follows:
Dollar Amount Horizontal Comparison Year 4 Year 3 Year 2 $180,000 $140,000 $120,000 Year 1 $100,000 180% 140% 120% 100% 301
Red Flags with Horizontal Analysis When deferred revenues (on the balance sheet) rise sharply, a company may be having trouble delivering its products as promised.
If either accounts receivable or inventory is rising faster than revenue, the company may not be selling its goods as fast as needed or may be having trouble collecting money from customers. For example, in 1997 Sunbeam’s revenue grew less than 1% but accounts receivable jumped 23 percent and inventory grew by 40 percent. Six months later in 1998 the company shocked investors by reporting a $43 million loss.
If cash from operations is increasing or decreasing at a different rate than net income, the company may be being manipulated.
Falling reserves for bad debts in relation to account receivables falsely boosts income (cookie jar accounting). 302
More Red Flags
Look for aggressive revenue recognition policies (Qwest Communication, $1.1 billion in 1999-2001). Beware of hockey stick pattern.
Beware of the ever-present
nonrecurring
charges (e.g., Kodak for at least 12 years).
Check for regular changes to reserves, depreciation, amortization, or comprehensive income policy.
Related-party transactions (e.g., Enron).
Complex financial products (e.g., derivatives).
Unsupported
top-side entries
WorldCom).
(e.g., Under-funded defined pension plans.
Unreasonable management compensation
Source: Scott Green, “Fighting Financial Reporting Fraud,”
Internal Auditor
, December 2003, pp. 58-63.
303
Five Statistically Significant Ratios Use the ratios for two successive fiscal years.
Convert into indexes for benchmarking.
Day’s Sales in Receivable Index : (Accounts Receivable t / Sales t ) (Accounts Receivable t-1 / Sales t-1 ) Index for manipulators: 1.5 to 1 ------------------------------------------------------- Gross Margin Index: [(Sales t-1 - Cost of Sales t-1 ) / Sales t-1 ] [(Sales t - Cost of Sales t ) / Sales t ] Index for manipulators = 1.2 to 1 ------------------------------------------------------- Source: M.D. Beneish, “The Detection of Earnings Manipulation,”
Financial Analysts Journal
, September/October, 1999. t-1 = prior year.
304
Five Statistically Significant Ratios Asset Quality Index = 1- ( Current Assets t + Net Fixed Assets t Total Assets t ) 1 - ( Current Assets t-1 + Net Fixed Assets t-1 Total Assets t-1 ) Index for manipulators = 1.25 to 1 ---------------------------------------------------------------- Sales Growth Index : Sales t / Sales t-1 Manipulators: 60% Non manipulators 10% Source: M.D. Beneish, “The Detection of Earnings Manipulation,”
Financial Analysts Journal
, September/October, 1999. t-1 = prior year.
305
Five Statistically Significant Ratios Total Accruals to Total Assets = Δ Working Capital t Payable t - Δ Cash t - Δ Current Taxes - Δ Current Portion of LTD t - Δ Accumulated depreciation and amortization t Total Assets t TATA for manipulators: .031
TATA for non manipulators: .018
Source: M.D. Beneish, “The Detection of Earnings Manipulation,”
Financial Analysts Journal
, September/October, 1999. LTD = Long-term debt.
306
A Charles Lundelius Example
Comparison to peer group benchmarks: Characteristic peers DSRI GMI AQI SGI TATA MPS Peer group 1.56
2.00
1.03
1.10
1.23 1.04
1.50
1.20
0.10
0.05
% over 51% 82% 18% 25% 100% Source: C.R. Lundelius,
Financial Reporting Fraud
, AICPA, 2003, p. 129.
307
1.
2.
Z-Score Methodology
Altman’s Z-Score (Manufacturers) AZ-Score = 1.2X
1 0.999X
5 Where: + 1.4X
2 + 3.3X
3 + 0.6X
4 + X 1 X 2 = Working Capital/Total Assets = Retained Earnings/Total Assets X 3 X 4 = EBIT/Total Assets = Market Value of Equity/Total Liabilities X 5 = Sales/Total Assets Above 2.99, indicates sound financial health.
Grey zone, no conclusion can be drawn.
Below 1.81, indicates financial distress.
Altman’s Double Prime Z-Score (nonmanufacturers) Change X 4 to Total Shareholders’ Equity Drop X 5 ADPZ-Score = 6.56X
1 1.05X
4 Above 2.6, strong.
+ 3.26X
2 + 6.72X
3 + Grey zone, no conclusion can be drawn.
Below 1.1, weak.
308
3.
4.
Z-Score Methodology (cont.)
Private Company Model Use book value rather than market value of equity.
PMZ-Score = 0.717X
+ 3.107X
3
+ 0.420X
4 1
+ 0.847X
2
+ 0.998X
5
Above 2.90, safety zone.
Grey zone, no conclusion.
Lower than 1.23, distress zone.
Hillegeist DPM Gives probability of default.
HZ-Score = 3.835 + 1.13X
0.005X
2
+ 0.269X
3
0.033X
5
Where 3.835 is constant.
1
+ + 0.399X
4
Higher the score, the better.
–
309
Exercises
1.
In order to determine how risky a particular company is that you are auditing, you prepare these five ratios along with the same ratios of this company’s peers: Day’s Sales in Receivable Index Gross Margin Index Asset Quality Index Sales Growth Index Total Accruals to Total Assets Company 1.51
1.98
1.21
1.53
0.11
Peers 1.05
1.11
1.01
1.19
0.06
What are your thoughts about the risk potential of this company?
2. You are provided the following information about a company for two years (in millions): Sales Cost of Sales Accounts Receivable 2005 $23,000 11,960 4,830 2006 32,000 17,600 10,560 Calculate: a. Days Sales in receivable index.
b. Gross margin index.
c. Sales growth index.
Any thoughts about this company?
310
Ratio Analysis
1.
Current ratio = Current assets (cash and equivalents, receivables and inventories) Current liabilities (payables, accruals, taxes, and debt due in 1 year) 2.
Quick ratio = Cash and equivalents plus receivables Current liabilities 3.
Working capital = Current assets – Current liabilities 4.
Inventory turnover = Cost of goods sold Average inventory The number of days inventory is on hand can be calculated as 365 Inventory turnover 5.
Receivables turnover = Net credit sales Average receivables 6.
Gross Margin = 1 – Cost of goods sold Sales 311
7. Expense ratio = Selling general and administrative expenses Sales 8. Operating margin = Operating income Sales 9. Profit margin = Net income before extraordinary items Sales 10. Interest coverage ratio = Income before interest and taxes Fixed charges 11. Margin of safety = Income after fixed charges before income taxes Sales 312
12. Debt-to-equity ratio = Total current and long-term + capitalized leases Total stockholder’s equity Or Total debt at book value Total debt and preferred stock + common stock at market 13. Return on assets (ROA) = Net income Average total assets Or Earnings before interest and taxes Average total assets 14. Return on equity (ROE) = Net income Average common equity 15. Return on invested capital = Earnings before interest and taxes Average invested capital 16. Number of years to pay off debt by application of internally generated cash flows = Total fixed obligations Operating cash flows 17. Ratio of senior debt to capital = Total senior debt Subordinated debt + net worth 313
Problems
The following information is taken from the accounting records of Donald Company: Average receivables Cost of goods sold Sales Average inventory Net credit sales Operating income The inventory turnover is 1.81
2.2
2.64
2.92
None of the above. $700,000 2,900,000 8,000,000 1,100,000 1,200,000 900,000 Using the facts above, the operating margin is .1125
.32
1.1
1.6
None of the above. 314
Excel Spreadsheet Sherron Watkins discovered the Enron fraud in 2001 when she was again working under Andy Fastow, CFO. She took a simple inventory, using an Excel spreadsheet unprofitable. to calculate which of the division’s assets were profitable and which were She discovered the special purpose entities called Raptors, off-the-books partnerships. Enron had hidden hundreds of millions of losses by borrowing money from Raptors and promising to pay the loans back with Enron stock. Enron was hedging risks in its left pocket with money from its right pocket. As the value of Enron stock fell and the losses in the Raptors mounted, Enron had to add more and more stock because Enron had risked 97% of the losses, and Arthur Andersen had agreed to the accounting.
Source: Mimi Swartz and Sherron Watkins,
Power Failure
, New York: Doubleday, 2003, p. 269.
315
Investigative Technique: Videotapes Average big city resident caught on videotape about 75 times a day. Common in workplaces and stores (USA).
Former Coca-Cola secretary convicted of conspiring to steal and willing to sell confidential Coca-Cola documents and samples of products that the company was developing to Pepsi.
Coca-Cola security expert testified that surveillance cameras were monitoring Joya Williams’ movements. The surveillance was a key part of the government’s evidence.
She stole the materials and was attempting to sell for at least $1.5 million.
Deeply in debt, unhappy at job, and seeking a big payday.
Could face 10-years in prison.
Myway, “Video Shows Coke Worker Taking Documents,” January 26, 2007.
316
Fraud Awareness Auditing: Unrefined Oil
317
Problems
Solution: Inventory Turnover = C of GS Average Inventory = $2.9 million = 2.64% 1.1 million Operating Margin = Operating Income Sales = $900,000 = .1125
$8 million 318
Thinking as a Forensic Auditor
The Iceberg Theory of Fraud Overt Aspects Hierarchy Financial Resources Goals of the Organization Skills and Abilities of Personnel Technological State Performance Measurement Covert Aspects Structural Considerations Water line Attitudes Feelings (Fear, Anger, etc.) Values Norms Interaction Supportiveness Behavioral Considerations Satisfaction
Source: G.J. Bologna and R.J. Lindquist,
Fraud Auditing and Forensic Accounting
, 2 nd Edition, New York: John Wiley, 1995, pp. 36 37 319
Deception Tactics
DECEPTION TACTIC Masking Dazzling Decoying Re-packaging Mimicking Double Play Example Application of the Tactic in Accounting
Failing to record or disclose an expense or a liability.
Disclosing information in the footnotes to the statements rather than in showing it in their body.
Emphasizing legal issues (blind alleys) that after a close examination turn out to be immaterial or handled appropriately.
Describing hard to sell inventory as saleable. Reframing issues to maliciously justify the use of favorable accounting procedures.
Creating fictitious transactions or transactions without substance.
Improperly applying Generally Accepted Accounting Principles, where an item is not individually material.
S. Grazioli, K. Jamal, and P. E. Johnson, “A Cognitive Approach to Fraud Detection,”
J. of Forensic Accounting
, Vol. 7, 2006, p. 70.
320
Game Theory and Strategic Reasoning Tips • • •
Fraud risk assessment
Auditors who use long lists of fraud cues and fraud checklists are inaccurate in their fraud-risk assessments.
Auditors generally overweight cues indicative of management’s character even though these cues are the most likely cues to be unreliable.
Audit standards should be designed to persuade auditors to consider how management might manipulate their perceptions of fraud cues.
• • • •
Audit Planning
Auditors should develop audit strategies that are unpredictable, especially with regard to the nature of their evidence.
Audit plans are more predictable and less effective at detecting fraud when auditors use procedures based on prior audits or standard audit programs.
Audit standards should require auditors to engage in strategic reasoning by considering the types of fraud that management might perpetrate and how these frauds might be concealed from the audit.
The goal of audit standards should be to encourage auditors to gather new, unusual, or random audit evidence not easily anticipated by management.
• • •
Implementation of the audit
Learning from experience is critical to effectively performing in a strategic setting.
Auditors are often insensitive to new evidence regarding fraud risk and can more effectively learn from their interactions with the client.
Audit standards can improve learning by requiring activities such as documenting and communicating the nature of their interactions with management.
Techniques to Prevent and Detect Fraud,”
Accounting Horizon
, September 2004, p. 182.
321
Behavioral Concepts Important “Not all fraud schemes can effectively be detected using data-driven approaches.
Instances of corruption-bribery, kickbacks, and the like – and collusion consistently involve circumvention of controls.
Searching relevant transaction data for patterns and unexplained relationships often fails to yield results because the information may not be recorded,
per se,
by the system.
Behavioral concepts and qualitative factors frequently allow the auditor to look beyond the data, both with respect to data that is there and the data that isn’t.” Source: S. Ramamoorti and S. Curtis, “Procurement Fraud & Data Analytics, “Journal of Government Financial Management, Winter 2003, Vol. 52, No. 4, pp. 16-24.
322
Life Styles Important
For someone who earned a salary of just
$1,000 a month
, Rana Koleilat managed to live a pretty nice life. She traveled by private jet, took along her servant and hairdresser, and stayed at luxurious locality in London and Paris. Back home in Beirut, Lebanon, she lived in a three-story penthouse. To anyone who asked how she lived so well, she replied that she had a “rich uncle.” Actually, Koleilat helped manage a private bank in Beirut, and thereby hangs a tale. The chairman of the bank said he lost
$1.2 billion,
and depositors lost another
several hundred million dollars
E.T. Pound, “Following the Old Money Trail,”
U.S. News & World Report
, April 4, 2005, p. 30.
323
Be An Investigator
“Because I was an investigator,” he said.
“O.K.,” she said. “Investigators investigate. That, I can follow. But don’t they
stop
investigating? I mean, ever? When they
know
already?” “Investigator never know,” he said. “They feel, and they guess.” “I thought they dealt in facts.” “Not really,” he said. “I mean, eventually they do, I suppose. But ninety-nine percent of the time it’s ninety-nine percent about what you
feel
. About people. A good investigator is a person with a feel for people.” Lee Child,
Echo Burning
, N.Y.: Jove Books, 2001, p. 281.
324
Behavioral Red Flags Present During Fraud Scheme – Sorted by Median Loss 24 The sum of percentages in this table exceeds 100 percent because in several cases the perpetrator exhibited more than one behavioral red flag.
Source: 2008 Wells Report, ACFE.
Behavioral Red Flags Present During Fraud Scheme – Sorted by Frequency 23 The sum of percentages in this table exceeds 100 percent because in several cases the perpetrator exhibited more than one behavioral red flag.
Source: 2008 Wells Report, ACFE.
Fraud Identifiers to Spot Fraudsters
Large ego
Substance abuse problems or gambling addiction
Living beyond apparent means
Self-absorption
Hardworking/taking few vacations
Under financial pressure (e.g., heavy borrowings)
Sudden mood changes.
Source: G.E. Moulton, “Profile of a Fraudster,” Deloitte Touche Tohatsu, www.deloitte.com
, 1994.
327
Red Flags or Fraud Identifiers Earnings problem: downward trend in earnings Reduced cash flow: If net income is moving up while cash flow from operations is drifting downward, something may be wrong. Excessive debt: the amount of stockholders' or owners' equity should significantly exceed the amount of debt. Overstated inventories (California Micro) and receivables (BDO Seidman): If accounts receivables exceeds 15 percent of annual sales and inventory exceeds 25 percent of cost of goods sold, be careful. Inventory plugging: Record sales to other chains as if they were retail sales rather than wholesale chains (e.g., Crazy Eddie).
Balancing Act: Inventory, sales, and receivables usually move in tandem because customers do not pay up front if they can avoid it. CPA Switching: Firms in the midst of financial distress switch auditors more frequently than healthy companies. 328
Red Flags or Fraud Identifiers (contd…) Hyped Sales: hyped sales by using his ample personal fortune to fund purchases. Reducing Expenses: Rent-Way reduced the company’s expenses—a reduction of $127 million. Ebitda: Earnings before interest, taxes, depreciation, and amortization is a popular valuation method for capital-intensive industries. Off-Balance Sheet Items: Enron had more than 2,500 offshore accounts and around 850 special purpose entities. Unconsolidated Entities: Enron did not tell Arthur Andersen that certain limited partnerships did not have enough outside equity and more than $700 million in debt should have been included on Enron’s statements. 329
Red Flags or Fraud Identifiers (contd…)
Creative or Strange Accounts: For their 1997 fiscal year, America Online, Inc. showed $385 million in assets on its balance sheet called deferred subscriber acquisition costs. Pension Plans Reserve Estimates Personal Piggy Bank: Family member owners may use a corporation as a personal piggy bank at the expense of public investors and creditors. Barter deals: A number of Internet companies used barter transactions (or non-cash transactions) to increase their revenues.
330
Barter Deals
AOL created ad revenues out of thin air. With an obsession to get advertising revenue in the door, “nobody there appears to have paid much attention to whether the business deals at issue were really producing ad ‘revenues’ by any acceptable definition….” At least $90 million of revenues were expunged by mid-2003, with another $400 million contested.
Source: C.J. Loomis, “Why AOL’s Accounting Problems Keep Popping Up,”
Fortune
, April 28, 2003, p. 86.
331
Management’s Role
The Sarbanes-Oxley Act of 2002 mandates that CEOs and CFOs certify in periodic reports containing financial statements filed with the SEC the appropriateness of financial statements and disclosures.
------------------------------------------------------- In March 2005, the SEC said that executives are gatekeepers. Thus, an executive can be in trouble if in a position to detect wrongdoing below them and do not move forcefully to prevent the fraud. It does not matter if the executive has been lied to. An executive has the responsibility to cut through the lies and try to root out the truth.
Carol. J. Loomis, “The SEC Turns the Screws on Gatekeepers,”
Fortune
, April 18, 2005, p. 38.
332
Pressures On All Sides
CEOs are now being squeezed as a result of SOX by BODs, auditors, and lawyers because these watchdogs are finally facing genuine liability for their failures. These watchdogs are trying to protect their hides.
Arthur Andersen is out of business, and directors at WorldCom and Enron are paying off fraud claims out of their own pockets. Hank Greenberg, former Chairman and CEO of AIG said that the balance of power in corporate America has shifted.
Diane Brady and Joseph Weber, “The Boss on the Sidelines,” Business Week, April 25, 2005, p. 88.
333
Significant Variables of Fraudulent Companies
Percentage of total Board of Directors holdings held by insiders.
Insiders having greater than 50% control of the BOD.
CEO also being chairman of the BOD.
CEO being the company’s founder.
Lack of an audit committee.
SEC Accounting and Auditing Enforcement Releases (1982-1992).
334
CEO Duality
Eight of the ten recent scandals had board chairs who were also CEO: 1.
Enron 5. HealthSouth 2.
3.
4.
Adelphia Tyco Waste Management 6. Quest 7. Homestore 8. Sunbeam WorldCom and Global Crossing had different Chairman and CEO.
------------------------------------------------------- Aging Board of Directors. “Easier for Management to get away with misdeeds.” Enron’s Audit Committee chairman was 72. “They can be hard of hearing.” Nearly 10% of directors in the S & P’s 500 stock index are 70 or over.
Source: Louis Lavelle, “Directors: Know When to Fold Them, “
Business Week
, May 24, 2004, p.14.
335
Audit Tests
The Panel on Audit Effectiveness recommended that surprise or unpredictable elements should be incorporated into audit tests, including: Recounts of inventory and unannounced visits to locations Interviews of financial and non financial client personnel in different locations Requests for written confirmations from client employees regarding matters about which they have made representations to the auditors Tests of accounts not normally performed annually Tests of accounts traditionally or frequently deemed “low risk” 336
Internal Auditors and Fraud Detection
The Institute of Internal Auditors’ Due Professional Care Standard (Section 280) assigns the internal auditor the task of assisting in the control of fraud by examining and evaluating the adequacy and effectiveness of the internal control system. However, Section 280 says that management has the primary responsibility for the deterrence of fraud, and management is responsible for establishing and maintaining the control systems. In general, internal auditors are more concerned with employee fraud than with management and other external fraud.
337
1.
2.
3.
4.
When Fraud Is Discovered
Notify management or the board when the incidence of significant fraud has been established to a reasonable certainty.
If the results of a fraud investigation indicate that previously undiscovered fraud materially adversely affected previous financial statements, for one or more years, the internal auditor should inform appropriate management and the audit committee of the board of directors of the discovery.
A written report should include all findings, conclusions, recommendations, and corrective actions taken.
A draft of the written report should be submitted to legal counsel for review, especially where the internal auditor chooses to invoke client privilege.
338
Audit Committee
The audit committee is the subcommittee of an organization’s board of director’s charged with overseeing the organization’s financial reporting and internal control processes. The audit committee’s biggest responsibility is monitoring the component parts of the audit process.
--------------------------------------------------------------- The board of directors and its representative audit committee should oversee (1) the integrity, quality, transparency, and reliability of the financial reporting process; (2) the adequacy and effectiveness of the internal control structure in preventing, detecting, and correcting material misstatements in the financial statements; and (3) the effectiveness, efficacy, and objectivity of audit functions.
339
Audit Committee Red Flags
• Independence of audit committee from management. Audit committee should report to BODs.
• The clarity with which the audit committee’s responsibilities are articulated, such as in the charter, and how well the audit committee and management understand those responsibilities; • The audit committee’s interactions and involvement with the independent and internal auditor; and • Whether the audit committee raises and pursues with management and the independent auditor the appropriate questions, including questions that indicate an understanding of the critical accounting policies and judgmental accounting estimates. 340
Computer Forensics “Today’s Sergeant Joe Friday does not write in a small notebook in the course of solving crimes; he now reconstructs the data from imaging hard drives.” Joe Anastasi,
The New Forensics
, John Wiley & Sons, 2003.
“Corporate criminals don’t always tell the truth. Their computers usually do.”
Thomas Talleur, KPMG • “The need for computer forensics has dramatically increased. This represents the use of computer science principles and investigative techniques to obtain digital evidence from computer systems that is admissible in a court of law,” says Bruce Dubinsky.
• Statistics indicate that 92 percent of new data is created electronically and that 70 percent of this data never migrates to paper. When investigators ignore electronics evidence, it’s analogous to only reviewing three out of 10 boxes containing potentially relevant and discoverable information.
S. Kahan, “Sherlock Holmes Enters Accounting,”
WebCPA, February, 2007.
341
Data Mining Found WorldCom Mess Auditors should perform all of the analytics themselves, and they must be educated in fraud detection and introduced to data mining techniques. When the concept of data mining is brought up, audit managers cringe and argue that they cannot afford to employ statisticians.
However, while there is data mining software that requires a statistician’s level of expertise (such as IBM’s Intelligent Miner), there also are products, such as WizSoft Inc., that can be employed by most auditors who are acquainted with the fundamentals of Microsoft Office and who are curious as to why they obtained their audit results.
Source: Bob Denker, “Data Mining and the Auditor’s Responsibility,” Information Systems Audit and Control Association InfoBytes.
342
Technology Knowledge Important Ruby Sharma, at E&Y, says that computer forensic services, as well as electronic discovery and forensic data analysis, are provided by its legal technology services practice, which currently consists of 52 professionals, around one-fourth of whom are primarily devoted to computer forensics and closely related disciplines.
These computer forensics professionals provide a range of services to clients beyond the traditional identification, preservation and extraction of electronic evidence from digital media, she says. They also provide forensic investigations and analysis of digital media to determine the circumstances surrounding the creation, deletion or modification of specific documents; determine the provenance of documents; locate and recover evidence that has been either intentionally or unintentionally deleted; and determine timelines and event sequences of computer activity that may be of value to the investigation.
Frank Piantidosi, at Deloitte, says that technology is the heart of most financial investigations, and electronic data drives the investigation. He says that this group provides repositories of all the data to the legal teams electronically, rather than through the antiquated system of boxes and boxes of hard copy files.
We have developed technology solution that can quickly find and accumulate data from various sources anywhere in the world, then read the data files using software from India, then store the data using Australian technology for 5 to 10 years.
S. Kahan, “Sherlock Holmes Enters Accounting,”
WebCPA
, February 11, 2007.
343
Careful of E-mail and Text Messages 40% of large business and 29% of all companies read or analyze outbound e-mails.
51% of U.S. companies have disciplined an employee for violating e-mail policy and 26% have fired someone.
21% investigate blogs or message boards.
Source: Ben Worthen, “Be Careful: Your Boss is Reading,” Wall Street Online, June 10, 2008.
344
Careful of E-mail and Text Messages Do not put anything in an e-mail or text message that you do not wish to see in the newspaper or on the Internet.
14,000 flirty and sometimes sexually explicit text messages between married Detroit Mayor Kwame Kilpatrick and his top aide Christine Beatty reprinted in Detroit Free Press. Found on the city-issued pager of Beatty.
Both denied under oath having a physical relationship.
345
Careful of E-mail and Text Messages (cont.) “Most investigations begin with a tip from a whistleblower or a suspicion of some sort, which prompts the audit committee of a company's board of directors to call in Vondra and his group. They'll begin with high-level interviews and then move on to requesting and examining e-mails—sometimes as many as one million. He and his team run the e mails through programs that search for words and phrases like "illegal," "earnings management," and "manipulate." The programs will call up e-mail strings, which may point the auditors to certain accounting files, which can then be pulled up and scrutinized. ” Source: http://www.portfolio.com/careers/job-of-the week/2008/03/10/Forensic-Accountant-Al-Vondra#page2 346
Using Technology to Gather Evidence
Drill-down functionality Electronic imaging Benford’s law Digital Analysis Tests and Statistics (DATAS) Data warehousing/mining Inductive vs. deductive method 347
Technology is Here
“ Extensive knowledge and use of technology is an absolute necessity. The ability to go into an electronic image and download information, and to get information from systems that don’t talk to each other. All the accumulated information can then be reviewed for financial improprieties.” Bert Lacativo, Southlake, Texas ------------------------------------------------------ “We use off-the-shelf software (IDEA) to import large databases, read different data files, set up queries, and compare database files such as addresses, telephone numbers, and Social Security numbers. This process will tell us, for example, if a purchase order was done on Saturday or Sunday when the company isn’t open.” Cal Klausner, Bethesda, Md.
H.W. Wolosky, “Forensic Accounting to the Forefront,”
Practical Accountant
, February 2004, pp. 23-28 348
Data Analysis vs. Data Mining Software
ACL, IDEA, and SAS are data analysis (DA) software used to ensure the integrity of data, to program continuous monitoring, and to detect fraudulent transactions.
DA requires a program to be set up and run against the data. The program is written by auditors (i. e., humans) who may be prejudice in the routines that are executed.
Data Mining finds patterns and subtle relationships in data.
Wiz Rule (from WizSoft, Inc.) and IBM’s Intelligent Miner are data mining software.
Source: Irina Sered, “Software,” kdnuggets.com/news/2001/n24/13i.html.
349
Wiz Rule Data Auditing Tool
Based upon data mining.
Performs complex analysis of data, finding errors, inconsistencies, and situations that require further investigation.
WizRule reveals all the if-then rules, mathematical formula rules, and spelling irregularities.
Divides situations deviating from the rules into data entry errors
and
suspicious errors.
Can be used in auditing, fraud detection, data scrubbing, and due diligence reviews.
Learning curve is short.
Cost license is $1,395 and yearly maintenance fee is $279.
Source: Irina Sered, “Software,” kdnuggets.com/news/2001/n24/13i.html.
350
Who Uses IDEA?
External and Internal Auditors
Forensic Accountants/ Fraud Investigators
Financial managers
General and systems consultants
Educators
Statisticians
Information systems professionals
351
IDEA Benefits
•
Sort
•
Compare
•
Manipulate
•
Sample
•
Extract data
•
Mathemati cal testing
•
Exception reports
•
Aging • Statistics • Find missing data • Analytics • Convert test files to data base • Create summary reports
352
Using Data Mining
Match employee addresses against vendor addresses.
Sort vendor list by size to determine the most highly paid suppliers.
Review the structure of vendor names.
Uncover indications of ghost employees (e.g., N.O. Police dept.).
Fraudulent expense reports (even amounts, $6).
Repeated withdrawals of even amounts from petty cash.
353
Computer Forensics
“
I need you to step away from your computer please
,” Lee Altschuler said.
Morgan Fay’s chief financial officer glanced up from her computer screen. She regarded the man standing at her office doorway for a moment. “Excuse me?” Cindy Shalott asked.
“
We’d like you to please conclude your business for the day
.” Lee Altschuler said. “I’d appreciate it if you could complete whatever you’re doing as quickly as you can. Please leave your computer in the way that it is now.
Don’t turn it off
.” The chief financial officer swung her desk chair around.
“Just move away from your computer please,” Altschuler repeated.
“Who are you?” Cindy Shalott asked.
Source: Joe Anastasi,
The New Forensics
, John Wiley & Sons, 2003, p. 91 354
Ink Analysis
Martha Stewart was undone by a blue ballpoint pen.
Stockbroker belatedly inserted a note to help cover up Ms. Stewart’s improper stock trading. Blue ballpoint ink used is different from ink elsewhere on the trading worksheet.
Prosecutors used forensic ink analysis in Rite Aid case to show that certain documents were backdated (ink used to sign letter was not commercially available until 3 months after the letter was dated).
Xerox laser printers now encode the serial number of each machine in tiny yellow dots in every printout, nestled within the printed words and margins. It tracks back to you like a license plate.
Advice for fraudsters: use pencils.
Source: Mark Maremont, “In Corporate Crimes, Paper Trail Often Leads to Ink Analysts’ Door,”
Wall Street J.
, July 1, 2003, p. A-1.
355
Deductive vs. Inductive
Deductive: one goes from general to specific; fairly simple and economical.
Inductive: one starts with specific experiences and then draws inferences.
Deductive Approach Generic data mining Digital analysis Discovery sampling Generic software For smaller organizations Basic features Easy to learn Relatively inexpensive Inductive Approach Custom data mining Analysis of all data Custom software For larger organizations Sophisticated features Requires advanced skills More expensive
Source:
W.S. Albrecht and C.C. Albrecht, “Root Out Financial Deception,”
Journal of Accountancy
(April 2002), p. 33.
356
Benford’s Law
Distribution of initial digits in natural numbers is not random Predictable patterns: 0= ---- 1= 30.1% 2= 17.6% 3= 12.5% 4= 9.7% 5= 7.9% 6= 6.7% 7= 5.8% 8= 5.1% 9= 4.6% 12% 10.2% 11.4% 10.1% 10.9% 10.1% 10.4% 10.1% 10% 10% 9.7% 10% 9.3% 9.9% 9% 9.9% 8.8% 9.9% 8.5% 9.8% There is software to detect potentially invented numbers in many situations. Compare actual frequency with Benford’s frequency.
357
Benford’s Law Uses
Investments sales/purchases Check register.
Sales history/Price history.
401 contributions.
Inventory unit costs.
Expenses accounts.
Wire transfer information.
Life insurance policy values.
Bad debt expenses.
Asset/liability accounts.
Source: Richard Lanza, “Digital Analysis- Real World Example,”
IT Audit, July 1, 1999,pp. 1-9.
358
Change the Join Property The following scenarios illustrate the need for auditors to change the default join property to ensure their analysis includes all transactions, even if there are no matches in the master data: Allen is a database administrator. He is authorized to manage the company’s ERP software and has been granted update access to the application database. Using his access privileges, he added a shell company to the vendor table. Periodically, he added a record to the table of approved invoices. On the entered due date, the check was prepared and sent to the “vendor’s” (Allen’s) address. When the auditor requested purchasing data, Allen handled the request. He then used his access privileges to remove the vendor record before sending the data to the auditor Beth works in accounts payable. Although she is responsible for processing checks, a flaw in her application access permissions has also given her the ability to perform vendor maintenance that, within a certain application, grants her update and delete authority to all vendor data. Recognizing the fraud opportunity of this internal control weakness, Beth created several shell companies to which she periodically processed checks sent to the fictitious vendor’s (Beth’s) address. Before the audit team arrived, Beth deleted her shell companies. Source: M.W. Lehman, “Join the Hunt,” J. of Accountancy, September 2008, p. 47.
Some Uses of Picalo
Analyzing financial data, employee records, and purchasing systems for errors and fraud
Importing Excel, XML, EBCDIC, CSV, and TSV files into databases
Interactively analyzing network events, web server logs, and system login records
Importing email into relational or text-based databases
Embedding controls and fraud testing routines into production systems
360
Picalo Architecture
Detectlets allow non-programmers to run analysis routines created by others
.
361
Computer Aided Audit Applications
Accounts Receivable Applications
Identify duplicate invoices, credits, or receipts.
Detect variances between delivery documents and invoices.
Report gaps in a sequence of generated invoices.
Identify customer accounts with no address, telephone, or tax ID.
Identify credits to dormant or unused accounts.
Identify duplicate return transactions.
Extract sales with discounts over a specified percentage and summarize by employee.
List the top 10 employees by cash register adjustments (discounts, refunds, sales voids).
Identify employees who produced cash register adjustments a specified percentage more than the average employee.
Summarize refunds by customer credit card number.
Identify refunds for amounts greater than the selling price.
Calculate the number and amount of refunds by sales clerk.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Computer Aided Audit Applications (cont.)
Accounts Payable Applications
Compare vendor addresses/ phone numbers to those of employees.
Identify credits given outside discount terms.
Identify cash discounts not taken.
Identify checks issued to vendors with names that sound similiar to known vendors.
Extract all round dollar payments.
Identify payments to vendors with blank information.
Identify vendors with activity only in one month of the year.
Identify duplicate payments.
Extract duplicate invoices.
Extract invoices with a valid purchase order.
Extract multiple invoices with the same item description.
Identify vendors with duplicate invoice numbers.
Identify invoices for the same amount on the same date.
Identify sequential invoices.
Identify new or non-approved vendors.
Identify vendors with an address that is a mail drop.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Computer Aided Audit Applications (cont.)
Materials Management and Inventory Control Applications
Identify items with below standard gross margins.
Calculate standard pricing variances.
Identify negative receipt quantities.
Identify duplicate items or serial numbers.
Calculate shortages/ overages by ordering and receiving agent and by vendor.
Identify purchase orders with blank or zero amounts.
Identify purchases of consumer items.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Computer Aided Audit Applications (cont.)
Payroll Applications
Identify duplicate direct deposit numbers.
Identify duplicate employee names, addresses, and phone numbers.
Identify false, invalid, or duplicate Social Security numbers.
Identify employees with no deductions.
Identify employees with no time off for vacations or sick leave.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Spreadsheet Fraud
Spreadsheets can be excellent tools for committing fraud.
There is little or no security in controlling changes within the worksheets.
Aside from fraud, they are ripe grounds for errors because of their open nature for change.
For examples, see European Spreadsheet Risks Interest Group: www.eusprig.org/stories.htm
Source: R. B. Lanza, “The Spreadsheet: The Easiest Place for Committing Financial Statement Fraud,” Fraud Magazine, July/August 2005, p. 15.
366
Some Spreadsheet Frauds
AIB/Allfirst Trading Fraud
– The fraudster substituted links to his private manipulated spreadsheet which exaggerated bonuses by more than half a million dollars.
HealthSouth
was.
– Two ex-HealthSouth executives admitted that they prepared a false spreadsheet for auditors that inflated HealthSouth’s assets and made the company appear to be worth more than it
CFX
– The Internal Audit Department noted in its investigation that management created spreadsheets showing desired results first and then adjustments were made to the accounting system to match the spreadsheet.
Source: R. B. Lanza, “The Spreadsheet: The Easiest Place for Committing Financial Statement Fraud,” Fraud Magazine, July/August 2005, p. 15.
367
Combating Spreadsheet Fraud
Use techniques native in Microsoft Excel [enormous resources, time, money, manpower]
EXChecker™ (does not allow any editing to the Excel spreadsheet)
Source: R. B. Lanza, “The Spreadsheet: The Easiest Place for Committing Financial Statement Fraud,” Fraud Magazine, July/August 2005, p. 15.
368
When Benford Analysis Is or Is Not Likely Useful
When Benford Analysis is Likely Useful Sets of numbers that result from mathematical combination of numbers Result comes from two distributions.
Transaction-level data – No need to sample.
On large data sets – The more observations, the better.
Accounts that appear to conform – When the mean of a set of numbers is greater than the median and the skewness is positive.
When Benford Analysis Is Not Likely Useful Data set is comprised of assigned numbers Most sets of accounting numbers.
Examples Numbers that are influenced by human thought.
Accounts with a large number of firm specific numbers.
Accounts with a built in minimum or maximum.
Where no transaction is recorded.
Examples Accounts receivable (number sold times price). Accounts payable (number bought times price).
Disbursements, sales, expenses.
Full year’s transactions.
Check numbers, invoice numbers, zip codes.
Prices set at psychological thresholds ($1.99), ATM withdrawals.
An account specifically set up to record $100 refunds.
Set of assets that must meet a threshold to be recorded.
Thefts, kickbacks, contract rigging.
Source: Durtschi, Hillison, and Pacini, “The Effective Use of Benford’s Law to Assist in Detecting Fraud in Accounting Data,”
J. of Forensic Accounting
, Vol. V, 2004, p. 24.
369
Fraudulent Tax Returns
370
IRS’s Forensic Analysis
IRS Commissioner Mark W. Everson said that the role of the IRS in the HealthSouth matter was to trace the flow of money . “IRS agents in this case used the same comprehensive financial analysis that we use in criminal tax investigations to document million of dollars in transactions through dozens of financial institutions, including banks and brokerage firms,” Everson said.
“The IRS will use its financial expertise to help the government hold accountable those executives who engage in fraud,” Everson said. “Our investigation supports the money-laundering charges as well as the forfeiture counts against Mr. Scrushy involving a staggering sum of money – over a quarter of a billion dollars – which he accumulated during a seven-year period,” “This money went to support a lavish lifestyle, one few Americans could possibly imagine,” the Commissioner continued. “With his ill-gotten gains, Mr. Scrushy purchased multiple estates, racing and leisure boats, fine art by such artists as Picasso, Miro, and Renoir, cars including a Lamborghini and a Rolls-Royce, and extravagant jewelry, such as a 22-carat diamond ring.” Source: Amy Hamilton, “Everson Publicizes Criminal Charges Against HealthSouth CEO,”
Tax Notes
, November 10, 2003, p. 671.
371
Market Segment Specialization Program
The Market Segment Specialization Program focuses on developing highly trained examiners for a particular market segment. An integral part of the approach used is the development and publication of Audit Technique Guides. These Guides contain examination techniques, common and unique industry issues, business practices, industry terminology, and other information to assist examiners in performing examinations. A forensic accountant can use this resource to learn about a particular industry.
http://www.irs.gov/business/small/article /0,id=108149,00.html
372
Acquisition/Payment Cycle
From
62 standard audit procedures
, external and internal auditors judged these
20
procedures to be more efficient is detecting fraud in the acquisition and payment cycle (in descending order).
• Examine bank reconciliation and observe whether they are prepared monthly by an employee who is independent of recording cash disbursement or custody of cash.
• Examine the supporting documentation such as vendor’s invoices, purchase orders, and receiving reports before signing of checks by an authorized persons.
• Examine the purchase requisitions, purchase orders, receiving reports, and vendors’ invoices which are attached to the vouchers for existence, propriety, reasonableness and authenticity.
•Examine internal controls to verify the cash disbursement are recorded for goods actually rendered to the company.
•Discuss with personnel and observe the segregation of duties between accounts payable and custody of signed checks for adequacy.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 204-205 373
Acquisition/Payment Cycle (Contd.) • Confirm inventories in public warehouse and on consignment. •Examine internal controls to insure the vendor’s invoices, purchase orders, and receiving reports are matched and approved for payment.
• Examine internal controls for the following documents: vendor’s invoices, receiving reports, purchase orders, and receiving reports.
• Trace a sample of acquisitions transactions by comparing the recorded transactions in the purchase journal with the vendor’s invoices, purchase requisitions, purchase orders, and receiving reports.
• Establish whether any unrecorded vendors’ invoices or unrecorded checks exist.
• Examine the internal control to verify the proper approvals of purchase requisitions and purchase orders.
• Reconciled recorded cash disbursement with disbursements on bank statements. Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 204-205 374
Acquisition/Payment Cycle (Contd.)
• Discover related party transactions.
• Examine the internal control to verify the approvals of payments on supporting documents at the time that checks are signed.
• Discuss with personnel and observe the procedures of examining the supporting documentation before the signing of checks by an authorized person.
• Examine canceled checks for authorized signatures, proper endorsements, and cancellation by the bank.
• Account for the numerical sequence of pre numbered documents (purchase orders, checks, receiving reports, and vouchers).
• Trace a sample of cash payment transactions.
• Trace resolution of major discrepancy reports.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 204-205 375
Sales/Collection Cycle
These
10 standard audit procedures
were judged as being more effective for detecting fraud in the sales and collection cycle (in descending order) • Observe the proper and appropriate segregation of duties.
• Review monthly bank reconciliation and observe independent reconciliation of bank accounts.
• Investigate the difference between accounts receivable confirmation and customer account receivable balances in the subsidiary ledger and describe all these exceptions, errors, irregularities, and disputes.
• Review sales journal, general ledger, cash receipts journal, accounts receivable subsidiary ledger, and accounts receivable trial balance for large or unusual amounts.
• Verify accounts receivable balance by mailing positive confirmations.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 209 376
Sales/Collection Cycle (Contd.) • Examine internal controls to verify that each cash receipts and credit sales transactions are properly recorded in the accounts receivable subsidiary ledger.
• Examine subsequent cash receipts and the credit file on all accounts over 120 days and evaluate whether the receivable are collectible.
• Compare dates of deposits with dates in the cash receipts journal and the prelisting cash receipts.
• Examine copies of invoices for supporting the bills of lading and customers’ orders. Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 209 377
Inventory/Warehouse Cycle
These
14 standard audit procedures
were judged by external and internal auditors as being more effective for detecting fraud in the inventory and warehousing cycle (in descending order): • Discover related party transactions.
• Follow up exceptions to make sure they are resolved.
• Review major adjustments for propriety.
• Review inventory count procedures: a. Accounting for items in transit (in and out); b. Comparison of counts with inventory records; and c. Reconciliation of difference between counts and inventory records.
• Review adequacy of physical security for the entire inventory.
• Confirm inventories in public warehouse.
• Review procedures for receiving, inspecting, and storing incoming items and for shipments out of the warehouses.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 206-207 378
Inventory/Warehouse Cycle (Contd.)
• Trace shipments to sales records, inventory records, and bill of lading (shipping documents).
• Determine if access to inventory area is limited to approval personnel.
• Observe the physical count of all location.
• Recount a sample of client’s counts to make sure the recorded counts are accurate on the tags (also check descriptions and unit of count, such as dozen or gross) • Trace inventory listed in the schedule to inventory tags and the auditor’s recorded counts for existence, descriptions, and quantity.
• Trace shipments to sales journal.
• Perform compilation tests to insure that inventory listing schedules agrees with the physical inventory counts.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 206-207.
379
Payroll/Personnel Cycle
These
12 standard audit procedures
were judged the more effective for detecting fraud in the payroll and personnel cycle (in descending order): • Sample terminated employees and confirm that they are not included on subsequent payrolls and confirm propriety of termination payments.
• Observe the actual distribution of payroll checks to the employees.
• Observe the duties of employees being performed to insure that separation of duties between personnel, timekeeping, journalizing payroll transactions, posting payroll transactions, and payroll disbursement exists.
• Examine internal controls to verify that hiring, pay rates, payroll deductions, and terminations are authorized by the personnel department.
• Sample personnel files and physically observe the presence of personnel in the work place.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 208.
380
Payroll/Personnel Cycle (Contd.) • Examine internal control over payroll records to verify that payroll transactions are properly authorized.
• Discover related party transactions.
• Review the files of new hires for appropriate approvals, pay rates, and dates of accession.
• Review the payroll journal, general ledger, and employee individual pay records for large or unusual amounts.
• Examine internal controls to verify that unclaimed payroll checks are secured in a vault or safe with restricted access.
• Examine internal controls to verify that employee time cards and job order work tickets are reconciled.
•Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting
, Vol. 4, 2003, p. 208.
381
Class Discussion
How can you defraud your own organization, working either from the inside or outside?
------------------------------------------ “Fraudsters … identify and exploit weaknesses specific to the organization.”
Herling, D.J., and J. Turner, “Fraud: Effective Use of Legal Remedies for Corruption,” 9 th
International Anti-Corruption Conference
, October 13, 1999. PowerPoint presentation slide 56. http:// www.transparency.org/iacc/9 th _iacc/papers/day3/ws1/dnld/d3ws1_djherling.ppt
382
1.
2.
3.
4.
5.
Exercises
You receive a tip on the company’s hot line that there has been some fraud in the collections area. What five audit steps would you suggest using in order to find the fraud?
During a brainstorming session, a suggestion is made that the most likelihood of fraud in a particular division is in the area of acquisition and payment cycle. Outline five audit steps to help find any potential fraud.
While auditing a company you notice an employee in payroll who is living beyond his means (e.g., clothes, automobiles, housing). His wife does not work. Suggest six audit steps to help satisfy you there is no fraud in the payroll and personnel cycle.
An anonymous e-mail is sent to an internal auditor that there is fraud in the inventory/ warehousing cycle. Suggest some appropriate audit steps.
What is meant by the hockey stick pattern?
383
384
The End Is Here
385