Transcript Forensic Accounting Update Exam II Copyrighted 2002 D

© D.L. Crumbley
Deterring, Discovering, and Dealing
with Fraud
Copyrighted 2004
D. Larry Crumbley, CPA, Cr.FA
KPMG Endowed Professor
Department of Accounting
Louisiana State University
Baton Rouge, LA 70803
225-578-6231
225-578-6201 Fax
[email protected]
Dr. Crumbley is the editor of the Journal
of Forensic Accounting: Auditing, Fraud, and
Taxation, former chair of the Executive Board of
Accounting Advisors of the American Board of
Forensic Accountants, member of the Fraud
Deterrence Board, and on the AICPA’s Fraud
Task Force.
A frequent contributor to the Forensic
Examiner, Professor Crumbley is a co-author of
CCH Master Auditing Guide, 2nd Edition, along
with more than 45 other books. His latest book
entitled Forensic and Investigative Accounting is
published by Commerce Clearing House (800224-7477). Some of his 12 educational novels have
as the main character a forensic accountant. His
goal is to create a television series based upon the
exciting life of a forensic accountant and litigation
consultant.
1
© D.L. Crumbley
Shoe-leather Work
• KPMG is adding more than 300
forensic professionals, including some
with FBI training, to take part in
routine training.
• Doug Carmichael, Chief Auditor for
Peek-uh-boo, faults auditors for not
adopting forensic techniques.
• Carmichael wishes more “test of
details,” not relying on test of
controls.
• He wishes more shoe-leather work.
• Shoe-leather work is what we do!
Kris Frieswick, “How Audits Must
Change,” CFO, July 2003, p.48
2
© D.L. Crumbley
Sarbanes-Oxley Act (7-30-2002)
• Most significant change since 1934
Securities Exchange Act
• New five-member Public Company
Accounting Oversight Board (PCAOB)
• Authority to set and enforce auditing,
attestation, quality control and ethics
(including independencies) standards for
auditors of public companies.
• Empowered to inspect the auditing
operations of public accounting firms that
audit public companies as well as impose
disciplinary and remedial sanctions for
violations of the board’s rules, securities
laws and professional auditing and
accounting standards.
• Rotation of lead audit partner every five
years.
• For now no requirement to rotate auditing
firm
3
© D.L. Crumbley
Sarbanes-Oxley Act (7-30-2002)
• Eight types of services outlawed:
– Bookkeeping.
– Information systems design and
implementation
– Appraisals or valuation services, fairness
opinions, or contribution-in-kind-reports.
– Actuarial services
– Internal audit outsourcing
– Management and human resources services
– Broker/dealer, investment adviser, and
investment banking services
– Legal or expert services related to audit
services
• Applies to foreign accounting firms filing
with SEC.
4
© D.L. Crumbley
Superseded SAS No. 82
Accounting Fraud Referred To As
“Misstatement”
Misstatements arising from fraudulent
financial reporting are intentional
misstatements or omissions of amounts or
disclosures in financial statements to
deceive financial statement users.
---------------------------------------------------------Three most important red flags according to
external/internal auditors (out of 25):
1) Known history of securities law violations
(14.6%)
2) Significant compensation tied to aggressive
accounting practices (12.9%)
3) Management’s failure to display
appropriate attitude about internal controls
(12.6%)
Source: B.A Apostolou et.al, “The Relative Importance of
Management Risk Factors,” Behavioral Research in
Accounting,” January 1, 2001, pp. 1-24.
5
© D.L. Crumbley
COSO’s Most Common Fraud Methods
1.
2.
3.
4.
5.
Overstatement of earnings.
Fictitious earnings
Understatement of expenses.
Overstatement of assets.
Understatement of allowances for
accounts receivables.
6. Overstatements of the value of
inventories by not writing down the
value of obsolete goods.
7. Overstatement of property values and
creation of fictitious assets.
Committee on Sponsoring Organizations.
6
© D.L. Crumbley
COSO’s Major Motives for Fraud
1. Cover up assets misappropriated for
personal gain.
2. Increase the stock price to increase the
benefits of insider traders and to
receive higher cash proceeds when
issuing new securities.
3. Obtain national stock exchange listing
status or maintain minimum exchange
listing requirements to avoid
de-listing.
4. Avoiding a pretax loss and bolstering
other financial results.
www.coso.org.
7
White-collar criminals have these
characteristics:
© D.L. Crumbley







Likely to be married.
Member of a church.
Educated beyond high school.
No arrest record.
Age range from teens to over 60.
Socially conforming.
Employment tenure from 1 to 20
years.
 Acts alone 70% of the time.
Source: Jack Robertson, Fraud Examination for
Managers and Auditors (1997).
8
© D.L. Crumbley
SAS No. 99 Characteristics of Fraud
Incentives / pressures
Attitude /
Rationalization
Opportunity
9
© D.L. Crumbley
Example of Greed (or Incentive)
• Three Duke Energy employees were
charged in April 2004 for allegedly ginning up
“phony electricity and material-gas trades to
boost trading volumes” and inflating “profits
in a trading book that was the basis of their
annual profits.”
• “The trading schemes are alleged to have
inflated their bonuses by at least $7 million”
between March 2001 and May 2002. There
were 400 rigged trades that produced a $50
million profit in the trade books.
• Duke used mark-to-market accounting to
record profit and loss contracts that might not
be settled for years.
• So called “round-trips trades (or wash sales)
were used to jack up reported trading volumes.
Source: Rebecca Smith, “Former Employees of Duke Charged Over Wash
Trades,” WSJ, April 22, 2004, p. A-15.
10
© D.L. Crumbley
KPMG’s Causes or Indicators of Fraud (1998)









Personal financial pressure.
Substance abuse.
Gambling.
Real or imagined grievances.
Ongoing transactions with related
parties.
Increased stress.
Internal pressures to meet
deadlines/budgets.
Short vacations.
Unusual hours.
Source: KPMG’s 1998 Fraud Survey
11
© D.L. Crumbley
Fraud’s Fatal Failings
 85% of fraud victims never get
their money or property back.
 Most investigations flounder,
leaving the victims to defend for
themselves against counterattacks by hostile parties.
 30% of companies that fail do
so because of fraud.
Source: Michael J. Comer, Investigating
Corporate Fraud, Burlington, VT: Gower
Publishing, 2003, p. 9.
12
© D.L. Crumbley
SAS No. 99: Brainstorming
Aims to make the auditor’s consideration
of fraud seamlessly blended into the
audit process and continually updated
until the audit’s completion.
Brainstorming is now a required
procedure to generate ideas about how
fraud might be committed and
concealed in the entity.
No ideas or questions are dumb.
No one owns ideas.
There is no hierarchy.
Excessive note-taking is not allowed.
Source: Michael Ramos, “Auditors’ Responsibility for Fraud
Detection,” J. of Accountancy, January, 2003, pp. 28 – 36.
13
© D.L. Crumbley
More Brainstorming
• Best to write ideas down, rather than say
them out loud.
• Take plenty of breaks.
• Best ideas come at the end of session.
• Important to not define the problem too
narrow or too broad.
• Goal should be quantity, not quality.
• Geniuses develop their most innovative ideas
when they are generating the greatest
number of ideas.
• No such things as bad ideas.
• Many companies are great at coming up with
good ideas, but lousy at evaluating an
implementing them.
Source: A.S. Wellner, “Strategies: A Perfect Brainstorm,” Inc. Magazine,
October 2003, pp. 31-35
14
© D.L. Crumbley
How Management Overrides Controls
(SAS No. 99)
 Recording fictitious journal
entries (especially near end of
quarter or year).
 Intentionally biasing
assumptions and judgments used
to estimate accounts (e.g.,
pension plan assumptions or bad
debt allowances).
 Altering records and terms
related to important and unusual
transactions.
15
© D.L. Crumbley
Overriding Internal Controls?
Saddam’s son presented a note
with his father’s signature to the
Iraqi Central Bank which resulted
in a world record bank theft of $1
billion. A team of workers took two
hours to load $900 million in U.S.
$100 bills and $100 million in
Euros into three tractor trailer
trucks. This dirty deed was done
before the employees came to work.
Was this a straight bank robbery
or an example of overriding
internal controls by a high
official?
16
© D.L. Crumbley
Bias Assumptions
•
•
•
•
There are almost as many oil/gas
reserve definitions as there are
countries.
During the first week of January
2004, Royal Dutch/Shell Group
slashed its estimates of oil reserves
by 20% or about 3.9 billion barrels of
oil.
Stock fell 9%.
Shell, Exxon/Mobil, and
Chevron/Texaco make the estimates
themselves.
Source: Susan Warren and P.A. Mckay, “Methods for Citing Oil
Reserves Prove Unrefined,” Wall Street Journal, January 14,
2004, p. C-4
17
© D.L. Crumbley
Shell Board Kept In the Dark
•
•
•
•
•
One memo drafted on February 11,
2002, warned that about one billion
barrels of oil-equivalent reserves
appeared not to be in compliance with
SEC guidelines.
Board learned of information only in
early January 2004.
Chairman Sir Philip was ousted in
early March 2004.
Most of the misstated reserves were
recorded from 1997 to 2000, when Sir
Philip was in change of exploration
and production.
Oil/gas reserves were increased (not
by discovery) by changing its
accounting.
Source: Stephen Labaton and Jeff Gerth, “At Shell, New Accounting and
Rosier Oil Outlook,” New York Times, March 12, 2004, pp. A-1
18
and C-4.
© D.L. Crumbley
Journal Entries at Year End
Apparently, Arthur Andersen was given
limited access to the general ledger at
WorldCom, which had a $11 billion fraud
(largest accounting fraud in history). Most
of the original entries for online costs were
properly placed into expense accounts.
However, near the end of the period these
entries were reversed. One such entry was
as follows:
Other Long-term Assets
$629,000,000
Construction in Progress
$142,000,000
Operating Line Costs
$771,000,000
The support for this entry was a yellow
post-it note.
WorldCom’s outside auditors refused to
respond to some of Cynthia Cooper’s
questions and told her that the firm had
approved of some of the accounting
methods she questioned.
19
© D.L. Crumbley
WorldCom Fraud Massive
 At least 40 people knew about the fraud.
 They were afraid to talk.
 Scott Sullivan handed out $10,000
checks to 7 involved individuals.
 Altered key documents and denied
Andersen access to the database where
most of the sensitive numbers were
stored.
 Andersen did not complain about denied
access.
 Cynthia Cooper ignored her boss and
started doing financial audits, looking at
the financial information the company
was reporting.
Source: Rebecca Blumenstein and Susan Pullian, “WorldCom
Fraud Was Widespread,” Wall Street J., June 10, 2003, p.
3.
20
© D.L. Crumbley
Data Mining Found WorldCom
Mess
Auditors should perform all of the
analytics themselves, and they must be
educated in fraud detection and introduced
to data mining techniques. When the
concept of data mining is brought up, audit
managers cringe and argue that they cannot
afford to employ statisticians.
However, while there is data mining
software that requires a statistician’s level of
expertise (such as IBM’s Intelligent Miner),
there also are products, such as WizSoft
Inc., that can be employed by most auditors
who are acquainted with the fundamentals
of Microsoft Office and who are curious as
to why they obtained their audit results.
Source: Bob Denker, “Data Mining and the Auditor’s Responsibility,”
Information Systems Audit and Control Association InfoBytes.
21
© D.L. Crumbley
Parmalat Deceptions
•
•
•
•
•
•
•
•
Parmalat, an Italian diary company, had a
nonexistence Bank of America bank
account worth $4.83 billion. A SEC lawsuit
asserts that Parmalat “engaged in one of
the largest and most brazen corporate
financial frauds in history.”
Apparently, the auditors Grant Thornton
relied on a fake Bank of America
confirmation prepared by the company.
SAS No. 99 does not prohibit clients from
preparing confirmations.
The fraud continued for more than a
decade. At least $9 billion unaccounted for.
Therefore, the audited company should not
be in control of the confirmation process.
The owner treated the public company as if
it was his own bank account.
An unaware phone operator was the fake
chief executive of more than 25 affiliated
companies.
Some $3.6 billion in bonds claimed to be
repurchased had not really been bought.
22
© D.L. Crumbley
Examine Journal Entries
 Enron issued $1.2 billion of stock to
special purpose entities and recorded a
$1.2 billion notes receivable (rather than a
contra account to stockholders equity).
Both assets and owners equity were
overstated by $1.2 billion.
 HealthSouth allegedly overstated profits
by at least $14 billion by billing Medicare
for physical – therapy services the
company never performed. The company
submitted falsified documents to
Medicare to verify the claims over 10
years.
 E&Y collected $2.6 million from
HealthSouth (as audit-related fees) to
check the cleanliness and physical
appearances of 1,800 facilities. A 50- point
checklist was used by dozens of juniorlevel accountants in unannounced visits.
For 2000, E&Y audit fee, $1.03 million;
other fees, $2.65 million.
23
© D.L. Crumbley
Anti-Fraud Program
An auditor must perform
“company-wide anti-fraud programs and
controls and work related to other controls
that have a pervasive effect on the company,
such as general controls over the
company’s electronic data processing.”
Further, the auditor must
“obtain directly the ‘principle evidence’
about the effectiveness of internal controls.”
Source: PCAOB Briefing Paper, Proposed Auditing Standards,
October 7, 2003.
------------------------------------------------------------------------------------
The world is not the way they tell you it is.
Adam Smith, in the “Money Game.”
24
Walkthroughs
© D.L. Crumbley
An auditor must perform
“walkthroughs” of a business’ significant
processes. PCAOB suggest that an auditor
should confirm his or her understanding by
performing procedures that include making
inquires of and observing the personnel that
actually perform the controls; reviewing
documents that are used in, and that result
from, the application of the controls; and
comparing supporting documents (for example,
sales invoices, contracts, and bills of lading) to
the accounting records.”
According to PCAOB, in a
walkthrough an auditor traces “company
transactions and events – both those that are
routine and recurring and those that are unusual
– from origination, through the company’s
accounting and information systems and
financial report preparation processes, to their
being reported in the company’s financial
statements.” Auditors should perform their own
walkthroughs which provides auditors with
appropriate evidence to make an intelligent
assessment of internal controls.
Source: PCAOB Briefing Paper, Proposed Auditing Standards, October 7, 2003.
25
© D.L. Crumbley
Slot Machine Example
26
© D.L. Crumbley
Fraud Deterrence Review
• Analysis of selected records and
operating statistics.
• Identify operating and control
weaknesses.
• Proactively identify the control
structure in place to help prevent fraud
and operate efficiently.
• Not an audit; does not express an
opinion as to financial statements.
• May not find all fraud especially
where two or more people secretively
agree to purposely deceive with false
statements or by falsifying documents.
[Always get a comprehensive, signed
engagement letter defining objectives.]
27
© D.L. Crumbley
Measures Helpful in Preventing Fraud
1. Strong Internal Controls (1.62)
2. Background checks of new
employees (3.70)
3. Regular fraud audit (3.97)
4. Established fraud policies (4.08)
5. Willingness of companies to
prosecute (4.47)
6. Ethical training for employees (4.86)
7. Anonymous fraud reporting
mechanisms (5.02)
8. Workplace surveillance (6.07)
1 = Most effective
8 = Least effective
Source: 2002 Wells Report
28
© D.L. Crumbley
Auditors Must be Alert for:
Concealment
Collusion
Evidence
Confirmations
Forgery
Analytical relationships
Source: Gary Zeune, “The Pros and Cons.”
“Things are not what you think they
are.” Al Pacino, “The Recruit.”
29
© D.L. Crumbley
SAS No. 99
Recommendations
• Brainstorming.
• Increased emphasis on
professional skepticism.
• Discussions with
management.
• Unpredictable audit tests.
• Responding to
management override of
controls.
30
© D.L. Crumbley
When Fraud Is Discovered
1.
2.
3.
4.
Notify management or the board when the
incidence of significant fraud has been
established to a reasonable certainty.
If the results of a fraud investigation
indicate that previously undiscovered fraud
materially adversely affected previous
financial statements, for one or more years,
the internal auditor should inform
appropriate management and the audit
committee of the board of directors of the
discovery.
A written report should include all findings,
conclusions, recommendations, and
corrective actions taken.
A draft of the written report should be
submitted to legal counsel for review,
especially where the internal auditor
chooses to invoke client privilege.
31
© D.L. Crumbley
SAS No. 99: SKEPTICISM
 An attitude that includes a
questioning mind and a critical
assessment of audit evidence.
 An auditor is instructed to
conduct an audit “with a
questioning mind that recognizes
the possibility that a material
misstatement due to fraud could
be present, regardless of any
past experience with the entity
and regardless of the auditor’s
belief about management’s
honesty and integrity.”
32
© D.L. Crumbley
BE SKEPTICAL
 Assume there may be wrong
doing.
 The person may not be truthful.
 The document may be altered.
 The document may be a forgery.
 Officers may override internal
controls.
 Try to think like a crook.
 Think outside the box.
33
© D.L. Crumbley
Think Like A Crook
•
•
•
•
Know your enemy as you know yourself,
and you can fight a hundred battles with no
danger of defeat.” Chinese Proverb.
Military leaders study past battles.
Football and basketball teams study game
films of their opponents.
Chess players try to anticipate the moves of
their opponent.
Examples: If contracts above $40,000 are
normally audited each year, check the
contracts between $30,000-$40,000.
34
© D.L. Crumbley
Three Major Phases of Fraud
1. The Act itself.
2. The concealment of the fraud (in
financial statements).
3. Conversion of stolen assets to personal
use.
One can study any one of these phases.
Examples:
Things being stolen: conduct surveillance and
catch perp.
If liabilities being hidden, look at financial
statements for concealment.
If perp has unexpected change in financial
status, look for source of wealth.
Source: Cindy Durtschi, “The Tallahassee Bean Counters:
A Problem-Based Learning Case in Forensic Audit,”
Issues in Accounting Education, Vol. 18, No. 2, May
2003, pp. 137-173.
35
© D.L. Crumbley
Be Proactive
 Fraud hotline (reduce fraud losses
by 50%).
 Suggestion boxes.
 Make everyone take vacations.
 People at top must set ethical tone.
 Widely known code of conduct.
 Check those employee references.
 Reconcile all bank statements.
 Count the cash twice in the same
day.
 Unannounced inventory counts.
 Fraud risk assessment (CFD).
36
© D.L. Crumbley
For Internal Auditors
Do not sell shares of
stock in your company.
Do not say anything in
public.
Put it in your report and
push it upwards.
Get rid of e-mail after
about a month.
37
© D.L. Crumbley
Fraud Risk Assessment
Ernst & Young report found that
organizations that had not performed
fraud vulnerability reviews were almost
two-thirds more likely to have suffered a
fraud within the past 12 months. J.W.
Koletar, p. 167.
A company should have a fraud risk
assessment performed of their controls,
procedures, systems, and operations. J.W.
Koletar, p. 166.
Sources: J.W. Koletar, Fraud Exposed,
John Wiley & Sons, 2003
38
© D.L. Crumbley
Some Take A-Ways
 Need to really understand the business
unit. What they really do.
 Have a mandatory vacation policy.
 Rotation of assignments.
 Have a written/signed ethics policy.
 Do things differently each time you
audit a unit.
 Do not tell client what you are doing.
 Hard to find fraud in the books.
Look/listen. Look for life style changes.
 Do not rely on internal controls to deter
fraud.
 Auditors should have control of the
confirmation process.
 When checking endorsements, be
careful with the ones with only the
account number (may have a fake name
on the account).
39
© D.L. Crumbley
More Take A-Ways
 Check employee references/resume.
 Stop giving the employee/client the
answer when you ask a question.
 Zero tolerance for allowing
employee/executive to get away
with anything.
 Always reconcile the bank
statements.
 Try to think like a criminal.
 Get inside the criminal’s mind. Be a
detective.
 Do not assume you have honest
employees.
 Bond employees.
Source: Gary Zeune
40
© D.L. Crumbley
Check References and Resume
Fraud 101: Fraudsters can change
their job and address, but they can
not change who they are.
41
© D.L. Crumbley
Integrity Testing
 Pre-employment drug testing.
 Post-employment drug testing
more sensitive.
 Pre-employment polygraph
tests prohibited by 1988 Act
(Federal, State, Local
Governments and Federal
Contractors exempted from the
Act).
 Written integrity tests.
42
© D.L. Crumbley
Lavish Executive Pay
 Many of the companies indicted by
the SEC after Enron had one thing in
common: CEOs were making about
75% above their peers.
 The common thread among the
companies with the worst corporate
governance is richly compensated
top executives, as per the Corporate
Library, Portland, Maine
governance-research firm. Hefty pay
checks and perks to current or
former chief executives.
 Poor BODs have in common: an
inability to say no to current or
former chief executives.
Source: Monica Langley, “Big Companies Get Low
Marks for Lavish Executive Pay,” Wall Street J.,
June 9, 2003, p. C-1.
43
© D.L. Crumbley
Earnings Management
Earnings management may be
defined as the “purposeful
intervention in the external
financial reporting process, with
the intent of obtaining some
private gain.”
– Katharine Schipper, “Commentary on Earnings
Management,” Accounting Horizon, December 1989,
p. 92.
44
Spotting Financial Fakery
© D.L. Crumbley
Do the Sniff Test – This one’s
subjective, but it’s powerful. Essentially, if
something looks wrong, and management
can’t provide a convincing explanation, it
probably is wrong. Trust your gut.
Remember that Cash is Always King
– Does accounting gobbledygook make
your head spin? Fear not – there is one
very simple thing you can do: Keep an
eye on cash flow. Over time, increases in
a company’s cash flow from operations
should roughly track increases in net
income.
If you see cash from operations
decline even as net income keeps
marching upward – or if cash from
operations increases much more slowly
than net income – watch out.
Source: Pat Dorsey, “Five Tips for Spotting Financial Fakery,” Yahoo! Finance,
February 11, 2004.
45
Spotting Financial Fakery
© D.L. Crumbley
Beware Overstuffed Warehouse –
When inventories begin rising faster than
sales, trouble is likely on the horizon.
Sometimes the buildup is just temporary
as a company prepares for a new product
launch, but that’s usually more the
exception than the rule.
Keep an Eye on Accounts Receivable
– Roughly speaking, watch A/R as a
percentage of sales, and watch the growth
rate in A/R relative to the growth rate of
sales. If A/R is moving up much faster
than sales, something may be amiss.
Source: Pat Dorsey, “Five Tips for Spotting Financial Fakery,” Yahoo! Finance, February 11,
2004.
46
Spotting Financial Fakery
© D.L. Crumbley
Watch the Honeypot – Companies
in the midst of big changes will often
take a huge charge – which Wall
Street is supposed to look right
through, because, hey, it’s a one –
time thing – to set up a “restructuring
reserve,” and then slowly reverse
some of the charge later on. This
technique is known as a “honeypot,”
because the company can dip into it
whenever its operational results
aren’t looking so great.
Source: Pat Dorsey, “Five Tips for Spotting Financial Fakery,” Yahoo! Finance,
February 11, 2004.
47
© D.L. Crumbley
Seven Investigative Techniques
1. Public document review and
background investigation (nonfinancial documents).
2. Interviews of knowledgeable
persons.
3. Confidential sources.
4. Laboratory analysis of physical and
electronic evidence.
5. Physical and electronic
surveillance.
6. Undercover operations.
7. Analysis of financial transactions.
Source: R.A. Nossen, The Detection, Investigation and
Prosecution of Financial Crimes, Thoth Books, 1993.
48