Forensic Accounting - EJ Ourso College of Business
Download
Report
Transcript Forensic Accounting - EJ Ourso College of Business
Forensic Accounting: Strategies for
Detecting & Controlling Fraud
D. Larry Crumbley, CPA, CFF, Cr.FA, CFFA, FCPA
KPMG Endowed Professor
Department of Accounting
Louisiana State University
Baton Rouge, LA 70803
225-578-6231
225-578-6201 Fax
[email protected]
Dr. Crumbley is the
Editor of the Journal of Forensic & Investigative Accounting.
Former editor of the Journal of Forensic Accounting: Auditing,
Fraud, and Risk,
Former chair of the Executive Board of Accounting Advisors of
the American Board of Forensic Accountants,
Former member of the NACVA’s Fraud Deterrence Board, and
On the AICPA’s Fraud Task Force (2003-2004).
A frequent contributor to the Forensic Examiner and Value
Examiner, Professor Crumbley is a co-author of CCH Master
Auditing Guide, along with more than 55 other books and 350
articles. His latest book entitled Forensic and Investigative
Accounting, 4th edition, is published by Commerce Clearing
House (800-224-7477). Some of his 13 educational novels
have as the main character a forensic accountant. His goal is to
create a television series based upon the exciting life of a
forensic accountant and litigation consultant.
1
Forensic Report
2
TALLY STICKS
“External auditors come down the hill
after the battle and bayonet the
wounded. Forensic accountants are the
guys and girls who follow behind them,
going through the soldiers’ pockets
looking for money.”
3
Puff Adder
“What the use of finger prints was to the 19th century and DNA
analysis was to the 20th, forensic accounting will be to the 21st
century.”
- Gordon Brown, Chancellor of the Exchequer, 10 October 2006.
4
Glimpse Forward
Overview of Forensic Accounting
Panel of Auditing Effectiveness
Persuasiveness/ Costs of Fraud/ Abuse
Some Fraud Surveys
Fraud Multiplier
COSO’s Model
Risk Assessment
Misappropriation of Assets/ Cooking the Books
Detection, Investigation, and Deterrence
Types of Misappropriations
Earnings Management
Seven Investigative Techniques
Five Magic Ratios
Using Technology
Procurement Fraud
Developing Fraud Interviewing Skills
Some Forensic Accounting Tools
Best Fraud Auditing Techniques
----------------------------------------------------------Now John at the bar is a friend of mine.
He gets me my drinks for free.
Sing us a song, you’re the piano man.
“Piano Man”Billy Joel
5
Some Fraud Figures
Bernard
Madoff’s $64 billion ponzi scheme
(150 years).
Australia’s annual fraud, 2003, $5.8 billion
or 1.147% of GDP.
Malaysia’s telecom operators lose 3% of
revenue to fraud each year.
A KPMG Malaysian survey found that more
than a third of the polled companies lost over
RM 1 million from fraud in 2 years.
Fraud and abuse in U.S. is about $1 trillion
annually.
The quantity of corruption crimes has
continued to rise in China after the market
liberalizations in 1978 (because so much
more money involved).
An employee at the Australian mint stole
$100,145 over ten months by hiding bills and
coins in his lunch box and boots. He carried
away on an average 150 coins in each boot
every day.
6
Recent Events
Economic recessions often increase fraud, since
executives may engage in more “cooking the books”
techniques to improve financial results, and
financially strapped employees will steal business
funds or commit other types of fraud and abuse. In
April 2009, Audit Analytics predicted that 3,589
companies (nearly 25%) will report that their auditors
doubt they will continue as going concerns. In 2001,
the percentage was only 19.2 percent.1
The Federal Government’s $787 billion economic
stimulus and bailout programs will be breeding
grounds for fraud, waste, and abuse. Dan Weil
estimates that up to $50 billion of the total (or 5 to 10
percent) will be susceptible to fraud. FBI Director
Robert Mueller warns of fraud stemming from the
stimulus packages.2 There should be much work for
forensic accountants.
1.
2.
Sarah Johnson, “Auditors: Nearly 25% of Companies May Not Be Going
Concerns,” CFO, April 22, 2009,
www.cfo.com/article.cfm/13525910/c_2984368/?f=archives
18 Dan Weil, “Expert: Stimulus Fraud May Hit $50 Billion,” Newsmax.com,
June 16, 2009, http://mmoneynews.newsmax.com/printTemplate.html
7
Fannie Mae Forensic Probe
BOD hired investigators who cleared the
current management of Fannie Mae of
knowingly participating in any
wrongdoing.
The report took 17 months; 616 pages
plus 2,000 plus pages of supporting
documents.
Cost of $60 million to $70 million.
The fraud was estimated to be $11
billion.
Former N.H. Senator Warren Rudman
used The Huron Consulting Group.
8
Effects of Fraud
Four-year class action lawsuit
against Tyco.
•
•Fraud
•PWC
was $1 to $2 billion.
payment
Tyco payment
Total
$225 million
$2.975 billion
$3.2 billion
9
Governmental Fraud
Where Is $9 Trillion? The U.S. Federal Reserve
can not account for $9 trillion in off-balance sheet
transactions. Also, no one at the Federal Reserve has
any idea what are the losses on its $2 trillion
portfolio.
On May 12, 2009, Inspector General Elizabeth
Coleman could not explain the $1 trillion plus
expansion of the Federal Reserve’s balance sheet
since September 2008. While testifying before
Congress, Coleman said the IG does not have
jurisdiction to audit the Federal Reserve.86
If a U.S. business lost $9 trillion or created $9
trillion on their balance sheet, they would suffer
severe penalties.
Source: Julie Crawshaw, “Federal Reserve Cannot Account for $9
Trillion,” Newsmax.com. May 12, 2009.
http://moneynews.newsmax.com/financenews/feds_lost_nine_trillion/
10
2009/05/12/213463.html
E&Y Counts Macca Fortune
Big Four firm hired in high-profile divorce of former Beatle Sir Paul McCartney and
ex-wife Heather Mills
Penny Sukhraj, Accountancy Age, 18 Mar 2008
Sir Paul McCartney instructed Ernst & Young to value his business assets as part of his divorce
proceedings, it has emerged.
The Big Four firm put a value of £400m on his fortune, a figure accepted by the court over
valuations carried out by ex-wife Heather Mills' accountants.
E&Y director, Alan Wallis performed the valuation which showed the Beatle's business interests as
at 11 June 2002 and 28 April 2006 at £242,900,000 and £240,900,000 respectively.
Mills claimed for £125m following her short four-year marriage but a judge awarded her only £24.3
million from the star's wealth.
According to court papers, Wallis valued McCartney's property holdings at £33,979,000, with
£15,159,000 in bank accounts in the UK and USA. His investments were valued at £34,319,000. He
was owed a total of £3,687,000. He held £6000 in cash. Paintings which he had painted, works of
art, musical instruments, jewellery, furniture, house contents, motor vehicles and horses were valued
professionally at £32,269,000.
He disclosed tax liabilities of £9,615,000. He put in as the value of his business interests Mr Wallis’
valuation of £240,920,000. His pension assets were valued at £36,288,000. Accordingly he
disclosed total net assets of £387,012,000. He disclosed his total net income for the next 12 months
at £5,357,000.
Mills' forensic accountants Lee and Allen made a preliminary report of the her former husband's
business interests and also requested further information so that they could check, comment on,
differ from, or agree with Ernst and Young’s valuations.
But a senior district judge disallowed several of the requests.
In addition, the court rejected the opinion on multiples used in valuations by Lee and Allen.
Mr Justice Bennett said: 'Having listened to both accountants giving evidence I unhesitatingly
accept that of Mr Wallis. I am grateful to Mr Allen for his assistance but on this issue Mr Wallis is
in a different league of expertise to Mr Allen. Mr Wallis told me he has 25 years experience in
musical and media work. In stark contrast Mr Allen, a forensic accountant mainly concerned with
claims for damages and with share valuations, candidly admitted that he had never valued a
catalogue. '
Read the McCartney-Mills judgment in full here
Permalink: http://www.accountancyage.com/2212273
11
Definition of Forensic Auditor
Someone who can look behind the
facade--not accept the records at
their face value--someone who has
a suspicious mind that the
documents he or she is looking at
may not be what they purport to be
and someone who has the
expertise to go out and conduct
very detailed interviews of
individuals to develop the truth,
especially if some are presumed to
be lying.
Robert G. Roche, a retired chief of the IRS Criminal Investigation
Division of the IRS
12
Narrow vs. Broad Definition
Narrow: Fraud detection is major
area.
Broad: Employed to seek, interpret,
and communicate transactional and
reporting event evidence in an
objective, legally sustainable fashion,
not only in situations where there are
specific allegations of wrongdoing, but
also in situations where interested
parties judge that the risk of loss from
wrongdoing is such that proper
prudence requires legally sustainable
evidence to support the conclusion that
no wrongdoing is occurring (James
Edwards).
13
Narrow Approach
Accounting
Forensic
Accounting
Internal and
External
Auditing
Accounting
Litigation Matters
and Investigations
Planning
Risk Assessment
Internal controls
Audit Evidence
Reporting
Fraud
Prevention and Deterrence
Detection
Investigation
Remediation
U.S. Dept. of Justice, Education and Training in Fraud
and Forensic Accounting: A Guide for Educational
Institutions, Stakeholder Organizations, Faculty and
Students, Draft Copy, December 23, 2005.
14
Broad Approach
“I liken it to ‘CSI’ or ‘Law & Order,’ but instead of
figuring out the trajectory of a bullet, you’re trying to
find out how a transaction occurred.”
Terry McCarthy
15
Definition of Forensic Accounting
Forensic accounting is the application of
accounting, tax, auditing, finance,
quantitative analysis, investigative and
research skills, and an understanding of
the legal process for the purpose of
identifying, collecting, analyzing, and
interpreting financial or other data or
issues in connection with:
1) Litigation services: providing assistance for
actual, pending or potential legal or
regulatory proceedings before a trier of fact
in connection with the resolution of disputes
between parties, or
2) Non-litigation services: performing
analyses or investigations that may require
the same skills used in 1, above, but may
not involve the litigation process.
16
Definition of Forensic
Accounting Litigation Service
Forensic accounting litigation
services are the professional
assistance accountants provide
related to the litigation process.
These services may involve
accounting, financial, auditing, tax,
quantitative
analysis,
and
investigative and research skills, as
well as an understanding of the
legal process to provide assistance
for actual, pending, or potential
legal or regulatory proceedings
before a trier of fact in connection
with the resolution of a dispute
between parties.
17
Definition of Forensic
Accounting Non-Litigation
Services
Forensic accounting non-litigation
services are the professional assistance
accountants provide not related to the
litigation process. These services may
involve accounting, financial, auditing,
tax,
quantitative
analysis,
and
investigative and research skill as well
as an understanding of the legal process
to provide assistance in connection with
matter or issues not involving the
litigation process.
“You’re trying to piece together a puzzle where you
do not have the picture on the box to know what it’s
going to look like. The facts are not settled, and actually
it’s the facts that are in dispute.”
Andrew Bernstein
18
Short History
1. Late 1800’s – Find fraud
2. 1930’s- Puff Adder –encyclopedia
3. 1933-1934-independent audits
4. 1950’s-Eighth edition Montgomery auditing reduced formal
stress on fraud detection.
5. January 1957- H.W. Bevis, AR, questioned the benefit of
discovering minor employee thefts.
6. 1960s-auditors claimed no responsibility.
7. Financial audits: Consistency.
8. Audit surveillance: test of details (disappeared).
9. Stock market bubble
10. Panel on Audit Effectiveness (2000)
11. Enron/ WorldCom/ Parmalat/ HealthSouth
12. Sarbanes-Oxley/ PCAOB
13. SAS No. 99
14. Global Capital Markets and the Global Economy: A Vision from
the CEOs of the International Audit Networks, November 2006.
15. Managing the Business Risk of Fraud: A Practical Guide, IIA,
AICPA, ACFE, 2008.
19
Transparency International Corruption Perceptions Index 2009
Rank
Country/Territory
CPI 2009
Score
Surveys Used
Confidence Range
1
New Zealand
9.4
6
9.1 - 9.5
2
Denmark
9.3
6
9.1 - 9.5
3
Singapore
9.2
9
9.0 - 9.4
3
Sweden
9.2
6
9.0 - 9.3
5
Switzerland
9.0
6
8.9 - 9.1
6
Finland
8.9
6
8.4 - 9.4
6
Netherlands
8.9
6
8.7 - 9.0
8
Australia
8.7
8
8.3 - 9.0
8
Canada
8.7
6
8.5 - 9.0
8
Iceland
8.7
4
7.5 - 9.4
11
Norway
8.6
6
8.2 - 9.1
12
Hong Kong
8.2
8
7.9 - 8.5
12
Luxembourg
8.2
6
7.6 - 8.8
14
Germany
8.0
6
7.7 - 8.3
14
Ireland
8.0
6
7.8 - 8.4
16
Austria
7.9
6
7.4 - 8.3
17
Japan
7.7
8
7.4 - 8.0
17
United Kingdom
7.7
6
7.3 - 8.2
19
United States
7.5
8
6.9 - 8.0
20
Barbados
7.4
4
6.6 - 8.2
174
Uzbekistan
1.7
6
1.5 - 1.8
175
Chad
1.6
6
1.5 - 1.7
176
Iraq
1.5
3
1.2 - 1.8
176
Sudan
1.5
5
1.4 - 1.7
178
Myanmar
1.4
3
0.9 - 1.8
179
Afghanistan
1.3
4
1.0 - 1.5
180
Somalia
1.1
3
0.9 - 1.4
20
Americans caught doing business with anyone on
the list can be punished with up to 30 years in prison
and a $5 million fine.
21
States Corruption Index
Most corrupt:
Least corrupt:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Mississippi
North Dakota
Louisiana
Alaska
Illinois
Montana
South Dakota
Kentucky
Florida
New York
Nebraska
Oregon
New Hampshire
Iowa
Colorado
Utah
Minnesota
Arizona
Arkansas
Wisconsin
22
The Bubble Deception
There are 14,000 publicly traded
companies in the United States.
Expecting all of them to be honest is
unrealistic. Like any town of 14,000,
the market is bound to have its share of
grafters and shoplifters.
By January 2001, all manner of
companies were abusing accounting
rules to mislead their investors,
seemingly without fear of being caught.
A strange madness had gripped the
market. Even its most solid citizens
were running red lights and breaking
windows. And the police were nowhere
in sight.
Alex Berenson, The Number, Random House, 2003, p. xxiii.
23
Enriching Insiders
I know that sounds crazy, but the stock market
has gone from a place where investors actually
own part of a company and have a say in their
management to a market designed to enrich
insiders by allowing them to sell shares they buy
cheaply through options.
Companies continuously issue new shares to
their managers without asking their existing
shareholders. Those managers then leak that
stock to the market a little at a time. It’s
unlimited dilution of existing shareholders’
stakes, dilution by a thousand cuts. If that isn’t
a scam, I don’t know what is.
Individual shareholders have nothing but the
chance to sell their shares to the next sucker . A
mutual fund buys one million shares of a
company with your and your coworkers’ money.
You own 1 percent of the company. Six weeks
later you own less, and that money went to
insiders, not to the company.
Alex Berenson, The Number, Random House, 2003, p. xviii.
24
Forensic Accounting Factors
Time: Forensic accounting focuses
on the past, although it may do so
in order to look forward (e.g.,
damages, valuations).
Purpose: Forensic accounting is
performed for a specific legal forum
or in anticipation of appearing
before a legal forum.
Peremptory: Forensic accountants
may be employed in a wide variety
of risk management engagements
within business enterprises as a
matter of right, without the
necessity of allegations (e.g.,
proactive).
----------------------------------------------With a single clue a forensic
accountant can solve a fraudulent
mystery.
25
One Small Clue
A former Scotland Yard scientist tried to
create the world’s biggest fraud by
authenticating $2.5 trillion worth of fake U.S.
Treasury bonds.
When two men tried to pass off $25 million
worth of the bonds in Toronto in 2001, a
Mountie noticed the bonds bore the word
“dollar” rather “dollars.”
Police later raided a London bank vault and
discovered that the bonds had been printed
with an ink jet printer that had not been
invented when the bonds were allegedly
produced.
Zip codes were used even though they were
not introduced until 1963.
Sue Clough, “Bungling Scientist Is Jailed for Plotting World's Biggest
Fraud,” News.telegraph.co.uk, January 11, 2003.
26
Forensic Accounting Defined
Forensic accounting is the action of
identifying, recording, settling, extracting,
sorting, reporting, and verifying past financial
data or other accounting activities for settling
current or prospective legal disputes or using
such past financial data for projecting future
financial data to settle legal disputes.
Source: Forensic and Investigative Accounting (CCH)
--------------------------------------------------------
When the death of a company
occurs under mysterious
circumstances, forensic accountants
are essential. Other accountants look
at the charts but forensic accountants
actually dig into the body.
Douglas Carmichael
27
Forensic Accounting Areas
Investigative
Auditing
Litigation Support
Forensic: Latin for “forum,”
referring to a public place or court.
Black’s Law Dictionary: Forensic,
belonging to the courts of justice.
Note: Corporate spooks are used to check on
competitors.
28
Top Niche Services - 2010
1. Business Valuation
74%
2. Litigation support
73%
3. Attestation Services
70%
4. Forensic/Fraud
69%
Source: Accounting Today.
29
AICPA’s Position
Public accounting firms could use forensic
accountants to help revise their approach to planning
and fieldwork on all audits, while requiring forensic
accountants only on high risk audit clients to aid in the
interpretation of forensic testing results and preventive
control enhancements.
Does not require auditors to carryout specific forensic
procedures, but rather provide guidance on how to
include forensic techniques within processes outlines in
SAS 99. This combination will enhance the detection and
prevention of fraudulent financial statement reporting
and misappropriation of assets; thus protect investors
and financial statement users.
The inclusion of audit procedures focused towards
detecting misappropriation of corporate assets may lead
to the identification of weaknesses within corporate
governance or control weaknesses. Frauds that are
identified which represent a material misappropriation of
assets could significantly impact public perception.
30
AICPA’s Position (cont.)
Professional forensic accountants can best be
used by ensuring such procedures are properly
developed and executed in-line with internal audit
and audit committee concerns. Forensic accountants
could then be engaged in high-risk situations, or
when a fraud is suspected.
Companies should not use the forensic services of
their outside audit firm, unless it pertains to the
annual audit.
Putting a price on a substantive test or forensic
auditing procedure may be smart for business;
however, the inherent risk is that short-cuts geared
towards reducing audit costs may eventually cause
investors to question the companies’ true financial
position.
AICPA – Discussion Memo Question Responses
31
Forensic vs. Fraud Audit
Google result, June 23, 2010:
Forensic Audit, 173,000 hits
Forensic Audit Software, 259,000 hits
Fraud Audit, 108,000 hits
Fraud Examination, 49,500 hits
Forensic Audit Procedures, 102,000
Fraud Accounting, 78,300 hits
Fraud Audit Procedures, 76,800 hits
Forensic Accounting, 485,000 hits
Fraud Investigation, 550,000 hits
Forensic Mortgage Audit, 501,000 hits
Forensic Audit Loan, 71,400 hits
Forensic Loan Modification, 2,120,000 hits
---------------------------------------------I don’t care what they say, but [forensic
accounting] is here to stay.
Danny & the Juniors
-----------------------------------------------------------------------------------
I see skies of blue and clouds of white, and I think
to myself, what a wonderful world.
Louis Armstrong
32
Specialties Within Forensic
and Investigative Accounting
Employee Crime Specialist.
Asset Tracing Specialist.
Litigation Services Specialist and
Expert Witness.
Insurance Claims.
Valuation Analysis.
False Claims Act Violations.
Due diligence investigations.
33
Asset Tracing
Three Italian lawyers said in a filing to be
presented to a bankruptcy court that they had
traced $7.7 billion in missing Parmalat funds.
“We are preparing a filing in which we are asking
for the insolvency status to be revoked
because the money was robbed and not lost,”
lawyer Carlo Zauli told Reuters.
But he said it would be an illusion to believe
proof of electronic transfers of the funds could
be found and the lawyers representing the
Parmalat Creditors Committee did not say
where the money was being held or if it was
recoverable.
An Italian website, TGfin (www.tgfin.it), said a
company linked to Parmalat founder Tanzi was
holding the funds in the form of U.S. bonds in
an account with Bank of America.
Source: Emilio Parodi and Stefano Bernabei, “Wrap-up 2: Paramalat Fraud Probe Widens
to Auditors, Ex-Banker, “forbes.com, January 8, 2004.
34
Gross Profit Comparison
In a divorce situation, a business
owner claimed only about $75,000
annual income.
He claimed he had borrowed and not
paid back huge sums.
Wife said he was spending about
$400,000 per year more than his
salary.
Four schedules for the courtroom:
1.
What was known and alleged about
husband’s expenditures.
2.
Schedule comparing income with
expenditures.
3.
Amounts husband claimed he had
borrowed.
35
Gross Profit Comparison (cont.)
4.
Company’s income statements sideby-side:
New Gross Profit
His
Per Industry
----------------$75,000
$475,000
Husband had overstated COGS.
Checks issued to vendors, into COGS.
Some of the vendors cashed the
checks and returned the money to
husband.
Mark Kohn, “Unreported Income and Hidden Assets,”
Forensic Accounting in Matrimonial Divorce,
Philadelphia: R. T. Edwards, 2005, pp. 49-57.
36
Unreported Beer Sales
Business owner reports only $50,000
business income, but has expensive cars,
private schools, buying significant real estate.
Subpoenaed records of local beer distributors.
Then went to the club and ordered some
drinks, noting the pricing of the beer, etc.
1,000 cases of Miller’s
24 bottles
24,000
x $2
$48,000 per year
Found that reported sales were underreported
by $500,000.
Mark Kohn, “Unreported Income and Hidden Assets,”
Forensic Accounting in Matrimonial Divorce, Philadelphia:
R.T. Edwards, 2005, pp. 49-57.
37
Home Improvements
Massive improvements to personal home, not
paid for by personal funds.
Company showed many corporate payments
to home remodeling contractors/landscapers.
But the industrial park not owned by company.
Only photocopies of invoices provided.
FC demanded original documents.
Finally, the original documents had white-outs
of job locations and work descriptions.
Could turn over the originals and read the real
data from the back side.
Mark Kohn, “Unreported Income and Hidden Assets,” Forensic
Accounting in Matrimonial Divorce, Philadelphia: R.T.
Edwards, 2005, pp. 49-57.
38
Finding Unreported
Income/Hidden Assets
1.
2.
3.
4.
5.
6.
7.
Look at the lifestyles.
Look at the expenses.
Look at the cash flow.
Look at the business
operations.
Look at the industry ratios.
Consider using private
investigators.
Use the net worth method.
Mark Kohn, “Unreported Income and Hidden Assets,” Forensic
Accounting in Matrimonial Divorce, Philadelphia: R.T.
Edwards, 2005, pp.49-57.
39
Fiction v. Reality
The main difference between fiction and
reality is that instead of using mask and gun,
today’s villains use mouse and keyboard.
Instead of hiding behind a lamppost in a trench
coat and fedora, today’s forensic accountants
are more likely to be hiding behind their own
computers, searching for clues amid mountains
of data.
Source; “Book ‘EM! Forensic Accounting in History and
Literature,” The Kessler Report, Vol.1, No. 2.
------------------------------------------------------------------------------------
“Every investigation I did as a prosecutor, you
have a particular target, but it always branches
off because something else gets your attention.
And that’s what is going to happen with a
forensic accountant.”
Tom Carlucci:
E-library Rueter Library September 20, 2002
40
Forensic Techniques Become Popular
“In many of the large accounting blow-ups, auditors knew
what was happening,” says Charles Niemeir, “but they
were willing to look the other way.”
There is a need to provide “incentives for people finding
problems,” says Douglas Carmichael. “Right now there
are no incentives for finding problems, and one who does
is treated as a trouble maker.”
Source: Cassell Bryan Low, “Accounting Firms Attempts to
Dispel the Cloud of Fraud,” Wall Street J., May 27, 2003.
Doug Carmichael, former Chief Auditor for Peekuh-boo, faults auditors for not adopting forensic
techniques.
Carmichael wishes more “test of details,” not
relying on test of controls.
He wishes more shoe-leather work.
Shoe-leather work is what we do!
Kris Frieswick, “How Audits Must Change,” CFO July
2003, p.48
41
Popular (cont.)
E&Y’s forensic accounting team is comprised of
350 practitioners in the U.S. alone, and focuses
on strategies to mitigate and manage conflict in
bankruptcy disputes, financial and economic
damages, fraud and investigations, government
contracts and grants, insurance claims,
intellectual assets, and legal technology.
Deloitte’s forensic accounting expertise includes
anti-money laundering, the Foreign Corrupt
Practices Act, purchase price disputes,
arbitrations, construction fraud, health care fraud,
construction oversight, intellectual property theft,
and misdirected royalty revenues, to name just a
few.
They have forensic labs in nine major cities across
the U.S. and an additional 18 cities around the
world, including Hong Kong, London, Amsterdam,
Frankfurt, Cape Town and Melbourne.” All FAS
labs meet the FBI’s chain of custody
requirements. “They are secure, state-of-the-art,
and house advanced systems for storing and
accessing data, including dedicated servers and
fire-resistant safes.
Stuart Kahan, “Sherlock Holmes Enters Accounting,” WebCPA,
February 11, 2007.
42
This need for the forensic accountant is
demonstrated by this passage from The CBS
Murders:
Margaret Barbera was very good with
numbers. She could take a balance
sheet, a set of account books, invoices,
bills, and more, juggle and manipulate
the figures and, presto, thousands
become millions, losses become profits,
profits become losses, sales soared or
fell, whatever her employer desired, and
it would take an expert auditor knowing
precisely where to look and what to look
for to figure out what she’d done, and
even then, it still might slip by.
Professor Cramer was in front of the auditing class
quoting a passage from The CBS Murders, by Richard
Hammer. [p. 67 in Trap Doors].
43
Forensic Accountants
“Rather than combing torn clothing,”
forensic accountants “comb through
corporate books, looking for oddities
that could signal swindles,” says
Bruce Dubinsky. Investigations can
be extremely complex, with crates
and crates of documents and
thousands of computer files.
Investigators look for flags or
patterns that would not normally
occur.
Source: Mark Maremont, “Tyco Is Likely to Report
New Woes,” Wall Street Journal, April 30, 2003, p.
C-1.
44
Potpourri
Deutsche Bank is being sued for $1.3 billion by
Bruce Winston (one of the heirs of Harry Winston
diamond dynasty) for priceless gems
disappearing from a trust under their control.
A Burlington, Kentucky city finance director is
accused of embezzling more than $1.2 million to
support his estranged wife and his girlfriend.
Martin Frankel vanished with between $200
million in cash and diamonds one day. He
accomplished this insurance fraud by buying
poorly capitalized insurance companies, cooking
the books to show increased premium value, and
by including non-existing real estate and leases
on the balance sheet.
Bank of China’s Mr. Wu allegedly embezzling up
to $18 million from a bank branch, using
improper bills of exchange. BoC has a number of
cases involving the embezzlement of $737
million from branches in the Southern
Guangdong Province.
A U.S. Lime officer embezzled nearly $2.2 million
by forging signatures of other company officers
on checks, and falsifying the company’s check
register to create the impression that the
amounts he received went to U.S. Lime creditors.
45
Potpourri (contd …)
The Chairman of Hyundai Motor, Chung MongKoo, was sentenced in February 2007, to 3
years in prison for embezzlement ($100
million) and breach of trust at South Korea’s
largest carmaker.
Spanish authorities shut down Afinsa’s Forum
stamp-investing programs with several
hundred thousand of small investors. Alleged
investments in overvalued stamps and
suspected pyramid scheme. Eight officials
jailed.
In 2000, Rent Way’s CAO artificially reduced
the company’s expenses by $127 million.
WorldCom’s external auditors missed about
$11 billion improperly booked items.
Ahold NV, a Dutch company, said a U.S. unit
had overstated revenues by $880 million by
booking more discounts from suppliers than
actually received.
One Philippine peso coin has the same size as
1 dirham, but worth only 7 fils. Thus, dispense
machine fraud.
46
Careful With Property Tax Refund Checks
Supervisor of the Real Property Tax
Adjustment Unit in Washington, D.C.,
Harriette Walters, used at least 92
payments to dummy corporations in a scam
to obtain $31.7 million ($344,565 per
refund).
Fraud was never noticed by city officials,
internal, or external auditors. Auditors
never examined why the city’s property tax
refunds were steadily rising.
Sham companies’ bank accounts were
controlled by Walters’ brother.
Many applications for refund were identical
to prior ones.
In a FBI raid of her house, 100 pieces of
jewelry, a mink coat, 90 designer purses,
68 pairs of shoes, designer luggage, Rolex
watch, silver bar cart, and more were
found. She had a $1.4 million in bills at
Neiman Marcus on a $81,000 yearly
government salary.
47
Definition
A forensic accountant has extensive
experience in investigations to determine
solutions to disputed accounting matters,
to write expert reports on their
investigation, and to appear in court as
expert witnesses.
Zeph Telpner and Michael Mostek
A normal accountant is like a guard-dog
(e.g., a bulldog); a forensic accountant is
like a bloodhound; an internal auditor is
like a seeing-and-eye dog (e.g., monitoring
and guiding management), a corporate
accountant is a mix breed, and a
governmental accountant is an afghan.
D. Larry Crumbley
48
Find It, or I’ll Sue
Accountants must be attuned
to detecting fraud at every level of
service, including standard
accounting services, compilations,
reviews, and bank reconciliations. If
there is fraud and you don’t detect
it, you are going to be sued, and
you will likely lose, as the public
perception is the accountant is the
watchdog.
Robert J. DiPasquale, Parsippany, N.J.
Source: H.W. Wolosky, “Forensic Accounting to the Forefront,”
Practical Accountant, February 2004, pp. 23-28.
49
Forensic Accounting Knowledge Base
Silk, Silk, Silk
50
Threads of Forensic
Accounting
Forensic accounting (or at
least accounting expert
witnessing) can be traced as
far back as 1817 to a court
decision. [Meyer v. Sefton]
In 1824, a young accountant
by the name of James
McCleland started business in
Glasgow, Scotland and issued
a circular that advertised
various classes of expert
witness engagements he was
prepared to undertake.
In 1856 in England, the audit
of corporations became
required.
51
Investigative Accountants
Initially called investigative
accounting, many of the forensic
techniques, such as the net
worth method, were developed
by IRS agents to detect tax
evaders.
Infamous mobster, Al Capone,
was caught when Special Agents
of the IRS stepped in and
charged him with tax evasion.
Accountants caused the crime
czar’s career to come to an end.
52
Al Capone Caper
“Perhaps the most celebrated case
of an accountant nailing a famous
criminal was the case of Al Capone. For all
of Capone’s colorful history of violent
crime, the FBI could never gather enough
evidence to convict him until FBI agent
Eliot Ness had an idea.
He gathered special agents of the
IRS to track the flow of cash from
Capone’s illicit activities. When the
mobster failed to pay taxes on those
earnings, the IRS nailed him for tax
evasion.
Capone went to jail and was never
a factor again. IRS recruitment posters
boast till this day: ‘Only an accountant
could catch Al Capone.’”
Source: “Book ‘Em! Forensic Accounting History and Literature,” The Kessler
Report, Vol. 1, No. 2.
53
Investigative Techniques
“You know how it goes,” I said. “You get a case.
You just keep poking around, see what scurries
out.” p. 144.
-----------------------------------------------------------“How,” Susan said, “on earth are you going to
unravel all of that?”
“Same way you do therapy,” I said.
“Which is?”
“Find a thread, follow it where it leads, and keep
on doing it.”
“Sometimes it leads to another thread.”
“Often,” I said.
“And then you follow that thread.”
“Yep.”
“Like a game,” Susan said.
“For both of us,” I said.
Susan nodded. “Yes,” she said, “tracking down of
a person or an idea or an evasion.”
pp. 270 – 271.
-------------------------------------------------------------------------------Source: R.B. Parker, Widow’s Walk, Berkley Books, 2002.
54
Father of Forensic Accounting:
Maurice E. Peloubet (1946)
Pretenders:
Max Lourie (1953)
Robert Lindquist (1986)*
* Repeated, First sentence in N. Brennan and J.
Hennessy, Forensic Accounting, 2001, p. 5.
55
The Essence of Forensic Accounting by
Maurice Peloubet (1946):
“The preparation of data for and the
appearance before government agencies
as a witness to facts, to accounting
principles, or to the application of
accounting principles is essentially forensic
accounting practice rather than advocacy.”
Modern Version
“Let’s face it, we in the forensic profession
labor in an obscure corner of the vineyard.
We are the carefully selected, trusted,
highly trained guardians of one of the last
great secrets remaining on the face of the
earth - - the $600 billion [now $994], more
or less annual problem nobody knows
about.”
Joseph W. Koletar, Fraud Exposed, John Wiley &
Sons, Inc 2003, p. 228.
56
Be like
57
Fictional Hero
“Forensic accounting is turning up more
frequently in the world of fiction, too. The financial
intrigue of fraud and the investigative process of
forensic accounting are a natural fit with mystery
of suspense novels. Add exotic locations, colorful
characters and a murder or two, and you have all
the elements of a classic thriller.
There is a selection of books featuring
forensic accountants as the heroes of their own
stories, as well. Lenny Cramer, perhaps the most
prominent of this fictional group, is the star of a
series of novels written by I.W. Collett (aka Larry
Crumbley) and various co-authors.
In one of these novels, Cramer tracks
forged receipts to uncover a plot to steal Burmese
religion treasures. Another features Cramer, while
conducting an audit at Coca-Coca, uncovering a
scheme to steal the company’s secret formula. In
yet another, Cramer uses his forensic accounting
skills to solve a series of murders in the New York
art world.”
Source: “Book ‘em! Forensic Accounting in History and Literature,”The Kessler
Report, Vol. 1, No. 2.
58
Panel on Audit Effectiveness
In 1998, the Public Oversight Board
appointed the Panel on Audit Effectiveness
to review and evaluate how independent
audits of the financial statements of public
companies are performed and to assess
whether recent trends in audit practices
serve the public interest.
In 2000, the Panel issues a 200-page
report, Report and Recommendations,
which includes a recommendation that
auditors should perform forensic-type
procedures during every audit to enhance
the prospects of detecting material
financial statement fraud.
Did not believe a GAAS audit should
become a fraud audit.
In all audits the degree of audit effort in
forensic- type steps should be more than
inconsequential [p. 24].
59
Big-Six's Position
A forensic audit is akin to a police investigation.
All public companies should have a forensic
audit on a regular basis. Companies would be
required to have such an audit every three or five
years or face these audits on a random basis.
Forensic auditors scrutinize all records of
companies, including emails, and would be able, if
not required, to question all company employees,
and to require statements under oath.
Might be necessary for an audit network or a
specialized forensic auditors to complete a
forensic audit with the aid of independent
attorneys (not those who have represented the
audit client in the other engagements).
Source: “Serving Global Markets and the Global Economy: A View from the CEOs of
the International Audit Networks, November 2006, p. 13.
60
Required Forensic Audits Coming?
The accounting profession may be making a
strategic shift as they see that SAS No. 99 and
the other rules are not protecting them from
being the insurer of last resort.
The Big Four along with Grant Thornton and
BDO International recently released a report
entitled “Serving Global Capital Markets and
the Global Economy.” November 2006.
In the report, one of the things they are
suggesting is for companies to have a forensic
audit. Companies would be required to have
such an audit every five years or face these
audits on a random basis.
Standing Advisory Group (PCAOB) was not
enthusiastic about a mandatory forensic
audit: not cost-effective or effective at all.
February, 2007.
“Auditing Firms Urge New Ways to Detect Fraud,” NYSSCPA.org News Staff.
Posted on November 11, 2006.
61
Difficulties With Fraud
Joseph Wells says
Regrettably, the actual cost of
fraud is unknown and
unknowable. It is a concept the
criminologists call “the dark
figure.” Unlike visible crimes
such as robbery, not all frauds
are uncovered. Of those
uncovered, not all are reported.
No agency is tasked with
compiling comprehensive data
on fraud.
Source: http://www.nysscpa.org/cpajournal/2006/906
/infocus/p16.htm
62
Difficulties With Finding Fraud
I also think that we have lost sight of
what the public really wants and
expects. Financial reporting has
become so complicated that few
people, CPAs included, can read a
set of financial statements and
really understand what they mean.
Complexity is the killing field of
fraud; the more dense the concepts,
the easier it is to mask wrongdoing.
Enron was a classic example.
Source: http://www.nysscpa.org/cpajournal/2006/906
/infocus/p16.htm
63
Difficulties With Finding Fraud (cont.)
With respect to the CPA’s responsibilities to
detect fraud, in my opinion current audit
standards are fundamentally and fatally
flawed; we should shift our emphasis to
preventing fraud in the first place. Although
we can and should do a better job of
detecting illegalities, that’s a difficult row to
hoe. In the last 30 years, I have personally
trained tens of thousands of CPAs. I’ve given
them balance sheets and income statements
that contain material fraud. And even
knowing that the books are cooked, they find
it difficult to uncover these problems. That is
simply because there are so many methods
of concealment, and the clues are not unique
to fraud. For example, who is to say whether a
large spike in the cost of sales is caused by
fraud or by a legitimate increase in expenses?
Oftentimes, it is hard to differentiate a red
flag from a red herring.
Source: http://www.nysscpa.org/cpajournal/2006/906/infocus/
p16.htm
64
Predication
The ACFE group indicates that in
the private sector, a fraud
investigation should not be
conducted without proper
predication.
Examples: Anonymous tips,
complaints, audit inquires,
conflict of interest.
Thus, predication is the basis for
undertaking a fraud
investigation.
Without predication, the target
might be able to sue for real or
imaginary damages.
65
Who Do You Call?
Detection v. Deterrence
Proactive v. Reactive
66
Top-Down Approach
Auditing Standard No. 5
suggests that auditors should
use a top-down approach to
determine the controls to test.
Starting at the financial
statement level, the auditor
should focus on the entity-level
controls and work down to the
significant accounts and
disclosures and their relevant
assertions.
67
Entity-Level Controls
Controls related to the control environment.
Controls over management override; the
company's risk assessment process.
Centralized processing and controls, including
shared service environments.
Controls to monitor results of operations.
Controls to monitor other controls, including
activities of the audit committee and selfassessment programs.
Controls over the period-end financial reporting
process.
Policies that address significant business control
and risk management practices.
Source: PCAOB, October 17, 2007, pp. 12.
68
Three Classes of Controls
Preventive controls: These controls are first in line to
prevent errors, omissions, or security incidents from
occurring. Examples include controls that restrict access
to systems to authorized persons such as intrusion
prevention systems and firewalls, and integrity
constraints that are embedded within a Database
Management System. Most Efficient
Detective controls: These controls detect errors or
incidents that have eluded the preventative controls.
Examples include controls that test whether authorization
limits have been exceeded, or an analysis of activity in
previously dormant accounts. Important when preventive
controls weak. Examples include situations where the
transactions are derived from third party reports such as
sales reports from franchisees, warranty claims reported
by auto dealers, baggage claims reported by passengers
at airports, and reports of coupons or rebates redeemed
by redemption processors.
Corrective controls: These controls correct errors,
omissions, or incidents after detection. They vary from
simple correction of data-entry errors, to identifying and
removing unauthorized users from systems or networks.
Corrective controls are the actions taken to minimize
further losses.
Sources: IIA, 2005, Global Technology Audit Guide: IT Controls,
Altamonte Springs, Fl; M. J. Nigrini, “Monitoring Techniques
Available to the Forensic Accountants,” J. of Forensic
Accounting, Vol. 7, 2006, p. 322.
69
Where Fraud Prevention and Security Meet
Fraud Prevention
Sarbanes-Oxley
Compliance
Data Mining for
Fraud
Ethics Policy
Anonymous
Tip Line
Risk Assessment
Fraud Policy
Security
Background Checks
Site Security Survey
Loss Prevention
Strategy
Information Security
Investigations
Interviews
Screening Tools for
External Fraud
Guards
Closed Circuit
TV
Swipe Cards
Locks
Fences
Badges
Disaster
Recovery
Source: M.T. Biegelman and J. T. Bartow, Executive Roadmap to Fraud
Prevention and Internal Controls, John Wiley, 2006, pp. 325-326.
70
Balancing Risks and Controls
Excessive Risks
• Loss of Assets
• Poor Business Decisions
• Noncompliance
• Public Scandals
• Increased Regulations
Excessive Controls
•
•
•
•
•
Increased Bureaucracy
Reduced Productivity
Increased Complexity
Increased Cycle Time
Increase of no-value activities
71
Types of Controls
Preventive controls
• Segregation of duties
• Required approvals
• Securing assets
• Passwords
• Using document control numbers
• Drug testing
• Job rotation
• Computer backup
Detective controls
• Reconciliations
• Reviews
• Event notifications
• Surprise cash count
• Counting inventory
Corrective controls
• Training
• Process redesign
• Additional technology
• Quality circle teams
• Budget variance reports
72
James Bond – Type Security
The TIAA-CREF’s Charlotte building is
covered with green faux windows and
comes with security features such as a
revolving door that weighs visitors when
you go in and out, cameras that track
them throughout the building and
security badges that won’t let them
leave if they stay longer than expected.
The James Bond technology protects a
financial service entity’s most precious
commodity: cartridges containing
customer data. “These are our crown
jewels.” CTO Sue Kozik said.
The data center could be guarded
better only if it was buried underground.
Source: Rick Rothacker, “Charlotte Site Has
Quickly Become the Firm’s Largest,” Charlotte
Observer, December 28, 2006, p. 2D.
73
Fraud Strategies Differ
1.
2.
3.
4.
5.
6.
7.
8.
Forensic Accountants
Internal Auditors
External Auditors
Certified Fraud Examiners
Certified Financial Forensic
Analysts (CFFAs)
Certified Forensic
Accountant (CrFA)
Forensic CPA Society (FCPA)
Certified in Financial
Forensics (CFF)
74
Need a Certification?
American College of Forensic Examiners (2750 E.
Sunshine, Springfield, MO 65804; 800-423-9737;
www.acfei.com. DABFA and Cr.FA; 2000)
Certified Fraud Examiners (Association of CFEs, The
Gregor Bldg., 716 West Avenue Austin, TX 78701; 800245-3321; www.cfenet.com).
Certified in Financial Forensics (CFF), AICPA, Fall 2008,
www.aicpa.org.
Forensic CPA Society (FCPA); formed in July 2005,
Spokane, WA. [email protected].
Certified Forensic Financial Analyst (NACVA, Salt Lake
City, Utah 84106; 801-486-0600). Also, Certified Fraud
Deterrence (CFD) analyst. [CFFA and CFD have merged.]
National Litigation Support Services Association (NLSSA,
III East Wacker Drive, Suite 990, Chicago, IL 60601;
800-869-0491). Not-for-profit. About 20 firms. $1,825.
Canadian Institute of Chartered Accountants (CICA) –
CA.IFA – Alliance for Excellence in Investigative
Accounting.
Certified Forensic Investigator (CFI) – Canada Early
1980’s. www.homewoodave.com
Certified Fraud Specialist (CFS), not-for-profit,
educational anti-fraud corporation located in
Sacramento, Calif., for those dealing in white-collar
crime, fraud, and abuse issues. Association of Certified
Fraud Specialists. http://acfsnet.org.
75
CPA Certificate Important
AICPA research indicates that
CPAs represent 94 percent of
forensic experts hired over two
years.
Source: Field of Forensic Service Remains Hot, A. E. Feldman
Blog, http://blog.aefeldman.com/2009/04/13/field-of-forensic services-rem...
76
77
78
Core Skills and Knowledge
79
Fraud
Some accountants believe that
ethics is a place in England.
Essex, U.K.
-------------------------------------------------A statement made by Mark Twain
about New England weather applies
to fraud and corruption:
“It’s hard to predict, but everyone
agrees there’s plenty of it.”
------------------------------------------As Sherlock Holmes said, “the game
is afoot.”
-------------------------------------------------Read My Lips; It’s The Fraud, Stupid.
80
Termites, Rust, and Fraud
• Just as termites never sleep, fraud never
sleeps.
• Just like termites, fraud can destroy the
foundation of an entity.
------------------------------------------------------------Like rust, fraud never sleeps.
------------------------------------------------------------"It is simply impossible to eliminate economic crime. It's
like fighting the mythical Hydra, cutting off one form of
fraud merely allows another to grow. Controls alone are
not enough. The answer lies in establishing a culture that
supports control efforts and whistle-blowing with clear
ethical guidelines. Companies need to build loyalty to the
organization, give employees the confidence to do the
right thing, and identify clear sanctions for those who
commit fraud, regardless of their position in the
company."
Steven Skalak
81
White-Collar Crimes
White-collar crimes according to the
FBI are categorized by deceit,
concealment, or violation of trust
and are not dependent on the
application or threat of physical
force or violence.
Such acts are committed by
individuals and organizations to
obtain money, property, or services;
to avoid the payment or loss of
money or services; or to secure a
personal or business advantage.
Source: FBI.gov
82
Fraud is Possible
The motto of a fraudster:
Anything is possible. The
impossibility simply takes longer.
--------------------------------------------Biggleman’s Safe – a safe builder
wrote blueprints of a unbreakable
safe and locked the blueprints inside
the safe.
----------------------------------------------Internal controls can be broken, often
by top executives.
----------------------------------------------Just as a pitcher tries to fool batters,
financial statements may be
misleading or wrong (baseball or
cricket).
83
White-Collar Crime: Rich
People Steal
• Edwin Sutherland coined the term
“white-collar crime.” [Indiana
University sociology professor.]
• Sutherland believed that whitecollar crime is a learned behavior,
a consequence of corporate culture
where regulations are regarded as
harassment, and profit is the
measure of the man.
• “White-collar crime violates trust
and thus creates distrust, and this
lowers social morale and produces
social disorganization on a large
scale.
Cynthia Crossen, “A Thirties Revelation: Rich People
Who Steal are Criminals, Too,” Wall Street Journal,
October 15, 2003, p. B-1.
84
White-Collar Crime By the
Advantaged
“Crime is the most flourishing and
lucrative business in America… I
speak now not only of the crime
in the streets, the burglaries and
the robberies, which represent
tens of billions of dollars each
year; I speak of the crime which
we call ‘white collar’ – the crimes
committed by the advantaged,
not the disadvantaged; the
crimes committed with pen and
pencil, not with gun or ‘jimmy’;
under the bright lights of the
executive offices, not by
stealth in the dark.”
Herbert Stern, from his discussion of prosecutorial
philosophy in the 1973 book Tiger in the Court, by Paul
Hoffman.
85
FBI Crime Classification Manual
1. Personal Cause Homicide.
2. Sexual Homicide.
3. Group Cause Homicide.
4. Criminal Enterprise Homicide
• Contract killing.
• Gang-motivated.
• Criminal competition.
• Kidnap murder.
• Product tampering.
• Drug murder.
• Insurance/ inheritance.
• Felony-murder.
• Commercial profit.
______________________________
“People do not normally kill you for doing their taxes, but forensic
accounting is a whole new ballgame.”
Adam Piore, “Fraud Scene Investigator,”
March 20, 2008.
86
Red-Collar Crime
• A person who physically harms
someone that may have, or is on the
verge of detecting their fraudulent
behavior.
• Fraud-detection homicide.
• Myth: White-collar criminals not violent
criminals.
• Forensic accountants may be used in
a homicide investigation when fraud
detection may be the motive for the
murder.
• Fraud-detection motive may be
important when a prosecutor has
weak direct evidence.
Source: F.S. Perri and T.G. Lichtenwald, “A Proposed Addition to the FBI
Criminal Classification Manual: Fraud-Detection Homicide,” The
Forensic Examiner, Winter 2007, pp. 18-30.
87
Tyco Prosecutor’s Closing Argument
“Remember, these are two very, very
smart men; they are not charged with
being stupid men,” she said of Mr.
Kozlowski and Mr. Swartz.
“These crimes have an element of
sophistication so you can be sure that
when they were committing them they
built in an element of deniability.”
She added: “Every good scheme has it.
That is how white-collar criminals
work.”
• Mistrial on April 2, 2004.
Source: A.R. Sorkin, “Talk of Greed and Beyond at Tyco Trial,”
N.Y. Times, March 17, 2004, p. C-1.
88
Michael Comer’s Types of Fraud
Corruptions (e.g., kickbacks).
2. Conflicts of interest (e.g., drug/alcohol
abuse, part-time work).
3. Theft of assets.
4. False reporting or falsifying
performance (e.g., false accounts,
manipulating financial results).
5. Technological abuse (e.g., computer
related fraud, unauthorized Internet
browsing).
Comer’s Rule: Fraud can happen to
anyone at anytime.
1.
Source: M.J. Comer, Investigating Corporate Fraud,
Burlington, Vt.: Gower Publishing Co., 2003, pp. 4-5.
89
Occupational Frauds by Category
(U.S. only) – Frequency*
* The sum of percentages in this chart exceeds 100%
because several cases involved schemes from more
than one category.
Source: 2010 Report to the Nations on Occupational Fraud and
Abuse, p. 13.
90
Occupational Frauds by Category
(U.S. only) – Median Loss
Source: 2010 Report to the Nations on Occupational Fraud and
Abuse, p. 12.
91
How Corruption Occurs
Category
Conflicts of
Interest
Bribery
Illegal Gratuities
Extortion
%
61.6%
42.7%
29.8%
16.9%
Source: 2006 Wells Report, ACFE.
92
TRUTH
Given the right pressures, opportunities, and
rationalizations, many employees are capable of
committing fraud.
Bev Harris says that fraudsters and embezzlers are
the nicest people in the world:
Wide-eyed mothers of preschoolers. Your
best friend. CPAs with impeccable resumes.
People who profess deep religious
commitments. Your partner. Loyal business
managers who arrive early, stay late, and
never take a vacation. And sometimes, even
FAMILY MEMBERS. So if you’re looking for a
sinister waxed mustache and shifty eyes,
you’re in for a surprise – scoundrels come in
every description.
Source: “How to Unbezzle A Fortune,” www.talion.com/embezzle.htm, p. 1.
93
Starwoods Hotels Poll of Executives
Starwoods Hotels interviewed 401
top executives who golf. The
results are surprising.
Consider themselves to be honest in
business
99%
Played with someone who cheats at
golf
87%
Cheated themselves at golf
82%
Hated others who cheated at golf
82%
Believe that business and golf behaviors
are parallel
72%
Source: Del Jones, “Many CEOs Bend The Rules (of Golf),”
USA Today, June 26, 2002, p. A-1.
94
The Cost of Fraud
U.S. Organizations lose 5 percent of
annual revenue to fraud and abuse (7%
in 2008).
Fraud and abuse costs U.S.
organizations more than $994* billion
annually (about $6,860 per employee)
in 2008. $712.8 billion in 2010.
The average organization loses more
than $18.30 a day per employee due to
fraud and abuse.
* $652 billion in 2006. $660 billion in 2004.
Global 2010, $2.9 trillion.
Source: 2008 and 2010 Wells Reports
95
The Trillion Dollar Gorilla
(in Billions)
U.S. Business1
$256.32
Federal Government2
239.75
State Government3
354.21
Tax-exempts4
134.5
Local Government5
Annual Fraud (trillion)
68.4
$ 1.053
1. 2002 Statistics of Income, $1,281.6 trillion time 20%.
2. $2.3975 trillion budget times 10%
3. $3,542.1 million times 10%
4. $897 billion in revenue times 15%.
5. $684.6 billion times 10%.
96
Fraud Multiplier
Employee Fraud = $ for $ reduction in net
income
Suppose $100,000 bottom line reduction.
Suppose 20% profit margin
How much new revenue needed to offset
the lost income?
$100,000 = $500,000
20%
So ACFE says $994 billion* lost per year
(2008).
$994 billion = $4.97 trillion needed
20%
revenue
----------------------------------------------------The FBI estimates that white collar crime
is $300 billion each year in the U.S.
97
The Cost of Fraud (cont.)
Almost 90% of occupational frauds
involve asset misappropriations.
Average length of a fraud scheme is 18
months.
Most common way of detecting
occupational fraud is by tips from
employees, customers, vendors, or
anonymous sources.
Second way, by management review.
Third, internal controls (2nd in 2004).
Fourth most common detection: By
accident.
The most targeted asset is cash.
Source: 2010 Wells Report
98
Ernst & Young Study (2000)
Leading companies and public
bodies in 15 (82) countries
More than 82% (50%) have been
victims of fraud in the past year.
82% (84%) of total losses can be
attributed to staff.
33% (50%) of the most serious
frauds were committed by the
organization’s own management.
Most with company more than 5
years (25% more than 10 years).
Theft of cash and purchasing
schemes (i.e., employee kickbacks)
constituted the majority of frauds.
Reasons: Poor internal controls and
finance directors had a limited
knowledge of internal controls.
99
Ernst & Young 2002 Survey
• More than 20 percent of the respondents were
aware of fraud in their workplace.
• Nearly 80 percent would be willing to turn in a
colleague thought to be committing a fraudulent
act.
• Employers lose a staggering 20 percent of every
dollar earned to some type of workplace fraud.
• More frequently committed frauds are theft of
office items, claiming extra hours worked, inflating
expense accounts, and taking kickbacks from
suppliers.
• Women are more likely than men to report
fraudulent activities.
• Older employees were more likely to report
fraudulent activities than younger employees.
Ernst & Young. “American Works: Employers Lose 20 Percent
of Every Dollar to Work Place Fraud.” (2002) Available at
http://www.ey.com/global/Content.nsf/US/Media_Release_-_08100
05-02DC
Advantage of Compliance Spending
General Counsel Roundtable
says that each $1 of compliance
spending saves organizations, on
the average, $5.21 in heightened
avoidance of legal liabilities, harm
to the organization’s reputation,
and lost productivity.
Source: Jonny Frank, “Fraud Risk Assessments,” Internal
Auditor, April 2004, p. 47.
101
Some Research on Fraud
Primary motivation to commit fraud [Dechow et al.]
1. Desire to obtain low-cost loans.
2. Weaker governance system.
3. Experience higher cost of capital after fraud
discovered.
Summers and Sweeney [1998]:
In the presence of fraud, insiders reduce their
holdings of company stock through high levels of
selling activity.
Also, growth, inventory, and ROA differ
significantly.
102
Some Research on Fraud (cont.)
Skousen and Wright [2008]
Five present proxies:
1. Rapid asset growth.
2. Increased cash needs and external financing.
3. Internal v. external ownership of shares and
control of BOD.
Abbot et al. (2000)
1. Independence of the audit committee.
2. Frequency of audit committee meetings.
Dunn (2004)
1. Concentration of power in the hands of insiders.
103
Comparison of Selected Fraud Surveys
Type
KPMG
PwC
ACFE
Questionnaire
Interview
Questionnaire
Time Period
2005-2006
2005
2008-2009
Number of participants
(population)
4,056 (6,797)
3,634
1,843 (22,927)
Response
59.7%
Unknown
8%
Estimated fraud in U.S.
Not given
$1.7 million per
company
$2.9 trillion (global)
% of companies
experiencing fraud
74% reporting
misconduct
45% tangible fraud
Unclear
Highest fraud industry
Public sector
Retail/ Consumers
Banking/ Financial
Services
Second highest fraud
industry
Global
Manufacturers
Financial Services
Manufacturing
Top – Fraud detection –
Tips
Not given
28%
37.8%
Fraud detection – Internal
audits
Not given
26%
13.7%
Fraud detection – by
accident
Not given
6%
9.3%
Some recover of fraud
Not given
47%
57.9% [2008]
Gender of perps - male
Not given
87%
57.2%
Likely age
Not given
31-40 (38%)
42.8
Fraud by senior mgt.
Not given
24%
Not given
Fraud by Accounting dept.
Not given
Not given
24.0%
Fraud with undergraduate
degree
Not given
52%
28.8%
Best control measure
External audits
Internal audit
Second best control
measure
Internal audits
Management review
104
Schemes Committed by Perpetrators in the
Accounting Department – 367 Cases
Source: 2010 Wells Report, ACFE.
105
Frequency of Anti-Fraud Controls*
* ”External Audit of F/S” = independent external audits of the organization’s financial
statements
“Internal Audit / FE Department” = internal audit department or fraud examination
department
“External Audit of ICOFR” = independent audits of the organization’s internal controls
over financial reporting
“Management Certification of F/S” = management certification of the organization’s
financial statements
Source: 2010 Wells Report, ACFE.
106
Frequency of Occupational Fraud Schemes
Source: 2010 Wells Report, ACFE.
107
Source: 2010 Wells Report, ACFE.
108
Importance of Control in Detecting or
Limiting Fraud
Source: 2010 Wells Report, ACFE.
109
Primary Internal Control Weakness
Observed by CFEs
Source: 2010 Wells Report, ACFE.
110
Primary Internal Control Weakness by Size of
Victim Organization
Source: 2010 Wells Report, ACFE.
111
PWC 2007 Survey
Fraud's pervasiveness
Over 43 percent of the companies interviewed
reported suffering one or more significant economic
crimes.
The average loss from fraud per company
increased nearly 40 percent in two years from
roughly US$1.7 million in 2005 to approximately
US$2.4 million in 2007.
Over 80 percent of our respondents who suffered
fraud also stated that this had caused damage — or
significant damage — to their business.
No industry is immune from the threat posed by
economic crime although different sectors are
impacted by different types of fraud.
Management's impact
The level of collateral damage is directly proportional
to the seniority of the perpetrator. In 29 percent of the
occasions where senior managers were involved, the
collateral damage to the brand was very significant.
Controls and culture
Internal controls are not enough. An ethical corporate
culture plays an equally important role in deterring
fraud.
Companies with both ethical guidelines and
compliance programs report suffering fewer economic
crimes.
112
PWC 2007 Survey (cont.)
.
Emerging markets
Over 43 percent of the companies
interviewed reported suffering one or more
significant economic crimes in the past two
years.
Companies in which parent and
subsidiaries employed different accounting
systems where more susceptible to fraud
(61 percent of cases) than those operating
a unilateral system (52 percent).
E7 'experts' perceive significant risk
associated with levels of corruption, staff
integrity and legal environment in the
emerging markets.
Actual levels of reported fraud in the E7
countries are consistently high in the area
of asset misappropriation.
44 percent of IP infringement cases
(worldwide) that involved a perpetrator
overseas involved a perpetrator from
China.
Source: PWC Global Economic Crime Survey
2007
97
Scienter Necessary
To prove any type of fraud,
prosecutors must show that scienter
was present.
That is, the fraudster must have
known that his or her actions were
intended to deceive.
------------------------------------------------The allure of numbers to most of us, is
like the excitement of settling sand--a
narcoleptic surety. Crafty criminals
prey on this boredom. They pile on
the numbers, spewing meaningless
records in the false books.
Cory Johnson
114
Fraud
Legally, Black’s Law Dictionary defines fraud as:
All multifarious means which human ingenuity can
devise, and which are resorted to by one individual
to get an advantage over another by false
suggestions or suppression of the truth, and
includes all surprise, trick, cunning or dissembling,
and any unfair way by which another is cheated.
The four legal elements to fraud are
A false representation or willful omission regarding
a material fact.
The fraudster knew the representation was false.
The target relied on this misappropriation.
The victim suffered damages or incurred a loss.
---------------------------------------------------------------------
Institute of Internal Auditors definition:
Any illegal acts characterized by deceit,
concealment, or violation of trust. These acts
are not dependent upon the applications to
obtain money, property, or services; to avoid
payment or loss of services; or to secure
personal or business advantage.
115
Some Fraud Definitions
The primary factor that distinguishes fraud from error is
whether the underlying action is intentional or
unintentional. Fraud is an intentional act that results in a
material misstatement in financial statements that are the
subject of an audit. Two types of misstatements are
relevant to the auditor’s consideration of fraudmisstatements arising from financial reporting and
misstatements arising from misappropriation of assets.
AICPA, SAS #99/ PCAOB
-------------------------------------------------The deliberate misrepresentations of the financial
condition of an enterprise accomplished through the
intentional misstatement or omission of amounts or
disclosures in the financial statements to deceive financial
statement users.
ACFE
--------------------------------------------------
Fraud is any intentional act or omission designed to
deceive others, resulting in the victim suffering a loss
and/or the perpetrator achieving a gain.
Managing the Business Risk of Fraud: A Practical Guide, 2008, p.
5, IIA, AICPA, ACFE; http://www.acfe.com/documents/managingbusiness-risk.pdf.
116
How Fraud Occurs
Source: KPMG Fraud Study
117
Types of Fraud
Source: KPMG Fraud Study
118
Certain Fraud is Increasing
Source: KPMG Fraud Study
119
Source: 2010 Wells Report, ACFE.
120
Source: 2010 Wells Report, ACFE.
121
COSO 2010 Report
Nature of Fraud Companies
•
•
•
•
Median assets and revenues just
under $100 M
Median close to breakeven prior
to fraud
Stock trading –50% on NASDAQ
Variety of industries
Computer hardware/software
Other manufacturing
Healthcare/health products
Retailers/wholesalers
Source: Beasley et al., Fraudulent Financial Reporting, 19982007, COSO, 2010.
122
COSO 2010 Report (cont.)
Auditor Characteristics
•
Mostly Big N auditors
•
Higher percentage of fraud firm audit
reports were unqualified opinion with
explanatory paragraph
- 56% for fraud firms vs. 36%
for no-fraud firms
•
Limited analysis of SOX 404 reports
Source: Beasley et al., Fraudulent Financial Reporting, 1998-2007,
COSO, 2010.
123
COSO 2010 Report (cont.)
Auditor Characteristics (cont.)
•
Rate of auditor changes surrounding
fraud period twice the rate of change
for no-fraud firms (26% vs. 12%)
•
Auditor named in 23% of fraud cases
- 32 of 83 cases –auditor charged with
violating anti-fraud statutes aiding/
abetting violators
- Smaller auditors named more often
Source: Beasley et al., Fraudulent Financial Reporting, 1998-2007,
COSO, 2010.
124
COSO 2010 Report (cont.)
Source: Beasley et al., Fraudulent Financial Reporting, 1998-2007,
COSO, 2010.
125
COSO 2010 Report (cont.)
Alleged Perpetrators
•
89% of cases –CEO and/or CFO
named
•
Motivations include meeting
expectations, concealing
deteriorating financial condition,
preparing for debt/equity offering
Source: Beasley et al., Fraudulent Financial Reporting, 1998-2007,
COSO, 2010.
126
COSO 2010 Report (cont.)
Nature of Fraud
•
•
•
•
•
•
•
•
•
Median fraud $12 M, mean fraud $400
M
Average length about 2.5 years, median
2.0 years
61% involve revenue recognition
Variety of techniques –fictitious,
premature
51% overstated assets
Overvaluing existing assets (often
inventory and A/R)
Capitalizing expenses
Misappropriation of assets –14%
Most precede SOX due to AAER time lag
Source: Beasley et al., Fraudulent Financial Reporting, 1998-2007,
COSO, 2010.
127
COSO’s Major Motives for Fraud
1.
2.
3.
4.
Cover up assets misappropriated for
personal gain.
Increase the stock price to increase
the benefits of insider traders and to
receive higher cash proceeds when
issuing new securities.
Obtain national stock exchange
listing status or maintain minimum
exchange listing requirements to
avoid de-listing.
Avoiding a pretax loss and bolstering
other financial results.
128
COSO Survey (1999)
• Financial pressures were important contributory
factors for the commitment of financial statement
fraud (FSF).
• Top executives (e.g., CEOs, CFOs) were commonly
involved in FSF.
• The majority of alleged FSF were committed by
small companies.
• Board of directors and audit committees of the fraud
companies were weak and ineffective.
• Adverse consequences for fraud companies were
bankruptcy, significant changes in ownership, and
delisting by national stock exchanges.
• Cumulative amounts of FSF were relatively
significant and large.
• More than half of the alleged FSF involved
overstatement of revenues.
• Most FSF were not isolated to a single fiscal period.
• Fifty-five percent of the audit reports issued in the
last year of the fraud period contained unqualified
opinions.
•The majority of the sample fraud companies (56
percent) were audited by Big Eight/Big Five auditing
firms.
129
Business Fraud Survey (1999)
1. Nearly 15 percent reported management
misappropriation as the greatest fraud risk to their
organization.
2. Sixty percent of the respondent reported their
department’s fraud risk analysis process as being
reactive in nature.
3. The majority of respondents (72 percent) reported
that their organization did not have fraud detection
and deterrence programs in place.
4. The majority of respondents (68 percent) reported
that they never felt pressured to compromise the
adherence to their organization’s standard of ethical
conduct.
5. The majority of the respondents reported their
organization’s external auditors as being
ineffective in preventing and detecting fraud.
6. The majority of the respondents believed that more
budgets should be devoted to fraud-related activities
and training in department.
The Institute of Management and Administration (IOMA) and the Institute
of Internal Auditors(IIA). “Business Fraud Survey.” (1999). Available at
http://www.theiia.org
130
One Piece at a Time
Johnny Cash
(1976)
131
One Piece At A Time
Well, I left Kentucky back in '49
An' went to Detroit workin' on a 'sembly line
The first year they had me puttin' wheels on cadillacs
Every day I'd watch them beauties roll by
And sometimes I'd hang my head and cry
'Cause I always wanted me one that was long and
black.
One day I devised myself a plan
That should be the envy of most any man
I'd sneak it out of there in a lunchbox in my hand
Now gettin' caught meant gettin' fired
But I figured I'd have it all by the time I retired
I'd have me a car worth at least a hundred grand.
CHORUS
I'd get it one piece at a time
And it wouldn't cost me a dime
You'll know it's me when I come through your town
I'm gonna ride around in style
I'm gonna drive everybody wild
'Cause I'll have the only one there is a round.
So the very next day when I punched in
With my big lunchbox and with help from my friends
I left that day with a lunch box full of gears
Now, I never considered myself a thief
GM wouldn't miss just one little piece
Especially if I strung it out over several years.
132
One Piece At A Time
The first day I got me a fuel pump
And the next day I got me an engine and a trunk
Then I got me a transmission and all of the chrome
The little things I could get in my big lunchbox
Like nuts, an' bolts, and all four shocks
But the big stuff we snuck out in my buddy's mobile home.
Now, up to now my plan went all right
'Til we tried to put it all together one night
And that's when we noticed that something was definitely
wrong.
The transmission was a '53
And the motor turned out to be a '73
And when we tried to put in the bolts all the holes were gone.
So we drilled it out so that it would fit
And with a little bit of help with an A-daptor kit
We had that engine runnin' just like a song
Now the headlight' was another sight
We had two on the left and one on the right
But when we pulled out the switch all three of 'em come on.
The back end looked kinda funny too
But we put it together and when we got thru
Well, that's when we noticed that we only had one tail-fin
About that time my wife walked out
And I could see in her eyes that she had her doubts
But she opened the door and said "Honey, take me for a
spin."
.
133
One Piece At A Time
So we drove up town just to get the tags
And I headed her right on down main drag
I could hear everybody laughin' for blocks around
But up there at the court house they didn't laugh
'Cause to type it up it took the whole staff
And when they got through the title weighed sixty pounds
CHORUS
I got it one piece at a time
And it didn't cost me a dime
You'll know it's me when I come through your town
I'm gonna ride around in style
I'm gonna drive everybody wild
'Cause I'll have the only one there is around.
(Spoken) Ugh! Yow, RED RYDER
This is the COTTON MOUTH
In the PSYCHO-BILLY CADILLAC Come on
Huh, This is the COTTON MOUTH
And negatory on the cost of this mow-chine there RED
RYDER
You might say I went right up to the factory
And picked it up, it's cheaper that way
Ugh!, what model is it?
Well, It's a '49, '50, '51, '52, '53, '54, '55, '56
'57, '58' 59' automobile
It's a '60, '61, '62, '63, '64, '65, '66, '67
'68, '69, '70 automobile.
134
Missing Fraud
Auditors will continue to miss fraud
because much of their work is predicted on
the assumption that separation of duties
prevents fraud (i.e., one person hold the
money and another person keeps track of
it). The Equity Funding case shakes the
foundations of auditing in that so much is
based on the assumption that people
don’t collude very long. These people
work together as an efficient team for a
very long time [9 years].
Lee Seidler
------------------------------------------“When the sun goes down, then the
sneaks will play at night.”
From Porter Wagoner “Sneaks Crawl at Night.” 135
The Perpetrators
First-time offenders (93% 2008).
Losses from fraud caused by
managers and executives were 3.5
times greater than those caused by
non-managerial employees [2002].
Losses caused by men were 3 times
those caused by women [53% males];
[Male, 59.1%, 2008].
Losses caused by perpetrators 60
and older were 27 times those
caused by perpetrators 25 or younger
[2002].
Losses caused by perpetrators with
post-graduate degrees were more
than 3.5 times greater than those
caused by high school graduates
[2002].
Acted alone (63.9% in 2008).
Source: 2008/ 2002 ACFE Report
136
FBI Part 2 Offenses — Female
Embezzlement
Fraud
Forgery
Larceny – theft
Serial Killer (62)
41%
39%
36%
33%
20%
137
White-collar criminals have these
characteristics:
Likely to be married.
Member of a church.
Educated beyond high school.
No arrest record.
Age range from teens to over
60.
Socially conforming.
Employment tenure from 1 to
20 years.
Acts alone 70% of the time.
Source: Jack Robertson, Fraud Examination for
Managers and Auditors (1997).
138
Other Characteristics of Occupational Fraudsters:
Egotistical
Risk taker
Hard Worker
Greedy
Disgruntled or a
complainer
Overwhelming
desire for personal
gain
Pressured to
perform
Inquisitive
Rule breaker
Under stress
Financial need
Big spender
Close
relationship with
vendors /
suppliers
Source: Lisa Eversole, “Profile of a Fraudster,” Some Fraud
Stuff,
http://www.bus.lsu.edu/accounting/faculty/lcrumbley/fraudste
r.html
139
Quotes
To be a forensic auditor, you have
to have a knowledge of fraud,
what fraud looks like, how it works,
and how and why people steal.
- Robert J. Lindquist
"Finding fraud is like using a metal
detector at a city dump to find rare
coins. You're going to have a lot of
false hits."
- D. Larry Crumbley
“Fraud can be best prevented by good
people asking the right questions at
the right time.”
- Michael J. Comer
140
“Finding fraud is like trying to load frogs
on to a wheelbarrow.”
Larry Crumbley
It’s easy to fall in love;
It’s easy to commit fraud;
It’s hard to catch the fraud.
141
Fraud Catching
Finding fraud is like trying to herd
cats and chickens.
There is a chicken catching
machine (150 chickens per
minute),* but there is no perfect
fraud catching machine.
D. Larry Crumbley
* PH2000 mechanical chicken harvester.
Scott Kilman, “Poultry in Motion: Chicken
Catching Goes High Tech,” Wall Street
Journal, June 4, 2003, p. A-1. Human can
catch about 1,000 an hour. $200,000 cost.
142
How Fraud Is Detected
2010
2008
2006
46.2%
34.2%
8.3%
20%
25.4%
13.9%
19.4%
20.2%
NA
23.3%
19.2%
1.
Tips
40.2%
2.
Management
review
15.4%
2.
By accident
3.
Internal audit
4.
Internal
controls
5.
External audits
4.6%
9.1%
12.0%
6.
Notification by
police
1.8%
3.2%
3.8%
Source: 2008/ 2006/ 2004 Wells Reports, ACFE.
A British publication suggests that prosecutors think
that accountants have x-ray vision. “It is assumed
that if an accountant stares really hard at a set of
accounts, then somehow, magically, information will
appear before his/ her eyes that are invisible to lesser
mortals.”
NIFA News, Number 10, p.1.
143
Sources of Tips
2008
2006
Employee
57.7%
64.1%
Customer
17.6%
10.7%
Vendor
12.3%
7.1%
Shareholder/ owner
9.2%
NA
Anonymous
8.9%
18.1%
Competitor
1.0%
NA
Source: 2008/ 2006 Wells Report, ACFE.
144
Tips Are Important
Some of the biggest recent accounting
scandals (e.g., HealthSouth, Xerox, Waste
Management) involve situations where the
auditors were tipped off or otherwise
alerted to possible frauds but they failed to
investigate them deeply enough.
In her book Power Failure, Sherron
Watkins says she talked to Jim Hecker, at
Arthur Andersen, on the phone about the
dangers of the Raptors and Fastow’s
inherent conflict. Hecker wrote a memo to
the files and forwarded copies to David
Duncan and Enron’s audit partner, Debra
Cash. His note: “Here is my draft memo, for
your review, for ‘smoking guns’ that you can
not extinguish.” p. 285.
145
Finding Fraud In The Midst of a Conspiracy
When speaking about the fraud of HealthSouth, a
spokesman for Ernst & Young emphasized the
difficulty of detecting accounting fraud in the
midst of a conspiracy of senior executives and
false documentation.
An accountant testified that HealthSouth employees
would move expenses of $500 to $4,999 from
the income statement to the balance sheet
throughout the year. Overall the SEC said about
$1 billion in fixed assets were falsely entered. The
employees moved only those expenses less than
$5,000, because Ernst & Young automatically
looked at those expenses over $5,000.
An ex-bookkeeper even sent Ernst & Young an email flagging one area of the fraud, but E & Y still
did not catch it. Employees actually produced
false invoices when the accounting firm asked for
back-up.
Source: Charles Mollenkamp, “Accountant Tried in Vain to Expose
HealthSouth Fraud,” Wall Street Journal, May 20, 2003, pp. A-1
and A-13.
146
Quotes
You should attack fraud problems
the way the fictional Sherlock
Holmes approached murder cases
D. Larry Crumbley
--------------------------------------------
To be a good fraud auditor, you
have to be a good detective.
Source: Robert J. Lindquist
-------------------------------------------------------
Many lap-dog internal and
external auditors need to be
replaced with junkyard dogs.
D. Larry Crumbley
147
Difficult Task
More forensic techniques should
become a part of both external and internal
auditing. But Stephen Seliskar says that “in
terms of the sheer labor, the magnitude of
effort, time and expense required to do a
single, very focused [forensic] investigation
-- as contrasted to auditing a set of the
financial statements -- the difference is
incredible.” It is physically impossible to
conduct a generic fraud investigation of an
entire business.
Source: Eric Krell, “Will Forensic Accounting Go
Mainstream?” Business Finance Journal, October 2002,
pp. 30-34.
www.investigation.com/artilces/library/2002Articles/15.ht
m.
148
Stealth
Once a forensic accountant [e.g., Cr.FA,
CFE, CFFA] is engaged, Michael Kessler
says that they should not be disruptive.
Most employees are not aware that an
investigation is taking place. We go in as
just another set of auditors, favoring a
Columbo-esque investigative style. “We
don’t wear special windbreakers that say
‘forensic accountant.’”
Source: Eric Krell, “Will Forensic Accounting Go
Mainstream?” Business Finance Journal, October 2002,
pp. 30-34.
www.investigation.com/articles/library/2002Articles/15.ht
m
149
Kessler Survey (2001)
About 13% of employees are
fundamentally dishonest.
Employees out-steal shoplifters.
About 21% of employees are
honest.
But 66% are encouraged to steal if
they see others doing it without
repercussion.
Source: “Studies Show 13% of employees are fundamentally
dishonest,” KesslerNews, November 1, 2001,
www.investigation.com/articles/library/2001articles.
--------------------------------------------------------------------------------------
30% of people in U.S. are dishonest.
30% situational dishonest.
40% are honest all of the time.
Source: R.C. Hollinger, Dishonesty in the Workplace, Park Rider, N.Y.:
London House Press, 1989, pp. 1-5.
150
Store Theft Costs ($42.2 billion)
Retail crime over past year (11/10/09)
cost to average family $435 in the U.S.
Employee theft, $18.7 billion.
Shoplifting cost sellers, $15 billion.
Others, $6.8 billion.
Total retail crime rose 5.9% to $115
billion.
P.B. Kavilanz, “Store Theft Cost to Your
Family: $435,” cnnmoney.com, November
10, 2009.
Difficult to Measure Integrity
Richard Davis says there is no
psychometric way to measure
integrity, so forget about personality
tests to pick the fraudsters. They
are easily faked.
He is more hopeful about new
methods involving
microexpressions, or those brief
facial expressions that may reveal a
person’s predisposition to fraud.
Watch “Lie to Me.”
Source: S.L. Mintz, “The Gauge of Innocence,” CFO, April 2009,
p. 57.
152
Little Has Changed: CFO Survey
Nearly half of CFOs – 47 percent – report
they still feel pressure from their superiors
to use aggressive accounting to make
results look better.
What is worrisome is that the pressure to
make the numbers hasn’t abated much. Of
these who have felt pressure in the past,
only 38 percent think there is less pressure
today than there was three years ago, and
20 percent say there is more.
Few finance executives have much
confidence in the numbers their colleagues
are reporting. Only 27 percent say that if
they were investing their own money, they
would feel “very confident” about the
quality and completeness of information
available about public companies.
Source: Don Durfee, “It’s Better (and Worse) Than You Think,” CFO Magazine, May 3, 2004.
153
Some Infamous Financial Statement Frauds
Tyco
•
•
•
•
•
•
•
Adelphia [Greek for brothers]
•
•
•
Moved debt to subsidiaries which were not consolidated.
Personal loans to the Rigas family (self-dealing).
Falsified operations statistics and inflated earnings.
Xerox
•
•
Large interest-free loans to officers; then forgiven ($87.1 million).
Unauthorized bonuses (no approval of BOD).
Fake documents showing no loans outstanding.
SEC found that PwC had prior knowledge of fraud back to 1998.
Undisclosed real estate transaction with related parties.
False entries in books to cover-up bribes given to foreign officials.
If numbers did not meet expectations, Richard Scrushy told
employees to “fix them.”
Accelerated revenues from leasing equipment.
Cookie jar reserves.
Sunbeam
•
•
•
•
Cookie-jar restructuring reserves.
Channel stuffing.
Guaranteed sales.
Improper bill and hold.
154
Some Infamous Financial Statement Frauds
Waste Management
•
•
•
•
HPL Technologies (2001-2002)
•
•
•
Reduced depreciation expense by inflating salvage value and
extending useful lives.
No write-offs for unsuccessful land projects.
Improperly capitalized a number of expenses.
Made top drawer adjustments.
Created many fake purchase orders from Canon sales (a
Japanese distributor). Printed and pasted Canon signatures on
the documents.
Altered bank records to create millions of dollars in nonexistence
customer payments.
Borrowed millions from his brokerage account (secured by HPL
stock) and channeled the funds into the company in the form of
payments.
Baptist Foundation of Arizona
•
•
•
•
Set up subsidiaries owned by insiders to buy real estate (which
had crashed in value) from BFA.
BFA then recorded notes receivables in the amount of the book
values.
Ran a ponzi scheme using new investors’ money to pay old
investors high returns.
Refused to give Arthur Anderson financial statements of the
subsidiaries.
155
D.R. Cressey’s Fraud Pyramid
Don’t think you’re the only ones
Who bend it, break it, stretch it some.
We learn from you.
Girls lie, too
Terri Clark
156
SAS No. 99 Characteristics of
Fraud
Incentives / pressures
Attitude /
Rationalization
Opportunity
157
Fraud Pyramid
Motive
Excessive spending to keep up appearances of
wealth.
Other, outside business financial strains.
An illicit romantic relationship.
Alcohol, drug or gambling abuse problems.
Opportunity
Lack of internal controls.
Perception of detection = proactive preventative
measure.
Rationalization (reduces offender’s inhibitions)
“Borrowing” money temporarily.
Justifying the theft out of a sense of being
underpaid. (“I was only taking what was mine.”)
Depersonalizing the victim of the theft. (I wasn’t
stealing from my boss; I was stealing from the
company.”)
158
Psychology of Fraud
Fraud can be explained by three factors:
•
•
•
Supply of motivated offenders.
Availability of suitable targets.
Absence of capable guardians (e.g.,
internal controls).
The three B’s -- babes, booze, and bets.
Some fraudsters wish to make fools of
their victims. They take delight in the act
itself.
Risk of fraud is a product of both
personality and environmental (or
situational) variables.
Grace Duffield and Peter Grabosky, “The Psychology of Fraud,” Australian
Institute of Criminology, No. 19.
159
Reasons for Fraud
A 2007 study discovered that the
primary reasons for fraud are
“pressures to do whatever it takes to
meet
goals”
(81
percent
of
respondents) and “to seek personal
gain” (72 percent).
Many respondents indicated that “they
do not consider their actions
fraudulent” (40 percent) as a reason for
wrongful behavior.
Source: Oversight Systems Report on Corporate Fraud,
2007, www.oversightsystems.com; Managing the Business
Risk of Fraud: A Practical Guide, IIA, AICPA, ACFE;
http://www.acfe.com/documents/managing-businessrisk.pdf, 2008, p. 6.
160
The Fraud Diamond
Incentive/ Pressures
Capacity
Opportunity
Rationalization/ Integrity
Capacity: Necessary traits; abilities; can pull it
off; positional authority
D.T. Wolfe and D.R. Hermanson, “The Fraud Diamond:
Considering The Four Elements of Fraud,” The CPA J.,
December, 2004, pp. 38-42.
161
The Fraud Pentagon
Pressure
Personal
Greed
Opportunity
Employee
Disenfranchisement
Rationalization
Source: P.D. Goldmann, Fraud in the Markets, John Wiley &
Sons, 2010, pp. 24-25.
162
Reframing
Behavioral psychologists call this
rationalization “reframing,” where someone
who is about to cheat will adjust the
definition of cheating to exclude his or her
actions.
Dan Ariely says “people who would never
take $5 from petty cash have no problem
paying for a drink for a stranger and putting
it on a company tab.”
Source: S.L. Mintz, “The Gauge of Innocence,”
CFO, April 2009, p. 56.
163
Rationalization
Sherron Watkins provides an
excellent comment about
rationalization with respect to
Enron’s Jeff Skilling and Andy
Fastow.
At what point did they turn
crooked? “But there is not a
defining point where they became
corrupt. It was one small step after
another, with more and more
rationalizations. There was a slow
erosion of values over time.”
Source: Pamela Colloff, “The WhistleBlower,” Texas Monthly, April 2003, p. 141.
164
Greed
“I don’t see many ways to eliminate greed; it
is an inherent part of the human
character. So antifraud measures must
be aimed at educating people on the
risks and the type of technical controls
that they can implement.”
Alan Oliphant
Source: David G. Banks, “The Fight Against
Fraud,” Internal Auditor, April 2004, pp.
36-37.
------------------------------------------------“It was definitely the perfect fraud……..
unfortunately they hired the perfect
investigator.”
Cartoon in M.J. Comer’s book
165
Example of Greed (or Incentive)
Three Duke Energy employees were
charged in April 2004 for allegedly ginning up
“phony electricity and material-gas trades to
boost trading volumes” and inflating “profits
in a trading book that was the basis of their
annual profits.”
“The trading schemes are alleged to have
inflated their bonuses by at least $7 million”
between March 2001 and May 2002. There
were 400 rigged trades that produced a $50
million profit in the trade books.
Duke used mark-to-market accounting to
record profit and loss contracts that might not
be settled for years.
So called “round-trips trades (or wash
sales) were used to jack up reported trading
volumes.
Source: Rebecca Smith, “Former Employees of Duke Charged Over Wash
Trades,” WSJ, April 22, 2004, p. A-15.
166
KPMG’s Causes or Indicators of Fraud
(1998)
Personal financial pressure.
Substance abuse.
Gambling.
Real or imagined grievances.
Ongoing transactions with related parties.
Increased stress.
Internal pressures to meet
deadlines/budgets.
Short vacations.
Unusual hours.
Source: KPMG’s 1998 Fraud Survey
I’m gonna keep follow’
a feelin.’
Till I find what I’m
looking for.
Austin Sherrie
167
Fraud’s Fatal Failings
85% of fraud victims never get
their money or property back.
Most investigations flounder,
leaving the victims to defend
for themselves against
counter-attacks by hostile
parties.
30% of companies that fail do
so because of fraud.
Source: Michael J. Comer, Investigating
Corporate Fraud, Burlington, VT: Gower
Publishing, 2003, p. 9.
168
SOX’s Effects on Smaller Firms
1.
Smaller firms have incurred higher SOXrelated costs.
2.
3.
4.
5.
6.
Larger increase in audit fees – ineffective internal
controls.
Complex standards affect smaller firms because
they lack in-house staff.
Larger firms stopped working with smaller firms.
Larger non-audit fees.
Directors fees much higher.
Potential benefits for smaller firms are
higher for small firms.
Overall, SOX imposes a net loss on all firms.
CEOs and CFOs spent as much as 90% of
their time on compliance, forcing them to
defer investments.
SOX reduced the value of small firms—no
effect or positive for large firms.
Source: E. Kamar, P.K. Mandic, and E. Talley, “SOX’s Effects on
Small Firms: What Is the Evidence?” June 2007.
169
Sarbanes-Oxley Act Creates Need For
Forensic Accounting
1.
2.
To assist corporations in their quest to
ensure compliance with the mandates
of S-O.
Public accounting firms must introduce
forensic techniques into audits, and
they may request help from forensic
experts.
------------------------------------------------Robbers do not need guns. Pencil and
paper will do. Opportunity and greed
are thievery’s driving forces. Put
enough zeroes behind a number, and
it’s amazing how flexible morals
become. How many years in prison
would you do to accumulate a half a
billion dollars in your bank account?
John H. Bolt
170
Section 404-Sarbanes-Oxley
Beginning June 2004, large
companies must have in place
tight internal controls, assess the
effectiveness of these controls
annually (and issue a report of
their effectiveness), and pay for
an independent assessment by
external auditors.
Need an internal control
framework (e.g., COSO or
similar).
Companies are paying steep
fees to fund the PCAOB.
Audit fees have increased by as
much as 30% since S/O.
171
Six-Legged Table of Financial Statements
Audit
Committee
Top
Board of Directors
Manageme
nt
Internal
PCAOB and
SEC
External
Auditor
Auditors
In a baseball analogy, think of the pitcher
as the auditee, the catcher as the internal
auditor, the manager as top management,
the scorekeeper as the external auditor,
and the umpire would be PCAOB (SEC).
The scoreboard could be the general
ledger.
The Big “R”
172
Parallel Universe: Two Opinions
External auditors must do a regular
audit of a company (e.g., financial
statements are fairly stated) and must also
audit the internal controls that are to
ensure that the financial statements are
accurate (e.g., issue two opinions).
Prior to the external auditors’ arrival,
the company itself must review its internal
controls and issue a report on the
effectiveness of these controls.
There will be two external opinions: on
management’s assessment of the internal
controls over financial reporting and
another one on the effectiveness of the
internal controls themselves (e.g.,
statements are fairly stated).
PCAOB Release 2004-001.
173
Anti-Fraud Strategy
The company’s stance on fraud
and other breaches of the ethical
code.
What will be done and by whom in
the case that frauds or other
breaches are suspected.
The key initiatives which the
company proposes;
Who will lead these initiatives.
Clear deadlines and measures for
monitoring effectiveness of
implementation.
Source: David Davies, Fraud Watch, 2nd Edition., London, ABG
Professional Information, 2000, p. 77.
174
Anti-Fraud Program
An auditor must perform
“company-wide anti-fraud programs
and controls and work related to other
controls that have a pervasive effect on
the company, such as general controls
over the company’s electronic data
processing.”
Further, the auditor must
“obtain directly the ‘principal evidence’
about the effectiveness of internal
controls.”
PCAOB endorses the COSO
Cube [pp. 24-26 and A-25 and A-26]
Source: PCAOB Release 2004-001.
175
Frameworks Being Used by CFOs
• COSO
82%
• Auditing Standard No. 2 [now #5]
28%
• COBIT (Control/ Objectives
for Inf./ Related Technology)
• SAS 55/78 (AICPA)
• Others
33%
13%
2%
Source: Helen Shaw, “The Trouble with COSO,” CFO, March
2006, p.75.
176
COSO CUBE
(5 components of internal controls)
177
HIERARCHY OF INTERNAL CONTROL NEEDS
178
The COSO Model
1.
2.
3.
4.
5.
Control environment – management’s
attitude toward controls, or the “tone at the
top.”
Risk assessment – management’s
assessment of the factors that could prevent
the organization from meeting its objectives.
Control activities – specific policies and
procedures that provide a reasonable
assurance that the organization will meet its
objectives. The control activities should
address the risks identified by management
in its risk assessment.
Information and communication – system
that allows management to evaluate
progress toward meeting the organization’s
objectives.
Monitoring – continuous monitoring of the
internal control process with appropriate
modification made as deemed necessary.
www.erm.cosous.org
179
COSO New Cube: Enterprise Risk Management
Source: erm.coso.org. See Apostolou and Crumbley, “ Sarbanes-Oxley
Fall-out Leads to Auditing Standards No. 2: Importance of Internal
Controls,” The Value Examiner, November/December 2004, pp. 55-60.
180
Management Control Philosophy
Fraudulent Financial Reporting more likely
to occur if
Firm has a poor management control philosophy.
Weak control structures.
Strong motive for engaging in financial statement
fraud.
Poor management philosophy:
Large numbers of related party transactions.
Continuing presence of the firm’s founder.
Absence of a long-term institutional investor.
Source: Paul Dunn “Aspect of Management Control Philosophy that
contributes to fraudulent Financial Reporting,” Journal of Forensic
Accounting, Vol. IV (2003), pp. 35-60
181
CONTROL ACTIVITIES
Segregation of Accounting Duties
Effective segregation of accounting
duties is achieved when the following
functions are separated:
Authorization—approving transactions and
decisions.
Recording—Preparing source documents;
maintaining journals, ledgers, or other files;
preparing reconciliations; and preparing
performance reports.
Custody—Handling cash, maintaining an
inventory storeroom, receiving incoming
customer checks, writing checks on the
organization’s bank account.
If any two of the preceding functions
are the responsibility of one person,
then problems can arise.
Source: Accounting Information Systems, 10e
Romney/Steinbart, PH
182
Segregation of Duties
•
Person in charge of receiving cash
or custody of cash should not be in
charge of accounting for it.
•
Treasurer should receive cash
receipts.
•
Controller should account for it
(with bank reconciliations).
183
Segregation of Duties (cont.)
Example: President’s secretary kept
the books, received the bank
statements, and did the
reconciliations.
•
Found checks that agreed in detail
with disbursement journal, except
dates on front and clearance dates
on back.
•
Check numbers in current year were
in the same number sequence as
past year.
•
She wrote herself a check but
pulled it and replaced it with a
previous year valid check.
184
Gross Profit Analysis
•
Bar was experiencing a lower gross
margin on drink.
•
One Sunday evening secretly
marked the levels of each bottle of
wine and liquor.
•
Once the levels of the bottles were
checked in a few days and the
number of drinks poured were
calculated, the skimming
bartenders were caught.
185
Risk Assessment Benefits
A major step in a forensic audit is to
conduct a risk assessment, which entails a
comprehensive review and analysis of program
operations in order to determine where risks
exists and what those risks are.
Any operation developed during the risk
assessment process provides the foundation
or basis upon which management can
determine the nature and type of corrective
actions needed.
A risk assessment helps an auditor to
target high-risk areas where the greatest
vulnerabilities exist and develop
recommendations to strength internal controls
Source: B.l. Derby, “Data Mining for Improper Payments,”
Journal of Government Management, Winter 2003,
Vol.52, No. 4, pp. 10-13.
186
Fraud Risk Assessment
Ernst & Young report found that
organizations that had not
performed fraud vulnerability
reviews were almost two-thirds
more likely to have suffered a
fraud within the past 12 months.
J.W. Koletar, p. 167.
A company should have a fraud
risk assessment performed of
their controls, procedures,
systems, and operations. J.W.
Koletar, p. 166.
Sources: J.W. Koletar, Fraud Exposed, John Wiley &
Sons, 2003
187
Three Key Elements: Fraud Risk Assessment
• Identify inherent fraud risk — Gather information to obtain
the population of fraud risks that could apply to the
organization. Included in this process is the explicit
consideration of all types of fraud schemes and scenarios;
incentives, pressures, and opportunities to commit fraud;
and IT fraud risks specific to the organization.
• Assess likelihood and significance of inherent fraud risk —
Assess the relative likelihood and potential significance of
identified fraud risks based on historical information,
known fraud schemes, and interviews with staff, including
business process owners.
• Respond to reasonably likely and significant inherent and
residual fraud risks — Decide what the response should be
to address the identified risks and perform a cost-benefit
analysis of fraud risks over which the organization wants
to implement controls or specific fraud detection
procedures.
Source: Managing the Business Risk of Fraud: A Practical Guide, IIA,
AICPA, ACFE; http://www.acfe.com/documents/managingbusiness-risk.pdf, 2008, p. 20.
188
Important Elements: Fraud Risk Program
Roles and responsibilities (e.g., BOD, audit
committee, management, staff, internal auditing
department).
Commitment (e.g., code of conduct).
Fraud awareness (e.g., periodic assessment, training
and communication).
Affirmation process (e.g., acknowledgement of the
code).
Conflict disclosure (by executives, employees, and
contractors).
Fraud risk assessment.
Reporting procedures and whistleblower protection.
Investigation process (documented protocol).
Corrective action (civil, criminal action, disciplinary).
Quality assurance.
Continuous monitoring.
Source: Managing the Business Risk of Fraud: A Practical Guide, IIA, AICPA,
ACFE; http://www.acfe.com/documents/managing-business-risk.pdf,
2008, p. 6.
189
Swimming Lanes
Mary Ben
Controls
Cash
X
Entries in
Books
X
Deposits
Checks
Does
Reconciling
Controls
Accounts
Receivable
Jane Sam
X
X
X
X
X
X
X
X
X
X
190
Sophisticated Approaches
1.
2.
3.
The Quad Method
The Staggered Box Method
The Chessboard Method
191
COSO Guidance
Risk Assessment Matrix
See COSO, “Guidance for Smaller
Public Companies,”
www.ic.coso.org
192
PCAOB’s AS2 Report:
Hindrances
1.
2.
3.
4.
5.
6.
7.
Failure to coordinate or integrate the
AS2 audit of internal controls with the
financial audit.
Doing detail testing before the top
down audit looking for the high risk
areas (e.g., fishing).
Inadequate consideration of the
unique risk factors of the company
(e.g., avoid the checklist mentality).
Do not audit the low risk areas.
Inefficient walkthroughs of
transaction controls.
Too little reliance on others.
Insufficient evaluation of
compensating controls when there is
a discovery of control deficiencies.
Inadequate testing of controls over
financial statement presentation and
disclosures.
193
GAP Analysis
Actual Internal Controls
Organization’s Stated Internal
Controls
Best Practice Internal Controls
194
SAS No. 99 Types of Fraud
Unlike errors, fraud is intentional and
most often involves deliberate
concealment of facts by management,
employees, or third parties
Fraudulent Financial Reporting: does
not follow GAAP (e.g., recording
fictitious sales)
Misappropriation of Assets:
embezzling receipts, stealing assets,
or causing an entity to pay for goods
or services that have not been
received.
Often accomplished by false or
misleading records or documents,
possibly created by circumventing
internal controls.
195
Fraudulent financial reporting may occur
by the following:
Manipulation, falsification, or
alteration of accounting
records, or supporting
documents from which
financial statements are
prepared.
Misrepresentation in or
intentional omission from the
financial statements of events,
transactions, or other
significant information.
Intentional misapplication of
accounting principles relating
to amounts, classification,
manner of presentation, or
disclosure.
Source: SAS No. 99, “Consideration of Fraud in a
Financial Statement Audit,” New York: AICPA
196
Falsification
Enron’s crude oil trading operation based in
Valhalla, New York was fictitious, according
to one auditor. “It was pretend. It was a
playhouse. There were a lot of expensive
people working there, and it was impressive
looking, but it wasn’t legitimate work.
The traders were keeping two sets of
books, one for legitimate purposes – to
show Enron and auditors from Arthur
Andersen – one other set in which to record
their ill-gotten gains.
Source: Mimi Swartz and Sherron Watkins, Power
Failure, New York: Doubleday, 2003, p.31.
197
SAS No. 99 Ways to Overcome the Risk of
Management Override of Controls
Examining journal entries
and other adjustments.
Reviewing accounting
estimates for bias,
including a retrospective
review of significant
management estimates.
Evaluating the business
rationale for significant
unusual transactions.
198
Parmalat Deceptions
Parmalat, an Italian diary company, had a
nonexistence Bank of America bank
account worth $4.83 billion. A SEC lawsuit
asserts that Parmalat “engaged in one of
the largest and most brazen corporate
financial frauds in history.”
Apparently, the auditors Grant Thornton
relied on a fake Bank of America
confirmation prepared by the company.
SAS No. 99 does not prohibit clients from
preparing confirmations.
The fraud continued for more than a
decade. At least $9 billion unaccounted for.
Therefore, the audited company should not
be in control of the confirmation process.
The owner treated the public company as
if it was his own bank account.
An unaware phone operator was the fake
chief executive of more than 25 affiliated
companies.
Some $3.6 billion in bonds claimed to be
repurchased had not really been bought.
199
Examples
Enron issued $1.2 billion of stock to
special purpose entities and recorded a
$1.2 billion notes receivable (rather than
a contra account to stockholders equity).
Both assets and owners equity were
overstated by $1.2 billion.
HealthSouth allegedly overstated profits
by at least $14 billion by billing Medicare
for physical – therapy services the
company never performed. The company
submitted falsified documents to
Medicare to verify the claims over 10
years.
E&Y collected $2.6 million from
HealthSouth (as audit-related fees) to
check the cleanliness and physical
appearances of 1,800 facilities. A 50point checklist was used by dozens of
junior-level accountants in unannounced
visits. For 2000, E&Y audit fee, $1.03
million; other fees, $2.65 million.
200
Embezzlement and Slush Funds
Chung Mong-Koo, chairman of Hyundai
Motor, South Korea’s largest carmaker,
was sentenced to three years in prison in
February 2007, for embezzlement, breach
of trust, and secretively setting up slush
funds.
Mr. Chung embezzled about $100 million
of company funds and inflicted about $224
million of damage on group affiliates during
rights issues.
Convicted of using deals to boost his
financial gains and those of his son, who
runs affiliate Kia Motors.
Welcomed by corporate governance
campaigners which showed that Korea
would no longer tolerate chaebol owners
using their companies to pursue their
personal interests.
Although he owned only 5%, he ran it as a
family business. Employees were terrified
of him. Whistleblower alerted authorities of
the slush funds.
Song Jung-a, “Hyundai Chief’s Prison Term Compounds Woes of Car
Giant,” Financial Times, February 6, 2007, p. 15.
201
Easiest Way to Cook the Books?
A large number of financial frauds are
accomplished by simply booking late
entries.
Thomas Ray, chief auditor of PCAOB: “It’s
the easiest way to commit fraud.”
Ray: “It’s the easiest to find.”
But Dell, Inc. cooked the books for four
years without PwC’s knowledge.
Source: “Auditors Told to Go Harder on Fraud,” Financial
Week, December 17, 2007.
http://www/financialweek.com/apps/pbcs.dll/article?AID=/2
007121...
202
Journal Entries at Year End: Those Magic Changes
Apparently,
Arthur Andersen was given
limited access to the general ledger at
WorldCom, which had a $11 billion fraud
(largest accounting fraud in history). Most of
the original entries for online costs were
properly placed into expense accounts.
However, near the end of the period these
entries were reversed. One such entry was as
follows:
Other Long-term Assets $629,000,000
Construction in Progress
$142,000,000
Operating Line Costs
$771,000,000
The support for this entry was a yellow postit note.
WorldCom’s outside auditors refused to
respond to some of Cynthia Cooper’s
questions and told her that the firm had
approved of some of the accounting methods
she questioned.
203
Those Magic Changes: Yellow Peril
Fourth Quarter of 1999: "The $239 million
[international line cost accrual release] was
entered in WorldCom's general ledger ... The only
support recorded for the entry was
'$239,000,000,' written on a Post-it Note and
attached to a printout of the entry."
Third Quarter of 2001: "Myers gave Sethi a Postit Note that said 'Assume $742 million.' Later,
Myers and Sethi had a conversation confirming
that $742 million identified on the Post-it Note was
the line cost capitalization entry for the quarter.”
http://thestreet.com/pf/markets/dumbestgm/10093441.html
----------------------------------------------------Those Magic Changes
“Oh my heart arranges, oh those magic changes,
oooh yeah.”
Grease
204
Yellow Peril
First Quarter of 2002: "In Capital Reporting,
Myers told Sethi to go see Vinson, who would
have the amount to be capitalized. When Sethi
did so, Vinson handed him a Post-it Note that had
the $818 million adjustment on it. Brian Higgins
once again refused to make the necessary
allocation for the first-quarter 2002 capitalization
entry. Despite his growing concerns, Sethi made
the allocation because he was concerned that his
immigration status would be jeopardized if he
lost his job."
First Quarter 2002: "$109.4 million was taken
from the general accrual account that Vinson set
up and reclassified to several SG&A balance
sheet accounts in five large, round-dollar
amounts. The only supporting documentation that
we were able to locate for these entries was a
Post-it Note listing the various SG&A accounts
and the amounts that should be taken from the
Vinson account."
http://thestreet.com/pf/markets/dumbestgm/10093441.html
205
Cooking-the-Books Often Collaborative
Effort
•
For restatements between January 1,
1997 to June 30, 2002, 45% were
accused of securities fraud and subject
to shareholder suits.
•
Average of 7 individuals were
implicated, including
CEOs
CFOs
COOs
General counsel
Directors
Internal/external auditors
Source: Robert Tillman and Michael Indergaard, Control Overrides
in Financial Statement Fraud.
206
WorldCom Fraud Massive
At least 40 people knew about the fraud.
They were afraid to talk.
Scott Sullivan handed out $10,000
checks to 7 involved individuals.
Altered key documents and denied
Andersen access to the database where
most of the sensitive numbers were
stored.
Andersen did not complain about denied
access.
Company officials decided what tax
rates they wanted and then used the
reserves to arrive at the tax rates.
Source: Rebecca Blumenstein and Susan Pullian,
“WorldCom Fraud Was Widespread,” Wall
Street J., June 10, 2003, p. 3.
207
WorldCom Fraud Massive (contd.)
David Schneedan, CFO at a division,
refused to release reserves twice.
E-mail from David Myers, WorldCom
comptroller, to Schneedan:
“I guess the only way I am going to get
this booked is to fly to DC and book it
myself. Book it right now; I can not wait
another minute.”
Buddy Gates [director of general
accounting] said to an employee
complaining about a large accounting
discrepancy:
“Show those numbers to the damn
auditors, and I’ll throw you out the
f_____ window.”
Source: Rebecca Blumenstein and Susan Pullian,
“WorldCom Fraud Was Widespread,” Wall Street J.,
June 10, 2003, p. 3.
208
Contrasting Auditing, Fraud Examination, &
Forensic Accounting
Source: G.S. Smith and D.L. Crumbley, “Defining a Forensic
Audit,” Journal of Digital Forensics, Security, and Law, 2009,
Vol. 4, No. 1, p. 69.
Auditing is a macro process, and forensic
accounting is a micro process.
209
Financial Audit v. Forensic Audit
The typical financial audit is a
sampling activity that doesn’t look at every
transaction and can therefore be exploited by
someone who knows how to rig the books.
Forensic accounting focuses on a
specific aspect of the books and examines
every digit. While the average accountant is
trying to make everything add up, a forensic
accountant is performing a detailed financial
analysis to find out why everything doesn’t or
shouldn’t add up.
It’s a far more time-consuming
enterprise and can be significantly more
expensive than regular auditing work.
Jake Poinier, “ Fraud Finder,” Future Magazine, Fall 2004,
http://www.phoenix.edu/students/future/oldissues/Winter2004/fra
ud.htm
210
Differences
Ronald L. Durkin suggests the
following differences in a forensic audit
versus a traditional audit:
•Not limiting the scope of the
engagement based upon materiality.
•Not accepting sampling as evidence.
•Not assuming management has
integrity.
•Seeking the best legal evidence.
•Melding the requirements of the
evidential matter standard with the
rules of evidence.
Source: R.L. Durkin, “Defining the Practice of Forensic
Accounting,” CPA Expert, Special Edition, 1999.
211
More Differences
Two practitioners have suggested these
additional procedures may be used in a forensic
audit:
•Extensive use of interviews and leveraging
techniques designed to elicit sufficient
information to prove or disprove a hypothesis.
•Document inspection that may extend to
authentication procedures and handwriting
analysis.
•Significant public records search to uncover,
for example, unexpected title or ownership,
other known addresses, and prior records of
individuals.
•Legal knowledge regarding rules of evidence
including chain of custody and preservation of
evidence integrity.
Source: Annett Stalker and M.G. Ueltzen, “An Audit Versus A
Fraud Examination,” CPA Expert, Winter 2009, p. 4.
212
Pre SAS 99
Consulting
Standards
Auditing
Standards
Traditional
Investigation
Traditional
Audit
Post SAS 99
Auditing
Standards
Consulting
Standards
Traditional
Investigation
Forensic
Procedures in
the Audit
Environment
SAS 99
Source:AICPA, “Forensic Services, Audits, and Corporate
Governance: Bridging the Gap,” Discussion Memorandum,
2004.
213
Steps Toward Forensic Audit
Traditional audit [forensic
techniques & fraud prevention
program].
If suspect fraud, bring in-house
forensic talent into the audit.
If no in-house talent or fraud
complex, engage an outside
forensic accountant (e.g., Cr.FA,
CFFA, or CFD).
As audit moves toward forensic
investigation, auditor must
comply with litigation services
standards (consulting).
214
Inexperienced Forensic Auditors
Find out who did it. Do not worry about
all the endless details.
Be creative, think like the fraudster, and
do not be predictable. Lower the
auditing threshold without notice.
Take into consideration that fraud often
involves conspiracy.
Internal control lapses often occur
during vacations, sick outages, days off,
and rest breaks, especially when
temporary personnel replace normal
employees.
H. R. Davia, Fraud 101, New York: John Wiley & Sons, 2000, pp.
42-45.
215
AICPA Audit Committee Toolkit
“In some situations, it may be
necessary for an organization to look
beyond the independent audit team
for expertise in the fraud area. In
such cases, CPA forensic accounting
consultants can provide additional
assurance or advanced expertise,
since they have special training and
experience in fraud prevention,
deterrence, investigation, and
detection.
Forensic accounting consultants
may also provide fresh insights into
the organization’s operation, control
systems, and risks. The work of
forensic accounting consultants also
may provide comfort for the
organization’s CEO and CFO, who are
required to file certifications under
Sarbanes-Oxley.”
216
Two Major Types of Fraud Investigations
Reactive: Some reason to
suspect fraud, or occurs after a
significant loss.
Proactive: First, preventive
approach as a result of normal
operations (e.g., review of
internal controls or identify
areas of fraud exposure). There
is no reason to suspect fraud.
Second, to detect indicia of
fraud.
Source: H.R. Davia, “ Fraud Specific Auditing,” Journal of
Forensic Accounting, Vol. 111, 2002, pp. 111-120
217
Proactive Is Beneficial
The threat of a future investigation reduces
the occurrence of fraudulent behavior from
75% to only 43%.
The larger the pay-off, the more likely a
person will commit fraudulent behavior.
Give the fox a key to the hen house and
he/ she is going to eat hens.
Source: S. L. Tate et. al, “The Small Fraud Paradigm: An
Examination of Situational Factors That Influence the
Non-Reporting of Payment Errors,” J. of Forensic
Accounting, Vol.7, 2006, p. 406.
---------------------------
The greater the risk of detection, the less
likely a person is to violate the law.
Jeremy Bentham
18th Century Philosopher
218
Five Key Proactive Principles
Principle 1: As part of an organization’s governance
structure, a fraud risk management program or anti-fraud
program should be in place, including a written policy (or
policies) to convey the expectations of the board of
directors and senior management regarding managing
fraud risk.
Principle 2: Fraud risk exposure should be assessed
periodically by the organization to identify specific potential
schemes and events that the organization needs to
mitigate.
Principle 3: Prevention techniques to avoid potential key
fraud risk events should be established, where feasible, to
mitigate possible impacts on the organization.
Principle 4: Detection techniques should be established to
uncover fraud events when preventive measures fail or
unmitigated risks are realized.
Principle 5: A reporting process should be in place to solicit
input on potential fraud, and a coordinated approach to
investigation and corrective action should be used to help
ensure potential fraud is addressed appropriately and
timely.
Source: Managing the Business Risk of Fraud: A Practical Guide, IIA, AICPA,
ACFE; http://www.acfe.com/documents/managing-business-risk.pdf, 2008, p.
6.
219
Proactive vs. Reactive Approaches
Proactive approaches include
Effective internal controls,
Financial and operational
audits,
Intelligence gathering,
Logging of exceptions, and
Reviewing variances.
Reactive detection techniques
include
Investigating complaints and
allegations,
Intuition, and
Suspicion.
Jack Bologna and Robert Lindquist, Fraud Auditing and Forensic Accounting,
2d Edition, New York: John Wiley, 1995, p. 137.
220
Proactive Is Best
When the IRS began requiring banks
to issue Form 1099s reporting interest,
the reported interest income increased
by $8 billion (even though for 3 years
the IRS did not have computer
matching capacity).
When the IRS began to require
taxpayers to list a social security
number for dependents, the next year
the number of reported dependents
dropped by seven million. More than
11,000 of these taxpayers claimed
seven or more dependents in 1986, but
they claimed none in 1987.
When the IRS began to require
taxpayers to list a name, address, and
social security number for babysitters,
two years later 2.6 million babysitters
disappeared.
221
Fraud Deterrence Better Than Fraud
Investigation
1.
2.
3.
4.
5.
Fraud deterrence less
expensive.
Deterrence is more
comprehensive.
Fraud deterrence produces
greater savings.
Deterrence is faster.
Fraud deterrence promotes
better customer relations.
Daniel Finnegan, “Deterring Fraud,” Quality Planning
Corporation, 1991.
222
Is Company Proactive?
Fraud hotline (reduce fraud losses by 50%
re Wells 2002 Report).
Suggestion boxes.
Management review.
Make everyone take vacations.
People at top must set ethical tone.
Surprise audit.
Widely known code of conduct.
Check those employee references.
Reconcile all bank statements (bank
statements sent to owner’s home).
Count the cash twice in the same day.
Unannounced inventory counts.
Fraud risk assessment (CFD).
Purchase crime insurance.
Do not use signature stamps.
Control company credit cards.
223
$7.4 Billion Losses at Societe Generale
•
•
•
•
•
•
•
•
Jerome Kerviel evaded all of the French bank’s
controls to bet $73.5 billion on European markets –
more than the bank’s market value. Six year
employee; junior employee.
Kerviel reported to work early, stayed late, and took
only 4 days off in 2007. In France six weeks of
vacation is fashionable.
Starting in early 2005, he made small unauthorized
trades. The bank missed the illicit trades and the red
flags.
Kerviel described growing increasingly daring after
no one at the bank detected a series of small,
unauthorized trades that he placed.
He entered fictitious and offsetting trades to
minimize the odd of big losses.
He stole other people’s computer access codes,
falsified documents, and employed other methods to
cover his tracks.
He had an excellent understanding of the bank’s
processing and control procedures so he could
circumvent all of the controls.
His motive: quest for glory and a bonus.
224
Some Hints
Need to really understand the business
unit. What they really do.
Have a mandatory vacation policy.
Rotation of assignments.
Have a written/signed ethics policy.
Do things differently each time you
audit a unit.
Do not tell client what you are doing.
Hard to find fraud in the books.
Look/listen. Look for life style
changes.
Do not rely on internal controls to
deter fraud.
Auditors must have control of the
confirmation process.
Careful of related parties.
Careful of “trusted” employees.
Pay employees to report fraud.
225
Related Parties
Shell Corporation – serves as a
entity for business transactions
without having any significant assets
or operations. Also, front companies,
mailbox companies. Controlled by
another organization.
Dummy Corporation – entity created
to serve as a cover or front for
another corporation (e.g., Walt
Disney World used Compass East
Corporation).
Special Purpose Entity – Off-balance
sheet arrangements used to isolate
financial risk and provide lessexpensive financing (e.g., Enron). To
carry out specific activity, purpose, or
series of purposes (e.g., a trust).
226
Related Parties
Brother-Sister Corporations – One
entity owns more than 50% of two or
more corporations.
Parent-Subsidiary – One or more
chain of corporations connected
through stock ownership with a
common parent corporation. Could
be a holding company.
Façade Company – A legitimate
company (e.g., car wash, dry
cleaners, art or antique store) used
to clean illegal money.
227
Related Parties
Nikko Cordial (Japan) fined for
failure to consolidate a specialpurpose entity that was 100%
owned by its subsidiary and for
falsifying the timing of an
exchange bond issue (2007).
Created Y14.5 billion in net profit.
Independent panel reviewed
507,000 e-mails.
228
Stamp Mates
Afinsa, a Spanish stamp company,
controls 72% of Escala, a U.S. company
(formerly Greg Manning Auctions).
Escala says all sales to Afinsa takes place
at independent established prices.
But Escala’s reported gross margin on
stamp sales to Afinsa exceeds 44% [like
land flipping].
Compared to less than 14% on those to
other clients.
Therefore, Escala was manipulating the
value of stamps sold to Afinsa to
artificially boost its own bottom line.
Escala’s stock fell from $32 to $5 in five
days after the May 8, 2006 arrests of
seven executives. Police found $12.6
million behind one dealer’s freshly
plastered walls in his home (e.g.,
unreported profits?).
Escala owns A-Mark Precious Metals,
which buys and distributed more than
one-half of the gold coins handed each
year by the U.S. mint.
229
Fraud Deterrence Review
Analysis
of selected records and
operating statistics.
Identify operating and control
weaknesses.
Proactively identify the control structure
in place to help prevent fraud and
operate efficiently.
Not an audit; does not express an
opinion as to financial statements.
May not find all fraud especially where
two or more people secretively agree to
purposely deceive with false statements
or by falsifying documents.
[Always get a comprehensive, signed
engagement letter defining objectives.]
230
Fraud Detection Process
Discuss facts and objectives with client/attorney (e.g.,
conflict of interests).
2.
Evaluation whether to accept the engagement.
3.
Prepare a work program.
4.
Develop time and fee schedule.
5.
Obtain approval of work program, staff assignments,
and fee estimates.
6.
Obtain an engagement letter.
7/8. Identify fraud exposures and symptoms.
9/10. Evaluate evidence obtained and determine if more
evidence is needed.
11/12. Search for and evaluate additional evidence.
13.
Discuss preliminary findings with client/attorney.
14.
Draft a final report.
15.
Review the report and work papers.
16.
Resolve professional disputes.
17.
Clear review points and open items.
18.
Communicate report or findings.
19.
Help attorney prepare court case/testify.
20.
Perform follow-up procedure.
21.
File work papers/report.
1.
Source: Carmichael et. al, PPC Fraud Detection, Vol.1, Ch. 2 (2002).
231
Financial Audit v. Forensic Audit
“ During one investigation, we found in the auditing
working papers written in the margin of the
internal audit working papers by the internal audit
manager: ‘Conceal from bankers,’ says Nicholas L.
Feakins, CPA, partner at San Mataeo, Calif based
forensic accounting firm Feakins & Feakins. “ It
sounds amazing, but the [third-party] auditors has
put B-level staff on the project who simply didn’t
read the documents and missed it.”
----------------------------------------------------------------MiniScribe, one of the world’s largest disk-drive
makers, which in the late 1980s was
surreptitiously shipping bricks instead of disk
drives to the Far East and receiving credit from the
bank for the amount of the shipments. “After all,”
he says “it’s going to be 90 days until they ship the
brick back to you. “MiniScribe’s public accounting
firm, Coopers & Lybrand, didn’t catch the falserevenue scam during its regular audits-but a
forensic accountant did.”
Jake Poinier, “ Fraud Finder,” Future Magazine, Fall 2004,
http://www.phoenix.edu/students/future/oldissues/Winter2004/fra
ud.htm
232
Materiality Unimportant
“Auditing is governed by materiality. In
investigative accounting, it is the opposite.
I am looking for one transaction that will be
the key. The one transaction that is a little
different, no matter how small the
difference, and that will open the door.”
Lorraine Horton, owner of L. Horton & Associates in Kingston, R.I.
-----------------------------------------------------------------------------------------------------
“Fraud usually starts small. It begins with little
amounts, because the perpetrator is going
to test the system. If they get away with it,
then they keep on increasing and
increasing it.”
Robert J. DiPasquale
Source: H.W. Wolosky, “Forensic Accounting to the Forefront,” Practical
Accountant, February 2004, pp. 23-28.
233
Forensic Accounting v. Auditing
“Forensic accounting is very different from
auditing in that there is no template to use.
There are no set rules. You don’t know when
you go into a job how it is going to be.”
Lorraine Horton, Kingston, R.I
------------------------------------------------------------------------------
“Forensic accounting “is a very competitive
field. What is interesting is that you may be a
good accountant, but not a good forensic
accountant. The training and the way you look
at transactions are different.”
Robert J. DiPasquale, Parsippany, N.J.
---------------------------------------------------------“Unlike auditing, lower-level staff often can’t
be used for an engagement. They normally will
not spot anything out of the ordinary, and an
experienced person should be the one testifying
as well as doing the investigative work.”
Lorraine Horton, Kingston, R.I.
Source; H.W. Wolosky, “Forensic Accounting to the Forefront,”
Practical Accountant, February 2004, pp. 23-28.
234
SAS No. 99 Recommendations
Brainstorming.
Increased emphasis on professional
skepticism.
Discussions with management.
Unpredictable audit tests.
Responding to management override of
controls.
“The only person that can steal from you
is a person that you trust.”
235
SAS No. 99: SKEPTICISM
An attitude that includes a
questioning mind and a critical
assessment of audit evidence.
An auditor is instructed to conduct
an audit “with a questioning mind
that recognizes the possibility that
a material misstatement due to
fraud could be present, regardless
of any past experience with the
entity and regardless of the
auditor’s belief about
management’s honesty and
integrity.”
“Things are not always as they
appear, sonny boy.” James
Patterson, Honeymoon, Warner
Books, 2006.
236
SKEPTICISM
Ronald Reagan said with respect to Russia,
“Trust, but verify.”
FA’s motto should be “Trust no one;
question everything; verify.”
As Charles Manson said, “Total paranoid is
total awareness.”
----------------------------------------------------This ain’t my first rodeo
I didn’t make it all the way through school.
But my mama didn’t raise no fool.
I may not be the Einstein of our time.
But honey, I’m not dumb and I’m not blind.
Vern Gosdin
237
SAS No. 99: Questions for Management
Whether management has knowledge of any fraud
that has been perpetrated or any alleged or
suspected fraud.
Whether management is aware of allegations of
fraud, for example, because of communications
from employees, former employees, analysts, short
sellers, or other investors.
Management’s understanding about the risks of
fraud in the entity, including any specific fraud
risks the entity has identified or account balances or
classes of transactions for which a risk of fraud may
be likely to exist.
Programs and controls the entity has established to
mitigate specific fraud risks the entity has
identified, or that otherwise help prevent, deter, and
detect fraud, and how management monitors those
programs and controls.
For an entity with multiple locations, (a) the nature
and extent of monitoring of operating locations or
business segments, and (b) whether there are
particular operating locations or business segments
for which a risk of fraud may be more likely to
exist.
Whether and how management communicates to
employees its views on business practices and
ethical behavior.
238
BE SKEPTICAL
Assume there may be wrong
doing.
The person may not be
truthful.
The document may be altered.
The document may be a
forgery.
Officers may override internal
controls.
Try to think like a crook.
Think outside
the box.
239
SAS No. 99: Brainstorming
Aims to make the auditor’s consideration
of fraud seamlessly blended into the
audit process and continually updated
until the audit’s completion.
Brainstorming is now a required
procedure to generate ideas about how
fraud might be committed and
concealed in the entity.
No ideas or questions are dumb.
No one owns ideas.
There is no hierarchy.
Excessive note-taking is not allowed.
Source: Michael Ramos, “Auditors’ Responsibility for Fraud
Detection,” J. of Accountancy, January, 2003, pp. 28 – 36.
240
More Brainstorming
Best
to write ideas down, rather than say
them out loud.
Take plenty of breaks.
Best ideas come at the end of session.
Important to not define the problem too
narrow or too broad.
Goal should be quantity, not quality.
Geniuses develop their most innovative
ideas when they are generating the greatest
number of ideas.
No such things as bad ideas.
Many companies are great at coming up
with good ideas, but lousy at evaluating and
implementing them.
Source: A.S. Wellner, “Strategies: A Perfect Brainstorm,” Inc.
Magazine, October 2003, pp. 31-35
241
Better Brainstorming Recommendations
Generating Ideas
Use group decision support systems.
Discuss cases of fraud or sources of material
misstatements from prior audits.
Checklists should only be used by the team leader.
If checklists are used, fully discuss each item on the list.
Don’t limit discussions to items on the checklist.
Have the engagement partner or another expert on the
audit lead the brainstorming session.
Evaluating Ideas
Separate the idea generation phase from the idea
evaluation phase.
Include a partner in the evaluation of ideas.
Encourage members to discuss why they feel an
identified risk is important.
Remind members of the purpose of the brainstorming
session and the importance of professional skepticism.
Incorporating Ideas
Set aside time at the end of the brainstorming session
to indicate how the audit plan should be modified as a
result of the session.
Source: M. Landis, S.I. Jerris, and M. Braswell, “Better Brainstorming,” Journal
242
of Accountancy, October 2008, p. 71.
Potential Pitfalls
Group domination: one or two
participants dominating the process
can quickly squelch the creative
energies of the groups as a whole,
reducing the likelihood the team will
identify any actual fraud risks.
Social loafing: participants disengage
from the process, expecting other
team members to pick up the slack.
Groupthink: team members become
so concerned with reaching
consensus that they fail to
realistically evaluate all ideas or
suggestions.
Group shift: avoid allowing the team
to take an extreme position on fraud
risk.
Source: M.S. Beasley and J.G. Jenkins, “A Primer for Brainstorming
Fraud Risks,” Journal of Accountancy, December 2003, pp. 3334.
243
Three Types of Brainstorming
Open brainstorming: unstructured; few
rules; free-for-all; someone should
record ideas.
Round-robin brainstorming: start with
no talking, silent period; assigned
homework ahead; each individual
presents own ideas; each member has
a turn.
Electronic brainstorming: shortens
meetings, increases ideas, and
reduces personalizing ideas because
an idea’s author remains anonymous.
Source: M.S. Beasley and J.G. Jenkins, “A Primer for
Brainstorming Fraud Risks,” Journal of Accountancy,
December 2003, pp. 33-34.
244
How Management Overrides Controls
(SAS No. 99)
Recording fictitious journal
entries (especially near end of
quarter or year).
Intentionally biasing
assumptions and judgments
used to estimate accounts
(e.g., pension plan
assumptions or bad debt
allowances).
Altering records and terms
related to important and
unusual transactions.
245
Bias Assumptions
There are almost as many oil/gas
reserve definitions as there are
countries.
During the first week of January
2004, Royal Dutch/Shell Group
slashed its estimates of oil reserves
by 20% or about 3.9 billion barrels
of oil.
Stock fell 9%.
Shell, Exxon/Mobil, and
Chevron/Texaco make the
estimates themselves.
By the end of 2002, a total of 4.47
billion barrels cut; another 1.4
billion barrel cut in 2003.
Source: Susan Warren and P.A. Mckay, “Methods for Citing Oil
Reserves Prove Unrefined,” Wall Street Journal, January 14,
2004, p. C-4. Chip Cummins, “Shell Slashes Oil Reserves
Again, News Overshadows Profit Surge,” WSJ, February 4,
2005, p. A-3
246
Shell Board Kept In the Dark
One memo drafted on February 11,
2002, warned that about one billion
barrels of oil-equivalent reserves
appeared not to be in compliance
with SEC guidelines.
Board learned of information only in
early January 2004.
Chairman Sir Philip was ousted in
early March 2004.
Most of the misstated reserves were
recorded from 1997 to 2000, when
Sir Philip was in change of
exploration and production.
Oil/gas reserves were increased (not
by discovery) by changing its
accounting.
Source: Stephen Labaton and Jeff Gerth, “At Shell, New Accounting
and Rosier Oil Outlook,” New York Times, March 12, 2004, pp.
A-1 and C-4.
247
Wildcatting
The SEC has recently adopted the
proactive strategy of “wildcatting”
where investigations into entire
industries and business sectors are
begun after evidence emerges from
only one company in the group
regarding financial reporting problems.
Over time, the PCAOB will probably
be able to identify peculiarities within
existing or evolving industries that
require either standard setting or
regulatory attention, or both.
Source: Berton, L., “U.S. Accounting Watchdogs Try to Shut Barn Door,”
Bloomberg.com, April 2, 2004; J.H. Edwards, “Audit Committees: The Last
Best Hope,” Journal of Forensic Accounting, Vol. IV (2004), pp. 1-20.
248
Walkthroughs
An auditor must perform a walkthrough of a
company’s significant processes (each major
class of transactions).
Can not be achieved secondhand.
According to PCAOB, in a walkthrough an auditor
traces “company transactions and events – both
those that are routine and recurring and those
that are unusual – from origination, through the
company’s accounting and information systems
and financial report preparation processes, to
their being reported in the company’s financial
statements.”
Auditors should perform their own walkthroughs
which provides auditors with appropriate
evidence to make an intelligent assessment of
internal controls.
Source: PCAOB Briefing Paper, Proposed Auditing Standards, October 7, 2003.
249
Slot Machine Example
250
Revenue Flows
251
Wandering Around
• Informal observations while in the
business.
• Especially valuable when assessing the
internal controls.
• Observe employees while entering and
leaving work and while on lunch
break.
• Observe posted material, instructions,
job postings.
• Observe information security and
confidentiality.
• Observe the compliance with
procedures.
• Appearance is not necessarily reality.
Man of La Mancha
252
New Terms in Financial Reports:
Deficiencies Have No Bright Lines
Control deficiency – one that might allow a
bad number to get into the financial
reports (e.g., the likelihood that a
company misstates reports is remote– 1
out of 20).
Example: company does not check
changes made by a salesman in a minor
contract.
Significant deficiency – more serious flaw
or a number of flaws that increase the
chances that wrong numbers will
significantly distort financial statements
(e.g., more than remote).
Example: company not checking for
changes to terms of several key
contracts.
Need only to report to BOD, but some
companies are making them public.
253
Deficiencies Have No Bright Lines
Material weakness – deficiencies are so
bad that there is more than a remote
change of a material misstatement in
financial statements.
Example: a bank does not regularly
check for errors in estimating loan-loss
expenses (i.e., Fannie Mae reported a
$1.3 billion error from its computer
model, many in an uncontrolled
environment).
They must be reported to the public.
David Henry, “How Clean Are the Books?” Business Week, March 7,
2005, pp. 108-109.
----------------------------------------------------Firms that reported material
weaknesses in tax accounting lost an
average of 5.8% of their stock value 60
days after the announcement.
----------------------------------------------------As of 11-14-05, 695 companies have
disclosed material weaknesses in their
annual report.
254
Indicators of Material Weaknesses
A material weakness is a deficiency, or a combination of
deficiencies, in internal controls over financial reporting,
such that there is a reasonable possibility that a material
misstatement of the company’s annual or interim financial
statements will not be prevented or detected on a timely
basis.
Indicators of material weaknesses in internal controls over
financial reporting include
Identification of fraud (whether or not material) on the
part of senior management (e.g., principal executive and
financial officers signing the company’s certifications).
Restatement of previously issued financial statements to
reflect the correction of a material restatement.
Identification by the auditor of a material misstatement of
financial statements in the current period in
circumstances that indicate that the misstatement would
not have been detected by the company’s internal control
over financial reporting; and
Ineffective oversight of the company’s external financial
reporting and internal control over financial reporting by
the company’s audit committee.
Source: IIA, AICPA, ACFE, Managing the Business Risk of Fraud:
Practical Guide, 2008. Locate on the Internet site of the three groups
(e.g., http://www.acfe.com/documents/managing-business-risk.pdf). 255
Material Weakness Areas
AREAS OF FAILURE
2005
2004
Tax accruals/ deferrals
34.5%
32.0%
Revenue recognition
28.4
31.3
Inventory/ vendor cost of sales
23.7
27.4
Fixed/ Intangible assets
16.0
18.6
Leases or contingencies
9.3
16.8
Cash flow (FAS 95 error)
8.8
--
Consolidation (Fin 46 issues)
6.7
9.0
*10% of corporate filers in 2005 and 16% in 2004.
In 2007, 400 companies reported them.
In 2008, only 14 material weaknesses at 11 companies.
Source: AuditAnalytics.com
256
Think Like A Crook
Know your enemy as you know yourself,
and you can fight a hundred battles with
no danger of defeat.” Chinese Proverb.
Military leaders study past battles.
Football and basketball teams study
game films of their opponents.
Chess players try to anticipate the moves
of their opponent.
Examples: If contracts above $40,000 are
normally audited each year, check the
contracts between $30,000-$40,000.
FAs must learn the tricks of the trade as
well as the trade.
257
Think Outside the Box
American astronauts returning from
space complained that they could
not write with their pens in zero
gravity. NASA set aside $1 million
to develop a sophisticated pen that
would function in space.
The Russians encountered the same
problem. What did they do?
258
Investigative Techniques
“Facts weren’t the most important part
of an investigation, the glue was. He
said the glue was made of instinct,
imagination, sometimes guesswork and
most times just plain luck.” (p. 163).
-------------------------------------------------“In his job, he [Bosch] learned a lot
about people from their rooms, the way
they lived. Often the people could no
longer tell him themselves. So he
learned from his observations and
believed that he was good at it.” (p. 31).
-------------------------------------------------Michael Connelly, The Black Ice, St. Martin’s
Paperbacks, 1993.
259
Three Major Phases of Fraud
The Act itself.
2. The concealment of the fraud (in financial
statements).
3. Conversion of stolen assets to personal use
(interest free loans to Tyco executives
forgiven).
One can study any one of these phases.
1.
Examples:
Things being stolen: conduct surveillance
and catch fraudster.
If liabilities being hidden, look at financial
statements for concealment.
If fraudster has unexpected change in
financial status, look for source of wealth.
Source: Cindy Durtschi, “The Tallahassee Bean
Counters: A Problem-Based Learning Case in
Forensic Audit,” Issues in Accounting Education, Vol.
18, No. 2, May 2003, pp. 137-173.
260
Fraud Hypothesis Testing Approach
Here a forensic accountant attempts to proactively detect fraud that is still undiscovered by
formulating and testing null hypotheses. This proactive
technique requires an forensic investigator to
1. Identify the frauds that may exist in a particular
situation.
2.Formulate null hypotheses stating that the frauds do not
exist.
3.Identify the red flags that each of the frauds would
create.
4.Design customized queries to search for the specific red
flags or combination of red flags.
In a refinery, three authors report that after a formalized
pro-active search for red flags, some unknown frauds
were discovered. But applying generic data mining
programs to the company’s database to detect fraud
resulted in a number of Type II errors. So in order to be
useful the red flags had to be fraud and company specific.
C.C. Albercht, W.S. Albercht, and J.G. Dunn, “Conducting a Pro-Active
Fraud Audit: A Case Study,” Journal of Forensic Accounting, Vol. 11,
2000, pp. 203-218
261
Class Action Securities Fraud Actions
Year
Year
2009
169
2001
498
2008
210
2000
216
2007
176
1999
209
2006
118
1998
242
2005
182
1997
173
2004
237
1996
111
2003
226
1995
188
2002
266
Although the number of shareholder class
action lawsuits have gone down,
settlements are now much bigger (average
$65 million). Unions and retirement funds
are playing an increasing role, resulting in
much higher settlements.
Stanford Law School Securities Class Action Clearing House,
securities.stanford.edu/index.html; Jan. 5, 2010.
262
Auditors Must be Alert for:
Concealment
Collusion
Evidence
Confirmations
Forgery
Analytical relationships
Source: Gary Zeune, “The Pros and Cons.”
----------------------------------------------“Things are not what you think they
are.” Al Pacino, “The Recruit.”
263
An Average of Seven People Involved
Authors Robert Tillman and
Michael Indergaard found that of
the 834 companies that issued
restatements between January 1,
1997 and June 30, 2002, 374 or
45% were accused of securities
fraud.
An average of 7 persons were
normally involved – CEOs, CFOs,
COOs, general counsel, directors,
and internal and external auditors.
264
Anti-Fraud Measures –
Months to Detect – Median Loss
YES
NO
1.
Hotlines
$100,000
(15)
$200,000
(24)
2.
Internal audits
$120,000
(18)
$218,000
(24)
3.
External audits
$181,000
(23)
$125,000
(18)
4.
Surprise audits
$100,000
(15)
$200,000
(24)
5.
Fraud awareness/
Ethics Training
$100,000
(15)
$200,000
(24)
Source: 2006 Wells Report, ACFE.
265
Roadmap For An Embezzler: 14 Ways
Sam diverted payroll taxes meant for the IRS to
himself through a dummy account. He switched
the IRS correspondence address to his home,
hiding the default letters. He carried on an
extensive letter-writing campaign with the IRS to
confuse and delay action. He made back
payments, disguising them to us as current
payments.
2. He set up dummy bank accounts to skim funds
before they made their way into legitimate
accounts.
3. Sam got one employee fired for doing “sloppy
management,” which “lost” some deposits. Of
course, Sam gave me the “proof” that this
employee was incompetent.
4. He refocused attention by pointing fingers at
“slow payers” on our accounts receivable. He
claimed that some people had never paid (they
had) and that he had sent them to collections (he
hadn’t). Of course, his records showed that their
payments had never made it into our account
(they went into a dummy account.)
1.
Source: Bev Harris, “How to Embezzle a Fortune,”
www.talion.com/embezzle.htm.
266
Roadmap For An Embezzler: 14 Ways (contd …)
5.
6.
7.
8.
9.
10.
He stole postage and then “reported” it, to alert
me that he was honest; if anything was amiss, I
would then blame others (and he offered his
opinions on the least trustworthy employees).
He diverted bank statements to his home and
altered them before filing them at the office.
Sam volunteered to run daily deposits to the
bank, skimming off the cash and changing the
deposit tickets.
He made reimbursements to himself and his wife
for “business expenses” that didn’t exist.
Sam set up his landlord, once or twice a year, as
an accounts payable.
A fax machine was stolen from the office. Also a
TV and VCR. He was supposedly the first to
arrive; he hastened to point out the broken
window. He personally handled the police
report. (I doubt that anyone broke in; the
window was high up and fairly small.)
Source: Bev Harris, “How to Embezzle a Fortune,”
www.talion.com/embezzle.htm.
267
Roadmap For An Embezzler: 14 Ways (contd …)
11.
12.
He put his wife on the payroll (a sweet woman
who divorced him when she found what he
really was). He “miscalculated” withholding to
overpay her, and adjusted her W-2s downward
to match. She was hourly, so he also padded
her hours by $20 to $50 per pay period, and
altered the time log sheets. We figured that
over the course of four years, he overpaid her
by at least $3,000. Of course, he was in
charge of their family finances, and he
deposited all her checks.
Sam double-reimbursed himself for legitimate
expenses.
Here’s how:
He would list perhaps four expenditures on
one voucher, three on another. So the first
would say “Office Depot, $21.64; Kinkos,
$18.92; Office Depot, $39.12; Office Depot,
$16.10.” A month or two later, one would
show up like this: “Kinkos, $11.30; Office
Depot, $39.12; Shay Office equipment,
$26.20.”
Source: Bev Harris, “How to Embezzle a Fortune,”
www.talion.com/embezzle.htm.
268
Roadmap For An Embezzler: 14 Ways (contd …)
13.
14.
Yes, receipts were stapled to the voucher, and
all the vouchers/receipts added up. Here’s
how he handled that: for some vendors he
copied receipts by running them through an
old fax machine that used thermal paper. He
made two copies for double submissions.
Many cash registers use thermal paper, so the
receipts looked real. This technique survived
an outside audit.
Increasingly arrogant, he began making
“phone-authorized” wire transfers out of
company accounts into his personal checking
account.
Sam did an amazing job of doctoring the
financial statements. (If this man spent half
the effort on legitimate pursuits that he did on
embezzling, he’d be a millionaire instead of an
ex-con).
Source: Bev Harris, “How to Embezzle a Fortune,”
www.talion.com/embezzle.htm.
269
Code of Ethics Required by Sarbanes-Oxley
Section 406: Public issuer has to
adopt a code of ethics for senior
financial officers to deter wrong –
doing and to promote
1.
Honest and ethical conduct.
2.
Full, fair, accurate, timely and
understandable disclosure in SEC
filings.
3.
Compliance with government
laws, rules, and regulations.
4.
Prompt internal reporting code
violations;
5.
Accountability for adherence to
the code.
270
More Hints …
Check employee
references/resume.
Stop giving the employee/client the
answer when you ask a question.
Zero tolerance for allowing
employee/executive to get away
with anything.
Always reconcile the bank
statements.
Try to think like a criminal.
Get inside the criminal’s mind. Be a
detective.
Do not assume you have honest
employees.
Bond employees.
Uni-ball gel pens.
Source: Gary Zeune
271
Auditing Hints
• SAS No. 99 does not require auditors to make
inquiries of “others,” as opposed to
management. Auditors must talk to and
interview others below management level. If
asked, employees may be willing to report
suspicious activities.
• Use independent sources for evaluating
management (e.g., financial analysts). Surf
the internet.
• Auditors need to follow the performance
history of managers and directors.
• If a company has an anonymous reporting
system, obtain information about the
incidents reported and consider them when
assessing fraud risk.
• Be sure to perform analytical procedures, and
the work should be reviewed by senior
members of the audit team.
272
Auditing Hints (cont.)
• Auditors should select sample items below
their normal testing scope (e.g., HealthSouth).
• Fraud procedures should be more than
checklists. Audits should focus on finding and
detecting fraud.
• Ask for and review all “top drawer” entries.
• Ask for and review all side agreements.
• Look for hockey stick pattern.
“Don’t think that there are no crocodiles
because the water is calm.”
Malaysian Proverb
273
Check References and Resume
Fraud 101: Fraudsters can
change their job and address, but
they can not change who they
are.
274
Integrity Testing
Pre-employment drug testing.
Post-employment drug testing
more sensitive.
Pre-employment polygraph tests
prohibited by 1988 Act (Federal,
State, Local Governments and
Federal Contractors exempted
from the Act).
Written integrity tests.
275
Lavish Executive Pay
Many of the companies indicted by
the SEC after Enron had one thing
in common: CEOs were making
about 75% above their peers.
The common thread among the
companies with the worst corporate
governance is richly compensated
top executives, as per the
Corporate Library, Portland, Maine
governance-research firm. Hefty
pay checks and perks to current or
former chief executives.
Poor BODs have in common: an
inability to say no to current or
former chief executives.
Source: Monica Langley, “Big Companies Get Low
Marks for Lavish Executive Pay,” Wall Street J.,
June 9, 2003, p. C-1.
276
Compensation Facts
• CEOs compensation components have increased
dramatically in the 1990 [mean of $1.68 million in 1992 to
43.2 million in 2000] even after the passage of IRC Section
162 (m) in 1993 [$1 million limit].
Balsam, S. 2002. An Introduction to Executive Compensation. San Diego, CA:
The Academic Press.
• Compensation increases when the CEO has influence
over the outside directors, as measured by the percentage
of outside directors appointed by the CEO.
Core, J.E, Holthausen, R and Larcker, D. 1999. Corporate governance, chief
executive officer compensation, and firm performance, Journal of Financial
Economic 51: 371-406
• CEO compensation is higher when the CEO’s tenure is
greater than the chair of the compensation committee.
Main, B., O’Reilly, C, and Wade, J. 1995. The CEO, the board of directors and
executive compensation: economic and psychological perspectives, Industrial
and Corporate Change 4: 293-332.
• The relation between the change in CEO cash
compensation and stock returns weaken with tenure.
Hill, C. and Phan, P. 1991. CEO tenure as a determinant of CEO pay. Academy
of Management Journal 34: 707-711
• The greater the percentage of outside board members
appointed after the CEO, the more likely the CEO will
have a golden parachute.
Wade, J., O’Reilly, C, and Chandratat, I. 1990 Golden parachutes: CEOs and the
exercise of social influence. Administrative Science Quarterly 35:587-603
277
External Fraud-Shoplifting
It’s not just stars (e.g., Bess
Myerson, Hedy Lamarr, and may
be Winona Ryder). Why, each
year, ordinary people shoplift $13
billion of lipstick, batteries, and
bikinis from stores (last year $26
to $33 billion). May account for
one-third of total inventory
shrinkage.
800,000 times a day the thrills
and temptations win over fear – a
product of the late 19th century
with the larger stores.
Source: Jerry Adler, “The Thrill of Theft,” Newsweek,
February, 2002.
278
Impaired Independence
The independence of the auditor will probably be
impaired and reduce the quality of financial
statement audits, if any of the following conditions
occur during financial statement audits:
1)
2)
3)
4)
5)
auditor’s excessive personal loyalty to the audit
client,
auditor’s fear of losing client to a competitive CPA,
auditor’s fear of a lawsuit if CPA withdraws from
audit engagement,
auditor’s fear of harming client with audit opinion
other than unqualified, and
auditor’s conflict between consulting and auditing
services offered.
G. D. Moyes and A. Anandarajan, “CPAs’ Perceptions of Factors Influencing the
Quality of Financial Statement Audits: Substandard Performance and Impaired
Independence,” J. of Forensic Accounting, Vol. 7, 2006, p. 133.
279
Earnings Management
Earnings management may be defined as
the “purposeful intervention in the
external financial reporting process, with
the intent of obtaining some private gain.”
– Katharine Schipper, “Commentary on Earnings
Management,” Accounting Horizon, December 1989, p. 92.
Earnings management occurs when
managers use judgments in financial
reporting and in structuring transactions to
alter financial reports to either mislead some
stakeholders about the underlying economic
performance of the company, or to influence
contractual outcomes that depend on
reported accounting numbers.
P. Healy and J. Wahlen
280
Earnings Management
The difference between earnings
management and financial
statement fraud is the thickness of
a prison wall.
D. Larry Crumbley
The difference between earnings
management and financial
statement fraud is like the
difference between lightning and a
lightning bug.
D. Larry Crumbley
281
Capital Market Incentives to Manage
Earnings
1.
2.
3.
4.
5.
6.
7.
8.
9.
Management buyout firms, on average, manage their
earnings downward prior to the buyout.
Roughly 12 percent of firms making seasoned or initial
equity offerings manage their earnings upward by about 5%
of total assets prior to the offers.
Firms who are in danger of failing to meet management
earnings forecasts, on average, manage their earnings
upward prior to releasing the annual earnings figure.
Firms, on average, manage their earnings to meet or beat
expectations of financial analysts.
Firms that meet or beat analysts’ expectations earn about
8% incremental annual market-adjusted returns relative to
firms that fail to do so.
Firms with zero or a positive earnings surprise earn
incremental quarterly returns of 2.3%, and firms with
positive earnings surprise earn further incremental quarterly
returns of 3.4%.
About 40% of firms confronted with reporting slight losses
tend to manage their earnings in order to report positive
earnings.
About 12% of firms confronted with reporting slight earnings
decreases tend to manage their earnings in order to report
small earnings increases.
Investors do not see through most earnings management as
evidenced by the fact that firms flagged for earnings
management by regulators show an average stock price
decline of 9%.
Source: Masser Spears, “The Impact of Earnings Mgt. on the Credibility of
Corporate Financial Reporting,” Petroleum Acctg. and Financial
Mgt., Summer 2007, pp. 47-48.
282
Contracting Incentives to Manage
Earnings
1.
There is no evidence of earnings
management behavior by firms close to their
dividend covenant. Instead, these firms tend
to manage their cash flows.
2.
There is inconclusive (mixed) evidence of
earnings management behavior by firms to
other debt covenants, such as interest
coverage or leverage ratios.
3.
Some managers manipulate earnings to
increase bonus awards. There is no evidence
on the pervasiveness or the stock market
impact of this form of earnings management.
Source: Masser Spears, “The Impact of Earnings Mgt. on the
Credibility of Corporate Financial Reporting,” Petroleum
Acctg. and Financial Mgt., Summer 2007, pp. 47-48.
283
Regulatory Incentives to Manage
Earnings
1.
There is strong evidence that suggests that
firms manage earnings (a) to avoid
regulatory constraints, (b) to take advantage
of governmental benefits, and (c) to avoid
regulatory exposure.
2.
There is no direct evidence about how and
whether regulators impound those forms of
earnings management behavior.
Source: Masser Spears, “The Impact of Earnings Mgt. on the
Credibility of Corporate Financial Reporting,” Petroleum
Acctg. and Financial Mgt., Summer 2007, pp. 47-48.
284
Management or Manipulation?
More than one-half of CFOs say they can
legally influence reported earning by 3% or
more.
Operational levers: delaying operational
spending, accelerating order processing,
and driving sales force more.
Accounting steps: changing the timing of an
accounting change and adjusting
estimates.
One-third of CFOs would try to influence
results: 24% upward or 8% would try to cut
them.
Few CFOs think their auditors would catch
them.
If the auditors caught it, they probably
would not bring it up to management.
Don Durfee, “Management or Manipulation?” CFO, December, 2006, p.
28.
285
Financial Statement Fraud Schemes
Category
%
Concealed Liabilities
45.0%
Fictitious Revenues
43.3%
Improper Asset Valuations
40.0%
Improper Disclosures
37.5%
Timing Differences
28.3%
Source: 2006 Wells Report, ACFE.
286
Good Earnings Management
Careful timing of capital gains and
losses;
Use of conferencing technology to
reduce travel costs; and
Postponement of repair and
maintenance activities when faces
with unexpected cash flow declines.
L. G. Weld et. al, “Anatomy of a Financial Fraud,” The
CPA Journal, October 2004.
287
Abusive Earnings Management
Improper revenue recognition (e.g., bill and hold
sales).
Improper expense recognition.
Using reserves to inflate earnings in years with
falling revenues (cookie jar accounting).
Shifting debt to SPE.
Channel stuffing.
Capitalizing marketing costs rather than expensing.
Extending useful lives and inflating salvage values.
Cookie jar reserves.
Accelerating revenue from leasing equipment.
SPEs not consolidated.
288
Early Warning Signs of
Earnings Management
Cash flows that are not correlated with
earnings;
Receivables that are not correlated with
revenues;
Allowances for uncollectible accounts that
are not correlated with receivables;
Reserves that are not correlated with
balance sheet items;
Acquisitions with no apparent business
purpose; and
Earnings that consistently and precisely
meet analysts’ expectations.
Magrath and Weld, “Abusive Earnings Management and
Early Warning Signs,” The CPA Journal, August 2002.
289
Some Red Flags of Earnings Management
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
CEO is also Chairperson of BOD (e.g.,
Parmalat).
Insiders have majority control of BOD.
Weak system of internal controls.
Performance emphasis on short-term goals.
Weak or non-existent Code of Ethics (e.g.,
Parmalat).
Questionable business strategies with
opaque disclosures (e.g., special purpose
entities).
CEO is uncomfortable with criticism (Enron’s
Jeff Skilling).
CEO or other senior management turnover
(Qwest’s CFO).
Insiders selling stock (Enron’s Ken Lay).
Independence problem from large non-audit
fees paid to external auditors (e.g.,
HealthSouth).
Company’s investment banker has
independence problems (e.g., Parmalat,
Enron).
290
Earnings Management
Companies that consist solely of
independent directors and meet at least
four times a year are likely to have lower
non-audit service fees.
L.J. Abbott et.al, “An Empirical Investigation of Audit Fees, NonAudit Fees, and Audit Committees,” Contemporary Accounting
Research, Summer, 2003, p. 230.
An auditor who is also an industry
specialist further enhances the credibility
of accounting information (e.g., less
earnings management).
G.V. Krishnan, “Does Big 6 Auditor Industry Expertise Constrain
Earnings Management?” Accounting Horizons, Vol. 17,
Supplement 2003, p. 15.
291
Earnings Management
Lower perceptions of earnings quality
lead investors to more thoroughly
examine a firm’s audited financial
statements. A more thorough analysis of
a firm’s financial statements lead
investors to lower their assessment of
the firm’s earnings quality.
F.D. Dodge, “Investors perceptions of Earnings Quality, Auditor
Independence, and the Usefulness of Audited Financial
Information,” p. 46.
Found no evidence that short sellers
trade on the basis of information
contained in accruals.
Scott Richardson, “Earnings Quality and Short Sellers,” p. 49.
292
Earnings Management
Small companies tend to more
frequently manage earnings to avoid
losses than large companies.
Auditors type appears insignificant.
fgdfg
Brain Lee and Ben Choi, “Company Size, Auditor
Type, and Earnings Management.” Journal of
Forensic Accounting, Vol. 3 (2002), pp. 27-50.
In
2003, HealthSouth paid more money in
taxes to the Federal Government than it
legitimately earned the previous year.
Aaron Beam, 2009
HealthSouth: A Wagon to Disaster
293
Do Not Be a Rubber Stamp
In November 2008, Bernard Madoff told his
investors that they had $65 billion, but investigators
found only about $1 billion. Prosecutors said that
Madoff’s accountant, David Friehling, operating from a
13 by 18 feet office, rubber-stamped Madoff’s books for
17 years.
The government said Friehling did not
meaningfully audit Madoff’s books or confirm that
securities supposedly held by Madoff on behalf of his
customers even existed. The SEC said Friehling
pretended to conduct minimal audit procedures of
certain accounts to make it appear that he was
conducting an audit, but he failed to document his
purported findings. He failed to examine a bank account
through which billions of dollars flowed. The FBI said he
did little or no testing or verification.
The SEC said the 49 year old accountant lied to
the AICPA for years, denying that he conducted any
auditing. He was afraid that his audit work would be
peer reviewed. Do not be a David Friehling.
Source: Larry Neumeister, “Prosecutors Charge Madoff’s Accountant with Fraud,”
Yahoo! Finance, March 18, 2009.
http://biz.yahoo.com/ap/090318/na_us_madoff_scandal.html?.v=4
294
Types of Financial Statement Fraud Schemes
Three professors have broken financial
statement fraud schemes into these ten
types:
1.
2.
3.
Fictitious and/or overstated revenues and
assets (e.g., non-ordered or cancelled goods).
Sunbeam created revenues by contingent
sales, a bill-and-hold strategy, and
accelerated sales. Digital Lightware, Inc.
recognized fraudulent billings. Cendant
Corporation created fictitious revenues, and
Knowledge Ware inflated revenues with
phony software sales. Xerox, Bristol-Mayers,
Merck.
Premature Revenue Recognition (e.g., holding
books open). 35-day month.
Misclassified Revenues and Assets (e.g.,
combining restricted cash accounts with
unrestricted cash accounts). School districts
and universities may engage in this strategy
with dedicated funds.
Source: S.E. Bonner, Z. Palmrose, and S.M. Young, “Fraud Types and Auditor
Litigation,” The Accounting Review, October 1998, pp. 503-532.
295
Types of Financial Statement Fraud Schemes (contd …)
4.
5.
6.
7.
8.
9.
10.
Fictitious Assets and/or Reductions of
Expenses/Liabilities (e.g., recording
consigned inventory as inventory).
WorldCom.
Overvalued Assets or Undervalued
Expenses/Liabilities (e.g., insufficient
allowance for bad debts). Enron.
Omitted or Undervalued Liabilities (e.g.,
understated pension expenses). Hiding
losses (Allied National Bank).
Omitted or Improper Disclosures (e.g., stock
option expense estimates).
Equity fraud (e.g., recording nonrecurring
and unusual income or expense in equity).
Related-Party Transactions (e.g., fictitious
sales to related parties). Enron had many
related-party transactions. REFCO, Adelphia.
Financial Fraud Going the Wrong Way (e.g.,
for tax purposes reducing income or
increasing expenses).
296
Wrong Way Earnings Management
Freddie Mac understated past
earnings as much as $5 billion.
Certain transactions and accounting
policies were “implemented with a
view to their effect on earnings”
(e.g., to smooth earnings).
Restatements will result in higher
earnings in prior periods but lower
earnings in future periods.
Employees appeared to knowingly
violate accounting rules in an effort
to manipulate earnings.
Source: Patrick Barta and J.D. McKinnon, “Freddie Mac Profits May Have Been
Low By Up to $4.5 Billion,” Wall Street J., June 26, 2003, pp. C-1 and
C-11. Bethany McLean, “The Fall of Fannie Mae,” Fortune, January 24,
2005, pp. 123-140.
297
Fannie Mae’s Problem
• Fannie Mae was ordered by the SEC [2004]
to a restatement of earnings of $ 9 billion
(reducing earnings since 2001). Misuse of
hedge-accounting transactions and improper
accounting for loans.
• CFO J. Timothy Howard resigned with an
annual pension of $400,000 and lifetime
access to Fannie Mae’s Medical benefits. Plus
$ 4 million of stock options.
•CEO Franklin Raines was paid more than
$60 million over a 6 year period. On Dec. 21,
2004, Raines took early retirement. $ 1
million annually for life.
•The Board replaced KPMG as Fannie’s
auditor.
Source: Bethany McLean, “The Fall of Fannie Mae,” Fortune, January
24, 2005, pp. 123-140. Mike McNamee, “Franklin Raines Lost
Gamble,” Business Online, December 22, 2004.
298
Lessons From Enron
Enron’s
management figured an
ingenious method of overriding the
double-entry of accounting. They simply
ignored it.
It remains the simplest, most elegant
financial fraud. Enron created specialpurpose entities (SPEs) and pledged
Enron stock – just pieces of paper.
If the SPE was successful, they
recognized income.
When the SPE had huge losses they
issued more paper. Debts were filed offbalance sheet in the partnerships.
Source: Joe Anastasi, The New Forensics, John Wiley & Sons, 2003, p. 92-93.
299
Cooking the Books-Symbol Technologies
From 1998 through February 2003, Symbol used a socalled “Tango sheet” process through which fraudulent
“topside” accounting entries were made to reserves
and other items to conform the unadjusted quarterly
results to management’s projections;
Fabrication and misuse of restructuring merger and
other non-recurring charges to artificially reduce
operating expenses, create “cookie jar” reserves
(overstating inventory write-offs) and further manage
earnings;
Channel stuffing and other revenue recognition
schemes, involving both product sales and customer
services; stuffed the channel by granting resellers
return rights and contingent payment terms in side
agreements.
Manipulation of inventory levels and accounts
receivable data to conceal the adverse side effects of
the revenue recognition schemes.
300
Cooking the Books-Symbol Technologies
Warehouse arrangement with a large foreign
distributor that served as a vehicle for improperly
recognizing several millions of dollars.
Directed employees to refrain from scanning new
components or returned goods into the automated
accounting system.
Backdated (cherry picked) stock option exercise dates.
When “days sales outstanding’ because too large
because of fraudulent revenue recognition, reclassified
past due trade accounts receivable into notes
receivables. A growing DSO figure is often a sign that
receivables are impaired due to channel stuffing, etc.
Deferred $3.5 million of FICA insurance costs to a later
year.
Recognized revenue that was processed in one
quarter, but shipped the next quarter.
301
Catch Me If You Can
Punishment for fraud and recovery of
stolen funds are so rare, prevention
is the only viable course of action.
Frank W. Abagnale
30 years ago Abagnale cashed $2.5
million in fraudulent checks in every
state and 26 foreign countries. Was
later associated with the FBI for 25
years.
302
Over-all Fraud Plan
Background checks
Avoid Nepotism
Signed Conditions of Employment Agreement
Non-compete Agreement
Confidentiality of Information Agreement
Bonding
Two-signatures on checks/ wire transfers/ lines
of credit
Lockbox
Positive pay
Check security and restrictive endorsements
Check stock (can not be scanned and it smears
easily)
Close out cash registers at unpredictable times
Back up computer files
Accounting personnel can not cancel debt
Have an internal audit
CEO signs numbered check request form
E.J. McMillan, Policies and Procedures to Prevent Fraud &
Embezzlement, 2006, John Wiley.
303
Help for Banks
In 2010, there will be nearly 20 billion checks
processed annually, so checks are one of the most
frequent fraud schemes. Over 500 million checks are
forged each year in the U.S. out of the more than 32
billion written each year. Likewise, at least 15 percent
of all bank check-related losses is from counterfeit
checks.30 Thus, it is not practical or cost-effective to
visually compare signatures on these huge numbers of
checks.
There is, however, state-of-the-art automated
signature verification technology available to financial
institutions to detect and prevent fraud. This technology
combines a human-like holistic analysis of a signature
and its segmentation with a subsequent analysis of the
signature’s elements using geometrical analysis (an
analytical method based on signature segmentation
and finding correlations between the fragments of
reference and suspect signatures), dozens of neural
networks, and many other innovative techniques. There
is also automatic stock verification software to provide
scrupulous verification of all preprinted elements on
business and personal bank checks.
304
Help for Banks (cont.)
Fraudsters
also may alter check contents by
lifting bank officers approval stamps from one
check and including it on another check of
higher value or altering the MICR line with bogus
information.
Other
alterations are easy. In many situations
check writers leave spaces and gaps when
populating the various fields; also, dollar
amounts, payees and dates can be simply
altered using a pen. Parascript, LLC
(888.772.7478) offers recognition engines to
detect this fraud.
Source: Parascript Payments Fraud, Image
Exchange Challenges and Solutions, September
2007.
305
Positive Pay System
A
positive pay system can detect forged
checks having duplicate serial numbers,
voided checks presented for payment,
stale checks, checks with altered or
invalid amounts, and checks with
altered payee lines.
This
anti-fraud tool eliminates the need
to review each check which helps
businesses gain control of the exception
process and reduces write-offs.
Positive
pay can even be integrated into
a bank’s branch system to detect fraud
at the teller window or platform.
306
Types of Misappropriations
Embezzlement
Cash and check
schemes
Larceny of cash
Skimming
Swapping checks
for cash
Check tampering
Kiting
Credit card refund
and cancellation
schemes
Inventory fraud
Fictitious
disbursements
Accounts receivable
fraud
Lapping
Fictitious
receivables
Borrowing against
accounts receivable
Stealing
inventory
Short shipments
with full prices
Doctored sales
figures
Sham payments
Price
manipulations:
land flipping,
pump and dump,
and cybersmearing
Money
laundering
Bid rigging
307
Asset Misappropriation SubCategories
Source: 2010 Wells Report, ACFE.
308
Cash Wheel
Accounts Receivable
Adjusting Entries
Accounts Payable
Depreciation
Accruals
Cash
Source: Fraud Auditing Small Businesses With The Wheel , James A. Goldstine
309
Some Employee Schemes
Embezzlement/skimming involves
converting business receipts to
one’s personal use and benefit, by
such techniques as cash register
thefts, understated/unrecorded
sales, theft of incoming checks etc.
310
Some Skimming Schemes (off-book)
Unrecorded sales.
Theft of incoming checks.
Swapping checks for cash.
Auditing Suggestions
Compare receipts with deposits.
Surprise cash count.
Investigate customers complaints.
Gross profit analysis (also for money
laundering).
Check for reversing transactions, altered
cash counts, and register tapes that are
“lost.”
Camera surveillance.
311
Preventive Measures
Segregation of duties, mandatory
vacations, and rotation of duties
help prevent cash larceny.
Review and analyze each journal
entry to the cash account.
Two windows at drive-through
restaurants.
Signs: Free meal if no receipt.
Blank checks and the automatic
check signing machine should be
kept in a safe place from employees.
Pre-numbered checks should be
logged and restricted to one
responsible employee. Require two
signatures on cashier checks.
312
Unclaimed Tax Refunds
Love for an ex-boyfriend caused a Colorado
Department Revenue Supervisor to steal
$11 million in unclaimed tax refunds from
Colorado state. Michelle was in love with the
married Hysear Randell.
Michelle Cawthra testified that she
deposited unclaimed tax refunds and other
money into Hysear Randell’s bank account
over two years.
She forged documents and created fake
businesses. Michelle used computer
passwords of other workers so she would
not be detected.
Source: http://www.baltimoresun.com/news/snsap-us-odd-tax-refund-scam,0,...
313
Processing Checks Best Procedure
Step 1. The invoice is approved for payment.
Step 2. A check request form is completed.
Step 3. The CEO approves the check
request.
Step 4. The check request is forwarded to
accounting.
Step 5. Accounting processes the check.
Step 6. The CEO signs the check.
Step 7. A second designated employee (who
does not approve the payment and is
not in the accounting department)
should cosign the check. Therefore, 4
people involved.
E.J. McMillan, Policies & Procedures to Prevent Fraud & Embezzlement,
John Wiley, 2006, p.44.
314
Processing Checks Best Procedure
Invoice is approved for payment.
Check request form is prepared.
The CEO approves/ signs the numbered
check request form.
Check request form is forwarded to
accounting.
Accounting processes the check.
The check is signed by two authorized
individuals.
The check is mailed.
The bank statements are sent to the CEO’s
home (or P.O. box) for review.
The CEO forwards the reviewed bank
statements to accounting for reconciliation.
E.J. McMillan, Policies & Procedures to Prevent Fraud &
Embezzlement, John Wiley, 2006, p.45.
315
Some Employee Schemes (contd .)
Kiting: building up balances in bank
accounts based upon floating
checks drawn against similar
accounts in other banks. Wire
transferring makes kiting easier.
Auditing Suggestions
Look for frequent deposits and
checks in the same amount.
Large deposits on Fridays.
Short time lag between
deposits/withdrawals.
Bank reconciliation audit [cut-off
bank statement].
316
Some Employee Schemes (contd …)
Cut-off Bank Statement
Shorter period of time (10-20
days).
Bank statement sent directly to
fraud auditors.
Compare the cancelled checks,
etc. with the cut-off bank
statement.
Helpful for finding kiting and
lapping.
317
Cash Schemes
Other Cash Schemes
Theft of checks (bottom or middle
of checks).
Checks may be intercepted or
payee altered (washing checks).
Forged endorsements
(disappearing ink).
Stolen credit cards.
Refund schemes.
Kickback schemes.
318
Refund Schemes
A television station’s former
accounting director pleaded guilty
to stealing more $1.8 million from
her employees and spending it on
jewelry, paintings, and fur coats.
She would overpay the station’s
travel bills and divert the refunds
to her own credit card bills and
personal accounts.
She was sentenced to 7 ½ years
in prison on a single count of theft
from CBS affiliate WBBM – TV
Source: AP, “Ex-Accountant at CBS Affiliate Sentenced,” Las Vegas
Sun, November 5, 2003.
319
Accounts Receivable Schemes
Lapping.
Fictitious receivables [for a
fictitious sale], which is later
written off.
Borrowing against receivables
(use receivable as collateral).
Improper posting of credits
against receivables.
320
Lapping
Lapping
Recording of payment on a customer’s
account some time after receipt of
payment. Later covered with receipt from
another customer (robbing Peter to pay
Paul).
Lapping is more successful where one
employee has both custody of cash and
record keeping responsibility.
321
Warning Signs of Lapping
• Increase in complaints.
• Excessive billing errors.
• Delays in posting customer
payments.
• Trend of decreasing accounts
receivable payments.
• Accounts receivable details do
not agree with the general
ledger.
322
Lapping (cont.)
Audit Steps
Independently verifying
customers who do not pay.
Reviewing write-offs.
Reviewing customers’
complaints.
Compare the checks on a sample
of deposit slips to the details of
the customers’ credits that are
listed on the day’s posting to the
customer’s account receivables.
Closely monitor aging accounts.
323
Cash Flow for Legitimate Asset-Based Revolving
Line of Credit
Source: John F. Monhemius, CPA and Kevin P. Durkin, CPA,
Detecting Circular Cash Flow, Journal of Accountancy,
december 2009, p. 29, www.journalofaccountancy.com
324
Cash Flow in a Circular Flow of Cash Fraud
Scheme
Source: John F. Monhemius, CPA and Kevin P. Durkin, CPA,
Detecting Circular Cash Flow, Journal of Accountancy,
december 2009, p. 29, www.journalofaccountancy.com
325
How Non-Cash Assets are
Misappropriated – 2006
Category
%
Median Loss
Inventory
16.6%
$55,000
Information
3.6%
78,000
Securities
1.5%
1,850,000
Source: 2006 Wells Report, ACFE.
326
Inventory
Inventory Fraud
Stealing inventory/supplies for personal use or
for sale at flea markets/garage sales.
Kickback schemes (vendor/supplier and an
employee). Sale of unreported inventory at
inflated prices.
Audit Steps for Inventory Fraud
Use renumbered inventory tags matched to
count sheets; use count procedures for workin-progress items; separate duties between
purchasing and logging receipts of shipments
Check for same vendors.
Prices higher than other vendors.
Purchasing agent does not take vacation.
Only photocopies of invoices are available.
Aging of inventory.
Inventory turnover
There is data-mining software.
327
Stealing Diamond Inventory
Farrah Daly was charged with
stealing at least 39 diamonds (1
to 3 carats), one at a time over
several years from a diamond
sorting area.
She and her husband allegedly
had friends and others sell the
approximately $500,000 worth of
diamonds at pawn shops and
jewelry stores.
Source: AP, “Ohio Woman Accused of Stealing Diamonds,”
Las Vegas Sun, November 10, 2003.
328
Reducing Bad Debts
Before MCI was acquired by WorldCom, Walter
Paulo a billing manager, had to reduce a $180
million bad debt expense down to $15 million.
Eventually MCI had to write-off $650 million in
bad debt.
His schemes:
Allow a customer to sign a promissory note
to turn the receivable into a short-term asset.
Redacting invoices.
Developing interpretations to explain why
some items are aged so long.
Using questionable codes.
Used unapplied cash to cover.
Arthur Andersen did not audit the smaller bad
debt accounts where the questionable
accounts occurred (e.g., the third tier).
Paulo said that the AA auditors were young,
inexperienced, and fresh out of college.
Source: J.M. Jacka, “An Environment for Fraud,” Internal Auditor, April 2004, pp. 49-52
329
Accounts Payable Fraud Red Flags
Duplicate payments (2% of total purchases)
$80 million times 2% = $1.6 million loss.
Extract only the numerical digits of an invoice
number and match on only the numbers portion of
the invoice.
Try identifying the dates that are similar such as
dates that are less than 14 days.
Try matching on the absolute value of the amount.
2.
Rounded-amount invoices.
3.
Invoices just below approval amounts.
4.
Abnormal invoice volume activity (two invoices one
month and 60 the next).
5.
Vendors with sequential invoice numbers.
LC 0002, LC 0003, LC 0004
6.
Above average payments per vendor.
1.
C. Warner and B. G. Dubinsky, “Uncovering Accounts Payable
Fraud,” Fraud Magazine, July/ August 2006, pp. 29-51.
330
Top 10 Financial Red Flags of Insurance Fraud
Visible
alteration of documents.
Conflicting dates and/ or information.
Missing pages of documents.
Missing key information.
Significant discrepancies between tax returns and other
financial documentation.
Poor financial condition prior to loss.
Business appears to be winding down immediately prior
to loss.
Discovery or previously undisclosed financial or
business interests.
Expenses continue while not working or operating.
Income and/ or ownership is transferred to family.
D. W. Draz, “Insurance Industry Anti-Fraud Insights,” Fraud
Magazine, July/ August, 2006, p.63.
331
Look For Fraud Symptoms
Source
Documents.
Journal Entries.
Accounting Ledgers.
332
Source Documents
Checks.
Employee time cards.
Sales invoices.
Shipping documents.
Expense invoices.
Purchase documents.
Credit card receipts.
Register tapes.
333
Source Documents Fraud Symptoms
Photocopies
of missing documents.
Counterfeit/false documents.
Excessive voids/credits.
Second endorsements.
Duplicate payments.
Large numbers of reconciling items.
Older items on bank reconciliations.
Ghost employees.
Lost register tapes.
Lots of round numbers.
Too many beginning 9’s.
334
Journal Entries Fraud Symptoms
Out-of-balance.
Lacking
supporting documents.
Unexplained adjustments.
Unusual/numerous entries at end
of period.
Written entries in computer
environment.
Many round numbers.
Too many beginning 9’s.
Weekend entries.
335
Consideration of Fraud-All Section 316
The characteristics of fraudulent entries
or adjustments. Inappropriate journal
entries and other adjustments often have
certain unique identifying characteristics,
including entries
A.
B.
C.
D.
E.
Made to unrelated, unusual, or seldomused accounts;
Made by people who typically do not make
journal entries;
Recorded at the end of the period or as
post-closing entries that have little or no
explanation or description;
Made either before or during the
preparation of the financial statements
that do not have account numbers; or
Containing round numbers or consistent
ending numbers.
336
Round Numbers Red Flag
Areas where rounded number should
not be expected:
Amounts on tax returns(T&E).
Inventory Counts.
Regulatory filings.
Accounts receivable balances.
Journal entries.
Any measure presumed to be exact.
Shows Estimation, Approximation, or Fraud. XL Audit
Commander, free, Excel add-on
Http:// ezrstats.com
337
Controls Over Journal Entries
Controls that prevent or detect unauthorized
journal entries can reduce the opportunity
for the quarterly and annual financial
statements to be intentionally misstated.
Such controls might include, among other
things, restricting access to the general
ledger system, requiring dual
authorizations for manual entries, or
performing periodic reviews of journal
entries to identify unauthorized entries.
As part of obtaining an understanding of the
financial reporting process, the auditor
should consider how journal entries are
recorded in the general ledger and whether
the company has controls that would either
prevent unauthorized journal entries from
being made to the general ledger or directly
to the financial statements or detect
unauthorized entries. Tests of controls over
journal entries could be performed in
connection with the testing of journal entries
required by AU sec. 316.
Source: PCAOB, p. 21.
338
Unusual Entries
Officer Loan
Cash
$40,000
Officers Salary
Officer Loan
$40,000
Staff Salaries
Officers Salary
$40,000
$40,000
$40,000
$40,000
----------------------------------------
Cost of Goods Sold
Inventory
$35,000
$35,000
[No related sales transaction]
---------------------------------------Allowance of Bad Debts $32,000
Account Receivables
$32,000
---------------------------------------Expense accounts where no department or person has control
General maintenance account
General transportation account
Stationary/ general office supplies
Scrap disposal accounts
Suspense and cash sweep accounts
Deferred asset or liability
Contra-accounts (bad debt reserve, accumulated depreciation)
Intercompany accounts
Accounts over which a sole, domineering, incompetent, or frequently absent
individual has control.
339
Ledger Fraud Symptoms
Underlying assets disagree.
Subsidiary ledger different than
general ledger.
Investigate and reconcile
differences between control
accounts and supporting ledger.
Difference may be concealed
fraud.
340
Payroll
Payroll Schemes
Ghost Employee: A person on the
payroll who does not work for that
company.
False Workers’ Compensation
claims: Fake injury to collect
disability payments.
Commission schemes: Falsify
amount of sales or the
commission rate.
Falsify hours and salary:
Exaggerate the time one works or
adjusts own salary.
341
Stop Ghost Employees
Ensure that the payroll preparation, disbursement and
distribution functions are segregated.
Look for paychecks without deductions for taxes or
Social Security. Completely fictitious employees
frequently don’t have any.
Examine payroll checks that have dual endorsements.
Although most of them are legitimate, two signatures
could signal the forgery of a departed employee’s
endorsement, which the thief also endorses and
deposits into his or her own account.
Use direct deposits. This method, although not
foolproof, can cut down on payroll chicanery by
eliminating paper paychecks and the possibility of
alteration, forgery and most theft, although it doesn’t
prevent misdirection of deposits into unauthorized
accounts.
Check payroll records for the presence of duplicate
names, addresses and Social Security numbers.
On occasion, hand-deliver paychecks to employees and
require positive identification. If you have leftover
paychecks, make sure they belong to actual employees,
not ghosts.
Be wary of budget variations in payroll expense. Higherthan-budgeted labor costs can indicate ghost
employees.
Source: J. T. Wells, “Keep Ghosts Off The Payroll,” Journal of Accountancy,
December 2002.
342
Some Employee Schemes (contd …)
Fictitious Disbursements
Multiple payments to same payee.
Multiple payees for the same product or
service.
Inflated invoices.
Shell companies and/or fictitious
persons.
Bogus claims (e.g., health care fraud and
insurance claims).
Overstate refunds or bogus refunds at
cash register.
Many fictitious expense schemes (e.g.,
meals, mileage, sharing taxi, claiming
business expenses never taken).
Duplicate reimbursements.
Overpayment of wages.
343
Some Employee Schemes (contd …)
Other Fraud Schemes
Stealing inventory/scrap.
Stealing property.
Theft of proprietary assets.
Personal use of assets.
Shoplifting.
False down grading of products.
A land flip involves a situation where a
company decides to purchase land for a
project. A person or group will find the land and
buy it under a front name or company. The
fraudster then increases the price of the land
before selling it to the company.
Money laundering is the use of techniques to
take money that comes from one source, hide
that source, and make the funds available in
another setting so that the funds can be used
without incurring legal restrictions or penalties.
344
Some Employee Schemes (contd …)
Other Fraud Schemes (contd …)
A ponzi scheme is a pyramid-type
technique where early investors are
paid with new money collected from
future investors, who lose their
investments.
Bid rigging occurs when a vendor is
given an unfair advantage in an open
competition for a certain contract.
345
Ponzi Scheme
• Fraudulent Investing Scam
• Promises High Return With Little Risk
• Generates Returns For Older Investors By
Acquiring New Investors
• Usually Collapse On Themselves When The
New Investments Stop
Sources: Investopedia http://www.investopedia.com/terms/p/ponzi-scheme.asp
The Original Ponzi Scheme
http://white-collar-crime.suite101.com/article.cfm/ponzi_schemes
The Wall Street Journal http://online.wsj.com/article/SB123685693449906551.
html?mod=djemalertNEWS#project%3DMADOFF-TREE-0902%26articleTabs
%3Dinteractive
346
Pyramid Scheme
•Same As Ponzi Scheme Except Person At The Top
Never In Charge Of All The Money
•Only Get Money From The Investors They Recruit
Sources: Investopedia http://www.investopedia.com/terms/p/ponzi-scheme.asp
The Original Ponzi Scheme
http://white-collar-crime.suite101.com/article.cfm/ponzi_schemes
The Wall Street Journal http://online.wsj.com/article/SB123685693449906551.
html?mod=djemalertNEWS#project%3DMADOFF-TREE-0902%26articleTabs
%3Dinteractive
347
Charles Ponzi
•
•
•
•
•
•
Raised $1 Million In 3 Hours in 1921
Accumulated $15 Million Before Caught
Returned $8 Million Before Trial
Buy International Postage Reply Coupons
Converted To American Postage Stamps
50% Return In 90 Days
Modern Fraud
• Fraud Incurs In Cycles
• Exploits A New Unaware Generation
• Globalization Of Economy
• Albania Poured $1 Billion Into Pyramids
• 43% GDP
• E-commerce
• E-mails, Websites, More Investors
Sources: Investopedia http://www.investopedia.com/terms/p/ponzi-scheme.asp
The Original Ponzi Scheme
http://white-collar-crime.suite101.com/article.cfm/ponzi_schemes
The Wall Street Journal http://online.wsj.com/article/SB123685693449906551.
html?mod=djemalertNEWS#project%3DMADOFF-TREE-0902%26articleTabs
%3Dinteractive
348
Bernard Madoff
•Stole $64 Billion From Investors
• S&P Fell 38% In 2008
• Madoff’s Fund Up 5.6%
•If It Sounds Too Good To Be True
• Use New Investments To Create Appearance Of
Profits
Madoff’s Investors Included:
•Larry Silverstein - NYU and Brooklyn Law School
Graduate, Billionaire in Real Estate
•Norman Braman - Philadelphia Eagles Owner
•Fred Wilpon - New York Mets Owner
Carl Shapiro - Founder of Institute for Education
and Research at Harvard Medical School
Sources: Investopedia http://www.investopedia.com/terms/p/ponzi-scheme.asp
The Original Ponzi Scheme
http://white-collar-crime.suite101.com/article.cfm/ponzi_schemes
The Wall Street Journal http://online.wsj.com/article/SB123685693449906551.
html?mod=djemalertNEWS#project%3DMADOFF-TREE-0902%26articleTabs
349
%3Dinteractive
Sir Allen Stanford
Ponzi Schemes Still Operate. Sir Allen Stanford
is not as well known as Bernard Madoff, who
stole as much as $64 billion from investors.
Both, however, are accused of operating a
1921--type ponzi scheme. A ponzi investing
scam promises high returns with little risk, and
the fraudster pays off older investors with
money from new investors. The scam usually
collapses when new investments dry up.
Mr. Stanford, a Texas banking billionaire, was
accused by the SEC of operating a multi-billiondollar ponzi scheme, defrauding about 30,000
investors of $7 billion. His company had 200
different accounting systems. Mr. Stamford also
was making a series of bribe payments to Leroy
King, the top banking regulator in Antigua.
Apparently, Mr. King would conduct fake audits
aimed at assuring American regulators and
investors that Mr. Stanford’s bank was sound.
Source: AP, “Pyramid Scheme Leader Pleads No Contest,” Las
Vegas Sun, November 8, 2003.
350
Forensic Auditing Steps
Count the Petty Cash Twice in a
Day
Investigate Suppliers (Vendors)
Investigate Customers’ Complaints
Examine Endorsements on
Canceled Checks
Add Up the Accounts Receivable
Subsidiary
Audit General Journal Entries
Match Payroll to Life and Medical
Insurance Deductions
Source: Jack C. Robertson, Fraud Examination for Managers
and Auditors, Austin, TX: Viesca Books, 2000, pp. 213-216.
351
Forensic Auditing Steps (contd …)
Match Payroll to Social Security
Numbers
Match Payroll with Addresses
Retrieve Customer’s Checks
Use Marked Coins and Currency
Measure Deposit Lag Time
Document Examination
Inquiry, Ask Questions
Covert Surveillance
Source: Jack C. Robertson, Fraud Examination for Managers
and Auditors, Austin, TX: Viesca Books, 2000, pp. 213-216.
352
Vendor Allowances
• In exchange for better shelf space or advertisement
mentioning its products, a merchandise vendor will
pay stores an extra fee--an allowance often based
upon the amount of products sold.
• Employees at OfficeMax “fabricated supporting
documents for approximately 3.3 million in claims
billed to a vendor to its retail business.” Six
employees were fired, and CEO Christopher Milliken
resigned.
• The SEC sued three former executives in December
2004 at Kmart Holding Corp. for their role in a $24
million accounting fraud that booked these allowances
early.
•The SEC settled a case in October 2004 with Ahold
NV involving allegations of fraudulent inflation of
promotional allowances at U.S. Foodservice, Inc. unit.
Source: David Armstrong, “OfficeMax Results To Be Restated; CEO Steps
Down,” WSJ, February 15, 2005, p. A-3.
353
Cyber - Forensics
Recommended Practices: Creating
Cyber-Forensic Plans for control
Systems.
Forensic Examination of Digital
Evidence: A Guide for Law
Enforcement, U.S. Dept. of Justice.
Cyber-Forensics – Forensic
reporting.
354
Computer Forensics Report Template
355
Seven Investigative Techniques
1.
2.
3.
4.
5.
6.
7.
Public document review and
background investigation (nonfinancial documents).
Interviews of knowledgeable
persons.
Confidential sources.
Laboratory analysis of physical
and electronic evidence.
Physical and electronic
surveillance.
Undercover operations.
Analysis of financial transactions.
Source: R.A. Nossen, The Detection, Investigation and Prosecution of
Financial Crimes, Thoth Books, 1993
.
356
Investigation Tasks
1) Interviewing, including:
a) Neutral third-party witnesses.
b) Corroborative witnesses.
c) Possible co-conspirators.
d) The accused.
2) Evidence collection, including:
a) Internal documents, such as
i) Personnel files.
ii) Internal phone records.
iii) Computer files and other electronic devices.
iv) E-mail.
v) Financial records.
vi) Security camera videos.
vii) Physical and IT system access records.
b) External records, such as
i) Public records.
ii) Customer/vendor information.
iii) Media reports.
iv) Information held by third parties.
v) Private detective reports.
3) Computer forensic examinations.
4) Evidence analysis, including:
a) Review and categorization of information collected.
b) Computer-assisted data analysis.
c) Development and testing of hypotheses.
Source: Managing the Business Risk of Fraud: A Practical Guide, IIA, AICPA, ACFE;
http://www.acfe.com/documents/managing-business-risk.pdf, 2008, pp. 42-43.
357
Documentation
The forensic accountant needs to track
and document the steps in any
investigation process, including:
• Items maintained as privileged or
confidential.
• Requests for documents, electronic
data, and other information.
• Memoranda of interviews conducted.
• Analysis of documents, data, and
interviews and conclusions drawn.
Source: Managing the Business Risk of Fraud: A Practical Guide, IIA, AICPA,
ACFE; http://www.acfe.com/documents/managing-business-risk.pdf,
2008, p. 43.
358
Financial Fraud Detection Tools
Interviewing the executives
Analytics
Percentage analysis
Horizontal analysis
Vertical analysis
Ratio analysis
Using checklists to help detect fraud
SAS checklist
Attitudes/Rationalizations checklist
Audit test activities checklist
Miscellaneous fraud indicator checklist
“Objectively obtaining and evaluating evidence is the
essence of auditing.”
(AAA, Committee on Basic Auditing Concepts, 1973, 2)
359
Investigative Techniques
Public Document Review
Real
and personal property records.
Corporate and partnership records.
Civil and criminal records.
Stock trading activities.
Check vendors.
Laboratory Analysis
Analyzing fingerprints.
Forged signatures.
Fictitious or altered documents.
Mirror imaging or copying hard
drives/company servers.
Use clear cellophane bags for paper
documents.
Check for indentations (3-D
enhancement).
360
Analytical Procedures
Analytical procedures involve the study or
comparison of the relationship between
two or more measures for the purpose of
establishing the reasonableness of each
one compared. Five types of analytical
procedures help find unusual trends or
relationships, errors, or fraud:
Horizontal or Percentage Analysis
Vertical Analysis
Variance Analysis
Ratio Analysis or Benchmarking
Comparison with other operating
information
Source: D.L. Crumbley, J.J. O’Shaughnessy, and D.E.
Ziegenfuss, 2002 U.S. Master Auditing Guide,
Chicago: Commerce Clearing House, 2002, p.
592.
361
Sales v. Net Income
Forensic accountants should compare the
trend in sales with the trend in net income.
For example, from 1999 to 2001,
HealthSouth’s net income increased nearly
500%, but revenues grew only 5%. On
March 19, 2003, the SEC said that
HealthSouth faked at least $1.4 billion in
profits since 1999 under the auditing eyes
of Ernst & Young.
The SEC said that HealthSouth started
cooking its numbers in 1986, which Ernst &
Young failed to find over 17 years.
HealthSouth also inflated its cash balances.
362
Beware Inter-company Entries
HealthSouth used PeopleSoft, with at
least 2,000 different ledgers.
Suspense Account
Revenue
xx
Accounts Receivable
Inventory
Property
Suspense Account
xx
xx
xx
xx
xxx
Most of the entries were inter-company
entries.
During 2005, 2004, and 2003,
professional fees associated with the
reconstruction of HealthSouth’s financial
records and restatement of 2001 and
2002 consolidated financial statements
approximated $206.2 million and $70.6
million, respectively.
363
Financial Statement Fraud Audit
1.
2.
3.
4.
5.
6.
7.
8.
Obtain current year’s financial
statements.
Obtain prior 3 years’ financial
statements.
Perform vertical/ horizontal analysis of
the 4 years, plus all current quarters.
Pay attention to footnotes.
Analysis of %s and footnotes by senior
auditors.
Nonsense %s and footnotes inquire
explanations from financial
management.
Interview lower level financial
employees who approved
questionable journal vouchers.
Combine explanations with visits to
accounting records/ source
documents.
364
Horizontal Analysis
Suppose advertising in the base year
was $100,000 and advertising in
the next three years was $120,000,
$140,000, and $180,000. A
horizontal comparison expressed as
a percentage of the base year
amount of $100,000 would appear
as follows:
Dollar
Amount
Horizontal
Comparison
Year 4
Year 3
Year 2
Year 1
$180,000
$140,000
$120,000
$100,000
180%
140%
120%
100%
365
Red Flags with Horizontal Analysis
When deferred revenues (on the balance sheet)
rise sharply, a company may be having trouble
delivering its products as promised.
If either accounts receivable or inventory is rising
faster than revenue, the company may not be
selling its goods as fast as needed or may be
having trouble collecting money from customers.
For example, in 1997 Sunbeam’s revenue grew
less than 1% but accounts receivable jumped 23
percent and inventory grew by 40 percent. Six
months later in 1998 the company shocked
investors by reporting a $43 million loss.
If cash from operations is increasing or decreasing
at a different rate than net income, the company
may be being manipulated.
Falling reserves for bad debts in relation to
account receivables falsely boosts income (cookie
jar accounting).
366
More Red Flags
Look for aggressive revenue recognition
policies (Qwest Communication, $1.1 billion
in 1999-2001). Beware of hockey stick
pattern.
Beware of the ever-present nonrecurring
charges (e.g., Kodak for at least 12 years).
Check for regular changes to reserves,
depreciation, amortization, or comprehensive
income policy.
Related-party transactions (e.g., Enron).
Complex financial products (e.g.,
derivatives).
Unsupported top-side entries (e.g.,
WorldCom).
Under-funded defined pension plans.
Unreasonable management compensation
Source: Scott Green, “Fighting Financial Reporting Fraud,”
Internal Auditor, December 2003, pp. 58-63.
367
Five Statistically Significant Ratios (76%)
Use the ratios for two successive fiscal
years.
Convert into indexes for benchmarking.
Day’s Sales in Receivable Index:
(Accounts Receivable t / Sales t )
(Accounts Receivable t-1 / Sales t-1)
Index for manipulators: 1.5 to 1
-------------------------------------------------------Gross Margin Index:
[(Sales t-1 - Cost of Sales t-1 ) / Sales t-1]
[(Sales t - Cost of Sales t ) / Sales t]
Index for manipulators = 1.2 to 1
-------------------------------------------------------Source: M.D. Beneish, “The Detection of Earnings
Manipulation,” Financial Analysts Journal,
September/October, 1999. t-1 = prior year.
368
Five Statistically Significant Ratios
Asset Quality Index =
1- (Current Assets t + Net Fixed Assets t )
Total Assets t
1 - (Current Assets t-1 + Net Fixed Assets t-1)
Total Assets t-1
Index for manipulators = 1.25 to 1
----------------------------------------------------------------Sales Growth Index : Sales t / Sales t-1
Manipulators: 60%
Non manipulators 10%
Source: M.D. Beneish, “The Detection of Earnings
Manipulation,” Financial Analysts Journal,
September/October, 1999. t-1 = prior year.
369
Five Statistically Significant Ratios (76%)
Total Accruals to Total Assets =
Δ Working Capital t - Δ Cash t - Δ Current Taxes
Payable t - Δ Current Portion of LTD t - Δ
Accumulated depreciation and amortization t
Total Assets t
TATA for manipulators: .031
TATA for non manipulators: .018
Source: M.D. Beneish, “The Detection of Earnings
Manipulation,” Financial Analysts Journal,
September/October, 1999. LTD = Long-term debt.
370
A Charles Lundelius Example
Comparison to peer group benchmarks:
Characteristic
peers
DSRI
GMI
AQI
SGI
TATA
MPS
Peer group
1.56
2.00
1.23
1.50
0.10
1.03
1.10
1.04
1.20
0.05
% over
51%
82%
18%
25%
100%
Source: C.R. Lundelius, Financial Reporting Fraud, AICPA, 2003, p.
129.
371
Z-Score Methodology: Bankruptcy
1.
2.
Altman’s Z-Score (Manufacturers)
AZ-Score = 1.2X1 + 1.4X2 + 3.3X3 + 0.6X4 +
0.999X5
Where:
X1 = Working Capital/Total Assets
X2 = Retained Earnings/Total Assets
X3 = EBIT/Total Assets
X4 = Market Value of Equity/Total Liabilities
X5 = Sales/Total Assets
Above 2.99, indicates sound financial health.
Grey zone, no conclusion can be drawn.
Below 1.81, indicates financial distress.
Altman’s Double Prime Z-Score
(nonmanufacturers)
Change X4 to Total Shareholders’ Equity
Drop X5
ADPZ-Score = 6.56X1 + 3.26X2 + 6.72X3 +
1.05X4
Above 2.6, strong.
Grey zone, no conclusion can be drawn.
Below 1.1, weak.
372
Z-Score Methodology (cont.)
3.
4.
Private Company Model
Use book value rather than
market value of equity.
PMZ-Score = 0.717X1 + 0.847X2
+ 3.107X3 + 0.420X4 + 0.998X5
Above 2.90, safety zone.
Grey zone, no conclusion.
Lower than 1.23, distress zone.
Hillegeist DPM
Gives probability of default.
HZ-Score = 3.835 + 1.13X1 +
0.005X2 + 0.269X3 + 0.399X4 –
0.033X5
Where 3.835 is constant.
Higher the score, the better.
373
Exercises
1.
In order to determine how risky a particular company is
that you are auditing, you prepare these five ratios
along with the same ratios of this company’s peers:
Company
Peers
Day’s Sales in Receivable Index
1.51
1.05
Gross Margin Index
1.98
1.11
Asset Quality Index
1.21
1.01
Sales Growth Index
1.53
1.19
Total Accruals to Total Assets
0.11
0.06
What are your thoughts about the risk potential of
this company?
2. You are provided the following information about a
company for two years (in millions):
Sales
Cost of Sales
2005
2006
$23,000
32,000
11,960
17,600
4,830
10,560
Accounts Receivable
Calculate:
a. Days Sales in receivable index.
b. Gross margin index.
c. Sales growth index.
Any thoughts about this company?
374
Excel Spreadsheet
Sherron Watkins discovered the Enron fraud in
2001 when she was again working under Andy
Fastow, CFO. She took a simple inventory, using an
Excel spreadsheet to calculate which of the
division’s assets were profitable and which were
unprofitable.
She discovered the special purpose
entities called Raptors, off-the-books partnerships.
Enron had hidden hundreds of millions of losses by
borrowing money from Raptors and promising to
pay the loans back with Enron stock. Enron was
hedging risks in its left pocket with money from its
right pocket.
As the value of Enron stock fell and the
losses in the Raptors mounted, Enron had to add
more and more stock because Enron had risked
97% of the losses, and Arthur Andersen had agreed
to the accounting.
Source: Mimi Swartz and Sherron Watkins, Power Failure,
New York: Doubleday, 2003, p. 269.
375
Investigative Technique: Videotapes
Average big city resident caught on videotape
about 75 times a day. Common in workplaces and
stores (USA).
Former Coca-Cola secretary convicted of
conspiring to steal and willing to sell confidential
Coca-Cola documents and samples of products
that the company was developing to Pepsi.
Coca-Cola security expert testified that
surveillance cameras were monitoring Joya
Williams’ movements. The surveillance was a key
part of the government’s evidence.
She stole the materials and was attempting to sell
for at least $1.5 million.
Deeply in debt, unhappy at job, and seeking a big
payday.
Could face 10-years in prison.
Myway, “Video Shows Coke Worker Taking Documents,” January
26, 2007.
376
Fraud Awareness Auditing:
Unrefined Oil
377
Thinking as a Forensic Auditor
The Iceberg Theory of Fraud
Overt Aspects
Hierarchy
Financial Resources
Goals of the Organization
Skills and Abilities of Personnel
Technological State
Performance Measurement
Structural
Considerations
Covert Aspects
Water
line
Attitudes
Feelings (Fear, Anger, etc.)
Values
Norms
Behavioral
Interaction
Considerations
Supportiveness
Satisfaction
Source: G.J. Bologna and R.J.
Lindquist, Fraud Auditing and
Forensic Accounting, 2nd Edition,
New York: John Wiley, 1995, pp. 3637
378
Game Theory and Strategic Reasoning Tips
Fraud risk assessment
•
•
•
Auditors who use long lists of fraud cues and fraud checklists are
inaccurate in their fraud-risk assessments.
Auditors generally overweight cues indicative of management’s
character even though these cues are the most likely cues to be
unreliable.
Audit standards should be designed to persuade auditors to consider
how management might manipulate their perceptions of fraud cues.
Audit Planning
•
•
•
•
Auditors should develop audit strategies that are unpredictable,
especially with regard to the nature of their evidence.
Audit plans are more predictable and less effective at detecting fraud
when auditors use procedures based on prior audits or standard audit
programs.
Audit standards should require auditors to engage in strategic
reasoning by considering the types of fraud that management might
perpetrate and how these frauds might be concealed from the audit.
The goal of audit standards should be to encourage auditors to gather
new, unusual, or random audit evidence not easily anticipated by
management.
Implementation of the audit
•
Learning from experience is critical to effectively performing in a
strategic setting.
• Auditors are often insensitive to new evidence regarding fraud risk
and can more effectively learn from their interactions with the client.
• Audit standards can improve learning by requiring activities such as
documenting and communicating the nature of their interactions with
Source:management.
T. J. Wilks and M. F. Zimbelman, “Using Game Theory and Strategic Reasoning
Techniques to Prevent and Detect Fraud,” Accounting Horizon, September 2004, p. 182.
379
Behavioral Concepts Important
“Not all fraud schemes can
effectively be detected using data-driven
approaches.
Instances of corruption-bribery,
kickbacks, and the like – and collusion
consistently involve circumvention of
controls.
Searching relevant transaction data
for patterns and unexplained relationships
often fails to yield results because the
information may not be recorded, per se, by
the system.
Behavioral concepts and qualitative
factors frequently allow the auditor to look
beyond the data, both with respect to data
that is there and the data that isn’t.”
Source: S. Ramamoorti and S. Curtis, “Procurement Fraud & Data
Analytics, “Journal of Government Financial Management, Winter 2003,
Vol. 52, No. 4, pp. 16-24.
380
Life Styles Important
For someone who earned a salary of just
$1,000 a month, Rana Koleilat managed to live
a pretty nice life. She traveled by private jet,
took along her servant and hairdresser, and
stayed at luxurious locality in London and Paris.
Back home in Beirut, Lebanon, she lived in a
three-story penthouse. To anyone who asked
how she lived so well, she replied that she had a
“rich uncle.”
Actually, Koleilat helped manage a
private bank in Beirut, and thereby hangs a tale.
The chairman of the bank said he lost $1.2
billion, and depositors lost another several
hundred million dollars
E.T. Pound, “Following the Old Money Trail,” U.S. News & World Report, April
4, 2005, p. 30.
381
Be An Investigator
“Because I was an investigator,” he said.
“O.K.,” she said. “Investigators investigate.
That, I can follow. But don’t they stop
investigating? I mean, ever? When they know
already?”
“Investigator never know,” he said. “They
feel, and they guess.”
“I thought they dealt in facts.”
“Not really,” he said. “I mean, eventually they
do, I suppose. But ninety-nine percent of the
time it’s ninety-nine percent about what you
feel. About people. A good investigator is a
person with a feel for people.”
Lee Child, Echo Burning, N.Y.: Jove Books, 2001, p. 281.
382
Working Outward to Inward
Secondary
Sources
Human
Resources
Primary
Documents
Primary documents may lie.
If a fraudster is smart, there may be little secondary
sources.
Primary documents may have been destroyed.
Source: Houston et al., The Investigative Reporter’s Handbook, 4th
edition, Bedford/ St. Martin’s
383
Secondary Sources
•Newspapers
•Broadcast and Cable sources
•Magazines & Newsletters
•Reference books
•Dissertations & Theses
•Books & Libraries
•Databases: Dialog, Lexis Nexis, Dow
Jones Interactive
•Internet
384
Primary Documents
• Primary Documents on Commercial
Databases.
• Government Databases.
• Uniform Commercial Code.
• County tax documents.
• Birth & Death records.
• Depository Libraries.
• National Archives System.
The 3 I’s
• Individual
• Institution
• Issue
385
Computer Assisted Investigation
•Online databases.
•Spreadsheets.
•Database managers.
•Mapping software.
•Statistical software.
386
United States – 876 Cases
Source: 2010 Wells Report, ACFE.
Behavioral Red Flags Present During Fraud Scheme – Sorted by Frequency
23
The sum of percentages in this table exceeds 100 percent because in several
cases the perpetrator exhibited more than one behavioral red flag.
Source: 2008 Wells Report, ACFE.
Fraud Identifiers to Spot Fraudsters
Large ego
Substance abuse problems or
gambling addiction
Living beyond apparent
means
Self-absorption
Hardworking/taking few
vacations
Under financial pressure (e.g.,
heavy borrowings)
Sudden mood changes.
Source: G.E. Moulton, “Profile of a Fraudster,”
Deloitte Touche Tohatsu, www.deloitte.com, 1994.
389
Red Flags or Fraud Identifiers
Earnings problem: downward trend in
earnings
Reduced cash flow: If net income is moving
up while cash flow from operations is drifting
downward, something may be wrong.
Excessive debt: the amount of stockholders'
or owners' equity should significantly exceed
the amount of debt.
Overstated inventories (California Micro) and
receivables (BDO Seidman): If accounts
receivables exceeds 15 percent of annual
sales and inventory exceeds 25 percent of
cost of goods sold, be careful.
Inventory plugging: Record sales to other
chains as if they were retail sales rather than
wholesale chains (e.g., Crazy Eddie).
Balancing Act: Inventory, sales, and
receivables usually move in tandem because
customers do not pay up front if they can
avoid it.
CPA Switching: Firms in the midst of financial
distress switch auditors more frequently than
healthy companies.
390
Red Flags or Fraud Identifiers (contd…)
Hyped Sales: hyped sales by using his ample
personal fortune to fund purchases.
Reducing Expenses: Rent-Way reduced the
company’s expenses—a reduction of $127
million.
Ebitda: Earnings before interest, taxes,
depreciation, and amortization is a popular
valuation method for capital-intensive
industries.
Off-Balance Sheet Items: Enron had more
than 2,500 offshore accounts and around
850 special purpose entities.
Unconsolidated Entities: Enron did not tell
Arthur Andersen that certain limited
partnerships did not have enough outside
equity and more than $700 million in debt
should have been included on Enron’s
statements.
391
Red Flags or Fraud Identifiers
(contd…)
Creative or Strange Accounts: For their
1997 fiscal year, America Online, Inc.
showed $385 million in assets on its
balance sheet called deferred
subscriber acquisition costs.
Pension Plans
Reserve Estimates
Personal Piggy Bank: Family member
owners may use a corporation as a
personal piggy bank at the expense of
public investors and creditors.
Barter deals: A number of Internet
companies used barter transactions
(or non-cash transactions) to increase
their revenues.
392
Management’s Role
The Sarbanes-Oxley Act of 2002
mandates that CEOs and CFOs certify in
periodic reports containing financial
statements filed with the SEC the
appropriateness of financial statements
and disclosures.
--------------------------------------------------------
In March 2005, the SEC said that
executives are gatekeepers. Thus, an
executive can be in trouble if in a
position to detect wrongdoing below
them and do not move forcefully to
prevent the fraud. It does not matter if
the executive has been lied to. An
executive has the responsibility to cut
through the lies and try to root out the
truth.
Carol. J. Loomis, “The SEC Turns the Screws on
Gatekeepers,” Fortune, April 18, 2005, p. 38.
393
Pressures On All Sides
CEOs are now being squeezed as a
result of SOX by BODs, auditors, and
lawyers because these watchdogs are
finally facing genuine liability for their
failures. These watchdogs are trying to
protect their hides.
Arthur Andersen is out of business, and
directors at WorldCom and Enron are
paying off fraud claims out of their own
pockets. Hank Greenberg, former
Chairman and CEO of AIG said that the
balance of power in corporate America
has shifted.
Diane Brady and Joseph Weber, “The Boss on the Sidelines,”
Business Week, April 25, 2005, p. 88.
394
Significant Variables of
Fraudulent Companies
Percentage of total Board of Directors
holdings held by insiders.
Insiders having greater than 50%
control of the BOD.
CEO also being chairman of the BOD.
CEO being the company’s founder.
Lack of an audit committee.
SEC Accounting and Auditing Enforcement Releases (1982-1992).
395
CEO Duality
Eight of the ten recent scandals had board
chairs who were also CEO:
1.Enron
5. HealthSouth
2.Adelphia
6. Quest
3.Tyco
7. Homestore
4.Waste Management
8. Sunbeam
WorldCom and Global Crossing had different
Chairman and CEO.
-------------------------------------------------------Aging Board of Directors. “Easier for
Management to get away with misdeeds.”
Enron’s Audit Committee chairman was 72.
“They can be hard of hearing.” Nearly 10% of
directors in the S & P’s 500 stock index are
70 or over.
Source: Louis Lavelle, “Directors: Know When to Fold Them, “Business Week, May 24, 2004, p.14.
396
Audit Tests
The Panel on Audit Effectiveness
recommended that surprise or unpredictable
elements should be incorporated into audit
tests, including:
Recounts of inventory and
unannounced visits to locations
Interviews of financial and nonfinancial client personnel in different
locations
Requests for written confirmations
from client employees regarding
matters about which they have made
representations to the auditors
Tests of accounts not normally
performed annually
Tests of accounts traditionally or
frequently deemed “low risk”
397
Internal Auditors and Fraud
Detection
The Institute of Internal Auditors’ Due
Professional Care Standard (Section
280) assigns the internal auditor the
task of assisting in the control of fraud
by examining and evaluating the
adequacy and effectiveness of the
internal control system.
However, Section 280 says that
management has the primary
responsibility for the deterrence of fraud,
and management is responsible for
establishing and maintaining the control
systems. In general, internal auditors are
more concerned with employee fraud
than with management and other
external fraud.
398
When Fraud Is Discovered
1.
2.
3.
4.
Notify management or the board when the
incidence of significant fraud has been
established to a reasonable certainty.
If the results of a fraud investigation
indicate that previously undiscovered
fraud materially adversely affected
previous financial statements, for one or
more years, the internal auditor should
inform appropriate management and the
audit committee of the board of directors
of the discovery.
A written report should include all findings,
conclusions, recommendations, and
corrective actions taken.
A draft of the written report should be
submitted to legal counsel for review,
especially where the internal auditor
chooses to invoke client privilege.
399
Audit Committee
The audit committee is the subcommittee of an
organization’s board of director’s charged with
overseeing the organization’s financial reporting and
internal control processes. The audit committee’s
biggest responsibility is monitoring the component
parts of the audit process.
---------------------------------------------------------------The board of directors and its representative audit
committee should oversee (1) the integrity, quality,
transparency, and reliability of the financial reporting
process; (2) the adequacy and effectiveness of the
internal control structure in preventing, detecting, and
correcting material misstatements in the financial
statements; and (3) the effectiveness, efficacy, and
objectivity of audit functions.
400
Audit Committee Red Flags
• Independence of audit committee from
management. Audit committee should
report to BODs.
• The clarity with which the audit
committee’s responsibilities are articulated,
such as in the charter, and how well the
audit committee and management
understand those responsibilities;
• The audit committee’s interactions and
involvement with the independent and
internal auditor; and
• Whether the audit committee raises and
pursues with management and the
independent auditor the appropriate
questions, including questions that indicate
an understanding of the critical accounting
policies and judgmental accounting
estimates.
401
Computer Forensics
“Today’s Sergeant Joe Friday does not write in a small
notebook in the course of solving crimes; he now
reconstructs the data from imaging hard drives.”
Joe Anastasi, The New Forensics, John Wiley & Sons, 2003.
“Corporate criminals don’t always tell the truth.
Their computers usually do.”
Thomas Talleur, KPMG
• “The need for computer forensics has dramatically
increased. This represents the use of computer
science principles and investigative techniques to
obtain digital evidence from computer systems that
is admissible in a court of law,” says Bruce
Dubinsky.
• Statistics indicate that 92 percent of new data is
created electronically and that 70 percent of this data
never migrates to paper. When investigators ignore
electronics evidence, it’s analogous to only
reviewing three out of 10 boxes containing
potentially relevant and discoverable information.
S. Kahan, “Sherlock Holmes Enters Accounting,” WebCPA, February,
2007.
402
Data Mining Found WorldCom Mess
Auditors should perform all of the
analytics themselves, and they must be
educated in fraud detection and
introduced to data mining techniques.
When the concept of data mining is
brought up, audit managers cringe and
argue that they cannot afford to employ
statisticians.
However, while there is data mining
software that requires a statistician’s
level of expertise (such as IBM’s
Intelligent Miner), there also are
products, such as WizSoft Inc., that can
be employed by most auditors who are
acquainted with the fundamentals of
Microsoft Office and who are curious as
to why they obtained their audit results.
Source: Bob Denker, “Data Mining and the Auditor’s Responsibility,”
Information Systems Audit and Control Association InfoBytes.
403
Technology Knowledge Important
Ruby Sharma, at E&Y, says that computer forensic services,
as well as electronic discovery and forensic data analysis, are
provided by its legal technology services practice, which
currently consists of 52 professionals, around one-fourth of
whom are primarily devoted to computer forensics and
closely related disciplines.
These computer forensics professionals provide a range of
services to clients beyond the traditional identification,
preservation and extraction of electronic evidence from
digital media, she says. They also provide forensic
investigations and analysis of digital media to determine the
circumstances surrounding the creation, deletion or
modification of specific documents; determine the
provenance of documents; locate and recover evidence that
has been either intentionally or unintentionally deleted; and
determine timelines and event sequences of computer
activity that may be of value to the investigation.
Frank Piantidosi, at Deloitte, says that technology is the heart
of most financial investigations, and electronic data drives
the investigation. He says that this group provides
repositories of all the data to the legal teams electronically,
rather than through the antiquated system of boxes and
boxes of hard copy files.
We have developed technology solution that can quickly find
and accumulate data from various sources anywhere in the
world, then read the data files using software from India,
then store the data using Australian technology for 5 to 10
years.
S. Kahan, “Sherlock Holmes Enters Accounting,” WebCPA, February 11, 2007. 404
Careful of E-mail and Text Messages
40% of large business and 29% of all
companies read or analyze outbound e-mails.
51% of U.S. companies have disciplined an
employee for violating e-mail policy and 26%
have fired someone.
21% investigate blogs or message boards.
Source: Ben Worthen, “Be Careful: Your Boss is Reading,” Wall
Street Online, June 10, 2008.
405
Some Forensic Software
Encase: can recover deleted files, time-stamp
data, and identify unauthorized applications.
Disk Investigator (free from Kevin Solway):
identify hidden files and deleted files on a
disk.
Interactive Data Extraction Analysis (IDEA):
import and analyze data (e.g., aging of
accounts, file stratification, name searches,
review of audit trail log files, using day of
week analysis, gap detection, sampling
techniques, sorting Benford’s Law Analysis).
Free educator’s version
(www.audimation.com).
406
Careful of E-mail and Text Messages
Do not put anything in an e-mail or text
message that you do not wish to see in the
newspaper or on the Internet.
14,000 flirty and sometimes sexually explicit
text messages between married Detroit Mayor
Kwame Kilpatrick and his top aide Christine
Beatty reprinted in Detroit Free Press. Found
on the city-issued pager of Beatty.
Both denied under oath having a physical
relationship.
407
Careful of E-mail and Text Messages (cont.)
“Most investigations begin with a tip from a
whistleblower or a suspicion of some sort,
which prompts the audit committee of a
company's board of directors to call in Vondra
and his group. They'll begin with high-level
interviews and then move on to requesting
and examining e-mails—sometimes as many
as one million. He and his team run the emails through programs that search for words
and phrases like "illegal," "earnings
management," and "manipulate." The
programs will call up e-mail strings, which
may point the auditors to certain accounting
files, which can then be pulled up and
scrutinized. ”
Source: http://www.portfolio.com/careers/job-of-the
week/2008/03/10/Forensic-Accountant-Al-Vondra#page2
408
Using Technology to Gather
Evidence
Drill-down functionality
Electronic imaging
Benford’s law
Digital Analysis Tests and Statistics
(DATAS)
Data warehousing/mining
Inductive vs. deductive method
409
Technology is Here
“Extensive knowledge and use of technology is
an absolute necessity. The ability to go into an
electronic image and download information,
and to get information from systems that
don’t talk to each other. All the accumulated
information can then be reviewed for financial
improprieties.”
Bert Lacativo, Southlake, Texas
------------------------------------------------------“We use off-the-shelf software (IDEA) to import
large databases, read different data files, set
up queries, and compare database files such
as addresses, telephone numbers, and Social
Security numbers. This process will tell us, for
example, if a purchase order was done on
Saturday or Sunday when the company isn’t
open.”
Cal Klausner, Bethesda, Md.
H.W. Wolosky, “Forensic Accounting to the Forefront,” Practical
Accountant, February 2004, pp. 23-28
410
Data Analysis vs. Data Mining Software
ACL, IDEA, and SAS are data
analysis (DA) software used to
ensure the integrity of data, to
program continuous monitoring, and
to detect fraudulent transactions.
DA requires a program to be set up
and run against the data. The
program is written by auditors (i. e.,
humans) who may be prejudice in
the routines that are executed.
Data Mining finds patterns and
subtle relationships in data.
Wiz Rule (from WizSoft, Inc.) and
IBM’s Intelligent Miner are data
mining software.
Source: Irina Sered, “Software,” kdnuggets.com/news/2001/n24/13i.html.
411
Wiz Rule Data Auditing Tool
Based upon data mining.
Performs complex analysis of data,
finding errors, inconsistencies, and
situations that require further
investigation.
WizRule reveals all the if-then rules,
mathematical formula rules, and
spelling irregularities.
Divides situations deviating from the
rules into data entry errors and
suspicious errors.
Can be used in auditing, fraud
detection, data scrubbing, and due
diligence reviews.
Learning curve is short.
Cost license is $1,395 and yearly
maintenance fee is $279.
Source: Irina Sered, “Software,”
kdnuggets.com/news/2001/n24/13i.html.
412
Who Uses IDEA?
External and Internal
Auditors
Forensic Accountants/
Fraud Investigators
Financial managers
General and systems
consultants
Educators
Statisticians
Information systems
professionals
413
IDEA Benefits
• Sort
• Compare
• Manipulate
• Sample
• Extract data
• Mathematical testing
• Exception
reports
• Aging
• Statistics
• Find missing
data
• Analytics
• Convert test
files to data
base
• Create
summary
reports
414
IDEA’s Forensic Investigations
1.
2.
3.
4.
5.
6.
7.
High number of transactions just below
an authorization level.
Usual right offs or returns of
merchandise.
High number of partial payments by
customers.
Duplicate or missing social security
numbers.
Addresses that do not compare with
addresses maintained by human
resources.
Discrepancies between company
policies on hiring contractors and
actual contractor hiring patterns.
Recording a large number of repeat
invoices from vendors.
415
Computer Assisted Investigation
Online databases.
Spreadsheets.
Database managers.
Mapping software.
Statistical software.
416
Using Data Mining
Match employee addresses
against vendor addresses.
Sort vendor list by size to
determine the most highly paid
suppliers.
Review the structure of vendor
names.
Uncover indications of ghost
employees (e.g., N.O. Police
dept.).
Fraudulent expense reports (even
amounts, $6).
Repeated withdrawals of even
amounts from petty cash.
417
Computer Forensics
“I need you to step away from your
computer please,” Lee Altschuler said.
Morgan Fay’s chief financial officer glanced up
from her computer screen. She regarded the
man standing at her office doorway for a
moment. “Excuse me?” Cindy Shalott asked.
“We’d like you to please conclude your
business for the day.” Lee Altschuler said. “I’d
appreciate it if you could complete whatever
you’re doing as quickly as you can. Please leave
your computer in the way that it is now. Don’t
turn it off.”
The chief financial officer swung her desk
chair around.
“Just move away from your computer
please,” Altschuler repeated.
“Who are you?” Cindy Shalott asked.
Source: Joe Anastasi, The New Forensics, John Wiley & Sons, 2003, p. 91
418
To Legalize Data Mining
1.
Ensure that a working file has been
imaged.*
2.
The hash code of the working file is
initially the same as the original file.*
3.
Make sure the working data has been
cleaned to eliminate obvious errors such as
types.
*Otherwise, no guarantee that the data will
be accepted in the courtroom.
419
Ink Analysis
Martha Stewart was undone by a blue
ballpoint pen.
Stockbroker belatedly inserted a note to
help cover up Ms. Stewart’s improper
stock trading. Blue ballpoint ink used is
different from ink elsewhere on the
trading worksheet.
Prosecutors used forensic ink analysis in
Rite Aid case to show that certain
documents were backdated (ink used to
sign letter was not commercially available
until 3 months after the letter was dated).
Xerox laser printers now encode the
serial number of each machine in tiny
yellow dots in every printout, nestled
within the printed words and margins. It
tracks back to you like a license plate.
Advice for fraudsters: use pencils.
Source: Mark Maremont, “In Corporate Crimes, Paper Trail
Often Leads to Ink Analysts’ Door,” Wall Street J., July 1,
2003, p. A-1.
420
Deductive vs. Inductive
Deductive: one goes from general to
specific; fairly simple and economical.
Inductive: one starts with specific
experiences and then draws inferences.
Deductive Approach
Inductive Approach
Generic data mining
Custom data mining
Digital analysis
Analysis of all data
Discovery sampling
Generic software
Custom software
For smaller organizations
For larger organizations
Basic features
Sophisticated features
Easy to learn
Requires advanced skills
Relatively inexpensive
More expensive
Source: W.S. Albrecht and C.C. Albrecht, “Root Out
Financial Deception,” Journal of Accountancy (April 2002),
p. 33.
421
Benford’s Law
Distribution of initial digits in natural numbers is not random
Predictable patterns:
0= ----1= 30.1%
2= 17.6%
3= 12.5%
4= 9.7%
5= 7.9%
6= 6.7%
7= 5.8%
8= 5.1%
9= 4.6%
12%
11.4%
10.9%
10.4%
10%
9.7%
9.3%
9%
8.8%
8.5%
10.2%
10.1%
10.1%
10.1%
10%
10%
9.9%
9.9%
9.9%
9.8%
There is software to detect potentially invented numbers in many situations.
Compare actual frequency with Benford’s frequency.
422
Benford’s Law Uses
Investments sales/purchases
Check register.
Sales history/Price history.
401 contributions.
Inventory unit costs.
Expenses accounts.
Wire transfer information.
Life insurance policy values.
Bad debt expenses.
Asset/liability accounts.
Source: Richard Lanza, “Digital Analysis- Real World
Example,” IT Audit, July 1, 1999,pp. 1-9.
423
When Benford Analysis Is or Is Not Likely Useful
When Benford Analysis is Likely Useful
Examples
Sets of numbers that result from
mathematical combination of numbersResult comes from two distributions.
Accounts receivable (number
sold times price). Accounts
payable (number bought
times price).
Transaction-level data – No need to sample.
Disbursements, sales,
expenses.
On large data sets – The more observations,
the better.
Full year’s transactions.
Accounts that appear to conform – When
the mean of a set of numbers is greater than
the median and the skewness is positive.
Most sets of accounting
numbers.
When Benford Analysis Is Not Likely
Useful
Examples
Data set is comprised of assigned numbers
Check numbers, invoice
numbers, zip codes.
Numbers that are influenced by human
thought.
Prices set at psychological
thresholds ($1.99), ATM
withdrawals.
Accounts with a large number of firmspecific numbers.
An account specifically set up
to record $100 refunds.
Accounts with a built in minimum or
maximum.
Set of assets that must meet a
threshold to be recorded.
Where no transaction is recorded.
Thefts, kickbacks, contract
rigging.
Source: Durtschi, Hillison, and Pacini, “The Effective Use of Benford’s Law to Assist in
Detecting Fraud in Accounting Data,” J. of Forensic Accounting, Vol. V, 2004, p. 24.
424
Hacking Ring Caught in $9 Million Fraud
ATLANTA - Federal authorities have busted what
they call "one of the most sophisticated
computer hacking rings in the world" winning
indictments against eight people from Russia,
Estonia and Moldova.
The ring allegedly stole more than $9 million in
less than 12 hours after hacking into payroll
debit card information last November from the
Royal Bank of Scotland Group in Atlanta. After
breaking encryption used to protect customer
data on payroll debit cards the group allegedly
raised the account limits on compromised
accounts.
They then provided a network of "cashers" with
44 counterfeit payroll debit cards, which were
used to withdraw more than $9 million from over
2,100 ATMs in at least 280 cities worldwide,
including the United States. Authorities said the
investigation in ongoing.
Source: http://www.msnbc.msn.com/id/33831349/
425
Computer Programmers Aided Madoff
Two former employees for Bernard Madoff programmed an old
IBM computer to generate false records that concealed the
crooked financier's massive Ponzi scheme and were given hush
money when they threatened to stop lying, federal prosecutors
said Friday.
Madoff gave orders to pay the pair "whatever they wanted to
keep them happy," a criminal complaint said.
O'Hara and Perez were hired by Madoff's firm in the early 1990s
to develop and maintain programs using a computer known as
"House 17." The programs allowed Madoff to generate account
statements for thousands of clients "that purported to confirm
the purchases of securities that, in fact, had not been
purchased," the complaint said.
DiPascali has told investigators that in 2001, Madoff become
alarmed by news report that his phony returns were too good to
be true. Madoff "attempted to prepare for increased scrutiny" by
the SEC by having O'Hara and Perez fabricate a second set of
books that would throw regulators off the trail, the complaint
said.
In what the SEC called "a crisis of conscience" in 2006, O'Hara
and Perez deleted 218 of the 225 special programs from the
House 17 computer, and withdrew thousands of dollars from
their own accounts with the firm, authorities said.
Source: Tom Hays, Computer programmers accused of aiding Madoff scam,
Yahoo! Finance, November 13, 2009.
426
Digital Multifunctional Devices (MFD)
The
hard drive on your photocopier and the data
residing on it, is completely exposed, unprotected, and
accessible to anyone with the right tools and know how
(which is not rocket science).
Every
day, billions of pages of confidential information
– medical records, legal documents, and financial data
– are produced and distributed using sophisticated
digital office systems, such as printers, scanners,
copiers, facsimile, and MFD.
Digital
copiers store thousands of records in internal
memory, and can fall in the wrong hand at the end of a
lease. Each time you walk away from the copier, your
info remains in the memory.
A
forensic accountant/cyber forensic investigator must
consider these devices capable of storing data as a
potential source of electronic evidence.
Al Marcella, Cyber Forensic II: A Field Manual for Collecting, Examining, and
Preserving Evidence of Computer Crimes, 2nd, New York: Taylor & Francis
Group.
427
MFD Forensic Audit
Ted
decides to sell schematics and blueprints of a new
hydraulic press his company is developing to Sally, a
vendor’s rep.
In
the evening he goes to the company’s photocopier and
selects the scan and e-mail options.
In
a matter of minutes, he copies, scans, and e-mails the
schematics and blueprints, saved as a PDF formatted file
to Sally.
He
later meets Sally, receives his payment, and agrees to
send more information.
When
his computer is seized and audited, no
incriminating evidence is found.
If
there is little or no security over the MFD, then the
forensic accountant should forensically audit the hard
drives of suspected MFDs.
Al Marcella, Cyber Forensic II: A Field Manual for Collecting, Examining, and
Preserving Evidence of Computer Crimes, 2nd, New York: Taylor & Francis
Group.
428
Computer Online Forensic Evidence Extractor
Microsoft has a USB thumb drive device
(Cofee) which quickly extracts forensic data
from computers that have been used in a
crime.
Device contains 150 commands that can
dramatically cut the time it takes to gather
digital evidence.
More than 2,000 officers in 15 countries
have received it free.
Cofee was leaked to the Internet in
November 2009.
Source: Benjamin J. Romans, “Microsoft Device Helps Police
Pluck Evidence from Cyberscene Crime,” Seattle Times, April
29, 2008.
429
Change the Join Property
The following scenarios illustrate the need for auditors to
change the default join property to ensure their analysis
includes all transactions, even if there are no matches in
the master data:
Allen is a database administrator. He is authorized to
manage the company’s ERP software and has been
granted update access to the application database.
Using his access privileges, he added a shell company to
the vendor table. Periodically, he added a record to the
table of approved invoices. On the entered due date, the
check was prepared and sent to the “vendor’s” (Allen’s)
address. When the auditor requested purchasing data,
Allen handled the request. He then used his access
privileges to remove the vendor record before sending
the data to the auditor
Beth works in accounts payable. Although she is
responsible for processing checks, a flaw in her
application access permissions has also given her the
ability to perform vendor maintenance that, within a
certain application, grants her update and delete
authority to all vendor data. Recognizing the fraud
opportunity of this internal control weakness, Beth
created several shell companies to which she
periodically processed checks sent to the fictitious
vendor’s (Beth’s) address. Before the audit team arrived,
Beth deleted her shell companies.
Source: M.W. Lehman, “Join the Hunt,” J. of Accountancy,
September 2008, p. 47.
430
Some Uses of Picalo
Analyzing financial data, employee
records, and purchasing systems
for errors and fraud
Importing Excel, XML, EBCDIC,
CSV, and TSV files into databases
Interactively analyzing network
events, web server logs, and
system login records
Importing email into relational or
text-based databases
Embedding controls and fraud
testing routines into production
systems
431
Picalo Architecture
Detectlets allow non-programmers to run
analysis routines created by others
.
432
Computer Aided Audit Applications
Accounts Receivable Applications
Identify duplicate invoices, credits, or receipts.
Detect variances between delivery documents and
invoices.
Report gaps in a sequence of generated invoices.
Identify customer accounts with no address,
telephone, or tax ID.
Identify credits to dormant or unused accounts.
Identify duplicate return transactions.
Extract sales with discounts over a specified
percentage and summarize by employee.
List the top 10 employees by cash register
adjustments (discounts, refunds, sales voids).
Identify employees who produced cash register
adjustments a specified percentage more than the
average employee.
Summarize refunds by customer credit card number.
Identify refunds for amounts greater than the selling
price.
Calculate the number and amount of refunds by sales
clerk.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of
Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Computer Aided Audit Applications (cont.)
Accounts Payable Applications
Compare vendor addresses/ phone numbers to those
of employees.
Identify credits given outside discount terms.
Identify cash discounts not taken.
Identify checks issued to vendors with names that
sound similiar to known vendors.
Extract all round dollar payments.
Identify payments to vendors with blank information.
Identify vendors with activity only in one month of the
year.
Identify duplicate payments.
Extract duplicate invoices.
Extract invoices with a valid purchase order.
Extract multiple invoices with the same item
description.
Identify vendors with duplicate invoice numbers.
Identify invoices for the same amount on the same
date.
Identify sequential invoices.
Identify new or non-approved vendors.
Identify vendors with an address that is a mail drop.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of
Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Computer Aided Audit Applications (cont.)
Materials Management and Inventory Control
Applications
Identify items with below standard gross
margins.
Calculate standard pricing variances.
Identify negative receipt quantities.
Identify duplicate items or serial numbers.
Calculate shortages/ overages by ordering and
receiving agent and by vendor.
Identify purchase orders with blank or zero
amounts.
Identify purchases of consumer items.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of
Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Computer Aided Audit Applications (cont.)
Payroll Applications
Identify duplicate direct deposit numbers.
Identify duplicate employee names,
addresses, and phone numbers.
Identify false, invalid, or duplicate Social
Security numbers.
Identify employees with no deductions.
Identify employees with no time off for
vacations or sick leave.
Source: D.E. Mensel, “Using Computers to Detect Fraud,” J. of
Forensic Accounting, Vol. VIII (2007), pp. 414-415.
Spreadsheet Fraud
Spreadsheets can be excellent tools
for committing fraud.
There is little or no security in
controlling changes within the
worksheets.
Aside from fraud, they are ripe
grounds for errors because of their
open nature for change.
For examples, see European
Spreadsheet Risks Interest Group:
www.eusprig.org/stories.htm
Source: R. B. Lanza, “The Spreadsheet: The Easiest Place for
Committing Financial Statement Fraud,” Fraud Magazine,
July/August 2005, p. 15.
437
Some Spreadsheet Frauds
AIB/Allfirst Trading Fraud – The fraudster
substituted links to his private manipulated
spreadsheet which exaggerated bonuses by
more than half a million dollars.
HealthSouth – Two ex-HealthSouth
executives admitted that they prepared a
false spreadsheet for auditors that inflated
HealthSouth’s assets and made the
company appear to be worth more than it
was.
CFX – The Internal Audit Department noted
in its investigation that management created
spreadsheets showing desired results first
and then adjustments were made to the
accounting system to match the
spreadsheet.
Source: R. B. Lanza, “The Spreadsheet: The Easiest Place for
Committing Financial Statement Fraud,” Fraud Magazine,
July/August 2005, p. 15.
438
Combating Spreadsheet Fraud
Use
techniques native in
Microsoft Excel [enormous
resources, time, money,
manpower]
EXChecker™ (does not allow
any editing to the Excel
spreadsheet)
Source: R. B. Lanza, “The Spreadsheet: The
Easiest Place for Committing Financial
Statement Fraud,” Fraud Magazine,
July/August 2005, p. 15.
439
Market Segment Specialization
Program
The Market Segment Specialization
Program focuses on developing highly
trained examiners for a particular market
segment. An integral part of the approach
used is the development and publication
of Audit Technique Guides.
These Guides contain examination
techniques, common and unique industry
issues, business practices, industry
terminology, and other information to
assist examiners in performing
examinations. A forensic accountant can
use this resource to learn about a
particular industry.
http://www.irs.gov/business/small/article
/0,id=108149,00.html
440
So You Find Fraud
•
Criminal referral — The organization may refer the
problem to law enforcement voluntarily, and, in some
situations, it may be required to do so. Law enforcement
has access to additional information and resources that
may aid the case. Additionally, referrals for criminal
prosecution may increase the deterrent effect of the
organization’s fraud prevention policy. An appropriate
member of senior management, such as the chief legal
counsel, should be authorized to make the decision as to
whether pursuing criminal prosecution is appropriate.
• Civil action — The organization may wish to pursue its
own civil action against the perpetrators to recover funds.
• Disciplinary action — Internal disciplinary action may
include termination, suspension (with or without pay),
demotion, or warnings.
• Insurance claim — The organization may be able to
pursue an insurance claim for some or all of its losses.
Source: Managing the Business Risk of Fraud: A Practical Guide,
IIA, AICPA, ACFE; http://www.acfe.com/documents/managingbusiness-risk.pdf, 2008, pp. 43-45.
441
Acquisition/Payment Cycle
From 62 standard audit procedures, external and
internal auditors judged these 20 procedures to be
more efficient is detecting fraud in the acquisition and
payment cycle (in descending order).
• Examine bank reconciliation and observe whether
they are prepared monthly by an employee who is
independent of recording cash disbursement or
custody of cash.
• Examine the supporting documentation such as
vendor’s invoices, purchase orders, and receiving
reports before signing of checks by an authorized
persons.
• Examine the purchase requisitions, purchase orders,
receiving reports, and vendors’ invoices which are
attached to the vouchers for existence, propriety,
reasonableness and authenticity.
•Examine internal controls to verify the cash
disbursement are recorded for goods actually rendered
to the company.
•Discuss with personnel and observe the segregation
of duties between accounts payable and custody of
signed checks for adequacy.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
of Forensic Accounting, Vol. 4, 2003, p. 204-205
442
Acquisition/Payment Cycle (Contd.)
• Confirm inventories in public warehouse and on
consignment.
•Examine internal controls to insure the vendor’s
invoices, purchase orders, and receiving reports are
matched and approved for payment.
• Examine internal controls for the following
documents: vendor’s invoices, receiving reports,
purchase orders, and receiving reports.
• Trace a sample of acquisitions transactions by
comparing the recorded transactions in the purchase
journal with the vendor’s invoices, purchase
requisitions, purchase orders, and receiving reports.
• Establish whether any unrecorded vendors’ invoices
or unrecorded checks exist.
• Examine the internal control to verify the proper
approvals of purchase requisitions and purchase
orders.
• Reconciled recorded cash disbursement with
disbursements on bank statements.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
443
of Forensic Accounting, Vol. 4, 2003, p. 204-205
Acquisition/Payment Cycle
(Contd.)
• Discover related party transactions.
• Examine the internal control to verify the approvals
of payments on supporting documents at the time that
checks are signed.
• Discuss with personnel and observe the procedures
of examining the supporting documentation before the
signing of checks by an authorized person.
• Examine canceled checks for authorized signatures,
proper endorsements, and cancellation by the bank.
• Account for the numerical sequence of prenumbered documents (purchase orders, checks,
receiving reports, and vouchers).
• Trace a sample of cash payment transactions.
• Trace resolution of major discrepancy reports.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
of Forensic Accounting, Vol. 4, 2003, p. 204-205
444
Sales/Collection Cycle
These 10 standard audit procedures were judged as
being more effective for detecting fraud in the sales
and collection cycle (in descending order)
• Observe the proper and appropriate segregation of
duties.
• Review monthly bank reconciliation and observe
independent reconciliation of bank accounts.
• Investigate the difference between accounts
receivable confirmation and customer account
receivable balances in the subsidiary ledger and
describe all these exceptions, errors, irregularities, and
disputes.
• Review sales journal, general ledger, cash receipts
journal, accounts receivable subsidiary ledger, and
accounts receivable trial balance for large or unusual
amounts.
• Verify accounts receivable balance by mailing
positive confirmations.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the Fraud
Detection Effectiveness of Standard Audit Procedures,” Journal of Forensic
Accounting, Vol. 4, 2003, p. 209
445
Sales/Collection Cycle (Contd.)
• Examine internal controls to verify that each
cash receipts and credit sales transactions are
properly recorded in the accounts receivable
subsidiary ledger.
• Examine subsequent cash receipts and the
credit file on all accounts over 120 days and
evaluate whether the receivable are collectible.
• Compare dates of deposits with dates in the
cash receipts journal and the prelisting cash
receipts.
• Examine copies of invoices for supporting the
bills of lading and customers’ orders.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,”
Journal of Forensic Accounting, Vol. 4, 2003, p. 209
446
Inventory/Warehouse Cycle
These 14 standard audit procedures were
judged by external and internal auditors as being more
effective for detecting fraud in the inventory and
warehousing cycle (in descending order):
• Discover related party transactions.
• Follow up exceptions to make sure they are resolved.
• Review major adjustments for propriety.
• Review inventory count procedures: a. Accounting for
items in transit (in and out); b. Comparison of counts with
inventory records; and c. Reconciliation of difference
between counts and inventory records.
• Review adequacy of physical security for the entire
inventory.
• Confirm inventories in public warehouse.
• Review procedures for receiving, inspecting, and storing
incoming items and for shipments out of the warehouses.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
of Forensic Accounting, Vol. 4, 2003, p. 206-207
447
Inventory/Warehouse Cycle (Contd.)
• Trace shipments to sales records, inventory records,
and bill of lading (shipping documents).
• Determine if access to inventory area is limited to
approval personnel.
• Observe the physical count of all location.
• Recount a sample of client’s counts to make sure the
recorded counts are accurate on the tags (also check
descriptions and unit of count, such as dozen or gross)
• Trace inventory listed in the schedule to inventory
tags and the auditor’s recorded counts for existence,
descriptions, and quantity.
• Trace shipments to sales journal.
• Perform compilation tests to insure that inventory
listing schedules agrees with the physical inventory
counts.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
of Forensic Accounting, Vol. 4, 2003, p. 206-207.
448
Payroll/Personnel Cycle
These 12 standard audit procedures were judged the
more effective for detecting fraud in the payroll and
personnel cycle (in descending order):
• Sample terminated employees and confirm that they are
not included on subsequent payrolls and confirm propriety
of termination payments.
• Observe the actual distribution of payroll checks to the
employees.
• Observe the duties of employees being performed to
insure that separation of duties between personnel,
timekeeping, journalizing payroll transactions, posting
payroll transactions, and payroll disbursement exists.
• Examine internal controls to verify that hiring, pay rates,
payroll deductions, and terminations are authorized by the
personnel department.
• Sample personnel files and physically observe the
presence of personnel in the work place.
Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
of Forensic Accounting, Vol. 4, 2003, p. 208.
449
Payroll/Personnel Cycle (Contd.)
• Examine internal control over payroll records
to verify that payroll transactions are properly
authorized.
• Discover related party transactions.
• Review the files of new hires for appropriate
approvals, pay rates, and dates of accession.
• Review the payroll journal, general ledger, and
employee individual pay records for large or
unusual amounts.
• Examine internal controls to verify that
unclaimed payroll checks are secured in a vault
or safe with restricted access.
• Examine internal controls to verify that
employee time cards and job order work tickets
are reconciled.
•Glen D. Moyes and C. Richard Baker, “Auditors’ Beliefs About the
Fraud Detection Effectiveness of Standard Audit Procedures,” Journal
of Forensic Accounting, Vol. 4, 2003, p. 208.
450
Class Discussion
How can you defraud your
own organization, working either
from the inside or outside?
------------------------------------------“Fraudsters … identify and exploit
weaknesses specific to the
organization.”
Herling, D.J., and J. Turner, “Fraud: Effective Use of Legal Remedies for
Corruption,” 9th International Anti-Corruption Conference, October 13, 1999.
PowerPoint presentation slide 56. http://
www.transparency.org/iacc/9th_iacc/papers/day3/ws1/dnld/d3ws1_djherling.ppt
451
Exercises
1.
2.
3.
4.
5.
You receive a tip on the company’s hot line that
there has been some fraud in the collections
area. What five audit steps would you suggest
using in order to find the fraud?
During a brainstorming session, a suggestion is
made that the most likelihood of fraud in a
particular division is in the area of acquisition
and payment cycle. Outline five audit steps to
help find any potential fraud.
While auditing a company you notice an
employee in payroll who is living beyond his
means (e.g., clothes, automobiles, housing). His
wife does not work. Suggest six audit steps to
help satisfy you there is no fraud in the payroll
and personnel cycle.
An anonymous e-mail is sent to an internal
auditor that there is fraud in the inventory/
warehousing cycle. Suggest some appropriate
audit steps.
What is meant by the hockey stick pattern?
452
453
454
The End Is
Here
455