Fraud Prevention, Detection Audit

July 7, 2017 | Author: saccontala | Category: Fraud, Audit, Crimes, Business, Accounting And Audit
Share Embed Donate


Short Description

fraud...

Description

Fraud Prevention, Detection & Audit Course # 3043, 16 CPE Credits

Course CPE Information

Course CPE Information Course Expiration Date AICPA and NASBA Standards require all Self-Study courses to be completed and the final exam submitted within 1 year from the date of purchase as shown on your invoice. No extensions are allowed under AICPA/NASBA rules. On rare occasion, in response to customer feedback, Western CPE deems it necessary to change one or more of the final exam questions. Thank you for choosing Western CPE for your continuing professional education needs. Field of Study Auditing. Some state boards may count credits under different categories—check with your state board for more information. Course Level Basic. Prerequisites There are no prerequisites. Advanced Preparation None. Course Description Auditors, more than any other group, are charged with detecting and preventing fraud within businesses and nonprofits. The first part of the course provides an overview of fraud, profiles perpetrators of fraud, and sheds light on what motivates people to commit fraud and how they rationalize it. The latter half discusses fraud from an auditing point of view, risk factors for fraud, how an auditor can detect fraud, how to investigate fraud, and how to implement SAS No. 99 to improve audit performance and increase the likelihood of detecting fraud. Useful, illustrative examples are provided throughout. Publication/Revision Date This course was last updated September 2009. © Copyright 2007 Marshall B. Romney

i

Instructional Design

Instructional Design Western CPE Self-Study courses are organized so as to lead you through a learning process using instructional methods that will help you achieve the stated learning objectives. You will be informed of the knowledge, skills, or abilities you will learn within each chapter of the course (clearly defined learning objectives); you will learn the material (course content and instructional methods); your learning will be reinforced (review questions); and your completion of meeting the learning objectives will be measured (final exam questions). These and additional instructional elements are listed and explained below. Please review this information completely to familiarize yourself with all instructional features and to help ensure you will achieve all course learning objectives. Course CPE Information The preceding section, “Course CPE Information,” details important information regarding CPE. If you skipped over that section, please go back and review the information now to ensure you are prepared to complete this course successfully. Table of Contents The table of contents allows you to quickly navigate to specific sections of the course. Chapter Learning Objectives and Content Chapter learning objectives clearly define the knowledge, skills, or abilities you will gain by completing each section of the course. Throughout the course content, you will find various instructional methods to help you achieve the learning objectives, such as examples, case studies, charts, diagrams, and explanations. Please pay special attention to these instructional methods as they will help you achieve the stated learning objectives. Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. Glossary The glossary defines key terms. Please review the definition of any words of which you are not familiar.

ii

Instructional Design

Index The index allows you to quickly locate key terms or concepts as you progress through the instructional material. Final Exam Final exams measure (1) the extent to which the learning objectives have been met and (2) that you have gained the knowledge, skills, or abilities clearly defined by the learning objectives for each section of the course. Unless otherwise noted, you are required to earn a minimum score of 70% to pass a course. You are allowed up to three attempts to pass the final exam. If you do not pass on your first attempt, please review the learning objectives, instructional materials, and review questions and answers before attempting to retake the final exam to ensure all learning objectives have been successfully completed. Evaluation Upon successful completion of your online exam, we ask that you complete an online course evaluation. Your feedback is a vital component in our future course development. Thank you.

Western CPE Self-Study 243 Pegasus Drive Bozeman, MT 59718 Phone: (800) 243-7395 Fax: (206) 774-1285 E-mail: [email protected] Web site: www.westerncpe.com

Notice: This publication is designed to provide accurate information in regard to the subject matter covered. It is sold with the understanding that neither the author, the publisher, nor any other individual involved in its distribution is engaged in rendering legal, accounting, or other professional advice and assumes no liability in connection with its use. Because regulations, laws, and other professional guidance are constantly changing, a professional should be consulted should you require legal or other expert advice. Information is current at the time of printing.

iii

Table of Contents

Table of Contents Course CPE Information .............................................................................................................. i Instructional Design...................................................................................................................... ii Table of Contents ......................................................................................................................... iv Chapter 1 – Introduction to Fraud.............................................................................................. 1 Learning Objectives..................................................................................................................... 1 Definition of Fraud ...................................................................................................................... 2 The Nature and Elements of Fraud.............................................................................................. 4 Types of Fraud............................................................................................................................. 5 Employee Fraud ....................................................................................................................... 6 Fraudulent Financial Reporting................................................................................................ 7 External Fraud .......................................................................................................................... 8 Investment Fraud ....................................................................................................................... 10 “Red flags” Indicating an Investment Scam .......................................................................... 11 Summary.................................................................................................................................... 11 Charles Ponzi Case .................................................................................................................... 12 Chapter 1 Review Questions ..................................................................................................... 16 Chapter 1 Review Question Answers and Rationales ............................................................... 18 Chapter 2 – Who Commits Fraud and Why ............................................................................ 21 Learning Objectives................................................................................................................... 21 Profile of the Fraud Perpetrator ................................................................................................. 21 Social Forces Contributing to Fraud.......................................................................................... 23 Ostracism of the Whistle-Blower........................................................................................... 24 Failure to Report Fraud .......................................................................................................... 24 Failure of Businesses to Prosecute Fraud Perpetrators .......................................................... 24 Failure of Law-Enforcement Officials to Prosecute Fraud Perpetrators................................ 24 Light Sentences for Perpetrators ............................................................................................ 25 The Fraud Triangle .................................................................................................................... 26 Pressures................................................................................................................................. 27 Opportunities.......................................................................................................................... 28 Rationalizations...................................................................................................................... 30 Interaction of the Fraud-Triangle Elements ........................................................................... 31 Fraud Prevention Program......................................................................................................... 32 Identify Fraud Risk Factors.................................................................................................... 34 Identify Fraud Prevention Techniques ................................................................................... 34 The Unforgiving Casino Case ................................................................................................... 35

iv

Table of Contents

Chapter 2 Review Questions ..................................................................................................... 38 Chapter 2 Review Question Answers and Rationales ............................................................... 41 Chapter 3 – Fraud Prevention: Pressures and Rationalizations ............................................ 45 Learning Objectives................................................................................................................... 45 Employee Financial Pressures ................................................................................................... 45 Bad Investments or Heavy Financial Losses.......................................................................... 45 Excessive Lifestyle or Living Beyond One’s Means ............................................................. 45 Inadequate Compensation ...................................................................................................... 46 High Personal Debt ................................................................................................................ 46 Greed ...................................................................................................................................... 47 Desire to avoid paying taxes .................................................................................................. 47 Pride and Ambition ................................................................................................................ 48 A Need For Power or Control ................................................................................................ 48 Inability to Tolerate Delay or Frustration .............................................................................. 48 Insatiable Intellectual Challenge ............................................................................................ 48 Management Financial Pressures .............................................................................................. 48 Economic Cycles, Inflation, and Recession ........................................................................... 48 Impending Business Failures ................................................................................................. 49 Urgent Need For Earnings...................................................................................................... 49 Unfavorable Economic Conditions ........................................................................................ 49 Unrealistic Goals, Financial Targets, or Expectations Set By Management ......................... 50 There Are a Number of Other Important Company Pressures:.............................................. 50 Many Other “Red Flags” Appear Due to Management-Related Pressures............................ 50 Work-Related Pressures ............................................................................................................ 51 Severe Resentment ................................................................................................................. 51 Threat of Job Loss .................................................................................................................. 52 Overaggressive Compensation Plans ..................................................................................... 53 Low Employee Morale and Loyalty....................................................................................... 53 Lifestyle Pressures..................................................................................................................... 53 Gambling................................................................................................................................ 53 Drug or Alcohol Addiction .................................................................................................... 54 Sexual Relationships .............................................................................................................. 54 Family or Peer Pressure.......................................................................................................... 54 Beating the System................................................................................................................. 54 Rationalizations ......................................................................................................................... 55 Minimizing and Detecting Situational Pressures....................................................................... 56 Prevention Techniques ........................................................................................................... 56 Create a Proper Corporate Climate ........................................................................................ 56 Establish Employee Assistance Programs.............................................................................. 57 Regularly Evaluate Employee Performance .......................................................................... 57 Take Special Care With Certain Employees .......................................................................... 57 Monitor Employee Situational Pressures ............................................................................... 57 Minimize Company Pressures................................................................................................ 58 v

Table of Contents

Monitor Corporate Pressures.................................................................................................. 58 Maximizing Employee Integrity, Minimizing Rationalizations................................................ 59 Prevention Techniques ........................................................................................................... 59 Select Honest Employees ....................................................................................................... 59 Create a Culture of Honesty ................................................................................................... 60 Clearly Label Honest and Dishonest Actions ........................................................................ 60 Teach and Reward Honesty.................................................................................................... 60 Investigate and Prosecute Dishonesty .................................................................................... 61 Develop Proper Dismissal Practices ...................................................................................... 61 Properly Manage Disgruntled Employees.............................................................................. 61 Properly Train Employees...................................................................................................... 62 Case Study: Portrait of a White-Collar Criminal....................................................................... 62 Chapter 3 Review Questions ..................................................................................................... 65 Chapter 3 Review Question Answers and Rationales ............................................................... 67 Chapter 4 – Fraud Prevention: Opportunities......................................................................... 71 Learning Objectives................................................................................................................... 71 Opportunities that Allow Fraud................................................................................................. 71 Internal Control -- Risk Factors and Prevention Techniques .................................................... 71 Risk Factors............................................................................................................................ 71 Prevention Techniques ........................................................................................................... 72 Risk Factor: Insufficient Separation of Duties....................................................................... 72 Prevention Techniques ........................................................................................................... 73 Safeguarding Assets -- Risk Factors and Prevention Techniques ............................................. 74 Risk Factor: Inadequate Safeguarding of Assets.................................................................... 74 Prevention Technique............................................................................................................. 74 Processing of Transactions -- Risk Factors and Prevention Techniques................................... 74 Risk Factor: No Independent Checks on Performance .......................................................... 75 Prevention Technique............................................................................................................. 75 Risk Factor: Inadequate Record Keeping............................................................................... 75 Prevention Techniques ........................................................................................................... 75 Supervision -- Risk Factors and Prevention Techniques........................................................... 75 Risk Factor: Inadequate Supervision...................................................................................... 75 Prevention Technique............................................................................................................. 76 Organizational Structure -- Risk Factors and Prevention Techniques ...................................... 76 Risk Factor: Complex Business Structure.............................................................................. 76 Prevention Technique............................................................................................................. 76 Accounting Practices -- Risk Factors and Prevention Techniques............................................ 76 Risk Factor: Inadequate or Questionable Accounting Practices ............................................ 77 Prevention Technique............................................................................................................. 77 Risk Factor: Authority Figures Who Cannot Be Questioned................................................. 77 Prevention Techniques ........................................................................................................... 77 vi

Table of Contents

Risk Factor: Management’s Disregard for Guidelines, Controls, or Regulatory Authorities 78 Prevention Techniques ........................................................................................................... 78 Risk Factor: Employees with a Criminal or Questionable Background ................................ 79 Prevention Technique............................................................................................................. 80 Risk Factor: Related-Party Transactions................................................................................ 80 Prevention Technique............................................................................................................. 80 Risk Factor: Mutually Beneficial Personal Relationships with Customers or Suppliers....... 80 Prevention Techniques ........................................................................................................... 81 Risk Factor: Operating In a Crisis or Rush Mode.................................................................. 81 Prevention Technique............................................................................................................. 82 General or Administrative ......................................................................................................... 82 Risk Factor: Lack of an Effective Internal-Auditing Staff..................................................... 82 Prevention Technique............................................................................................................. 82 Risk Factor: No Internal Security System.............................................................................. 82 Prevention Technique............................................................................................................. 82 Risk Factor: Assets Highly Susceptible to Misappropriation ................................................ 82 Prevention Technique............................................................................................................. 82 Risk Factor: Unclear Policies and Procedures ....................................................................... 83 Prevention Technique............................................................................................................. 83 Risk Factor: Placing Too Much Trust in Employees ............................................................. 83 Prevention Techniques ........................................................................................................... 84 Risk Factor: No Policy of Mandatory Vacations during Which Someone Else Performs Duties ..................................................................................................................................... 84 Prevention Techniques ........................................................................................................... 85 Risk Factor: Lengthy Tenure in a Key Job ............................................................................ 85 Prevention Technique............................................................................................................. 85 Risk Factor: Lack of Support for Company Values............................................................... 85 Prevention Technique............................................................................................................. 85 Risk Factor: No Audit Trails.................................................................................................. 86 Prevention Technique............................................................................................................. 86 Risk Factor: Managerial Carelessness or Inattention to Technical Details............................ 86 Prevention Technique............................................................................................................. 86 Risk Factor: No Effective Oversight By Board of Directors ................................................. 86 Prevention Technique............................................................................................................. 86 Risk Factor: Inadequate Training........................................................................................... 86 Prevention Technique............................................................................................................. 86 Risk Factor: Inaction .............................................................................................................. 86 Prevention Technique............................................................................................................. 86 Chapter 4 Review Questions ..................................................................................................... 89 Chapter 4 Review Question Answers and Rationales ............................................................... 91 Chapter 5 – Fraud Detection ..................................................................................................... 94 Learning Objectives................................................................................................................... 94 Company Vulnerabilities........................................................................................................... 94

vii

Table of Contents

Four Areas of Vulnerability....................................................................................................... 94 1. Receipt of Goods or Cash.................................................................................................. 94 2. Purchasing, Disbursement of Cash, and Shipment of Goods............................................ 94 3. Misappropriation of Company Assets............................................................................... 95 4. Fraudulent Reporting of Company Results....................................................................... 95 Use of Specialists....................................................................................................................... 95 Computer-Security Officers ...................................................................................................... 95 Forensic Accountants ................................................................................................................ 96 Fraud Symptoms........................................................................................................................ 96 Accounting Symptoms .............................................................................................................. 97 Altered, Forged, or Unusual Documents................................................................................ 97 Large, Unusual, or Complex Transactions at Year-End ........................................................ 98 Numerous Adjusting Entries at Year-End.............................................................................. 98 Unusual Journal Entries ......................................................................................................... 98 Ledger Problems .................................................................................................................... 99 Selecting or Changing to More Liberal Accounting Practices............................................... 99 "Going-Concern" or Adverse Opinions ................................................................................. 99 Premature Recognition of Revenue...................................................................................... 100 Current Expenses Moved to a Later Period ......................................................................... 100 Analytical Symptoms .............................................................................................................. 100 Financial-Statement Review ................................................................................................ 101 Vertical and Horizontal Analyses ........................................................................................ 101 Analysis of the Cash-Flow Statement .................................................................................. 104 Ratio and Trend Analysis Symptoms................................................................................... 106 Unusual Relationships.......................................................................................................... 106 Behavior Symptoms ................................................................................................................ 111 Altered Behavior .................................................................................................................. 112 Unexplained Behavior Changes ........................................................................................... 112 Management Pressures......................................................................................................... 112 Tip and Complaint Symptoms................................................................................................. 113 Hotlines ................................................................................................................................ 114 Whistle-Blowing .................................................................................................................. 114 Organizational Structure Symptoms........................................................................................ 115 Overly Complex Organizational Structure........................................................................... 115 Outsider/Related-Party Symptoms .......................................................................................... 115 Internal-Control Symptoms ..................................................................................................... 117 Lifestyle Symptoms................................................................................................................. 119 Environmental Symptoms ....................................................................................................... 120 Chapter 5 Review Questions ................................................................................................... 122 Chapter 5 Review Question Answers and Rationales ............................................................. 125

viii

Table of Contents

Chapter 6 – Fraud Investigation and Audit ........................................................................... 130 Learning Objectives................................................................................................................. 130 The Fraud Investigation Process.............................................................................................. 130 Four-Step Investigation Strategy ............................................................................................. 131 Step One -- Problem Recognition and Definition ................................................................ 131 Step Two -- Evidence Collection ......................................................................................... 131 Step Three -- Evidence Evaluation....................................................................................... 134 Step Four -- Report Findings................................................................................................ 134 Characteristics of a Fraud Report ............................................................................................ 134 Fraud Examination Theory...................................................................................................... 134 Evidence .................................................................................................................................. 136 Document Evidence ............................................................................................................. 137 Rules for Gathering and Handling Documentary Evidence................................................. 137 Obtaining Documentary Evidence ....................................................................................... 138 Validating Documentary Evidence ...................................................................................... 138 Types of Document Analysis ............................................................................................... 138 Finding Documentary Evidence........................................................................................... 139 Public Records...................................................................................................................... 140 Public Databases .................................................................................................................. 141 Credit Records...................................................................................................................... 141 Federal Government............................................................................................................. 141 State Government................................................................................................................. 142 City and County Records ..................................................................................................... 143 Net Worth............................................................................................................................. 144 Asset Method........................................................................................................................ 144 Expenditure Method............................................................................................................. 144 Net-Worth Calculation and Formula.................................................................................... 144 Vertical and Horizontal Analysis ......................................................................................... 147 People Evidence ................................................................................................................... 147 Hotlines and Informants ....................................................................................................... 147 Interviews ............................................................................................................................. 148 Types of Interviewees .......................................................................................................... 148 Interview Phases................................................................................................................... 148 Interview Guidelines ............................................................................................................ 148 Stages of Those Affected by Fraud ...................................................................................... 149 Interrogation ......................................................................................................................... 150 Personal-Observance Evidence ............................................................................................ 152 Surveillance.......................................................................................................................... 152 Undercover Operations ........................................................................................................ 153 Searches................................................................................................................................ 153 Invigilation ........................................................................................................................... 153 Physical Evidence ................................................................................................................ 154 Case Study ............................................................................................................................... 154

ix

Table of Contents

Directions: ............................................................................................................................ 154 The Facts: ............................................................................................................................. 154 Case Questions: .................................................................................................................... 155 Suggested Solutions -- Case Study....................................................................................... 156 The Sarbanes-Oxley Act of 2002 ............................................................................................ 157 How the Sarbanes-Oxley Act of 2002 Impacts the Accounting Profession ........................ 157 Public Company Accounting Oversight Board.................................................................... 157 New Roles for Audit Committees and Auditors .................................................................. 158 Criminal Penalties ................................................................................................................ 159 Financial Reporting and Auditing Process Additions .......................................................... 159 Business and Industry CPAs ................................................................................................ 160 Recent Accounting Scandals ................................................................................................... 160 The Collapse of Enron Corporation ..................................................................................... 160 The Rise and Fall of WorldCom .......................................................................................... 166 The Secrets of Adelphia ....................................................................................................... 172 Chapter 6 Review Questions ................................................................................................... 182 Chapter 6 Review Question Answers and Rationales ............................................................. 186 Chapter 7 – Review of Statement on Auditing Standards No. 99 ........................................ 193 Learning Objectives................................................................................................................. 193 Brief Overview of SAS No. 99................................................................................................ 194 Discussion Regarding the Risks of Material Misstatement Due to Fraud............................... 194 Obtaining the Information Needed to Identify Fraud.............................................................. 195 Make Inquiries of Management and Others within the Entity About Fraud........................ 196 Consider the Results of the Analytical Procedures Performed While Planning the Audit .. 198 Consider Fraud Risk Factors ................................................................................................ 198 Consider Other Information That May Be Helpful in Identifying Risks ............................. 198 Identifying Risks That May Result in a Fraudulent Material Misstatement ........................... 199 Assessing the Identified Risks................................................................................................. 200 Responding to the Results of the Assessment ......................................................................... 200 Overall Responses to Identified Risks ................................................................................. 201 Responses to Identified Risks Involving the Nature, Timing, and Extent of Procedures to Be Performed ............................................................................................................................. 202 Example Responses to Specific Fraudulent-Financial-Statement Risks.............................. 203 Example Responses to Fraud Risks Related to Misappropriation of Assets........................ 205 Responses to the Risk of Management Override of Controls .............................................. 206 Examining Journal Entries and Other Adjustments ............................................................. 207 Evaluating the Business Rationale for Significant Unusual Transactions ........................... 208 Evaluating Audit-Test Results................................................................................................. 208 Assessing Fraud Risk Throughout the Audit ....................................................................... 208 Evaluating Whether Analytical Procedures Indicate a Previously Unrecognized Fraud Risk .............................................................................................................................................. 209 x

Table of Contents

Evaluating Fraud Risk At or Near the Completion of the Audit.......................................... 211 Responding to Misstatements That May be the Result of Fraud ......................................... 211 Before Withdrawing, the Auditor Should Consider Consulting with Legal Counsel.......... 212 Communicating with Management, the Audit Committee, and Others .................................. 212 Documenting the Auditor's Consideration of Fraud................................................................ 213 Chapter 7 Review Questions ................................................................................................... 216 Chapter 7 Review Question Answers and Rationales ............................................................. 218 Glossary ..................................................................................................................................... 222 Index........................................................................................................................................... 227

xi

Chapter 1: Introduction to Fraud

Chapter 1 – Introduction to Fraud Learning Objectives After completing this section of the course, you should be able to: 1. List the basic elements of fraud and explain how the various types of fraud are carried out. 2. Cite examples of fraudulent practices. It is rare for a week to go by without the national or local press reporting another fraud. These frauds range from an employee defrauding a local company out of a small sum of money to a multimillion-dollar fraud that captures the attention of the nation. Auditors are in a unique situation with respect to fraud. The public looks to them, more than any other group, to prevent and detect fraud. And you can be sure that when it occurs in a company with audited financial statements, the auditor will probably be sued by somebody. Therefore, it behooves auditors to understand fraud. The economic losses to fraudulent activity each year are staggering. The Association of Certified Fraud Examiners estimates that fraud costs the United States $660 billion dollars a year. That compares to its estimate of $11 billion dollars lost to violent crime each year. The financial literature is full of stories of people who have committed a fraud or companies victimized by fraud. The financial press also frequently publishes estimates of the losses incurred as a result of fraud. Consider the following estimates of fraud in the United States: Χ Health agencies estimate fraud represents 10 percent of the nation’s health-care bill at a cost of $75 to $130 billion a year. Χ The tax gap, which is the difference between what people owe the government and what they pay, exceeds $200 billion a year. Χ The IRS estimates that electronic-tax-filing fraud costs the government billions of dollars a year. For example, in one 10-month period, fraudulent electronic returns increased 105 percent. Χ Thirteen percent of credit-card sales resulted in loss due to fraud. For example, fraud losses at MasterCard exceed $300 million a year. Χ Losses related to telephone fraud exceed $10 billion a year. Χ Some 60 percent of Americans have shoplifted. An estimated 200 million shoplifting incidents a year cost U.S. businesses almost $12 billion, or about $150 per family per year. Χ The National Center for Crime Data found that 80 percent of the 75 frauds they studied were the work of insiders. Such frauds were perpetrated most frequently by programmers, data-input clerks, and bank tellers. Χ Thirty percent of all business failures are caused by fraud. Χ The management of 45 of the 100 largest military suppliers is under investigation for fraud.

1

Chapter 1: Introduction to Fraud

Fraud is not a problem that is confined to the United States. In the United Kingdom, more than 300 cases of fraud involving amounts in excess of $150,000 were reported in a recent five-year period. A survey in Ireland shows that during a three-year period, over 40 percent of the largest 500 corporations experienced a fraud. In recent years, Canada has reported losses of $39 million from fraud. The biggest losses were a result of false financial statements, kickbacks, and phantom vendors. Not only are the losses to fraud very high, but the estimates of the number of people who commit or would commit a dishonest act are also very high. Consider the following estimates: Χ The director of fraud and security for a large consulting company stated that of every 10 workers, three look for a way to steal, three would steal if given an opportunity, and four would usually be honest. Χ Two out of every three college students admit to cheating on exams. Χ An Institute of Management study found that 87 percent of managers were willing to commit fraud if it would make their organizations look better. Χ A study of 400 people found that 47 percent of top executives, 41 percent of controllers, and 76 percent of graduate-level business students were willing to commit fraud by understating write-offs that cut into their company’s profits. One of the reasons why the losses to fraud are so much greater than those for violent crimes is that fraud “pays better” than other crimes. One study found that the average loss to robbery was $250 and to burglary was $450. In contrast, the average fraud committed by a company employee was $23,500, and the average loss in a computer fraud was $500,000. It is important to remember that the estimates of fraud losses are only that: estimates. The fact is that no one really knows how much money is lost to fraud each year. Many frauds are not detected and many of those that are detected are not reported to authorities. What we do know, however, is that the losses are very large and that they are growing. Definition of Fraud Just what is this fraud that costs society so much, and exactly what does it consist of? It is usually more difficult for auditors to discover frauds than it is to uncover errors because of the intended deception associated with a fraud. Fraud is defined as an intentional act of deceit for the purpose of gaining an unfair advantage that results in an injury to the rights or interests of another person. This can be done using things such as presentation of false or misleading information, suppressions of the truth, lies, tricks, and cunning. Fraud perpetrators are often referred to as white-collar criminals to distinguish them from criminals who commit violent crimes. To commit most frauds, a perpetrator must take three different steps: the theft itself; converting the asset to personal use; and concealing the fraud. First, the fraudster must take something of value, such as cash, inventory, tools, supplies, equipment, or data. It can also be an intentional reporting of misleading financial information.

2

Chapter 1: Introduction to Fraud

Second, the perpetrator converts the assets into a form that can be used personally. This conversion is usually required for all stolen assets except cash. Stolen checks must be deposited to an account from which the perpetrator can withdraw funds. Information (such as trade secrets or confidential company data) is often sold to someone such as a competitor. Industry experts estimate that computer companies annually lose up to $200 billion in computer chips due to armed robbery and employee theft. In some circles, computer chips are better than gold. Their theft is being referred to as the crime of the electronic age. Employees who steal these chips must convert them to cash. A sophisticated black market exists for the chips, and they often change hands as much as ten times in three days. When some companies run short of chips, they often end up buying their stolen chips back. The following example illustrates the conversion process. Example: On the advice of its trusted manager, a brand-name carpet manufacturer approved purchase orders replacing looms described by a subsidiary as deteriorated past reconditioning. But instead of being discarded or sold to a dealer, the used looms, which were in perfectly sound condition, found their way to another building in a town close by, along with skilled workers to man them. In a short time, a new lowpriced carpet maker was bidding against the original brand. Third, the perpetrator must conceal the crime in order to avoid detection and to continue the fraud. Concealing a fraud often takes more time and effort and leaves behind more evidence than the actual theft does. Where there are checks and balances in the system, the perpetrator often must “cook the books” to avoid detection. The theft of cash may require the employee to doctor the bank reconciliation or to make false accounting entries to avoid detection. Taking cash takes only a few seconds, but altering records to hide the theft can be more challenging and time-consuming. One effective way to hide an employee theft is to charge the stolen item off to an expense account. An employee could steal $10,000 and charge it off to miscellaneous expense. Or, a payroll clerk could add a fictitious name to the employee payroll records, intercept the paycheck, and cash it. The company would be missing funds, but the books would be in balance because there was a debit to a wages expense and a credit to cash. In the case of expense accounts, the perpetrator’s principal exposure is limited to a year or less, because expense accounts are zeroed out at the end of the year. If perpetrators chose to hide the theft by affecting another balance-sheet account, they would have to continue to hide it. Hence, one of the most popular ways to cover up a fraud is to hide the theft in an income-statement account. One of the most effective ways to prevent the theft-conversion-concealment process is to have an effective system of internal controls. When such a system of controls is in effect, fraud is made much more difficult. The internal control system must either be overridden or two or more

3

Chapter 1: Introduction to Fraud

perpetrators must collude with each other. The Nature and Elements of Fraud A typical fraud has a number of important elements or characteristics. 1. The perpetrator of the fraud must have gained the trust or confidence of the person or company being defrauded. This confidence makes it possible for the perpetrator to commit and conceal the fraud. For this reason, fraud schemes are often referred to as cons (from the word CONfidence). 2. In contrast to most other crimes, a perpetrator uses trickery or cunning to commit the fraud rather than force. Instead of using a gun, a knife, or physical force to commit a crime, perpetrators use false or misleading information. The intent is to get someone to give them money or assets. They hide their tracks by falsifying records or other information about the asset. 3. Most frauds, once begun, are rarely terminated voluntarily by the perpetrator. The greed of the perpetrators is such that they continue to exploit the opportunity to obtain extra funds, which they try to increase and extend. Once perpetrators start committing fraud, it is very hard for them to stop. The following factors are reasons that perpetrators continue a fraudulent scheme: a. They usually begin to depend on the “extra” income and cannot afford to stop. b. When faced with the prospect of having additional money at their disposal, many move to a higher lifestyle that requires even greater amounts of money. c. Most perpetrators will take as much money as they think their particular scheme or method will allow them to take. The amount taken is usually limited only by the success perpetrators have in concealing their actions or in the accidental or contrived opportunities the perpetrator is able to discover or create. d. Some frauds are self-perpetuating. If perpetrators stop, their actions would be discovered, and they would get caught. e. For these reasons, there are no small frauds -- only large ones that got detected early. 4. Fraud perpetrators very rarely save or invest what they embezzle. Instead, they spend it. In all of the cases that one particular fraud expert has investigated or read about, he has only uncovered two perpetrators that “saved” the money embezzled. One perpetrator converted the money to gold bullion and stashed it in his basement. The other put the money into trust funds for her grandchildren. 5. If the perpetrators are not caught shortly after they begin, they typically become more confident of their scheme. Many get greedy and take ever-larger amounts of money at more frequent intervals. These larger amounts are more prone to be scrutinized carefully, and a scheme that might have gone undetected for some time is uncovered because the amounts taken rise to unacceptable levels. 6. As time passes, many perpetrators grow careless or overconfident and do not take sufficient care to effectively hide their fraud. Such perpetrators usually make a mistake that leads to their apprehension. 7. In time, the sheer magnitude of the amount of the fraud leads to its detection. Example: For example, at one auto repair shop, the accountant, a lifelong friend of the shop’s owner, embezzled ever-increasing funds from the shop over a seven-year period. In

4

Chapter 1: Introduction to Fraud

the last year of the fraud, when the embezzler took over $100,000, the owner, facing bankruptcy, eventually had to fire the accountant and have his wife take over the bookkeeping. When the company began doing better, the wife began looking into the reasons for the recovery. She uncovered the fraud. 8. The most significant contributing factor in most frauds is the failure to enforce existing internal controls. Types of Fraud This course discusses four types of fraud: 1. A theft of assets, which many people refer to as employee fraud or a defalcation. SAS No. 99, Consideration of Fraud in a Financial Statement Audit, refers to this as a misappropriation of assets. 2. Management fraud, which SAS No. 99 refers to as fraudulent financial reporting. 3. External fraud. 4. Investment fraud. The Association of Certified Fraud Examiners (ACFE) sent out 8,000 questionnaires to its members asking them to report on frauds they were aware of. They had 2,563 usable responses to their questionnaires. The study did not specifically delve into fraudulent financial reporting or investment fraud, but it did look into employee and external frauds such as customer and vendor frauds. The study shows that 61.8 percent were employee frauds; 6.2 percent were vendor frauds; 11.4 percent were customer frauds; and 11.6 percent involved collusion between employee and an outsider. (Other studies have shown that up to one-third of all fraud involves collusion.) It is very difficult to prevent or detect collusion involving two or more employees or collusion between a customer or vendor and a company employee. The preventive aspect of the internal control system can often be negated or circumvented by collusion. In addition, when two or more people work together, it is much easier for perpetrators to hide their tracks. Example: Two women at a credit-card company colluded to steal funds. One woman was authorized to set up credit-card accounts, the other to write off unpaid accounts of less than $1,000. The woman who created the accounts simply created a new account for each of them using fictitious data. When the amount outstanding neared the $1,000 limit, the woman in collections wrote them off. The first woman would then create two new cards, and the process would be repeated. The women were caught when one of them kicked her live-in boyfriend out of the house and would not let him back in. To get even, he called the credit-card company and told the company what the women were doing. The most frequent forms of employee/vendor collusion include billing at inflated prices; performing substandard work and receiving full payment; payment for nonperformance; duplicate billings; and improperly funneling more work or purchasing more goods from a colluding company.

5

Chapter 1: Introduction to Fraud

The most frequent forms of employee/customer collusion include unauthorized loans or insurance payments; receipt of assets or services at unauthorized discount prices; forgiveness of amounts owed; and unauthorized extension of due dates. Collusion may cause the auditor to believe that evidence is persuasive when it is, in fact, false. For example, through collusion, false evidence that control activities have been performed effectively may be presented to the auditor, or, the auditor may receive a false confirmation from a third party who is colluding with management. Employee Fraud SAS No. 99, Consideration of Fraud in a Financial Statement Audit, defines misappropriation of assets as “... the theft of an entity’s assets. Misappropriation can be accomplished in various ways, including embezzling receipts, stealing assets, or causing an entity to pay for goods or services not received. Misappropriation of assets may be accompanied by false or misleading records or documents and may involve one or more individuals among management, employees, or third parties.” One study of 270 employee frauds found that 261 of the frauds involved the theft of cash. Cash is far and away the most likely asset to be stolen because it can easily be spent; it does not need to be converted into a spendable form, as do inventory and fixed assets; and it is usually easier to take a larger amount of cash than any other type of asset. The theft of cash can take many forms, including: • Stealing cash itself (there are many ways to do this, such as underringing sales, taking petty cash, taking cash and issuing a credit memo, or giving a fictitious refund for the amount stolen, etc.); • Using company checks or credit cards to pay personal expenses; • Submitting false expenses, such as for travel; • Overstating hours worked or increasing one’s monthly salary without authorization; • Creating fictitious employees and cashing the paychecks, or cashing the checks of a terminated employee; • Stealing duplicate payments; • Creating a fictitious vendor, submitting fraudulent invoices to the company, and cashing the checks to pay for the fictitious goods; • Granting loans to fictitious borrowers; and • Stealing checks made out to the company or to someone else and cashing them. Example: Albert Miano, a middle manager at Reader’s Digest making $35,000 per year, embezzled $1 million from 1982 to 1987. Miano was responsible for processing bills from the painters and carpenters at Reader’s Digest headquarters. As a test of the system, he forged the signature of a superior on an invoice for painting that was never done, submitted it to accounts payable, and told them to give him the check because the painter needed it in a hurry. When the check went through, Miano forged the painter’s endorsement on the check and deposited it in his own account. The scheme was so easy he continued it for five years, buying a $416,000 contemporary house in Connecticut, five cars, and an $18,000 motor boat.

6

Chapter 1: Introduction to Fraud

There are many other types of employee fraud, including theft of inventory or other assets, the unauthorized sale of assets, collusion with customers or suppliers, kickbacks and bribes, use of company resources for personal purposes, and false reports or entries into accounts to improve performance or cover missing assets. Example: An information-systems manager at a Florida newspaper went to work for a competitor when he was fired. Before long, the first employer realized its reporters were constantly being scooped. The newspaper finally discovered the manager still had an active account and password and regularly browsed its computer files for information on exclusive stories. Example: A Continental Illinois Bank vice president that was charged with approving $1 billion in bad loans in exchange for $585,000 in kickbacks. The loans cost the Chicago bank $800 million and helped trigger its collapse. Fraudulent Financial Reporting SAS No. 99, Consideration of Fraud in a Financial Statement Audit, defines fraudulent financial reporting as “... intentional misstatements or omissions of amounts or disclosures in financial statements to deceive financial-statement users.” It further states that fraudulent financial reporting may involve acts such as: • Manipulation, falsification, or alteration of accounting records or supporting documents from which financial statements are prepared; • Misrepresentation in, or intentional omission from, the financial statements of events, transactions, or other significant information; and • Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure. The National Commission on Fraudulent Financial Reporting (also known as the Treadway Commission) defines fraudulent financial reporting similarly: “... intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements.” Fraudulent financial reporting is usually committed by those high enough in an organization to override internal controls. It may be motivated by a number of things, such as a need to deceive investors and creditors, to cause the company’s stock price to rise, to meet cash-flow needs, or to hide company losses and problems. Perpetrators of fraudulent financial reporting often receive an indirect benefit from the fraud, such as they keep their job; the price of their stock rises; they receive pay raises they do not deserve; and they are perceived as very good managers, which means they are highly respected and are able to wield considerable power. Fraudulent financial reporting is a very serious issue, one that is of great concern to independent auditors. This was born out by the Treadway Commission’s study of over 450 lawsuits against auditors between the years 1960 and 1985. They found fraud to be a factor in approximately 50 percent of them. When the Treadway Commission issued its recommendations, it suggested several things that could be done to reduce the possibility of fraudulent financial reporting. 1. Establish an organizational environment and tone that contributes to the integrity of the

7

Chapter 1: Introduction to Fraud

financial-reporting process. 2. Identify and understand the factors that can lead to fraudulent financial reporting. 3. Assess the risk of fraudulent financial reporting that these factors can cause within the company. 4. Design and implement internal controls that provide reasonable assurance that fraudulent financial reporting will be prevented. Fraudulent financial reporting and misappropriation of assets are different in several ways: a. Misappropriation of assets is committed against an entity, most often by employees, while fraudulent financial reporting is usually committed by management to deceive financial-statement users. b. Misappropriation of assets involves the theft of assets, while most fraudulent financial reporting involves the overstatement of assets or revenues. c. Few employees or companies are motivated to steal or overstate liabilities or equities. d. However, companies are motivated to understate liabilities as a means to fraudulently misstate financial statements. Both types of fraud can but do not necessarily result in material misstatements of an entity’s financial statements. External Fraud Most organizations have safeguards over corporate assets that make it relatively more difficult for an outsider to steal company assets. More often, the theft or misstatement comes from an insider who has a knowledge and understanding of the company’s policies and procedures for safeguarding assets. With that knowledge, the person is able to violate a trust, evade control procedures, and commit and conceal the crime. The following estimates reflect the frequency of fraud committed by insiders versus fraud committed by outsiders. Retail stores estimate that 70 percent of their losses are a result of employee theft; only 30 percent result from shoplifting. Banking organizations estimate that over 90 percent of their fraud losses come from employee frauds. Less than 10 percent come from external parties such as bank robbers and customers or suppliers. However, even though external fraud is more difficult to commit, there is still a great deal of it, and companies must take steps to protect against it. External fraud is often categorized by the relationship of the perpetrator to the organization. Fraud perpetrated by someone who buys from a company is referred to as customer fraud. Fraud perpetrated by someone who sells goods to a company is referred to as vendor fraud. In customer fraud, the perpetrator is able to get something of value without having to pay for it. There are many ways to do this. In a bust-out, the perpetrator may purchase goods but not pay for them. A bust-out is a premeditated bankruptcy or insolvency, in which the perpetrator sets up a business; places small orders for goods with as many suppliers as possible; sells the goods to retailers or other buyers at

8

Chapter 1: Introduction to Fraud

deep discounts (often 25 percent or more); and uses the cash to promptly pay for the goods to build up a good credit record. Good credit histories with large established companies help lure in smaller suppliers. After the perpetrator wins the confidence of suppliers, he or she places huge orders with all suppliers as often as possible and then sells all the goods at discounted prices. When the suppliers finally get wise and cut the perpetrator off, he or she declares bankruptcy or moves to a new city to start the process all over again. In the last few years, the number of bust-outs has increased 30 to 50 percent. Example: Over a 15-year period, a con artist named Al Forman was involved in 25 separate bust-outs, each of which netted him $1 million to $4 million dollars. Example: An individual set up Discount Merchandise (appropriately named) in Chicago and bilked vendors for $3.2 million over an 18-month period. At the end of the bust-out, Discount Merchandise was ordering so much that tractor trailers were lined up outside its warehouse from morning until night. To hide the influx of cash, every week members of the individual’s family would spend hours going from bank to bank depositing $9,900 into each of their various bank accounts. In one year, they deposited almost $2 million. The individual was finally caught, convicted of fraud, and given a six-year prison sentence. In a bleed-out, a company that has been in business for years goes out of business slowly by refusing to pay creditors, one by one, until finally no one will extend it any more credit. It is hard to prove that this is not just a business that has fallen on hard times. The perpetrator may trick a company into sending goods or providing services and then not send a bill, or send it to someone else. For example, perpetrators may break into a phone system or steal a calling-card number and make phone calls that they are either not charged for or that are billed to someone else. Or the perpetrators may try to use fake credit cards. Example: One perpetrator found a way to break into a mail-order company’s computer system and have the system send him merchandise but not a bill. Example: A technology enthusiast named John Draper discovered that the whistle offered as a prize in Cap’n Crunch cereal exactly duplicated the frequency of a WATS line. He used his discovery to defraud phone companies by making a large number of free telephone calls. Bank customers can write NSF (not sufficient funds) checks, counterfeiters can create bogus checks, or people can use stolen credit cards. The number of check-fraud cases has increased from 537,000 to 1,267,000 over a recent two-year period and now costs commercial banks almost $1 billion per year. Much of the increase is due to an organized effort by counterfeiters. Corporate payroll checks are particularly vulnerable to these schemes. Example: A band of counterfeiters moved from town to town in the Northwest several years ago. They illegally obtained a copy of a payroll check from a large employer in the

9

Chapter 1: Introduction to Fraud

town. Then they used a desktop publishing package and a laser printer to make bogus checks. They capitalized on the fact that banks are normally required to cash corporate checks immediately. On the day workers were paid, they flooded the town with the checks and then moved on. The larger the bank, the more likely it is to become a victim of organized counterfeiters. Almost 80 percent of the banks with more than $5 billion in assets (as compared to only 48 percent of smaller banks) said that professional con artists were responsible for most of their bad-check losses. Companies or governmental entities are defrauded when their customers submit false or inflated claims for insurance, disability, public assistance, Social Security, accidents, fires, theft, or natural disasters. They even fake auto accidents and deaths. Perpetrators can obtain bogus loans or fraudulent grants by filing false financial statements, appraisals, credit ratings, or employee information, or pledging nonexistent capital. In vendor fraud, the perpetrator gets a company or individual to fraudulently pay for goods or services. Some examples of vendor fraud include inflating prices; substituting goods of inferior quality; short-shipping; billing for services not performed; billing for goods not delivered; and multiple billings for the same service. The vendor may commit the fraud without help from an insider or by colluding with a company employee. For example, a purchasing agent authorizes the purchase of goods at significantly inflated prices and then receives a kickback of 25 percent of the overcharged amount. Example: A kickback scheme at Avondale Shipyards resulted in the company’s paying $47 each for welding-gun tips that should have cost only $20 each. Investment Fraud In an investment fraud, the perpetrator sells an investor a worthless or overpriced investment or promises an unusually high rate of return that cannot be honestly earned. Many of these frauds are Ponzi schemes. Many people regard Charles Bianchi, who used the alias of Charles Ponzi, as the king of investment swindles. In 1920, Ponzi told investors he could purchase postal reply coupons in Europe for one cent each and exchange them in the United States for 10 cents worth of postage stamps. These stamps could then be converted into cash. However, he did not have the financial resources to buy all of the postal reply coupons he could find, so he was willing to let others invest with him. He promised to pay the investors a 50-percent return on their money every 45 days. However, Ponzi never invested more than a few dollars in the coupons. Instead, he took the money of later investors and used it to pay off earlier investors. As he paid off his first investors, word got around and hundreds of investors flocked to him seeking the high returns he promised. In eight months, Ponzi cheated his investors out of $15 million. Ponzi’s only expense was the 50 percent he promised to pay his investors. He spent the rest. Ponzi’s scheme required an ever-increasing amount of money to keep it from collapsing. However, the scheme never grew big enough to collapse. A Boston newspaper reporter

10

Chapter 1: Introduction to Fraud

investigated Ponzi and found that Europe had less than $1 million in postal reply coupons. Ponzi was given federal and state jail sentences and was later deported. He died a pauper in Brazil. Ponzi has had many imitators, and this type of fraud is known as a Ponzi scheme. “Red flags” Indicating an Investment Scam There are a number of red flags present in most investment frauds. The presence of any one of these red flags does not indicate that an investment is a scam, but the more that are present, the more likely it is that something is fishy. Some of the more important red flags are now described Χ The investment does not make good business sense. For example, the investment has abnormal rate of return, yet is promoted as having a low risk; the promised rate of return is not reasonable when compared to other similar investments; or the investment assumes continued and unrealistic inflation or appreciation in predicting the attractive rates of return. Χ Hurry and high pressure factor. Getting in early is critical; there is a rush to “act now” and invest money immediately. Also, there is pressure to invest all savings. Χ The proposed investment is based on a special or “little-known” tax loophole or taxavoidance scheme. Remember, even if the loophole and tax-avoidance investment is legitimate, it can vanish with a stroke of the congressional pen. Χ The investment approach cannot be fully disclosed. It is one of the investment’s unique reasons for success. Χ The investment depends on kickbacks and/or complicated marketing schemes. It could also involve special concessions to those who have money, or unwritten deals that cannot be talked about because of domestic or foreign laws. Χ The investment’s success depends upon someone’s “unique expertise.” Examples are an uncanny ability to predict commodity prices and pick investments. Remember, even if the claim is accurate, the person with the special skills might leave. Χ Guarantees. However, a written promise is not worth much when a company goes bankrupt. Χ New company in town. This is a red flag if the company offering the investment is new in town, cannot provide financial statements, or is evasive about where the principals come from and what their operations were in previous locations. It is possible that the principals had been involved in bankruptcy or scandals previously. Χ The principals are doing well. The principals in the business are living high on the hog even though the business is relatively new. Just because they look successful does not mean they are. They could be living so high because they are diverting company funds. Χ The investor feels sorry for the principals. The investor wants to put additional money in to help the principals overcome temporary problems. Χ The investor is excited about the investment. It is endorsed by a friend, fellow church member, family member, or new business acquaintance. Or, the emotional desirability of holding the investment or asset is its principal attraction. Summary When 87 percent of managers surveyed indicate that they are willing to commit fraud if it would make their organizations look better, we realize that fraud is a very serious problem. And, unfortunately, societal trends lead us to believe that the problem will not get better any time soon.

11

Chapter 1: Introduction to Fraud

Charles Ponzi Case Charles Ponzi was such a famous swindler that the investment fraud technique he used was named after him, though he was not the first to use the scheme. Carlo Bianchi was born in Italy in 1882. He was a postal worker and attended the University of Rome. In 1903, he dropped out to immigrate to the United States under the name Charles Ponzi. He arrived in Boston with $2.50 in his pocket, having gambled away the rest of his savings during the voyage. Ponzi worked odd jobs until he lost his waiter job for shortchanging customers. He moved to Canada and worked for a bank that paid double the going interest rate by dipping into new accounts. The bank failed and the owner fled to Mexico. Destitute, he forged a $423.58 check and was sentenced to 3 years in prison. To hide his conviction from his mother, he wrote that he had found a job as a "special assistant" to a prison warden. Released after less than 2 years, he was caught smuggling Italians into the U.S. and spent two years in an Atlanta prison. When he was released, he returned to Boston, married in 1918, and started a company that failed. Before his company failed, Ponzi received an international postal reply coupon (a form of prepaid postage) in the mail. A coupon, purchased abroad, could be exchanged in the U.S. for postage to send a letter back abroad. Before World War I, prices were fixed so that the cost of a coupon was the same in every country. When the war ended, many European currencies fell in value while the coupon exchange rate remained the same. Ponzi learned that a coupon purchased in for 1 cent in Europe could be redeemed for six 1-cent stamps in the U.S. Ponzi started the Securities Exchange Company in December 1919 and set out to profit from this price differential. His plan was to: 1. Convert American money into a currency where the exchange rate was favorable 2. Use the funds to purchase postal reply coupons in countries with weak economies 3. Exchange the coupons back into a favorable foreign currency 4. Convert the funds back into American dollars Ponzi claimed 400% profits, after expenses and exchange rate fees. To help fund his purchases, he promised investors a 50% return on their money in ninety days, but claimed he could deliver in just forty-five days. In other words, you could double your money in just 90 days. Ponzi’s notes read as follows: The Securities Exchange Company, for and in consideration of the sum of exactly $1,000 of which receipt is hereby acknowledged, agree to pay to the order of ___________, upon presentation of this voucher at ninety days from date, the sum of exactly $1,500 at the company's office, 27 School Street, room 227, or at any bank.

12

Chapter 1: Introduction to Fraud

The Securities Exchange Company, Per Charles Ponzi. Ponzi hired people to market his investment and paid generous commissions. However, his best marketing was paying early investors double their money in 45 days. By February 1920, Ponzi had taken in $5,000. By July 1920, he had taken in millions. At its peak, he had people lined up for blocks trying to give him money and was taking in over $1,000,000 a week. People were investing their life savings and widows were mortgaging their homes. So much money came in it filled every desk drawer, wastepaper basket, and closet. To support his scheme, Ponzi obtained a controlling interest in the Hanover Trust Bank. Ponzi never invested the money he received in postal reply coupons. Instead, he used the money of later investors to pay off earlier investors. This was easy to do because of the tremendous growth in new money and the roll over of many of the old notes. Ponzi splurged on a lavish lifestyle. He bought a 20-room mansion with air conditioning and a heated swimming pool. He bought the finest jewels and dresses for his wife and the finest suits for himself. His fellow Italians considered him a hero and cheered him wherever he went. Early on, Ponzi was investigated by federal, state, and local authorities but no one could prove wrongdoing. Ponzi paid his notes on time and no one filed a complaint against him. When a furniture dealer sued him unsuccessfully, people who wondered how he could go from broke to multi-millionaire so fast triggered a run on his company. His prompt payments quelled the unrest and demands for repayment. On July 24, 1920, the Boston Post ran a positive article that led to a surge in investments. That same week he met with Massachusetts investigators and promised to stop taking in money while they investigated him. On July 26, the Post began a series of articles questioning Ponzi and his company. One article quoted Clarence Barron, a financial analyst and the publisher of Barrons (a financial newspaper). Barron stated that Ponzi would have to have purchased 160 million postal reply coupons based on the money he had taken in, but there were only some 27,000 in circulation. Barron also stated that the administrative costs necessary to handle the currency exchanges and the transaction costs of purchasing, transporting, and redeeming such a large number of coupons would quickly eat up the profits. The U.S. Post Office confirmed that large quantities of postal reply coupons were not being purchased, either in the U.S. or abroad. The articles caused investors to panic. Large and unruly crowds gathered at the Securities Exchange Company. Ponzi calmed the crowd and gave out free coffee and donuts. Many were so reassured they changed their minds about withdrawing their money. Even so, in three days Ponzi repaid over $2 million in loans to over a thousand people. Ponzi hired James McMasters as his publicity agent. Ponzi’s contradictory statements and the

13

Chapter 1: Introduction to Fraud

ongoing investigations made him so suspicious he quit. He sold his story to the Boston Post, who quoted him as saying that Ponzi was a "financial idiot." On August 2, the Post claimed he was bankrupt. Then the Post disclosed Ponzi's criminal record and published his mug shots. On August 10, federal agents shut down the Securities Exchange Company. They did not find any postal reply coupons. The Hanover Trust Bank was also shut down. Four other banks soon closed their doors. Ponzi was arrested by federal authorities on August 13 and charged with 86 counts of fraud. He was released on a $25,000 bond, immediately arrested by Massachusetts authorities, and released on another $25,000 bond. There were federal and state civil and criminal trials, bankruptcy hearings, individual suits against Ponzi, and suits filed by Ponzi. On November 1, 1920, Ponzi pled guilty to mail fraud and was sentenced to five years in federal prison. In jail, he continued to receive funds from people who still trusted him. An estimated 40,000 people (including ¾ of the Boston Police Force) invested $15 million ($140 million in today’s dollars) in Ponzi’s scheme. That was enough to buy some 180,000,000 postal coupons. Authorities were able to confirm the purchase of only two. Ponzi’s only legitimate income during the fraud was $45 in dividends from five shares of stock. He had assets of $1,593,834.12. It took eight years, but investors eventually received 37% of their money back. Released after serving three and one-half years, Massachusetts sentenced him to nine years. He was released on a $14,000 bond pending an appeal. He jumped bail, fled to Florida, purchased worthless land for $16 an acre, subdivided it into 23 lots, sold each for $10, and made $214 per acre. He promised gullible investors who reinvested their profits that in two years the land would increase in value to $5.3 million. Sentenced to a year in a Florida prison, he jumped bail on June 3, 1926 and fled to Texas. He disguised his appearance by shaving his head and growing a mustache and signed on as a crewman on a merchant ship headed for Italy. He was captured on June 28th when the boat docked in New Orleans. Ponzi was returned to Boston, imprisoned, and released after seven years. He was deported to Italy on October 7, 1934 since he never had become an American citizen. Although his wife eventually divorced him, they exchanged love letters until Ponzi died. In Italy, Ponzi worked as an English translator and tried several unsuccessful schemes. In 1939, he landed a job with Italy’s new airline as the Rio de Janeiro, Brazil branch manager. Ponzi discovered airline officials using the carrier to smuggle currency. When they refused to give Ponzi a cut, he tipped off the Brazilian government. During World War II, Brazilian authorities shut the airline down because it was being used to ship strategic war materials. Ponzi spent the last years of his life in poverty. He was unsuccessful in running a Rio lodge, taught English, and received unemployment funds. He had a stroke in 1948, and died in a charity hospital in Rio de Janeiro on January 18, 1949.

14

Chapter 1: Introduction to Fraud

In the hospital, Ponzi granted an interview to an American reporter: "Even if they never got anything for it, it was cheap at that price. Without malice aforethought I had given them the best show that was ever staged in their territory since the landing of the Pilgrims! It was easily worth fifteen million bucks to watch me put the thing over!" Because Ponzi’s scheme was so large and so talked about, all subsequent “use money from later investors to pay earlier investors” frauds have been called Ponzi schemes.

15

Chapter 1: Review Questions

Chapter 1 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

The Association of Certified Fraud Examiners estimates that fraud costs the U.S.: A. B. C. D.

2.

True or false: Fraud is defined as an intentional act of deceit for the purpose of gaining an unfair advantage that results in an injury to the rights or interests of another person. A. B.

3.

B. C. D.

True. False.

An effective way for an employee to hide theft is to charge the stolen item off to: A. B. C. D.

6.

Waiting for the opportunity to present itself; a pressure existing; and rationalizing the act. Committing the theft itself; converting the asset to personal use; and rationalizing the act. Committing the theft itself; converting the asset to personal use; and concealing the fraud. Waiting for the opportunity to present itself; converting the asset to personal use; and concealing the fraud.

True or false: Concealing a fraud often takes more time and effort and leaves behind more evidence than the actual theft does. A. B.

5.

True. False.

To commit most frauds, a perpetrator must take which three steps? A.

4.

$11 billion a year. $120 billion a year. $660 billion a year. $900 billion a year.

An asset account. A liability account. An equity account. An expense account.

Granting loans to fictitious borrowers is an example of: 16

Chapter 1: Review Questions

A. B. C. D. 7.

Which of the following would involve acts such as the misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information? A. B. C. D.

8.

Employee fraud. Management fraud. External fraud. Investment fraud.

Employee fraud. Management fraud. External fraud. Investment fraud.

A bust-out, a premeditated bankruptcy or insolvency, is an example of: A. B. C. D.

Employee fraud. Management fraud. External fraud. Investment fraud.

17

Chapter 1: Review Question Answers and Rationales

Chapter 1 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

The Association of Certified Fraud Examiners estimates that fraud costs the U.S.: A.

B.

C.

D.

2.

True or false: Fraud is defined as an intentional act of deceit for the purpose of gaining an unfair advantage that results in an injury to the rights or interests of another person. A.

B.

3.

$11 billion a year. This answer is incorrect because $11 billion is what the Association of Certified Fraud Examiners estimates as the cost of violent crime, not the cost of fraud. $120 billion a year. This answer is incorrect because the Association of Certified Fraud Examiners estimates that fraud costs the United States $660 billion a year, not $120 billion. $660 billion a year. This answer is correct because the Association of Certified Fraud Examiners estimates that fraud costs the United States $660 billion a year. $900 billion a year. This answer is incorrect because the Association of Certified Fraud Examiners estimates that fraud costs the United States $660 billion a year, not $900 billion.

True. This answer is correct because fraud is defined as an intentional act of deceit for the purpose of gaining an unfair advantage that results in an injury to the rights or interests of another person. False. This answer is incorrect because it is true that fraud is defined as an intentional act of deceit for the purpose of gaining an unfair advantage that results in an injury to the rights or interests of another person.

To commit most frauds, a perpetrator must take which three steps? A.

B.

C.

D.

Waiting for the opportunity to present itself; a pressure existing; and rationalizing the act. This answer is incorrect because the opportunity presenting itself; a pressure existing; and rationalizing the act are not the three steps a perpetrator must take to commit most frauds. Committing the theft itself; converting the asset to personal use; and rationalizing the act. This answer is incorrect because rationalizing the act is not one of the three steps a perpetrator must take to commit most frauds. Committing the theft itself; converting the asset to personal use; and concealing the fraud. This answer is correct because with most frauds the three steps a perpetrator must take are the theft itself, converting the asset to personal use, and concealing the fraud. Waiting for the opportunity to present itself; converting the asset to personal use; and concealing the fraud. This answer is incorrect because the opportunity

18

Chapter 1: Review Question Answers and Rationales

presenting itself is not one of the three steps a perpetrator must take to commit most frauds. 4.

True or false: Concealing a fraud often takes more time and effort and leaves behind more evidence than the actual theft does. A.

B.

5.

An effective way for an employee to hide theft is to charge the stolen item off to: A.

B.

C.

D.

6.

An asset account. This answer is incorrect because balance sheet accounts are not zeroed out at the end of the year which requires the employee to continue to hide the fraud year after year. A liability account. This answer is incorrect because balance sheet accounts are not zeroed out at the end of the year which requires the employee to continue to hide the fraud year after year. An equity account. This answer is incorrect because balance sheet accounts are not zeroed out at the end of the year which requires the employee to continue to hide the fraud year after year. An expense account. This answer is correct because the expense accounts are zeroed out at the end of the year which limits the employee’s principal exposure to a year or less.

Granting loans to fictitious borrowers is an example of: A.

B.

C. D.

7.

True. This answer is correct because concealing a fraud often does take more time and effort and leave behind more evidence than the actual theft does. False. This answer is incorrect because it is true that concealing a fraud often takes more time and effort and leaves behind more evidence than the actual theft does.

Employee fraud. This answer is correct because granting loans to a fictitious borrower would be perpetrated by an employee, making the fraud an example of employee fraud. Management fraud. This answer is incorrect because management fraud is related to helping the company look better by fraudulent financial reporting rather than stealing from the company by granting loans to fictitious borrowers. External fraud. This answer is incorrect because external fraud is perpetrated by an outside entity such as a customer or a vendor, rather than an employee. Investment fraud. This answer is incorrect because investment fraud occurs when the perpetrator sells an investor a worthless or overpriced investment or promises an unusually high rate of return that cannot be honestly earned rather than stealing from the company by granting loans to fictitious borrowers.

Which of the following would involve acts such as the misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information?

19

Chapter 1: Review Question Answers and Rationales

A.

B.

C. D.

8.

Employee fraud. This answer is incorrect because employee fraud is related to the misappropriation of assets rather than fraudulent financial reporting perpetrated by management. Management fraud. This answer is correct because the misrepresentation in, or intentional omission from, the financial statements of events, transactions, or other significant information would be perpetrated by management, making the fraud and example of management fraud. External fraud. This answer is incorrect because external fraud is perpetrated by an outside entity such as a customer or a vendor, rather than management. Investment fraud. This answer is incorrect because investment fraud occurs when the perpetrator sells an investor a worthless or overpriced investment or promises an unusually high rate of return that cannot be honestly earned rather than fraudulent financial reporting perpetrated by management.

A bust-out, a premeditated bankruptcy or insolvency, is an example of: A.

B.

C.

D.

Employee fraud. This answer is incorrect because employee fraud is related to the misappropriation of assets through knowledge and understanding of the company’s policies and procedures for safeguarding assets rather than stealing from the company by a premeditated bankruptcy or insolvency. Management fraud. This answer is incorrect because management fraud is related to helping the company look better by fraudulent financial reporting rather than stealing from the company by a premeditated bankruptcy. External fraud. This answer is correct because a premeditated bankruptcy or insolvency would be perpetrated by an external third-party, making the fraud an example of external fraud. Investment fraud. This answer is incorrect because investment fraud occurs when the perpetrator sells an investor a worthless or overpriced investment or promises an unusually high rate of return that cannot be honestly earned rather than stealing from the company by a premeditated bankruptcy.

20

Chapter 2: Who Commits Fraud and Why

Chapter 2 – Who Commits Fraud and Why Learning Objectives After completing this section of the course, you should be able to: 1. Identify the various types of fraud perpetrators, describe their characteristics, and explain their reasons for committing fraud 2. Assess fraud risk and the benefits of fraud prevention techniques When a new fraud is discovered, one of the most frequently asked questions is “Why in the world did they do it?” The question is asked so frequently because the perpetrator is often a well-respected employee who seemingly has everything to lose and not much to gain by committing the fraud. This chapter explains who commits fraud and why they commit it. Anyone who wants to prevent or detect fraud must understand who it is that commits fraud and what motivates him or her to do so. We will first discuss what is known about fraud perpetrators to see if we can build a profile that will help us spot potential perpetrators. We will then turn our attention to societal forces that contribute to the increase in fraud. Profile of the Fraud Perpetrator Researchers at Brigham Young University conducted an empirical study to answer the question “Are fraud perpetrators, as a group, different from the normal population, and are they different from other property offenders?” The researchers conducted the study by comparing the personality, criminal, and demographic characteristics of incarcerated fraud perpetrators (those in a position of responsibility who illegally appropriated money from their employers) with those of other incarcerated property offenders and normal population (represented by a group of students). Significant differences were found between the fraud perpetrators and the other property offenders. Fraud perpetrators: • Were more likely to be first-time offenders; • Were less likely to get arrested, convicted, incarcerated, or to serve long sentences; • Were older (possibly because it usually takes a while to get in a position of responsibility); • Were more likely to be women (30 percent, as compared to only two percent of the property offenders); • Had a more stable family life (more likely to be married, less likely to be divorced). • Had more children; • Were better educated; • Were more likely to be active church members; • Were less likely to use alcohol and drugs; • Were less likely to be criminally inclined or to have a past criminal record; and • Were in better psychological health. They were more optimistic, kind, empathetic, socially conforming, and ambitious. They had higher self-esteem, self-control, and selfsufficiency. They had less depression, self-degradation, impulsiveness, hostility, dependence, and family discord.

21

Chapter 2: Who Commits Fraud and Why

The researchers found few differences between the fraud perpetrators and the normal population. As compared to the normal population, the fraud perpetrators were: • More dishonest; • More independent; • More sexually mature; • More socially deviant; • More empathetic; and • Suffered more psychic pain. Most of the above differences can be explained by the differences in the ages of the two populations. On average, fraud perpetrators are older than the normal population. Therefore, you would expect them to be more independent and sexually mature. Also, you might expect incarcerated fraud perpetrators to be more dishonest, empathetic, and to have suffered more psychic pain. This and other studies show that the profile of property offenders, such as bank robbers and burglars, is different from that of the “normal” population. In contrast, fraud perpetrators tend to mirror the general public in terms of education, age, religion, marriage, length of employment, and psychological makeup. In other words, there are not enough differences between fraud perpetrators and the normal population to distinguish them from the general public. Many fraud perpetrators are regarded as ideal employees; that is, dedicated, talented, intelligent, well-educated, and hard-working. Before committing the fraud, they considered themselves to be honest, upstanding citizens who were valued and respected members of their communities. This is born out in a study of 212 actual cases of fraud. In that study: 1. Many audit directors responding to the fraud survey stated that the defrauders had to be among the best employees in order to perpetrate and cover up the fraud while performing at least satisfactory work. • Thirty-eight percent of the perpetrators were described as being among the company’s best employees prior to the detection of the fraud. • Fifty-nine percent were described as being average employees. • Three percent were described as being among the worst employees. 2. Most of the perpetrators were between the ages of 26 and 45. • Fourteen percent were younger than 26. • Thirty-eight percent were between the ages of 26 and 35. • Thirty-five percent were between the ages of 36 and 45. • Thirteen percent were older than 45. 3. Most perpetrators were not able to operate their fraud for very long before they were caught. • Fifty-one percent of the frauds were committed for less than a year. • Twenty-two percent were committed from one to two years. • Thirteen percent were committed from two to three years. • Fourteen percent were committed for more than three years. 4. The less time they were employed, the more likely they were to commit a fraud. • Twenty-six percent were employed less than three years.

22

Chapter 2: Who Commits Fraud and Why

• Fifteen percent were employed between three and five years. • Thirty-one percent were employed between five and 10 years. • Twenty-one percent were employed between 10 and 20 years. • Seven percent were employed more than 20 years. 5. The older the perpetrator, the greater the amount of the fraud. 6. Most perpetrators were not college graduates. • Fifty-two percent had some high school education or had graduated from high school. • Sixteen percent had some college education. • Twenty-six percent were college graduates. • Six percent had some graduate school education. 7. Over 40 percent of the perpetrators were women. The amounts women took were, on average, less than that taken by the men. A possible explanation is that the women had been employed for a shorter period of time than the men. Therefore, there were fewer women in positions of trust and more women in what would be called clerical positions. Because fewer of the women were in positions of trust, they were less able to take large sums of money. 8. Seventy-one percent of the frauds were perpetrated by a single individual; 29 percent involved collusion. This is probably due to the fact that bringing another person into the fraud is risky. In addition, most perpetrators do not want to share their ill-gotten gains unless it is necessary to do so. 9. Few frauds (18 percent) were uncovered by auditors. This is not unusual in that most audits are not conducted specifically for the purpose of detecting frauds. On the other hand, it is disturbing that so few of the frauds were actually uncovered during the course of a normal audit. 10. Forty-nine percent of the frauds were uncovered by accident, and 33 percent were uncovered by anonymous tips. This illustrates that one effective way to detect fraud is to set up some mechanism, such as a fraud hot line, to encourage anonymous tips. When the results of these two studies are combined, we can conclude that it is relatively difficult to profile fraud perpetrators or to predict who will move from being an otherwise honest, upright citizen to becoming a perpetrator of a fraud. The above profile describes “noncareer” criminals. Recently more “career” criminals have found fraud to be a lucrative occupation. Example: FBI director Louis Freeh testified before the Senate Special Committee on Aging that cocaine distributors in Florida and California are switching to less risky but equally profitable health-care scams. Their chances for detection are much less than with trafficking drugs, and the profits are staggering. The bureau has some 1,500 cases backlogged and would need to double the size of its 249-agent investigative team to be taken seriously by scam artists who trade in bogus medical cards and phony insurance claims. Social Forces Contributing to Fraud There are a number of societal trends or conditions that directly or indirectly contribute to fraud. These social forces are influenced by political and economic conditions and social expectations.

23

Chapter 2: Who Commits Fraud and Why

We will discuss five of them: 1. Ostracism of the whistle-blower; 2. Failure to report fraud; 3. Failure of businesses to prosecute fraud perpetrators; 4. Failure of law-enforcement officials to prosecute fraud perpetrators; and 5. Light sentences given to perpetrators. Ostracism of the Whistle-Blower Ostracism of the whistle-blower is one societal factor that indirectly contributes to fraud. There are numerous cases where the person blowing the whistle on a fraud has suffered more than the perpetrator. When others see what happens to those who blow the whistle, they are reluctant to come forward themselves. In essence they say, “I do not want what happened to [the whistleblower] to happen to me.” Example: One executive became a mole for a governmental agency and fed them information about his employer’s illegal activities. When the case went public and his name was accidentally disclosed, the whistleblower suffered severe consequences. His employer charged him with theft, he was fired and locked out of the company’s headquarters, his name was dragged through the mud by the press and news agencies, the people in town stopped speaking to him, and his kids were picked on in school by other children. He finally attempted suicide to escape what was happening. Failure to Report Fraud Many companies are reluctant to report detected frauds (less than 10 percent in one study) because a highly visible fraud is a public-relations disaster. In some cases, the company loses more from the adverse publicity than from the fraud itself. It also reveals the vulnerability of their system, thereby possibly attracting more acts of fraud. Failure of Businesses to Prosecute Fraud Perpetrators Many businesses do not prosecute employees that commit a fraud. There are a number of reasons for this. • Often the perpetrator has spent the money that was stolen and has no assets to recover. • Lawsuits are costly to pursue. • Law-enforcement officials are not particularly interested in pursuing fraud cases in court. • The company does not want to open themselves up to a countersuit for defamation of character, wrongful termination, etc. Failure of Law-Enforcement Officials to Prosecute Fraud Perpetrators There are a number of reasons why law enforcement officials and the courts do not prosecute fraud perpetrators. • Law-enforcement officials and the courts are so busy with violent crimes that they have little time for fraud cases where there is no bodily harm. • Fraud is time-consuming to investigate: o It is difficult to obtain court-admissible evidence; o It is costly to prosecute; and o It is hard to prove.

24

Chapter 2: Who Commits Fraud and Why

• • • •

o As a result, it is harder to successfully prosecute fraud cases and to get convictions than it is for many other types of crime. Many law-enforcement officials, lawyers, and judges lack the skills necessary to investigate, prosecute, and evaluate some types of fraud, such as computer fraud. Law-enforcement officials are reluctant to prosecute cases when the companies recover all or most of the funds lost. The definition of fraud is so vague no one really knows how much it really costs, so there is not much motivation to go after fraud cases. Law-enforcement officials sometimes do not have adequate laws to go after fraud perpetrators and make the charges stick.

Example: In one case, law-enforcement officials did not have a law that dealt specifically with computer fraud. They had to prosecute using laws written for other purposes. The problem of an inadequate computer-fraud law was partially resolved in the United States in 1986 when Congress passed the Fraud and Abuse Act. The law makes it illegal to knowingly gain access to computers with intent to defraud; and buy and sell computer passwords. The computer fraud is a felony if more than $1,000 of software is damaged or if money, goods, or services are stolen. The penalties are severe: 1-5 years for the first offense, 10 years for the second offense; and 20 years for three or more offenses. The range of possible fines is up to $250,000 or twice the value of the stolen data. Light Sentences for Perpetrators When fraud cases are prosecuted and a conviction is obtained, the sentences received are often very light. Jack Anderson, a columnist, was quoted as saying that the average sentence for a fraud perpetrator was one year in jail for every $10 million stolen. Example: One judge, when sentencing convicted white-collar criminals, stated that all of them were God-fearing men, highly civic-minded, who have spent their lifetimes in sincere and honest dedication and service to their families, their churches, their country, and their communities. He said he could never send them to jail. Example: A man who stole $1 million from a phone company was sentenced to 40 days in a work-release program and fined $8,500. Example: One of the most famous cases of a light sentence was that of C. Arnold Smith. He was the owner of the San Diego Padres baseball team and was named Mr. San Diego of the Century. He was very involved in the community and made heavy political contributions. However, Mr. Smith was also charged with the theft of $200 million from his bank. He pleaded nolo contendre to the charges and he was given a sentence of four years probation and a $30,000 fine. The fine was to be paid at the rate of $100 a month for the following 25 years, with no interest. Mr. Smith was 71 at the time. The embezzled money was never recovered. Studies estimate the probabilities of a person going to jail if they commit a fraud. One study

25

Chapter 2: Who Commits Fraud and Why

found: Χ Χ Χ Χ

Fifty-one percent of the perpetrators were prosecuted; Ninety-eight percent of the prosecutions resulted in convictions; Thirty-one percent of those convicted were incarcerated; and Seventy-two percent of those incarcerated received a sentence for a year or more.

Putting those percentages together, only 15.5 percent (0.51 x 0.98 x 0.31) of the detected perpetrators were prosecuted, convicted, and incarcerated. Only 11 percent (0.51 x 0.98 x 0.31 x 0.72) were incarcerated for a year or more. If we conservatively estimate that only 25 percent of frauds are detected, then less than four percent of all fraud perpetrators go to jail. For perpetrators of computer fraud, the odds are even better that they will pull off the fraud without even being detected. The FBI estimates that only one percent of all computer frauds are detected. A study of actual cases of computer fraud showed that only 12 percent are reported to the law. Eighteen percent of those reported are convicted and imprisoned. If these estimates represent what actually exists in the world of business, a computer-fraud perpetrator only has a one in 4,630 chance [1/(0.01 x 0.12 x 0.18)] of being detected, prosecuted, convicted, and incarcerated. Those are pretty good odds considering that the average loss to computer fraud is over $500,000. The Fraud Triangle Research shows that three conditions are necessary for fraud to occur: Χ A situational pressure (a nonsharable financial need); Χ A perceived opportunity to commit and conceal the dishonest act (viewed as a way to secretly resolve the nonsharable pressure); and Χ A flaw in the individual’s personal integrity that allows them to rationalize their dishonest behavior. As illustrated below, these three interrelated forces are referred to as the fraud triangle.

26

Chapter 2: Who Commits Fraud and Why

Pressures Pressures refer to the non-sharable problems individuals have that motivate them to act dishonestly. It is a person’s incentive or motivation for committing fraud. Three common types of pressures that lead to employee fraud are shown in the Employee Pressure triangle One type of pressure motivating misappropriation of assets, or employee fraud, is financial in nature. Examples include living beyond one’s means, having heavy financial losses, or high personal debt. Often, the perpetrator feels such pressures cannot be shared with others and believes fraud is the only or the best way out of their difficult situation. For example, Raymond Keller worked his way up from driving a coal truck to owning a grain elevator. He made money by trading on commodities and built a lavish house overlooking the Des Moines River. His financial situation declined and Raymond had a severe cash shortage and went deeply into debt. He asked some farmers to wait for their money, and he gave others bad checks. Finally, the seven banks to which he owed over $3 million began to call in their loans. So Raymond began to sell grain that did not belong to him (he stored it for local farmers) to cover his losses. When a state auditor showed up at his door unexpectedly, Raymond chose to take his life rather than face the consequences of his fraud. A second type of employee pressure is related to emotional feelings or problems. Many employees are motivated by greed. Some employees turn to fraud because they have strong feelings of resentment or believe they were treated unfairly. They may feel that their pay is too low, that their contributions to the company are not appreciated sufficiently, or that the company is taking advantage of them. In one case, an accountant in California, who was passed over for a raise, increased his salary by 10 percent, the amount of an average raise. When apprehended, he defended his actions by saying he was only taking what was rightfully his. When asked how he would have felt if he had increased his salary by 11 percent, he responded that he would have

27

Chapter 2: Who Commits Fraud and Why

been stealing 1 percent. Other people are motivated by the challenge of “beating the system” or subverting system controls and breaking into a system. In one case, a company boasted in its advertisements that its new information system was so secure that outsiders would not be able to break into it. Within 24 hours of the system’s implementation, a team of individuals had broken into the system and left a message that the impenetrable system had just been compromised. A third type of employee pressure is related to a person’s lifestyle. These include the need for funds to support a gambling habit (or pay off gambling debts) or support an addiction or problem with drugs or alcohol. Some people commit fraud to keep pace financially with other family members. For example, one plastic surgeon, making up to $800,000 a year, defrauded his clinic of over $200,000 so that he could compete with family members who engaged in a game of financial one-upmanship. The three types of organizational pressures that motivate management to misrepresent their financial statements are shown in the Financial Statement Pressure triangle. The most prevalent financial pressure is a need to meet or exceed earnings expectations to keep the stock price from falling. Management can also create significant pressure for themselves with unduly aggressive earnings forecasts that they then feel they have to meet. They can also create unrealistic performance standards or incentive programs that motivate themselves and others to falsify financial results to keep their job or to receive stock options and other incentive payments. Lastly, industry conditions such as new regulatory requirements or significant market saturation with declining margins can also motivate fraud. People often believe these pressures are nonsharable and not solvable in a socially sanctioned manner. These pressures can become so intense that people feel they have to act and decide that fraud is the only (or the most satisfactory) solution. Example:

One inmate serving time in prison for fraud described his pressure this way: “I’m as honest as the next fellow, but I was backed up against the wall. I did not have any other alternative.”

Opportunities As shown in the opportunity triangle, opportunity is the condition or situation that allows a person or organization to do three things: commit the fraud, conceal the fraud, and convert the theft or misappropriation to personal gain. 1. Commit the fraud. The theft of assets such as cash, inventory, tools, supplies, information, and computer time and services is the most common type of employee fraud. Most fraudulent financial reporting consists of the overstatement of assets or revenues, the understatement of liabilities, or the failure to disclose information. 2. Conceal the fraud. When assets are stolen or overstated, the only way to balance the accounting equation is to inflate other assets or to decrease liabilities or equity. Unless perpetrators find some way to keep the accounting equation in balance, their theft or financial statement misrepresentation can be discovered. Concealment often takes more effort and time

28

Chapter 2: Who Commits Fraud and Why

and leaves behind more evidence than the actual theft or misrepresentation. For example, taking cash requires only a few seconds, whereas altering records to hide the theft can be more challenging and time consuming. A common and effective way to hide a theft is to charge the stolen item to an expense account. The perpetrator’s exposure is limited to a year or less, because the expense accounts are zeroed out at the end of the year. On the other hand, perpetrators who hide a theft by affecting a balance sheet account must continue the concealment. One way to hide a decrease in assets is a lapping scheme, in which the perpetrator steals the cash or check that Customer A mails in to pay its accounts receivable. Funds received at a later date from Customer B are used to pay off customer A’s balance. Funds from Customer C are used to pay off B, and so forth. Because the theft involves two asset accounts (Cash and Accounts Receivable) the cover-up must continue indefinitely unless the money is replaced, because the theft will be uncovered if the scheme is stopped. In a check kiting scheme, the perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank. For example, suppose a fraud perpetrator opens checking accounts in banks A, B, and C. The perpetrator can “create” cash by depositing a $1,000 check from bank A into bank B and withdrawing the funds. If it takes two days for his check to clear bank A, he has created $1000 for two days. After 2 days, since there are insufficient funds in bank A to cover the $1,000 check, the perpetrator deposits a $1,000 check from bank C to bank A. He has covered the creation of the $1000 for another 2 days. Since bank C also has insufficient funds, $1,000 must be deposited to bank C before the check to bank A clears. The check to bank C is written from bank B, which also has insufficient funds. The scheme continues, writing checks and making deposits as needed to keep the checks from bouncing. 3. Convert the theft or misrepresentation to personal gain. In employee fraud, all fraud perpetrators go through the conversion phase unless they steal actual cash that can be spent or use the asset personally. For example, employees who steal inventory and equipment must sell them or otherwise convert them to cash. When financial statements are falsified, the perpetrators convert their actions to personal gain through indirect benefits: they keep their jobs, their stock rises, they receive pay raises and promotions, or they gain more power and influence. The list of opportunities that make fraud easy to commit and conceal is almost endless. Opportunities often stem from internal control factors. For example, a perpetrator may be able to commit and conceal a fraud because the company did not implement proper controls such as proper authorization procedures, clear lines of authority, adequate supervision, adequate documents and records, a system to safeguard assets, or independent checks on performance. Likewise, there may not be a separation of duties among the authorization, custodial, and recordkeeping functions. Management may allow fraud to occur by not getting involved in designing or enforcing the system of internal control or through inattention or carelessness. Alternatively, they may commit the fraud by overriding internal controls or using their position of power to compel those below them to carry out the fraud. However, the most prevalent opportunity for fraud results from a company’s failure to enforce its system of internal controls.

29

Chapter 2: Who Commits Fraud and Why

A control feature many companies lack is a background check on all potential employees. This would have saved one company from the “phantom controller.” In that case, the company president stopped by the office one night, saw a light on in the controller’s office, and went to see why he was working so late. He was surprised to find a complete stranger at work. An investigation showed the controller was not an accountant and had been fired from three of his previous five jobs in the last 8 years. Because he was unable to do the accounting work, he had hired someone to come in at night to do his work for him. Before his scam was discovered, the controller defrauded the company of several million dollars. There are other factors that provide an opportunity to commit and conceal fraud such as large, unusual, or complex transactions; numerous adjusting entries at year-end; questionable accounting practices; pushing accounting principles to the limit; or related-party transactions. Other factors include incompetent personnel, inadequate staffing, rapid turnover of key employees, lengthy tenure in a key job, and lack of training. Other opportunities arise when the company has unclear policies and procedures, fails to teach and stress corporate honesty, and fails to prosecute those who perpetrate fraud. Many frauds arise when employees build mutually beneficial personal relationships with customers or suppliers. For example, a buyer could agree to purchase goods at an inflated price in exchange for a kickback from the vendor. Frauds can also occur when a crisis arises and the company disregards its normal control procedures. For instance, one Fortune 500 company was hit with three multi-million-dollar frauds in the same year. All three took place when the company was trying to resolve a series of crises and failed to follow the standard internal control procedures. Rationalizations The third element of the fraud triangle is a rationalization that allows perpetrators to justify their illegal behavior. Rationalization can take the form of a justification of one’s actions (I only took what they owed me), an attitude (the rules do not apply to me), or a lack of personal integrity (having what I want is more important than being honest). In other words, perpetrators rationalize that they are not actually being dishonest, that honesty is not required of them, or that their reasons for committing fraud are more compelling than honesty and integrity. Some perpetrators rationalize that they are not hurting a real person; it is just a faceless and nameless computer system that is affected or a large, impersonal company that will not miss the money. For example, one perpetrator took pains to steal no more than $20,000, which was the maximum that the insurance company would reimburse the company for losses. The list of rationalizations people use is lengthy. Here are some of the most frequent: Χ Χ Χ Χ

I am only “borrowing” the money (or asset) and will repay my “loan.” You would understand if you knew how badly I needed it. What I did was not that serious. It was for a good cause. (The Robin Hood syndrome, robbing from the rich to give to the poor.)

30

Chapter 2: Who Commits Fraud and Why

Χ Χ Χ Χ

I occupy a very important position of trust. I am above the rules. Everyone else is doing it, so it is not that wrong. No one will ever know. The company owes it to me, and I am taking no more than is rightfully mine.

Interaction of the Fraud-Triangle Elements The decision to commit fraud is determined by the interaction of all three forces. Fraud occurs when people have high pressures, an opportunity to commit and conceal the fraud and convert the action to personal gain, and the ability to rationalize away their personal integrity. Fraud is less likely to occur when people have few pressures, little opportunity, and high personal integrity that makes them less likely to rationalize fraud. Usually all three elements of the fraud triangle must be present to some degree before a person commits fraud. A useful way to visualize the interactions is shown below. Fraud: Interaction of Forces

Note the following about the figure: • It contains a balance scale with three connecting bars at the top. • Each bar represents one of the three elements of the fraud triangle. • Each bar has a weight that can move independently in either direction. • The sizes of the weights and their locations along the bars determine which side of the scale is heaviest. • The balance tips in favor of committing fraud when any combination of the three weights is sufficient.

31

Chapter 2: Who Commits Fraud and Why

If individuals have a strong generalized honesty characteristic, they may theoretically withstand the cumulative weight of the other two variables. However, some will argue that everyone has a price. It is reported that Abraham Lincoln once angrily kicked a man out of his office. When asked about his actions, Lincoln stated that he had just turned down a substantial bribe. Then he stated “Every man has his price, and he was getting close to mine.” A person with personal integrity and little opportunity or pressure to commit fraud will most likely behave honestly. However, the conditions for fraud become more enticing as individuals with less personal integrity are placed in situations with increasing pressures and greater opportunities to commit the crime. Individuals placed in difficult circumstances may feel that the only way out is to choose between their integrity and one or more of the following: their business; their positions in the community; their reputations; or prestige. When they choose to sacrifice their integrity, fraud is often the result. In the life of a perpetrator, the three variables contributing to fraud build until they are sufficiently strong to result in the occurrence of a fraudulent act. Example: One young lady from a family that believed strongly in sexual abstinence before marriage became pregnant out of wedlock. She feared the reaction of her parents, teachers, and peers and felt she could not share her problem with them. At work she handled a lot of cash and was trusted completely by the owner of the company. She realized that it would be easy for her to take $500 and pay for an abortion. She rationalized her actions by telling herself that she was not stealing; she was just borrowing the money and would pay it back later. The money was never missed, and soon she was unable to resist this “easy” access to cash. Subconsciously, she decided that the things she could buy with the embezzled funds were more important than her integrity. By the time she was caught she had embezzled almost $90,000. Fraud can be prevented by eliminating or minimizing one or more of the fraud triangle elements. While there are things companies can do to reduce or minimize pressures and rationalizations, their greatest opportunity to prevent fraud lies in reducing or minimizing the opportunity to commit fraud. This is typically done by implementing a good system of internal controls. Fraud Prevention Program When all three fraud-triangle elements are present in the right proportions, many people will steal. Unfortunately, auditors and company management typically only attack one of the three elements necessary for fraud: recognizing and limiting the opportunities. They do little to recognize and control situational pressures and they do little to improve or monitor personal integrity. Therefore, to effectively prevent fraud we must work to eliminate all three elements in the fraud triangle. To effectively prevent fraud, one must understand the fraud triangle. One must comprehend the pressures that employees and company management face, the opportunities that allow a person to commit and conceal the fraud, and the thinking patterns that allow a perpetrator to justify the dishonest act. 32

Chapter 2: Who Commits Fraud and Why

However, understanding these risk factors is not sufficient. To prevent fraud, you must also know what you can do to lessen or mitigate each of the three types of risk factors. What you need is a fraud prevention program. In the long run, it is much less expensive to have a fraud prevention program than it is to ignore the problem until a fraud surfaces. If you can prevent a fraud, you: Χ Minimize losses due to undetected frauds; Χ Avoid fraud investigation costs; Χ Do not have to make the tough decision of whether or not to prosecute; Χ Avoid lawsuits and legal costs; and Χ You are not distracted from company goals and do not waste time. One way to develop a fraud prevention program is to follow the risk-assessment strategy shown below. We will now walk you through the major steps in this strategy. This strategy should be followed for each risk factor identified.

33

Chapter 2: Who Commits Fraud and Why

Identify Fraud Risk Factors A company must identify the potential fraud risk factors they face, such as a poorly designed system of internal controls, workplace pressures brought on by downsizing, or a hiring process that does not adequately screen prospective employees. Statement on Auditing Standards No. 99 identifies three categories of risk factors that relate to both misstatements arising from misappropriation of assets and misstatements arising from fraudulent financial reporting. As mentioned earlier, these three categories are: (i) pressures/incentives; (ii) opportunities; and (iii) attitudes/rationalizations. The likelihood or probability that a fraud will actually take place is referred to as fraud risk. Some risk factors pose a greater risk because the probability of their occurrence is more likely. For example, employees at a steel mill are more likely to steal cash than coils of steel. The dollar amount that could be lost if a particular risk factor led to a fraud is referred to as fraud exposure. Fraud exposure can range from very small to very large, depending on the nature of the fraud and how long it persists. Fraud risk and exposure must be considered together. The risk of collusion among top management resulting in materially misleading financial statements may be very small, but the exposure can be enormous. It could completely destroy a company and force it into bankruptcy. On the other hand, the risk of a petty-cash fraud may be much greater, but the exposure is quite small. As either fraud risk or exposure increases, the materiality of the fraud risk factor and the need to protect against it also rise. Identify Fraud Prevention Techniques One or more techniques to protect the company from each risk factor must be identified. In evaluating the benefits of specific techniques, management should consider their effectiveness and timing. All other factors being equal, prevention techniques are superior to detection techniques. By the time a detection technique identifies a problem, a certain amount of loss may already have been sustained, and additional cost may be required to correct the problem. If prevention techniques fail, however, and a fraud occurs, detection techniques are essential to discover the fraud and recover from it. Prevention and detection techniques complement each other, and a good fraud prevention program should employ both. No fraud prevention program can ever provide an organization with foolproof protection against all frauds. The cost of a foolproof system is prohibitively high. Since fraud prevention techniques can negatively impact operational efficiency, having too many of them slows the system down and makes it inefficient -- restricting a company’s ability to meet its needs. Therefore, the objective in designing a fraud prevention program is to provide “reasonable

34

Chapter 2: Who Commits Fraud and Why

assurance” that a fraud does not take place. This means the benefit of a fraud prevention technique must exceed its cost. Prevention-technique costs are easier to measure than their benefits. The primary cost element is personnel, and it includes time to perform the prevention procedures; costs of hiring additional employees to achieve effective segregation of duties; and costs of programming techniques into a computer system. Prevention-technique benefits stem from reduced fraud losses. One way to calculate fraudprevention-technique benefits involves expected fraud loss, the mathematical product of fraud risk and fraud exposure: Expected Fraud Loss $ = Fraud Risk % x Fraud Exposure $ The benefit of a prevention technique is the difference between the expected loss with the prevention technique and the expected loss without it. Once the benefits and costs of a particular control have been estimated, a determination must be made whether the control is cost-beneficial. To make this determination, the cost of the prevention technique is subtracted from the benefit. In evaluating the costs and benefits of prevention techniques, management must employ good judgment and consider factors other than those reflected in the simple expected-benefit calculation. For example, a fraud exposure may be so large that it threatens the organization’s continued existence. In such cases, management should be willing to implement prevention techniques having a cost higher than the simple reduction in expected loss. This extra cost can be viewed as an insurance premium to protect the organization against catastrophic loss. The Unforgiving Casino Case Jim sat on his stool in front of the blackjack table as the waitress offered him his fifth drink. As the dealer drew another blackjack, Jim knew he was finished. He had just gambled away his children’s college fund. He quickly downed his last drink, numbing himself for the eventual confrontation with his wife, Tammy. He stumbled to his hotel room, hoping to wake up and realize that this evening was nothing more than a nightmare. While driving back to San Jose from Reno Sunday morning, Jim could not face the embarrassment. His thoughts turned to coming up with a plan to restore the children’s college fund before Tammy discovered it was missing. He was sure that if he only had an extra $500, he could have won the money back. How would he get $500? Jim gave this idea considerable thought. Before he knew it, he was pulling into his driveway. Tammy greeted him with a smile and asked how the convention was. Without thought, he swiftly replied, “Oh, it was your usual convention,” never letting on to his lack of attendance. Still preoccupied with the loss of the college fund and the need for an extra $500, Jim drove his late-model Buick to work. At 10:00 a.m., an accounts payable clerk came to his office seeking

35

Chapter 2: Who Commits Fraud and Why

assistance with a problem. The clerk was matching invoices with purchase orders and had found an invoice for $3,200 that did not match the purchase order. Immediately, Jim knew how he could get the $500 “loan.” Chips ‘R’ Us was a fast-growing microchip producer whose internal controls were excellent on paper but were sometimes not followed. Chips ‘R’ Us also had a policy of paying, without secondary approval, any invoice of $500 or less. Without much thought, Jim’s plan was in place. He would first set up a dummy company that would issue an invoice to Chips ‘R’ Us for $500. He knew his winnings would not only replace the college fund, but would also allow him to repay the company. Jim could not believe how easy it was to borrow the money. The check showed up in a post office box he had opened a few days earlier. His next meeting would be in Las Vegas at the end of the month, but Jim could not wait. He needed to win his children’s money back. Jim phoned Tammy with the “bad news”: He and the controller would have to fly to Los Angeles over the weekend to meet with the lawyer over a company matter. Within minutes, he was in his car driving that familiar road to Reno. It was close to midnight when he arrived. He wasted no time checking in, then went straight to the craps table. He knew that by 1 a.m. he would have the college fund back. By 4 a.m., Jim was not only out of money, but his personal checking account was $600 in the red. Jim was concerned about this loss, but not as worried as he had been before. He would simply take out another “loan” from Chips ‘R’ Us. As Jim went to work Monday morning, he was not his happy-go-lucky self. Feeling guilty about his unauthorized loan, which was now gone, Jim kept to himself and did not joke with his fellow employees. On one occasion, Jim stuck his head out of the office door and falsely accused his secretary of not calling his attention to a memorandum from the controller. This was a rough time emotionally for Jim; some days he was himself, other days he acted as if he were a completely different person. Within six months, Jim had set up two more dummy companies and insisted that accounts payable clerks not verify any invoice of less than $750, allowing him to meet his ever-increasing “needs.” No one ever questioned Jim on this new policy because he had worked for the company for over 10 years and was a “trusted” employee who was respected by those who worked with him. Soon after the new policy was in place, Jim decided to reward himself for his “hard work” by buying a new BMW 730i. The office staff was alive with gossip when Jim drove up in the new car. No one could understand how he could afford such a beautiful automobile. Jim explained his good fortune to one employee by saying that he was able to put down a large initial payment with winnings from Reno. Three years later, Jim had not repaid the “loan” back and was taking more money than ever from Chips ‘R’ Us. He now had a total of eight dummy companies. He was still convinced that he would repay the loans, but he had lost track of how much money he had “borrowed.” The accounts payable personnel had learned to avoid Jim because they never knew what to expect from him. At times, he seemed to be the nicest guy you would ever meet, but at other times he

36

Chapter 2: Who Commits Fraud and Why

would be uncaring and even critical of others. It seemed that by his own volition, he had withdrawn socially from others at work.

37

Chapter 2: Review Questions

Chapter 2 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

In a study conducted by researchers at Brigham Young University comparing the personality, criminal, and demographic characteristics of incarcerated fraud perpetrators with those of other incarcerated property offenders, fraud perpetrators: A. B. C. D.

2.

In a study of 212 actual cases of fraud, most of the perpetrators were: A. B. C. D.

3.

51.0%. 31.0%. 11.0%. 3.9%.

The three interrelated forces of the fraud triangle are: A. B. C. D.

5.

Under the age of 26. Between the ages of 16 and 35. Between the ages of 36 and 45. Older than 45.

Which of the following is the probability of a person going to jail if they commit a fraud? A. B. C. D.

4.

Were more likely to get arrested. Were more likely to be first time offenders. Were more likely to use drugs and alcohol. Had fewer children.

Commit, conceal, and convert. Opportunity, rationalization, and pressure. Attitude, justification, and lack of personal integrity. Financial, lifestyle, and emotional.

Living beyond one’s means would be categorized as: A. B. C. D.

A financial pressure. A management characteristic pressure. A lifestyle pressure. An emotional pressure.

38

Chapter 2: Review Questions

6.

A scheme in which the perpetrator steals the cash or check that Customer A mails in to pay its accounts receivable and uses the funds received at a later date from Customer B to pay off customer A’s balance is known as: A. B. C. D.

7.

True or false: In employee fraud, all fraud perpetrators go through the conversion phase unless they steal actual cash that can be spent or use the asset personally. A. B.

8.

C. D.

True. False.

Expected fraud loss is the product of: A. B. C. D.

12.

Fraud risk. Fraud exposure. Prevention risk. Detection risk.

True or false: All other factors being equal, detection techniques are superior to prevention techniques. A. B.

11.

A company’s failure to implement proper controls. Management not getting involved in designing or enforcing the system of internal control or through inattention or carelessness. Management committing the fraud by overriding internal controls or using their position of power to compel those below them to carry out the fraud. A company’s failure to enforce its system of internal controls.

The likelihood or probability that a fraud will actually take place is referred to as: A. B. C. D.

10.

True. False.

The most prevalent opportunity for fraud results from: A. B.

9.

Skating. Kiting. Lapping. Dodging.

Fraud risk and fraud exposure. Prevention risk and fraud exposure. Fraud risk and prevention risk. Detection risk and prevention risk.

True or false: The benefit of a prevention technique is calculated by taking the difference between the expected loss with the prevention technique and the expected loss without it.

39

Chapter 2: Review Questions

A. B.

True. False.

40

Chapter 2: Review Question Answers and Rationales

Chapter 2 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

In a study conducted by researchers at Brigham Young University comparing the personality, criminal, and demographic characteristics of incarcerated fraud perpetrators with those of other incarcerated property offenders, fraud perpetrators: A.

B.

C.

D.

2.

In a study of 212 actual cases of fraud, most of the perpetrators were: A. B. C. D.

3.

Under the age of 26. This answer is incorrect because the study found that only 14 percent of fraud perpetrators were under the age of 26. Between the ages of 16 and 35. This answer is correct because the study found that most fraud perpetrators were between the ages of 16 and 35. Between the ages of 36 and 45. This answer is incorrect because the study found that 35 percent of fraud perpetrators were between the ages of 36 and 45. Older than 45. This answer is incorrect because the study found that only 13 percent of fraud perpetrators were older than 45.

Which of the following is the probability of a person going to jail if they commit a fraud? A. B. C. D.

4.

Were more likely to get arrested. This answer is incorrect because the study found fraud perpetrators were less likely to get arrested than other incarcerated property offenders. Were more likely to be first time offenders. This answer is correct because the study found fraud perpetrators were more likely to be first time offenders than other incarcerated property offenders. Were more likely to use drugs and alcohol. This answer is incorrect because the study found fraud perpetrators were less likely to use drugs and alcohol than other incarcerated property offenders. Had fewer children. This answer is incorrect because the study found fraud perpetrators had more children than other incarcerated property offenders.

51.0%. This answer is incorrect because 51.0% is the percentage of the perpetrators who were prosecuted. 31.0%. This answer is incorrect because 31.0% is the percentage of convicted perpetrators who were incarcerated. 11.0%. This answer is incorrect because 11.0% is the percentage perpetrators who were incarcerated for a year or more. 3.9%. This answer is correct because multiplying all the percentages together (0.51 x 0.98 x 0.31 x .25) shows that only 3.9% of fraud perpetrators go to jail.

The three interrelated forces of the fraud triangle are:

41

Chapter 2: Review Question Answers and Rationales

A.

B.

C.

D.

5.

Living beyond one’s means would be categorized as a(n): A.

B.

C.

D.

6.

Commit, conceal, and convert. This answer is incorrect because commit, conceal, and convert are the three interrelated forces of the opportunity triangle, not the fraud triangle. Opportunity, rationalization, and pressure. This answer is correct because the three interrelated forces of the fraud triangle are opportunity, rationalization, and pressure. Attitude, justification, and lack of personal integrity. This answer is incorrect because attitude, justification, and lack of personal integrity are the three interrelated forces of the rationalization triangle, not the fraud triangle. Financial, lifestyle, and emotional. This answer is incorrect because financial, lifestyle, and emotional are the three interrelated forces of the employee pressure triangle, not the fraud triangle.

Financial pressure. This answer is correct because living beyond one’s means is considered a financial pressure which is one of the three types of employee pressures; financial, lifestyle, and emotional. Management characteristic pressure. This answer is incorrect because a management characteristic pressure is an organizational pressure, while living beyond one’s means is categorized as a financial pressure related to employee pressure. Lifestyle pressure. This answer is incorrect because a gambling problem would be considered a lifestyle pressure, while living beyond one’s means is considered a financial pressure. Emotional pressure. This answer is incorrect because strong feelings of resentment would be considered an emotional pressure, while living beyond one’s means is considered a financial pressure.

A scheme in which the perpetrator steals the cash or check that Customer A mails in to pay its accounts receivable and uses the funds received at a later date from Customer B to pay off customer A’s balance is known as: A. B.

C.

D.

Skating. This answer is incorrect because skating is not identified as a particular fraud scheme. Kiting. This answer is incorrect because kiting is a scheme in which the perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank. Lapping. This answer is correct because lapping is a scheme in which the perpetrator steals the cash or check that Customer A mails in to pay its accounts receivable and uses the funds received at a later date from Customer B to pay off customer A’s balance. Dodging. This answer is incorrect because dodging is not identified as a particular fraud scheme.

42

Chapter 2: Review Question Answers and Rationales

7.

True or false: In employee fraud, all fraud perpetrators go through the conversion phase unless they steal actual cash that can be spent or use the asset personally. A.

B.

8.

The most prevalent opportunity for fraud results from: A.

B.

C.

D.

9.

A company’s failure to implement proper controls. This answer is incorrect because a company’s failure to implement proper controls results in the opportunity for fraud, but it is not the most prevalent reason. Management not getting involved in designing or enforcing the system of internal control or through inattention or carelessness. This answer is incorrect because management’s failure to get involved in designing or enforcing the system of internal control, creates opportunity, but is not the most prevalent opportunity for fraud. Management committing the fraud by overriding internal controls or using their position of power to compel those below them to carry out the fraud. This answer is incorrect because a company’s failure to enforce its system of internal controls, not management’s committing the fraud by overriding internal controls or using their position of power to compel those below them to carry out the fraud, results in the most prevalent opportunity for fraud. A company’s failure to enforce its system of internal controls. This answer is correct because a company’s failure to enforce its system of internal controls results in the most prevalent opportunity for fraud.

The likelihood or probability that a fraud will actually take place is referred to as: A. B. C.

D.

10.

True. This answer is correct because in employee fraud, it is true that all fraud perpetrators go through the conversion phase unless they steal actual cash that can be spent or use the asset personally. False. This answer is incorrect because in employee fraud all fraud perpetrators go through the conversion phase unless they steal actual cash that can be spent or use the asset personally or there would be no incentive to commit the fraud.

Fraud risk. This answer is correct because fraud risk is defined as the likelihood or probability that a fraud will actually take place. Fraud exposure. This answer is incorrect because fraud exposure is defined as the dollar amount that could be lost if a particular risk factor led to a fraud. Prevention risk. This answer is incorrect because prevention techniques are used to prevent a fraud from occurring and are not related to a likelihood or probability that a fraud will actually occur. Detection risk. This answer is incorrect because detection techniques are used to detect a fraud when one has occurred and are not related to a likelihood or probability that a fraud will actually occur.

True or false: All other factors being equal, detection techniques are superior to prevention techniques.

43

Chapter 2: Review Question Answers and Rationales

A. B.

11.

Expected fraud loss is the product of: A. B.

C.

D.

12.

True. This answer is incorrect because, all other factors being equal, it is better to prevent a fraud from occurring than to detect it after it has occurred. False. This answer is correct because, all other factors being equal, it is better to prevent a fraud from occurring than to detect it after it has occurred.

Fraud risk and fraud exposure. This answer is correct because the expected fraud loss is the mathematical product of fraud risk and fraud exposure. Prevention risk and fraud exposure. This answer is incorrect because the expected fraud loss is the mathematical product of fraud risk, not prevention risk, and fraud exposure. Fraud risk and prevention risk. This answer is incorrect because the expected fraud loss is the mathematical product of fraud risk and fraud exposure, not prevention risk. Detection risk and prevention risk. This answer is incorrect because the expected fraud loss is the mathematical product of fraud risk, not detection risk, and fraud exposure, not prevention risk.

True or false: The benefit of a prevention technique is calculated by taking the difference between the expected loss with the prevention technique and the expected loss without it. A.

B.

True. This answer is correct because the benefit of a prevention technique can be derived by comparing the calculated expected loss with the prevention technique and the calculated expected loss without it. False. This answer is incorrect because it is true that the benefit of a prevention technique can be derived by comparing the calculated expected loss with the prevention technique and the calculated expected loss without it.

44

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Chapter 3 – Fraud Prevention: Pressures and Rationalizations Learning Objectives After completing this section of the course, you should be able to: 1. Identify the pressures and rationalizations that can lead to fraud. 2. Design programs to relieve workplace pressures and help prevent the occurrence of fraud. Employee Financial Pressures The list of pressures employees face is long. We will discuss some of the most common here and illustrate them with real cases of fraud. (A more complete list of pressures and risk factors can be found in SAS No. 99, Consideration of Fraud in a Financial Statement Audit.) Bad Investments or Heavy Financial Losses One financial pressure is bad investments or heavy financial losses. An illustration of how financial losses can create enormous pressures is the following case of an owner of a grain elevator in Stockport, Iowa. Example: Raymond Keller was the owner of a local grain storage company. He built a lavish house overlooking the Des Moines River, complete with a swimming pool, sauna, and a three-car garage. However, for reasons no one really knows, his financial situation declined. Some say he lost money speculating on the commodities markets. Others say it was a grain embargo that virtually halted the buying and selling of grain. Keller had a severe cash shortage and went deeply in debt. He asked some farmers to wait for their money and gave others bad checks. Finally, the seven banks to which he owed over $3 million called their loans. He began the unauthorized sale of the stored grain and used the proceeds to cover his losses. One day a state auditor appeared unexpectedly. Rather than face the consequences, Keller took his own life. Excessive Lifestyle or Living Beyond One’s Means Many fraud perpetrators seem to be attracted to what may be referred to as a life of conspicuous consumption. They are extroverted, fun-loving, social individuals who enjoy the feelings that come from influence, social status, and from spending large sums of money. They are often imaginative and are more than ready and willing to take large risks to get what they want. Example: Tony De Angelis, who perpetrated the Salad Oil Swindle, was known for his chauffeur-driven Cadillac, his large and risky deals, his influential associates, and his free-spending habits. He often gave cash away to his many admirers. Example: One man, after founding a student marketing company, changed his lifestyle dramatically and developed very expensive tastes. He bought a Lear jet and a very expensive home, threw extravagant parties, and tried to portray himself as an elitist. Others commit fraud to cover up the free-spending ways of a family member. Example: One woman began embezzling funds when her husband went on a spending spree after a marital squabble. She felt compelled to cover the checks he wrote.

45

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Inadequate Compensation Another financial pressure is “inadequate” compensation. The following are some examples of this type of pressure. • Some employers expect an employee to maintain a certain lifestyle to foster a certain image or engage in certain activities to bring in new business, yet these same employers do not provide an adequate income or expense account to enable the employee to do so. In such cases, the employee often faces the choice of not meeting company expectations of finding other funds to achieve the objective. Example: A partner in a national CPA firm felt he was expected to frequently wine and dine clients and potential clients. As a result he seriously overextended himself financially. When an important client offered him a bribe to hide fraudulent financial reporting, he agreed to look the other way. For a $150,000 payment, he concealed a $300 million fraud. As a result, a large savings and loan failed, as well as several other companies. •

Employees do not receive sufficient wages to meet their family’s perceived needs.

Example: Tom was the head shipper at a large manufacturer of gas appliances and related equipment. He had to support his wife and nine children on a small salary. The pressures of family expenses finally became so great that he began stealing small appliances and fixtures from the warehouse. He sold the items and bought all kinds of things his family needed at home. •

Some people do not feel they are adequately rewarded for their efforts and labors.

Example: Two brothers who ran a software store in Pakistan wrote a computer virus and inserted it in the software they sold. After the virus damaged the user’s system, it left a message directing the user to call the brothers for costly corrections. It infected over 100,000 computers before it was eradicated. When asked about their motives, the brothers said they were upset that computer users were illegally copying the store’s legitimate software, so they caused the virus to be activated when an illegal copy of the software was made. High Personal Debt A fourth financial pressure is high personal debt. This may result from: • The loss of a business or home; • Divorce; • High medical bills; • Extended periods of unemployment or underemployment; • Impending personal bankruptcy; or • Bad business decisions or reversals in the economy. In essence, the perpetrators come to believe that solving the above pressures is more important than personal integrity. In other words, the perpetrators would prefer to commit a fraud than lose

46

Chapter 3: Fraud Prevention: Pressures and Rationalizations

their home or business or go bankrupt. The perpetrators may not consciously make this decision, but their actions reveal what is most important to them. Example: The controller of a small bank embezzled $158,000. Prior to working at the bank, he had worked for one of the then-Big Six firms and had earned a CPA certification. He was the son of a judge, and had never stolen anything before. When interviewed, he indicated that he had committed the fraud for two reasons: (i) he had gotten a divorce and had two households to support; and (ii) his outside business was losing money and draining his personal funds. Example: Alex was the 47-year-old treasurer of a credit union. His monthly payments on his home, cars, five different credit cards, two side investments, and college for two children exceeded his take-home pay. He felt the only way to make ends meet was to commit a fraud. He misappropriated assets to help pay his crushing debts and defrauded the credit union of $160,000 over a seven-year period. He was very well respected, so his actions came as a great surprise to all who knew him. Greed Some people have an overwhelming desire for personal gain. Others have a compelling desire to “get something for nothing.” Put another way, some people are so greedy they will commit a fraud to get what they want. Example: As a youngster, Gene found that baseball cards had value, so he took quarters from his mother’s purse to buy chewing gum, hoping for cards other boys would want to buy or trade. The prospect of getting something for nothing intrigued him, and he began pitching pennies, organizing sports pools, and gambling. He talked neighbors into letting him turn in magazine entry sweepstakes, agreeing to split the winnings. He did little in high school, conning many teachers into giving him A’s, and accepting F’s from the others. After high school, he moved from job to job, looking for a way to “score big” and set himself up for life. Soon after his second child was born, a racetrack insider alerted him to a racehorse that was a “sure thing.” Gene bet all of his savings and the proceeds of a second home mortgage on the horse. It came in fifth. Gene called his wife from the racetrack, told her how he had defrauded her, and disappeared. His wife lost her house and car. Her parents refused to help her (they disapproved of her marriage). She had to take a minimum-wage job and felt bitter, betrayed, and abused. Desire to avoid paying taxes The desire to avoid paying taxes to the government can lead people to do amazing things, including fraud. Example: In 1985, Phillip Capella won $2.7 million in the lottery, and began receiving annual payments of $135,000. In 1989, he filed a federal income tax return claiming $65,000 in gambling losses and seeking a $26,000 refund. The IRS audited him, and his accountant showed up at the audit with 200,000 losing lottery tickets. However, the tickets did not belong to Capella; he had rented them for $500 from a man who collected losing tickets. Capella and the

47

Chapter 3: Fraud Prevention: Pressures and Rationalizations

accountant were charged with conspiracy and each faced a possible eight-year jail term and fines of $500,000. Pride and Ambition Pride and ambition also lead some people to commit fraud. Perpetrators motivated by pride and ambition often feel they are above the rules because they are better than other people and more deserving. They are often unhappy with ordinary jobs and income. The outward signs of success can become an obsession that may be manifested in their mode of travel, dress, and lifestyle. Extending themselves beyond their means is not unusual. This attitude causes the offenders to decide to get what they want by whatever means necessary. Pride blinds them to possible consequences. A Need For Power or Control For some, a need for power or control may surpass their considerations of right or wrong. If other avenues to power, position, or prestige are blocked, money, which symbolizes power, may preoccupy the person who is determined to “be somebody.” Inability to Tolerate Delay or Frustration Some perpetrators are unable to tolerate delay or frustration. In such personalities, failure in legitimate efforts simply stimulates a more earnest search for a shortcut to success. A course that is slow, plodding, and lacking a guarantee, such as beginning at the bottom and working one’s way up, is unthinkable. The temptation of easy gain or instant success is more than these people can resist. They want to resolve their financial problems or “hit the big time” immediately, in any way they can, with minimal effort and cost, no matter what the impact on the business or other people. Insatiable Intellectual Challenge A common finding, especially with computer criminals, is that they are often motivated by intellectual challenges. Many computer technicians are insatiably curious and thrive on the challenge of figuring out how things work. A technician could easily find himself thinking, “I will figure out how they made this system secure, break that security, and prove my superior technical capabilities.” For many technicians, this challenge may well be a greater enticement than the possibility of financial gain. Once tempted by this kind of gamesmanship, computer criminals can become so involved they lose sight of the moral implications of their actions. Management Financial Pressures Pressures can also motivate an individual to commit fraud on behalf of an organization instead of against it. Economic Cycles, Inflation, and Recession The economic cycle and the resulting effects of inflation and recession are a major management fraud pressure. In recessionary times, executives who fear layoffs or downsizing may resort to financial gimmicks to boost the bottom line and protect their own jobs as well as their workers’ jobs.

48

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Example: In a recent survey, 98 percent of the CEOs at the top 1,000 Canadian companies stated they felt that economic pressures were the main reason for Canadian companies reporting fraud-related losses of $39 million. Impending Business Failures Another corporate pressure is an impending business failure. Though business failures significantly increase in recessionary times, there is a significant relationship between impending business failures and fraud even in the best of times. When faced with the choice of either losing their businesses and everything they have worked for over the years or “fudging” (in their eyes) the numbers a little bit in order to keep the business going, many owners choose the latter course. In the latest recession, business failures increased 50 percent. The dollar liabilities associated with business failures skyrocketed from $55 billion to almost $110 billion. Urgent Need For Earnings Companies that face pressures for a certain level of earnings (to meet debt requirements, go public, etc.) are sometimes motivated to fabricate those earnings or turn to sleight-of-hand tactics if they are not able to generate them honestly. Example: In 1989, Bonneville Pacific, facing a net loss of $2.5 million, badly needed a deal to meet investor earnings expectations and to avoid a poor showing during discussions with underwriters for a debt or equity offering. To meet those earnings expectations, it recognized a $13.2 million gain on a complex, two-step purchase and sale of assets. The bankruptcy trustee claimed the transaction was a sham to artificially boost the value of assets assigned to Bonneville. He said it involved insider dealing, inflated earnings, and secret funneling of cash through an offshore shell. An auditor with Bonneville’s then-Big Six CPA firm wrote in a memo that the transaction presented an unusual audit risk to the CPA firm. The memo also criticized Bonneville officials for accepting such unusual risk, for offering overly optimistic public projections of earnings, for using aggressive accounting policies, and for trying to promote the company and increase stock prices. Notwithstanding the memo, the CPA firm gave Bonneville a clean opinion. Unfavorable Economic Conditions Companies facing unfavorable economic conditions are sometimes motivated to fabricate earnings or otherwise falsify information. The declining financial condition of entities in an industry is evidenced by things such as declining stock prices, delisting or suspension of stock, credit downgrades by rating agencies, and frequent or increasing numbers of business failures. Example: The Equity Funding Fraud was one of the largest computer-assisted frauds in history. In 1969, Equity Funding’s stock sold for over $80, but because of difficult times in the insurance industry the stock fell to $12 by late 1970. Company managers with vast holdings of the stock were intent on boosting its price. They felt that the only way to do that was through higher and higher earnings. Unfortunately, new sales were down for the industry and existing policyholders were not renewing their

49

Chapter 3: Fraud Prevention: Pressures and Rationalizations

insurance. To pump up earnings, Equity Funding began reinsuring fictitious policies. Sales skyrocketed and the reported insurance in force tripled. The industry was amazed at Equity Funding’s ability to turn its program around and show surprising gains while everyone else was experiencing a severe decline. Unrealistic Goals, Financial Targets, or Expectations Set By Management For companies to grow and progress, it is important for them to have goals and high expectations. However, when management sets goals or expectations for its employees or operating units that are unrealistic, they may be motivating them more toward fraudulent behavior rather than improved performance. In essence, they may be forcing them to choose between failing through no fault of their own or cheating. Example: William Nashwinter, a young aggressive salesman with Doughtie’s Foods, was promoted to be the general manager of an East Coast warehouse that wholesaled frozen food products to retail outlets. When he did not meet the profit goals Doughtie’s set for the warehouse, he was severely criticized. After several such criticisms he decided to do whatever it took to meet what he felt were Doughtie’s totally unrealistic profit goals. He inflated the monthly inventory balance he sent to Doughtie’s in order to decrease his cost of goods sold and inflate his gross profit. Unfortunately, warehouse performance never improved, and his scheme required him to fabricate ever-larger amounts of inventory to meet his goals. When he finally confessed his wrongdoing, the investigating CPA firm found that in the last year of the fraud, net income was inflated by 39 percent. In essence, Nashwinter decided it was better to be dishonest than to not meet the budget. There Are a Number of Other Important Company Pressures: Χ New accounting, statutory, or regulatory requirements -- These could impair the financial stability or profitability of the entity. • Possible suspension or termination of licenses or operations. • A high degree of competition or market saturation, accompanied by declining margins. • Rapid changes in an industry -- Some examples are: o Declining customer demand; o High vulnerability to rapidly changing technology; or o Rapid product obsolescence. • Significant additional capital is needed to stay competitive. This takes into consideration the financial position of the entity, including the need for major research and development or capital expenditures. Many Other “Red Flags” Appear Due to Management-Related Pressures • Assets, liabilities, revenues, or expenses subject to significant estimates involving highly subjective judgments or uncertainties -- These may also be subject to potential change in the near term in a manner that may have a financially disruptive effect on the entity, including those involving: o Ultimate collectibility of receivables; o Timing of revenue recognition;

50

Chapter 3: Fraud Prevention: Pressures and Rationalizations

• • • • • • • • • • • • •

• • •

o Realizability of financial instruments based on the highly subjective valuation of collateral or difficult-to-assess repayment sources; and o Deferral of certain costs, such as software development costs. Heavy dependence on new or unproven product lines. Unusually rapid growth or profitability -- This is to be noted when compared with that of other companies in the same industry. High vulnerability to changes in interest rates. Unusually high dependence on debt -- This takes into account a marginal ability to meet debt repayment requirements, and debt covenants that are difficult to maintain. Unrealistically aggressive sales or profitability incentive programs. The threat of potential foreclosure or loss of confidence by customers, suppliers, or lenders -- This is a concern when poor financial results are reported. Adverse consequences on significant pending transactions -- Some examples include a business combination or contract award, if poor financial results are reported. Poor or deteriorating financial position -- This is of special concern when management has personally guaranteed debts of the entity. Heavy losses -- Some reasons for heavy losses include failed investments, past operating losses, etc. Unusual difficulty in collecting customer’s receivables. Actual or threatened litigation. Severe inventory obsolescence/excessive inventory buildup relative to sales. Significant portion of executive compensation represented by bonuses, stock options, or other incentives -- This is of concern when their value is contingent upon the entity achieving unduly aggressive targets for operating results or financial positions over which they have control. Management committing to analysts, creditors, and other third parties to achieve forecasts that appear to be unduly aggressive or unrealistic. Significant tax adjustments made by the IRS can also lead to more management-related pressures. Unrealistic performance standards -- These can lead either to desperation and anger, resulting in dishonesty or “get even” attitudes.

Work-Related Pressures Pressures can also be work-related. Some of the more frequently encountered work-related pressures are discussed below. Severe Resentment Feelings of anger and resentment have caused some perpetrators to compromise their personal integrity. Anger and resentment can build until it eventually dominates feelings, and thinking becomes cloudy. Reason is replaced by a desire to get even or to strike back, caution is thrown to the wind, and perpetrators take their feelings out on the company by committing a fraud. Feelings of resentment may arise from various perceptions the employees have about their workplace. Examples of such perceptions are listed below. • They are treated unfairly.

51

Chapter 3: Fraud Prevention: Pressures and Rationalizations

• • • • • •

They are underpaid and “deserving” of more money. They are expected to maintain a lifestyle that they cannot possibly afford because they are not given the pay or the expense account to do so. Their contributions to the company are neither appreciated sufficiently nor recognized. Their job is a dead-end road to nowhere and brings them no personal satisfaction. In fact, their job is the cause of all their problems. No matter how hard they try, they can never achieve the unrealistic goals management has set for them. The company is taking advantage of them.

Example: The chief accountant of a large California produce-growing company developed a computer program to falsify and systematically raise all the company’s monthly production costs by tiny increments. The extra money was siphoned off into accounts of dummy customers, then pocketed by the accountant. He was apprehended when he tried to cash a check to the dummy customer and the bank teller, not recognizing the dummy company, called the produce company to inquire about the check. When apprehended, the perpetrator expressed a lot of resentment toward top management for the way he had been treated at the company. He said, “Nobody at the company (especially the owners) ever talked to me. They treated me unfairly, talked down to me, and were rude to me.” He felt very little remorse for the crime. Example: A long-time employee who had compiled a good record at work was passed over for a raise he felt he had earned. When the raise did not materialize, he decided to take matters into his own hands. He calculated that the average raise had been 10 percent, so he increased his salary by that amount. When he was finally apprehended he defended his actions as being honest. He could not understand why he had been arrested; he had not stolen, he had merely taken what was rightfully his. When asked how he would have felt if he had increased his salary by 11 percent, he responded that he would have been stealing one percent. Example: One fraud perpetrator began his career as a staff accountant at a defense contractor. The president of the company was a workaholic and considered an eight-hour day as something a part-time employee worked. To make his mark in the company, the man worked 12 to 14 hours each day. After six years at the company, he finally realized that his long workdays were now expected of him, and he would never be able to get out of the rat race. He became bitter about being taken advantage of (he had never received any overtime) and about the lack of appreciation for his years of dedicated work. To get back at the company, he colluded with a vendor to overcharge the company $1.5 million. The $80,000 he received from the vendor was his appreciation and “payback.” Threat of Job Loss Another work-related pressure is to threaten an employee’s job, company position, or prestige. This may result from external factors such as proposed layoffs, a proposed merger, a proxy contest for control, or any number of other reasons. It could also result from something the

52

Chapter 3: Fraud Prevention: Pressures and Rationalizations

employees have done and motivates them to try to cover up poor performances to make themselves look better. Example: One executive at a management training company was placed on probation as a result of poor evaluations from conference participants. In order to save her job, she removed the poor evaluations and replaced them with much better evaluations. This deception went on for some time until a participant complained in person to the president of the company. Overaggressive Compensation Plans Another pressure is having executive compensation tied to financial statistics or specific transactions over which only management has control. This may motivate a person to overstate company performance in order to increase compensation. Low Employee Morale and Loyalty Fraud is more likely in situations where superiors are not appreciative of their employees, morale is low, there are substandard working conditions, or where there are significant feelings of ill will, resentment, anger, or alienation. Lifestyle Pressures Another type of pressure is referred to as a lifestyle pressure, such as gambling, a drug or alcohol problem, or an expensive sexual relationship. Gambling Those addicted to gambling will go to great lengths to get the money needed to feed their addiction. This is perhaps best illustrated by a few examples. Example: Bernie, a New York lawyer, was a compulsive gambler. To feed his high-betting habits, he would buy a block of shares in a penny-stock company. He then paid several brokers to bid up the price so he could unload his shares. On one occasion, he pulled off dozens of scams and made millions of dollars on each one. Bernie loved to gamble in Vegas and bet on the horses. On one occasion, he flew to Las Vegas with $17,000 in racetrack winnings. After several hours, he built his stake up to $110,000. He put it in a safe-deposit box at the hotel, intent on using it to pay his unpaid mortgage and other large debts. Unable to sleep with all that gambling going on below, Bernie got up and went back to the tables. He lost everything and even went $25,000 in debt to the casino. It was not until Bernie was on his way home that he realized he was sick and that no matter how much he won, it would never be enough. Americans legally bet over $500 billion a year. Approximately 13 million people in the U.S. are addicted to gambling, and it is virtually impossible to tell who they are. There have been other reports of people hooked on gambling. Consider the following: • Terry A.: “When I was at the blackjack table, my wife could have been dying from cancer, and I could not have cared less.” • Marge W.: “I stole vacation money from the family jar. I spent every waking hour thinking about getting to the track.”

53

Chapter 3: Fraud Prevention: Pressures and Rationalizations

• • • •

Thomas J.: “Gambling was the ultimate experience for me -- better than sex, better than any drug. I had withdrawal tortures just like a heroin junkie.” Ronald P.: “I degraded myself in every way possible. I embezzled from my own company, I conned my six-year-old out of his allowance.” Archie K.: “After I woke up from an appendectomy, I sneaked out of the hospital, cashed a bogus check and headed for my bookie. I was still bleeding from the operation.” Irving J.: “I’ll never forget coming home from work at night, looking through the window at my family waiting for me and then leaving to place a couple more bets. I was crying the whole time, but I had simply lost all control.”

Drug or Alcohol Addiction A drug or alcohol addiction is a very powerful motivator, and those hooked on drugs will do many things they would not otherwise do, including committing a fraud. • The branch manager of a large bank admitted that he was secretly shooting up in his office all day and stealing money from his employer to finance the habit. • Another individual lost his job and was robbing and stealing every day to support his $500-a-day habit. • Another addict said, “There was nothing that I would not do to get drugs. Even though I was a successful businessman, I stole from stores, I broke into homes and stole TVs, VCRs, jewelry, or anything else that would bring in cash to support my habit.” Sexual Relationships A number of people have been motivated to commit a fraud because they needed extra funds to support one or more intimate relationships. Example: The former president of United Way, William Aramony, was found guilty of 25 counts of fraud. Mr. Aramony was described by prosecutors as a womanizer who spent freely and had his staff use creative coding to bill United Way for his and his girlfriends’ vacations, gambling, and other excesses. Family or Peer Pressure Family or peer pressure also leads to fraudulent actions. Example: Janet was a 19-year-old cashier at a wholesale candy distributor. Her unemployed boyfriend Alfred began insisting that Janet get some money to help him make his car payments and pay his bills. She began stealing cash receipts and destroying the copies of the invoices that recorded the sales. Soon Alfred pressured her for money for hotel rooms, transportation, meals, and entertainment for their vacations, which were always first-class. She was discovered when her need for cash got so large that she began substituting some customer’s checks for money she took from the drawer. Beating the System The challenge of “beating the system” is an especially prevalent motivator for computer fraud. Many of the hackers that do so much damage to systems want to show that they can subvert the controls and break into a system.

54

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Example: In one case, a company advertised a new system as being so secure that outsiders would not be able to break into it. Within 24 hours of implementing the system, a team had broken into the system and left a message that the impenetrable system had just been compromised. Rationalizations Most fraud perpetrators have justifications or rationalizations that allow them to justify their illegal behavior. Because they judge themselves by their intentions and not their actions, many perpetrators consider themselves honest and upright citizens. That means they had to have: Χ Some internal mechanism that allows them to rationalize their actions as not actually being wrong or dishonest; or Χ A reason or an excuse that made their actions more important than honesty and integrity. Their rationalization allows them to violate their position of trust and still have that violation be consistent with their concept of themselves as honest people. As an example of the rationalization process perpetrators use, consider the following statements by a professional car thief. Example:What I do is good for everybody. I create work; I hire men to find customers, paint and deliver the cars, work on the numbers, prepare the car papers, and drive them out of the state. That is good for the economy.I am also helping people get what they could never afford otherwise. A fellow wants a Cadillac but cannot afford it. He buys my cars and saves as much as $2,000. Now he is happy and so is the guy who lost his car because he gets a nice new Cadillac from the insurance company. The Cadillac company is happy because they sell another car. The only ones who do not do well are the insurance companies. But they are so big that nobody cares personally. Besides, they have a budget for this sort of thing. Come on now -- who am I really hurting? Some of the most frequent rationalizations follow. • Borrowing -- Perhaps the most frequent rationalization is “I am just borrowing the money.” Perpetrators do not intend to steal, they just need a little money to tide themselves over a rough spot. They are not really dishonest because they have every intention of paying the “loan” back before it is missed. Unfortunately, these individuals must borrow larger and larger amounts of money in order to meet their needs and are never able to repay the money. • Not hurting anyone -- Perpetrators who justify their actions this way claim that it is just a faceless and nameless computer system that will be affected or a large impersonal company that will not miss the money. For example, one perpetrator took pains to steal no more than $20,000, which was the maximum the insurance company would reimburse the company for losses. • I needed it badly. • It is just a little sin. • It is for a good cause. • Everyone is doing it. • No one will ever know.

55

Chapter 3: Fraud Prevention: Pressures and Rationalizations

• • • • •

Business is business. Above-the-rules syndrome. The company owes it to me. Personal advancement -- To be somebody, I must have money. Something (honesty and reputation) has to give in order for me to be successful. Everybody is a little dishonest.

Minimizing and Detecting Situational Pressures If you want to deter fraud and to maximize your chances of detecting it if it does occur, you must take positive steps to monitor or control situational pressures. However, this is much easier said than done. You must walk a fine line. On the one hand, it is not possible for you to eliminate or minimize an employee’s self-imposed situational pressures, nor is it possible or even desirable to remove all company-applied situational pressures from employees. It is also wrong and illegal for companies to invade the privacy of their employees. On the other hand, you cannot deter and detect fraud unless you are aware of the situational pressures compelling employees to commit fraud and reduce them wherever possible. To be aware of both the self-imposed and the company-applied situational pressures means that you must: • Pay more attention to employee lifestyles and habits than you have in the past; • Select individuals with high levels of moral integrity to occupy important positions of trust; and • Strive to create an environment that contributes to maintaining high levels of personal integrity. This is easy to say and hard to do. Many of the self-imposed situational pressures arise from an employee’s financial troubles. However, company managers generally do not know the financial condition of their employees. Even if they knew certain employees were overextended, managers would probably feel very reluctant to approach them and talk about it. Furthermore, approached employees might resent the company sticking its nose where they feel it does not belong. Prevention Techniques The following paragraphs list some of the most important things that can be done to minimize or monitor situational pressures in order to deter fraud. Create a Proper Corporate Climate Employee fraud, theft, and embezzlement are more prevalent in some organizations than in others. If management creates a climate of honesty, fraud can be significantly reduced. There are several ways to do this. • Maintain positive work conditions where employees are well-rewarded and where their personal needs are fulfilled. • Create a climate of openness and trust where employees and managers feel free to confide in each other. Good informal communication between managers and employees is critical. • Have an open-door policy so employees feel that they can talk about their problems. Many perpetrators have stated that they turned to fraud because they felt they had no one 56

Chapter 3: Fraud Prevention: Pressures and Rationalizations



to talk to. If employees feel they can talk freely, managers will understand their pressures before they become acute. Policies with respect to working conditions, compensation, job incentives, and career advancement can be a powerful force in encouraging efficiency and loyal service.

Establish Employee Assistance Programs Develop assistance programs that provide employees with the help they need to overcome their problems. In some cases, these programs can be administered by the company itself. However, some problems may be so sensitive that they are best handled by an external organization hired to provide assistance with the confidentiality that employees feel they need. There are legal means to solving unexpected financial pressures and making employees feel the company cares about them as individuals. Several types of programs are possible, including the following: • Financial counseling to those who desire it -- This should include information on issues such as loan acquisition, budgeting, investing, proper uses of debt, etc. • Personal counseling for problems such as gambling and family problems. • Cash advances to employees who have short-term emergencies, and assistance in taking out loans for those employees with longer-term needs. • Providing adequate expense accounts to cover company-required expenses. • Drug-, alcohol-, and other substance-abuse programs. Regularly Evaluate Employee Performance Management should regularly evaluate employee performance. They should regularly review salaries, wages, and benefits with key employees. They should also establish grievance procedures, give employees an outlet for disagreement, and be receptive of all grievances submitted. Take Special Care With Certain Employees Some employees are more vulnerable to committing fraud because of their position, state of mind, adverse relationship with the company, perceived pressures, or opportunities to commit a dishonest act. Special care should be taken for employees who have access to assets that are susceptible to misappropriation and who: (i) are likely to, or believe they are likely to, be laid off; (ii) are known to be dissatisfied; (iii) exhibit unexplained unusual changes in behavior; and/or (iv) are known to have personal financial pressures. Monitor Employee Situational Pressures There are several ways to detect the situational pressures that employees face. • Increase the amount of contact with the client’s personnel and physical operations. This allows you to observe the work habits, attitudes, lifestyle, and feelings of employees; evaluate the effectiveness and efficiency of operations; and observe personnel, customers, and suppliers. • Investigate unusual employee patterns or lifestyles and follow up on “hunches.” Example: One large employee fraud was detected when an auditor noticed that an office manager took everyone in a limo to an expensive restaurant for lunch on her birthday. An investigation showed her salary would not support that expense and that she was paying for these and other extravagances with embezzled funds.

57

Chapter 3: Fraud Prevention: Pressures and Rationalizations



Review professional material, such as the Audit Risk Alert. A number of CPA firms have conducted fraud surveys or have published literature on fraud. In addition, the Association of Certified Fraud Examiners puts out a periodic newsletter on fraud-related issues.

Minimize Company Pressures Many company-applied situational pressures can be minimized by doing one or more of the following: • Establish fair and uniform personnel policies so employees are paid commensurate with their responsibilities and are treated fairly and without bias or favoritism. • Provide career counseling that assesses employee aspirations and helps them understand how they can advance to achieve those expectations. • Develop formal communication systems, such as formal grievance procedures, that allow employees to express their complaints and dissatisfactions and to get redresses for their grievances. They should also be receptive of all grievances submitted. • Regularly evaluate employee performance. They should regularly review salaries, wages, and benefits with key employees. • Avoid unrealistically high performance expectations. One way to do this is to have employees participate in setting their own performance goals. • Avoid excessive rewards and punishments for an employee’s success or failure. This includes avoiding the “do it at any cost” attitude that may encourage managers to behave dishonestly. • Do everything possible to eliminate or minimize specific corporate situational pressures. This is certainly not an easy task, since there are so many corporate situational pressures. However, much can be done to remove unnecessary obstacles such as insufficient working capital, excess capacity, and obsolete inventory or equipment that blocks effective performance. Monitor Corporate Pressures You must be alert to evidence that indicates a fraud may have been committed. There are a number of ways to use an understanding of situational pressures to detect fraud. Corporate pressures can be detected in the following ways. • Perform extensive analytical reviews and comparisons. For example, compare this year’s numbers to the numbers from the past five to 10 years to determine unfavorable trends, to judge the company’s need for future capital, etc. Another approach is to compare client numbers and ratios to industry averages and investigate anything out of the ordinary. • Read trade journals pertaining to the client’s industry and keep abreast of economic and legislative changes affecting the industry. • Investigate the company using Better Business Bureau records, credit ratings, and other such information sources. • Carefully examine client financial data, looking for “red flags” that might indicate fraud.

58

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Maximizing Employee Integrity, Minimizing Rationalizations Personal integrity refers to the personal code of ethical behavior each person adopts. While this appears to be a straightforward determination of whether the person is honest or dishonest, moral-development research indicates the issue is more complex. Some individuals have developed a general trait of honesty that we call “high personal integrity.” Whether these people are honest depends on the specifics of the situation. Individuals lacking this trait of honesty may or may not behave correctly, depending on the situational pressures and opportunities. These people are situationally specific honest. • Their integrity does not generalize across situations and is not internalized as a personal value. • Their behavior is influenced more by the situation: o The opportunity to be dishonest; o The probable gain from cheating; o The likelihood of getting caught; o The severity of the punishment; and o The perceived need for more money. • Usually most individuals believe in honesty, but some can be tempted by convenient opportunities and intense situational pressures. Fraud research suggests that a lack of personal integrity is one of the best personality predictors of fraud perpetrators. People with low personal integrity are usually not concerned with what is fair and just. Instead, they compromise their standard of honesty and choose what is expedient or advantageous at the moment, with little regard to future consequences. They consistently value money or profit above ethics, honesty, morality, and other ideals. Prevention Techniques However, as individuals adopt and internalize a high standard of personal integrity, the probability that they will commit a fraud is reduced. The following prevention techniques will help minimize rationalizations and maximize employee honesty. Select Honest Employees A great deal of fraud can be eliminated by carefully selecting employees of high integrity. Selecting honest employees can be facilitated in several ways. • Require that applicants fill out a written application. The company should also solicit references, obtain credit bureau reports, and investigate the information. • Ask potential employees in the employment interview if they are honest and trustworthy. While employees can easily lie, the question signals to the candidate the importance of honesty to the company. • Use psychological deterrents, such as informing applicants that security checks are run on their background and fingerprints are taken and checked against regulatory agency files. • Use one of several instruments that have been designed to measure the personal integrity of job applicants. Evidence shows that these instruments can reliably predict personal integrity.

59

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Create a Culture of Honesty One way companies can prevent fraud is to create an organizational culture that teaches and stresses honesty. Studies have found that individuals will move toward or away from dishonest actions according to the cultural standards of management and their co-workers. In other words, fraud is psychologically harder to commit when: • Acceptable behavior is clearly defined for employees; • Management follows the control principles and procedures that have been put into place; • Management or co-workers are honest; and • Employees believe that dishonesty normally is punished or prosecuted. Clearly Label Honest and Dishonest Actions Acceptable and unacceptable behavior should be defined so that employees are aware of a company’s ethical position should a problem arise. Many business practices fall into a gray area between right and wrong. In defining these actions, companies should: • Set explicit standards of conduct and general principles of behavior. A major cause of dishonesty comes from rationalizing and redefining the situation. It is natural for the criterion of expediency to replace the criterion of right versus wrong. • Prepare clearly stated policies that explicitly describe honest and dishonest behaviors. These policies should especially cover issues that are uncertain or unclear, such as conflicts of interest and the acceptance of gifts. For example, most purchasing agents would agree that accepting a $5,000 bribe from a supplier is dishonest, but a weekend vacation at a hunting cabin is not as clear-cut. Example: Many professionals see nothing wrong with utilizing corporate computer resources for personal use. Likewise, gaining unauthorized access to another company’s databases and browsing through them is not an uncommon practice. One programmer, when arrested for unauthorized browsing, was shocked to find out that he was going to be prosecuted for his “crime.” He felt his activities were a common industry practice. • •

Make sure all employees know and understand company rules and standards. Adopt an explicit code of conduct that tells employees exactly what is acceptable and what is not. Require employees to read, sign, and follow it.

Defining appropriate behavior would remove any uncertainty regarding the legality or appropriateness of questionable practices such as borrowing company material; padding expense accounts; accepting favors from suppliers; and using company computers, copiers, or telephones for personal purposes. Teach and Reward Honesty There are several ways in which companies can teach and reward honesty. • Unequivocally endorse the importance of honesty as a basic principle guiding the conduct of the company. • Personally and actively advocate, teach, and practice honesty. Companies should not assume that everyone accepts honesty. For example, top management should make it clear that honest reports are more important than favorable reports. 60

Chapter 3: Fraud Prevention: Pressures and Rationalizations



Consistently reward and encourage honesty and give verbal labels to honest and dishonest behavior. If companies simply punish or reward honesty without giving it a label or explaining the principle, or if the standard of honesty is inconsistent, employees will most likely be inconsistent in their moral behavior.

Investigate and Prosecute Dishonesty Prosecuted embezzlers have the lowest rate of recidivism of any criminals, while nonprosecuted ones have the highest rate. Unfortunately, many organizations dismiss most dishonest employees rather than prosecute them. In doing so, they inadvertently send a message to their other employees that dishonesty does not carry any serious consequences at the company other than termination. As a result, fraud is psychologically easier to commit when employees believe perpetrators will not be prosecuted. And termination, where the reasons for termination are not disclosed, in today’s mobile society can actually help a perpetrator build what others may consider an attractive resume. All dishonest acts should be thoroughly investigated, and all who are found guilty should be dismissed. It may not be financially expedient to prosecute everyone caught for dishonesty, but if no one is ever prosecuted or if people think no one is ever prosecuted, the probability of fraud will increase. Enough dishonest employees must be prosecuted to create the belief that fraud perpetrators will be caught and punished. Example: When one company changed its attitude from “we want to approve when someone is prosecuted” to “we want to know when someone who commits a fraud is not prosecuted,” fraud decreased substantially. The consequences of violating the rules and the punishment of fraud perpetrators should not be kept secret. Develop Proper Dismissal Practices Companies should be very careful when firing employees. Dismissed employees should be removed from sensitive jobs immediately and denied access to important data and computer systems to prevent sabotage or copying of confidential data. Properly Manage Disgruntled Employees Some employees commit fraud seeking revenge or “justice” for some wrong they perceive has been done to them. Hence companies should have procedures for identifying these individuals and either helping them resolve their feelings or removing them from jobs that allow them access to the system. One way to avoid disgruntled employees and to maintain high company morale is to provide grievance channels and employee counseling. Employees need someone outside the normal chain of command to talk to about their grievances and problems with the company. Having someone who will listen to them and help them resolve their problems can significantly decrease the number of dissatisfied employees. This is often not easy to accomplish since most employees fear that airing their feelings could have negative consequences for their careers.

61

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Properly Train Employees Fraud is much less likely to occur in an environment where employees believe security is everyone’s business. An ideal corporate culture for fraud deterrence exists when employees are proud of their company and are protective of its assets. They believe they have a responsibility to report fraud because what harms the company harms them. This culture does not just happen; it has to be created, taught, and practiced. To develop this type of culture, a company should educate and train employees in the following areas: • Security measures -- Employees should be well-schooled in security measures, taught why they are important, and be motivated to take them very seriously. Security should be monitored and enforced as a way of reinforcing this training. • Fraud awareness -- Employees should be made aware of fraud, its prevalence, and its dangers. They should be taught why people commit fraud and how to deter and detect it. • Ethical considerations -- The company should promote its ethical standards in its practices and through company literature, such as employee handouts. • Punishment for unethical behavior -- Employees should be informed of the consequences of unethical behavior (reprimands, dismissal, prosecution, etc.). This information should be disseminated not as a threat but as the consequence of choosing to act unethically. As simple as it sounds, educating employees in security issues, fraud awareness, ethical considerations, and the consequences of choosing to act unethically can make a tremendous difference. This education can be accomplished by: • Conducting informal discussions and formal meetings; • Issuing periodic departmental memos; • Distributing written guidelines and codes of professional ethics; • Circulating reports of securities violations and their consequences; and • Promoting security and fraud training programs. Case Study: Portrait of a White-Collar Criminal There is an old saying in crime-fighting circles: Crime does not pay. However, for David Miller crime has paid rich dividends. It paid for two Mercedes-Benz sedans, a $280,000 suburban house, a condominium in Myrtle Beach, S.C., $500 suits, and $75 tailored, monogrammed shirts. It also paid for diamond, sapphire, ruby, and emerald rings for his wife and a new car for his father-in-law. Though he has confessed to embezzling funds from six different employers over a 20-year period, he has never been prosecuted and has never been incarcerated. In large part, Miller’s freedom is the result of the fear that companies have about turning in employees who defraud them. Miller’s first employer was also his first victim. In 1965, after 10 months of selling insurance in Wheeling, W. Va., he was fired for stealing about $200. After an assortment of odd jobs, he moved to Ohio and worked as an accountant for a local baker. Miller was caught embezzling funds and paid back the $1,000 he had stolen. He was not reported to the authorities in either instance and was quietly dismissed.

62

Chapter 3: Fraud Prevention: Pressures and Rationalizations

Miller returned to Wheeling and went to work for Wheeling Bronze, Inc., a bronze-castings maker. In December 1971, the president of Wheeling Bronze discovered that several returned checks were missing and that there was a $30,000 cash shortfall. After an extensive search, workers uncovered a number of canceled checks with forged signatures in an outdoor sandpile. Miller was questioned and confessed to the scheme. He was given the choice of paying back the stolen amount or going to jail. His parents took out a mortgage on their home to pay back the stolen money. No charges were ever filed, and Miller was dismissed. Several months later, Miller found a job in Pennsylvania working for Robinson Pipe Cleaning. When Miller was caught embezzling funds, he again avoided prosecution by promising to repay the $20,000 he had stolen. In 1974, Crest Industries hired Miller as an accountant. He proved to be the ideal employee and was quickly promoted to the position of office manager. He was very dedicated, worked long hours, and did outstanding work. Soon after his promotion he purchased a new home, a new car, and a new wardrobe. In 1976, Miller’s world unraveled again when Crest’s auditors discovered that $31,000 was missing. Once again there was a tearful confession and a promise to repay all money stolen. Miller confessed that he had written several checks to himself and had then recorded payments to vendors on the carbon copies of the checks. To cover his tracks, he intercepted and altered the company’s monthly bank statements. He had used the money he had stolen to finance his lifestyle and to repay Wheeling Bronze and Robinson Pipe Cleaning. He claimed in his confession that he had never before embezzled funds. He showed a great deal of remorse, so much so that Crest even hired a lawyer for him. He gave Crest a lien on his house, and he was quietly dismissed. Because the president of Crest did not want the publicity to harm Miller’s wife and three children, Crest never pressed charges against him. Next, Miller took a job as an accountant in Steubenville, Ohio, with Rustcraft Broadcasting Company, a chain of radio and TV stations. Rustcraft was acquired in 1979 by Associated Communications, and Miller moved to Pittsburgh to become Associated’s new controller. He immediately began dipping into Associated’s accounts. Over a six-year period he embezzled approximately $1.36 million, $445,000 of that in 1984 when he was promoted to CFO. Miller used various methods to embezzle the money. One approach to circumvent the need for two signatures on every check was to ask another executive who was leaving on vacation to sign several checks “just in case” the company needed additional cash while he was gone. Miller used most of these checks to siphon funds off to his personal account. To cover the theft, he retrieved the canceled check from the bank reconciliation and destroyed it. The amount stolen was then charged to an expense account of one of the units to balance the company’s books. While working at Associated, Miller was able to lead a very comfortable lifestyle. He bought a new house and several expensive cars. He bought vacation property and a very expensive

63

Chapter 3: Fraud Prevention: Pressures and Rationalizations

wardrobe, and he was very generous with tips and gifts. The lifestyle could not have been supported by his $130,000 salary, yet no one at Associated ever questioned the source of his conspicuous consumption. Miller’s lifestyle came crashing down in December 1984 while he was on vacation. A bank officer called to inquire about a check written to Mr. Miller. An investigation ensued, and Miller confessed to embezzling funds. As part of the 1985 out-of-court settlement with Miller, Associated Communications received most of Miller’s personal property. After leaving Associated, Miller was hired by a former colleague at Associated. He underwent therapy and believed he had his problem with compulsive embezzlement resolved. He could not explain why he was never prosecuted. Whenever he got caught, he always insisted that he was going to pay the company back. Such statements would usually satisfy his employers and get him off the hook. However, he believed that these agreements actually contributed to his subsequent thefts. For example, one rationale for starting to steal from a new employer was to pay back the former one. When interviewed about his past activities, Miller said that he felt his problem with theft was an illness, just like alcoholism or compulsive gambling. The illness was driven by a subconscious need to be admired and liked by others. He thought that by spending money, others would like him. Ironically, he was universally well-liked and admired at each job, and it had nothing to do with money. In fact, one colleague at Associated was so surprised at the news of the thefts that he said it was like finding out one’s brother was an ax murderer. In the interview, Miller also claimed that he was not a bad person. He said he never intended to hurt anyone, but once he got started, he just could not stop.

64

Chapter 3: Review Questions

Chapter 3 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

Which of the following pressures would result from high medical bills? A. B. C. D.

2.

In a recent survey, which pressure did 98 percent of the CEOs at the top 1,000 Canadian companies state as the main reason for Canadian companies reporting fraud-related losses of $39 million? A. B. C. D.

3.

Economic cycles, inflation, and recession. Impending business failures. Urgent need for earnings. Unfavorable economic conditions.

Which of the following is one of the many red flags that appear due to managementrelated pressures? A. B. C. D.

5.

Economic cycles, inflation, and recession. Impending business failures. Urgent need for earnings. Unfavorable economic conditions.

Which of the following pressures is evidenced by things such as declining stock prices, delisting or suspension of stock, credit downgrades by rating agencies, and frequent or increasing numbers of business failures? A. B. C. D.

4.

Bad investments or heavy financial losses. Excessive lifestyle or living beyond ones means. Inadequate compensation. High personal debt.

New accounting, statutory, or regulatory requirements. Heavy dependence on new or unproven product lines. Insatiable intellectual challenge. Threat of job loss.

Which of the following work related pressures results when superiors are not appreciative of their employees, there are substandard working conditions, or where there are significant feelings of ill will, resentment, anger, or alienation? A.

Severe resentment. 65

Chapter 3: Review Questions

B. C. D. 6.

Which of the following is considered a common lifestyle pressure? A. B. C. D.

7.

B. C. D.

Instituting policies with respect to working conditions, compensation, job incentives, and career advancement. Providing financial counseling to those who desire it. Regularly reviewing salaries, wages, and benefits with key employees. Increasing the amount of contact with the client’s personnel.

Developing formal communication systems, such as formal grievance procedures, that allow employees to express their complaints and dissatisfactions and to get redresses for their grievances is an effective way to: A. B. C. D.

10.

True. False.

An example of developing assistance programs is: A.

9.

Severe resentment. Threat of job loss. Drug or alcohol addiction. Rapid change in an industry.

True or false: Very few fraud perpetrators have justifications or rationalizations that allow them to justify their illegal behavior. A. B.

8.

Threat of job loss. Overaggressive compensation plans. Low employee morale and loyalty.

Monitor corporate pressures. Minimize rationalizations. Monitor employee situational pressures. Minimize company pressures.

True or false: Dismissing dishonest employees rather than prosecuting them inadvertently sends a message to other employees that dishonesty does not carry any serious consequences at the company other than termination. A. B.

True. False.

66

Chapter 3: Review Question Answers and Rationales

Chapter 3 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

Which of the following pressures would result from high medical bills? A.

B.

C. D.

2.

In a recent survey, which pressure did 98 percent of the CEOs at the top 1,000 Canadian companies state as the main reason for Canadian companies reporting fraud-related losses of $39 million? A.

B.

C.

D.

3.

Bad investments or heavy financial losses. This answer is incorrect because employee financial pressure from bad investments or heavy financial losses would not result from high medical bills. Excessive lifestyle or living beyond ones means. This answer is incorrect because employee financial pressure from excessive lifestyle or living beyond ones means would not result from high medical bills. Inadequate compensation. This answer is incorrect because employee financial pressure from inadequate compensation would not result from high medical bills. High personal debt. This answer is correct because employee financial pressure from high personal debt could result from high medical bills.

Economic cycles, inflation, and recession. This answer is correct because the survey showed that the CEOs felt that economic cycles, inflation, and recession was the main reason for companies reporting fraud-related losses. Impending business failures. This answer is incorrect because the survey did not show that the CEOs felt that impending business failures was the main reason for companies reporting fraud-related losses. Urgent need for earnings. This answer is incorrect because the survey did not show that the CEOs felt that an urgent need for earnings was the main reason for companies reporting fraud-related losses. Unfavorable economic conditions. This answer is incorrect because the survey did not show that the CEOs felt that unfavorable economic conditions were the main reason for companies reporting fraud-related losses.

Which of the following pressures is evidenced by things such as declining stock prices, delisting or suspension of stock, credit downgrades by rating agencies, and frequent or increasing numbers of business failures? A.

B.

Economic cycles, inflation, and recession. This answer is incorrect because the economic cycle and the resulting effects of inflation and recession are a major management fraud pressure but includes both favorable as well as favorable economic conditions. Impending business failures. This answer is incorrect because although business failures significantly increase in recessionary times, there is a significant

67

Chapter 3: Review Question Answers and Rationales

C.

D.

4.

Which of the following is one of the many red flags that appear due to managementrelated pressures? A.

B.

C.

D.

5.

relationship between impending business failures and fraud even in the best of times. Urgent need for earnings. This answer is incorrect because although companies that face pressures to meet certain earnings levels are sometimes motivated to fabricate those earnings, it is not evidenced by declining stock prices, delisting or suspension of stock, credit downgrades by rating agencies, and frequent or increasing numbers of business failures evidence unfavorable economic conditions. Unfavorable economic conditions. This answer is correct because declining stock prices, delisting or suspension of stock, credit downgrades by rating agencies, and frequent or increasing numbers of business failures evidence unfavorable economic conditions.

New accounting, statutory, or regulatory requirements. This answer is incorrect because new accounting, statutory, or regulatory requirements is a company pressure, not a management-related pressure. Heavy dependence on new or unproven product lines. This answer is correct because heavy dependence on new or unproven product lines is one of the many red flags that appear due to management-related pressures. Insatiable intellectual challenge. This answer is incorrect because the insatiable desire for intellectual challenge is an employee pressure, not a managementrelated pressure. Threat of job loss. This answer is incorrect because the threat of job loss is a work-related pressure, not a management-related pressure.

Which of the following work related pressures results when superiors are not appreciative of their employees, there are substandard working conditions, or where there are significant feelings of ill will, resentment, anger, or alienation? A.

B.

C.

D.

Severe resentment. This answer is incorrect because severe resentment typically results when employees have various perceptions about their workplace such as being treated unfairly or they are underpaid and deserving of more money. Threat of job loss. This answer is incorrect because a threat of job loss would result from external factors such as proposed layoffs, a proposed merger, a proxy contest for control, or any number of other reasons. Overaggressive compensation plans. This answer is incorrect because over aggressive compensation plans would result when executive compensation is closely linked with financial statistics or specific transactions over which only management has control and may motivate management to overstate company performance. Low employee morale and loyalty. This answer is correct because low employee morale and loyalty may result when superiors are not appreciative

68

Chapter 3: Review Question Answers and Rationales

of their employees, there are substandard working conditions, or where there are significant feelings of ill will, resentment, anger, or alienation. 6.

Which of the following is considered a common lifestyle pressure? A. B. C. D.

7.

True or false: Very few fraud perpetrators have justifications or rationalizations that allow them to justify their illegal behavior. A. B.

8.

True. This answer is incorrect because most fraud perpetrators have justifications or rationalizations that allow them to justify their illegal behavior. False. This answer is correct because most fraud perpetrators have justifications or rationalizations that allow them to justify their illegal behavior.

An example of developing assistance programs is: A.

B.

C.

D.

9.

Severe resentment. This answer is incorrect because severe resentment is considered a work-related pressure, not a lifestyle pressure. Threat of job loss. This answer is incorrect because threat of job loss is considered a work-related pressure, not a lifestyle pressure. Drug or alcohol addiction. This answer is correct because drug or alcohol addiction is a common lifestyle pressure. Rapid changes in an industry. This answer is incorrect because rapid change in an industry is considered a management-related pressure, not a lifestyle pressure (See page 36).

Instituting policies with respect to working conditions, compensation, job incentives, and career advancement. This answer is incorrect because instituting policies with respect to working conditions, compensation, job incentives, and career development is an example of creating a proper corporate client. Providing financial counseling to those who desire it. This answer is correct because establishing financial counseling to those who desire it is an example of developing assistance programs that provide employees with the help they need to overcome their problems. Regularly reviewing salaries, wages, and benefits with key employees. This answer is incorrect because regularly reviewing salaries, wages, and benefits with key employees is an example of regularly evaluating employee performance. Increasing the amount of contact with the client’s personnel. This answer is incorrect because increasing the amount of contact with the client’s personnel is an example of monitoring employee situational pressures.

Developing formal communication systems, such as formal grievance procedures, that allow employees to express their complaints and dissatisfactions and to get redresses for their grievances is an effective way to:

69

Chapter 3: Review Question Answers and Rationales

A.

B. C.

D.

10.

Monitor corporate pressures. This answer is incorrect because performing extensive analytical reviews and comparisons would be an effective way to monitor corporate pressures. Minimize rationalizations. This answer is incorrect because avoiding dishonest employees would be an effective way to minimize rationalizations. Monitor employee situational pressures. This answer is incorrect because increasing the amount of contact with the client’s personnel and physical operations would be an effective way to monitor employee situational pressures. Minimize company pressures. This answer is correct because developing formal communication systems that allow employees to express their complaints and dissatisfactions and to get redresses for their grievances is an effective way to minimize company pressures.

True or false: Dismissing dishonest employees rather than prosecuting them inadvertently sends a message to other employees that dishonesty does not carry any serious consequences at the company other than termination. A.

B.

True. This answer is correct because dismissing dishonest employees rather than prosecuting them inadvertently sends a message to other employees that dishonesty does not carry any serious consequences at the company other than termination. False. This answer is incorrect because it is true that dismissing dishonest employees rather than prosecuting them inadvertently sends a message to other employees that dishonesty does not carry any serious consequences at the company other than termination.

70

Chapter 4: Fraud Prevention: Opportunities

Chapter 4 – Fraud Prevention: Opportunities Learning Objectives After completing this section of the course, you should be able to: 1. Discuss the opportunities that lead to the occurrence of fraud and the fraud prevention techniques specific to each of those kinds of opportunities. An opportunity is the condition or situation that allows a person to commit and conceal a dishonest act. Like situational pressures, opportunities do not in and of themselves cause fraud. Individuals can choose to behave honestly; many people successfully resist temptations to commit fraud in spite of the opportunity. However, the probability of fraud increases as the opportunities become more abundant and more convenient. This section of the chapter discusses some of the more important risk factors that make fraud more likely to occur. It also illustrates many of these risk factors with real-life examples. Finally, one or more fraud prevention techniques are presented for each risk factor. Implementing these prevention techniques will significantly reduce the risk of a fraud occurring. It should be noted that one of the most important prevention techniques is performing extensive auditing procedures; however, specific auditing procedures for each risk factor are not discussed in the course materials. Opportunities that Allow Fraud Internal Control -- Risk Factors and Prevention Techniques Risk Factors These factors are among the most crucial: • Inadequate internal control; • Non-enforcement of internal control; and • Inadequate monitoring of significant controls. The most significant opportunity risk factor in most frauds is not enforcing existing internal controls. Other major factors are the absence of adequate internal controls and overriding existing internal controls. Example: The Perini Corporation did not adequately control company checks, even though they were repeatedly encouraged to do so by their outside auditors. As a result they lost $1,150,000. Perini did not control access to blank checks; it stored unused checks in an unlocked storeroom that every clerk and secretary had access to. Checks were written using a check-writing machine that automatically signed the president’s name. The machine dumped signed checks into a box that was supposed to be locked, and the key was supposed to be controlled by an employee from a different department. However, no such employee was assigned, and the box was not kept locked, nor did anyone pay attention to the machine’s counter, which kept track of the number of checks written, so that the number of checks could be compared with the number of vouchers 71

Chapter 4: Fraud Prevention: Opportunities

authorized for payment. These and other inadequacies in control made the theft quite easy to commit. Prevention Techniques • Develop strong internal control -- The best way to deter fraud is to design, implement, and enforce sufficient controls to make fraud difficult to perpetrate. The internal control should include controls for authorizations, clear lines of authority, independent checks on performance, appropriate documents and records, and physical safeguards. Likewise, there should be a separation of duties between the authorization, custodial, and record-keeping functions. The lack of these controls is itself a risk factor. Internal control should contain: o Preventive controls to deter fraud; o Detective controls to discover fraud soon after it occurs; and o Corrective controls to remedy the problems caused by the fraud. The overall responsibility for secure and adequate internal control lies with top management. Management must also establish procedures to ensure that the controls are complied with and enforced. • •

Controls are much more effective when placed in a system as it is built, rather than as an afterthought. There should be controls to ensure enforcement of internal control and controls to ensure that internal control is not overridden. Management should be involved in the design and monitoring of controls.

Risk Factor: Insufficient Separation of Duties Good internal control demands an adequate separation of duties. No single employee should be given too much responsibility. An employee should not be in a position to both perpetrate and conceal fraud. To achieve effective segregation of duties, the following functions must be separated: • Authorization -- Top management empowers certain employees to authorize transactions and make decisions. Authorizations are documented by signing, initialing, or entering a code on the transaction document or record. Employees who subsequently process the transaction should verify the presence of the appropriate authorization(s). • Recording -- This involves preparing source documents; maintaining journals, ledgers, or other files; preparing reconciliations; and preparing performance reports. • Custody -- This may be direct, as in the case of handling cash or maintaining an inventory storeroom, or indirect, as in the case of receiving customer checks via mail or writing checks on the organization’s bank account. If two of these three functions are the responsibility of a single person, problems may arise. Example 1: The former city treasurer of Fairfax, Va., was convicted of embezzling $600,000 from the city treasury. Her scheme worked as follows: When residents used cash to pay their taxes, she would keep the currency. She recorded tax collections on her property tax records but did not report them to the city

72

Chapter 4: Fraud Prevention: Opportunities

controller. Eventually, an adjusting journal entry was made to bring her records into agreement with those of the controller. When cash was received to pay for business license fees or court fees, it would be recorded on a cash register and deposited at the end of each day. She stole portions of this currency but made up discrepancies in the bank deposit by substituting miscellaneous checks received in the mail that would not be missed when they went unrecorded. In this example, one person was responsible both for the custody of cash receipts and for the recording of those receipts. As a result, the city treasurer was able to divert cash receipts and falsify the accounts to conceal the diversion. Example 2: The utilities director of Newport Beach, Calif., was charged with embezzling $1.2 million. He forged invoices or easement documents (for example, for the rights to put a water line through a person’s land) authorizing payments to a real or fictitious city property owner. Finance-department officials gave him the checks to deliver to the property owners. He would then forge signatures, endorse the checks to himself, and deposit them in his own accounts. The control weakness in this case was that the utility director was given physical custody of checks relating to transactions that he had also authorized. This enabled him to authorize fictitious transactions and divert the city’s payments. Example 3: The former payroll director of the Los Angeles Dodgers pleaded guilty to embezzling $330,000 from the team. He would credit employees for hours not worked and then receive a kickback of around 50 percent of their extra compensation. He also added fictitious names to the Dodgers payroll and cashed their paychecks. Since the perpetrator was responsible for both authorizing the hiring of new employees and for recording employee hours worked, he did not need to prepare or handle the actual paychecks. The club treasurer would simply mail the checks to an address specified by the payroll director. The fraud was discovered when the payroll director became ill, and another employee took over his duties. Prevention Techniques • Design and enforce internal control that incorporates adequate separation of duties. • Design clear and proper authorizations procedures. • Use the computer to help segregate duties -- In modern information systems, the computer can often be programmed to perform one or more of the above-mentioned functions’ in essence replacing the employees. For example, computer systems are now capable of recording a digital signature (or fingerprint), which signs a document with a piece of data that cannot be forged. The principle of separating duties remains the same; the only difference is that the computer performs the function rather than a human. Example: Many gas stations are now equipped with pumps that allow customers to insert a credit card to pay for their gas. In such cases, the custody of the “cash” and the recording function are both performed by the computer. These machines not only improve internal controls, they actually improve the process of serving the customer by increasing convenience and eliminating lines to pay for the gas.

73

Chapter 4: Fraud Prevention: Opportunities

Safeguarding Assets -- Risk Factors and Prevention Techniques Risk Factor: Inadequate Safeguarding of Assets If there are inadequate safeguards over assets, there is a good probability that some of them will “sprout wings and fly away.” When people think about safeguarding assets they most often think of cash, checks, and physical assets, such as inventory and equipment. However, in today’s world, one of a company’s most important assets is its information. Accordingly, steps must be taken to safeguard both information and physical assets. Example 1: Jerry Schneider noticed a trash can full of papers on his way home from a Los Angeles-area high school. Rummaging through them, he discovered they contained parts manuals and operating guides for Pacific Telephone and Telegraph’s computers. Over time, his scavenging activities resulted in an impressive technical library. He used the library to penetrate Pacific Telephone’s computer system, order equipment for himself, and instruct the computer to not send him a bill for the goods ordered. He sold the equipment to other companies and even sold some stolen equipment back to Pacific Telephone. He was able to steal $1 million worth of electronic equipment before a disgruntled employee turned him into the police. After serving 40 days in jail, Schneider established a profitable business as a computer security consultant. In essence, he told companies how to protect themselves from people like him. Example 2: A janitor in Inglewood, Calif., was charged with stealing 34 blank checks while cleaning the city Finance Office. He forged the names of city officials on the checks, and cashed them in amounts ranging from $50,000 to $470,000. Prevention Technique Design and implement adequate safeguards over physical assets. The following procedures are used to safeguard assets from such threats as theft, unauthorized use, and vandalism: • Restrict access to physical locations, such as computer rooms and inventory storage. • Restrict physical access to assets, thereby limiting the chances of loss. For example, cash registers, safes, lockboxes, and safety-deposit boxes should be used to limit access to cash, securities, blank checks, and other paper assets. • Restrict access to computer files and information by using passwords and security codes. • Protect records and documents. Access to vital records and documents can be restricted by locking them in desks or file cabinets. Access to blank checks and documents should be limited to authorized personnel. • Discarded paper documents should be shredded. • Employees should be informed of the consequences of using illegal copies of software, and the company should institute controls to see that illegal copies are not in use. • Closed-circuit televisions can be used to monitor areas where sensitive data or easily stolen assets are handled. Processing of Transactions -- Risk Factors and Prevention Techniques

74

Chapter 4: Fraud Prevention: Opportunities

Risk Factor: No Independent Checks on Performance Not having independent checks on performance is a major risk factor. Prevention Technique Design and implement independent checks. Internal checks that evaluate the performance of each transaction processing function are an important control. They should be “independent” because they are more effective if performed by someone other than the person responsible for the original operation. These independent checks include: • Reconciliation of independently maintained records -- For example, checking accounts should be reconciled to bank statements and subsidiary ledgers should be agreed to their general-ledger control account balances. • Comparison of actual quantities to recorded amounts -- For example, funds in a cashregister drawer should be reconciled at the end of each shift with the cash-register tape. • Batch totals -- When records are grouped for processing, batch totals are created. The same control totals are generated by the computer during each subsequent processing step. Discrepancies between the totals indicate that an error occurred during the previous processing stage. • Independent review -- Segregation of duties often results in two or more persons processing a transaction. In such cases, the second person should review the work of the first, performing such tasks as checking for proper authorization, reviewing supporting documents, and checking the accuracy of critical data items. Risk Factor: Inadequate Record Keeping Maintaining inadequate documents and records also poses significant risk. Prevention Techniques • Require accurate records be kept and checked carefully for irregularities. • Require properly designed documents that are used appropriately. The proper design and use of documents and records helps prevent fraud. Documents should: o Be as simple as possible to minimize recording errors and facilitate efficient record keeping, review, and verification; o Contain a space for authorizations or the receiving person’s signature if they are used to initiate a transaction or transfer assets to someone else; and o Be sequentially pre-numbered so each can be accounted for. This reduces the likelihood of fraudulent use by dishonest employees. Record keeping should be well coordinated to facilitate tracing individual transactions through the system. A good audit trail facilitates the prevention of fraud, the correction of errors, and verification of system output. Supervision -- Risk Factors and Prevention Techniques Risk Factor: Inadequate Supervision Fraud is more likely to occur when management fails to set up appropriate managementoversight functions such as adequate supervision and monitoring of remote locations.

75

Chapter 4: Fraud Prevention: Opportunities

Prevention Technique Develop and implement controls for ensuring effective supervision of employees. Effective supervision involves training and assisting employees, monitoring employee performance, correcting errors that occur, and safeguarding assets by overseeing employees who have access to them. Organizational Structure -- Risk Factors and Prevention Techniques Risk Factor: Complex Business Structure An unnecessarily complex organizational structure is another factor that makes committing a fraud easier. Examples include having a multitude of subsidiaries and divisions and several different auditing firms, legal counsels, and banks. Unnecessary complexity makes it easier for inappropriate items to be lost in the shuffle or intentionally buried under a blizzard of paperwork. Many companies legitimately need many subsidiaries and divisions; the key is why there are so many. The danger appears when the purpose of the complex structure is to not allow any one party access to all the pieces or parts of any particular transaction. For example, when a company uses different auditors for its various subsidiaries, none of them are able to see the complete picture or trace transactions between subsidiaries from beginning to end. Example: According to its bankruptcy trustee, the Bonneville Pacific Corporation’s collapse was the most costly in the scandal-ridden alternative energy industry. The trustee claims that the company grossly inflated its revenues, earnings, and assets. It also failed to report contingent liabilities and related-party transactions. The result was financial statements full of material misrepresentations and omissions. Losses were estimated to be half a billion dollars. The trustee further alleged that it is one of the most complex accounting frauds on record. Apparently, Bonneville conducted business with a tangled web of subsidiaries and partnerships. It conducted a series of baffling complex transactions to produce paper profits and persuade people to invest money in Bonneville projects. Some of the transactions were so complicated executives had to diagram them with a grease pencil and drawing board at staff meetings. During one three-year period, Bonneville used more than 300,000 cash and wire transactions to shift more that $1 billion between itself and its subsidiaries and partnerships. Prevention Technique Companies should adopt a clear and appropriate organizational structure. Companies should avoid unnecessarily complex organizational structures and auditors should be very skeptical of them. Companies should: • Have clear lines of authority and responsibility; • Assign responsibility for specific tasks to departments and individuals; and • Have a framework that facilitates planning, directing, and controlling its operations. Accounting Practices -- Risk Factors and Prevention Techniques

76

Chapter 4: Fraud Prevention: Opportunities

Risk Factor: Inadequate or Questionable Accounting Practices Several accounting practices make fraud easier to commit and therefore increase the probability of its occurring. These include: • Liberal accounting practices, such as recognizing revenue before its collectibility is assured or delaying the recognition of expenses as long as possible; • Inadequately disclosing questionable or unusual accounting practices; • Poor accounting records; • Ineffective accounting staff; • An inadequately staffed and overworked accounting department; and • Pushing accounting principles to the limit. Example 1: A company with an understaffed accounting department fell three months behind in its record keeping. An employee took advantage of the confusion to write himself checks worth $450,000. He cashed the checks, left the country, and could never be extradited. Example 2: One real estate company that was going public purchased and resold several nursing homes. The company recognized $2 million in current and deferred profits, even though it only paid a $30,000 down payment when it bought the properties and only received $25,000 in cash when it sold them. The transaction boosted sales from $6.7 million to $22 million and converted its net income from a large loss to a gain. Prevention Technique A well-designed accounting system facilitates and promotes proper accounting practices. The accounting system consists of the methods and records used to identify all valid transactions, record them on a timely basis and at the proper monetary value, properly classify them, and present them properly in the financial statements. Companies should be constantly aware of the convenient opportunities that exist for people in positions of trust to commit fraud. To keep the accounting system under control, companies should require more frequent and thorough accountability from persons in positions of trust through budgeting and performance reports. They should also create the expectation that all financial decisions will be checked for accuracy and appropriateness. The system should include, as appropriate, budgets, quotas, standard costs, and quality standards; performance reports that compare actual performance with planned performance; and procedures for investigating and correcting significant variances or unexpected results. Risk Factor: Authority Figures Who Cannot Be Questioned Dominant and unchallenged management poses a significant fraud risk. Prevention Techniques • Ensure that no one person or small group has unchallenged power. No person or group should have so much power that their decisions and actions cannot be challenged and examined. Such people are usually in a position to impose their views on others,

77

Chapter 4: Fraud Prevention: Opportunities

• •

including auditors and other outside, independent parties. Executives need to have the authority to act decisively and deviate from normal procedures when the circumstances warrant it, but they should still be questioned and required to explain their actions. Require periodic changes that eliminate domination. Set up compensating controls. An example would be effective oversight by the board of directors or an audit committee.

Risk Factor: Management’s Disregard for Guidelines, Controls, or Regulatory Authorities When management fails to follow company controls and guidelines, it sets a bad example for employees. Employees tend to see the company as having two sets of rules, one for them and another for management. When management lives by a different set of rules, employees focus more on what management does than what it says. • In the employee’s mind “What you do speaks so loudly I cannot hear what you say.” As a result, it is easier for employees to rationalize their behavior by saying, “But management does it.” Example 1: At Equity Funding, many employees, including nonmanagement personnel, realized that top management was perpetrating a fraud by misstating the financial statements. They were not detected or punished, so lower-level employees started embezzling too. Officers of one subsidiary were embezzling funds by claiming fraudulent personal travel and business expenses and by charging a wide variety of personal expenses to the company on a regular basis. Example 2: In another case, employees who realized management was overstating revenues began billing the company for hours they did not work. Prevention Techniques A critical aspect of an organization’s control environment is a management philosophy and operating style emphasizing honesty and adherence to controls. The more responsible management’s philosophy and operating style, the more likely it is that employees will behave responsibly in working to achieve the organization’s objectives. If management shows little concern for internal control and ethical behavior, employees are not likely to be as diligent or as effective in achieving specific control objectives. Management’s philosophy and operating style can be assessed by answering questions such as: • Does management take undue business risks to achieve its objectives, or does it assess potential risks and rewards prior to acting? • Does management attempt to manipulate performance measures such as net income so its performance is seen in a more favorable light? • Does management pressure employees to achieve results regardless of the methods required, or do they demand ethical behavior? In other words, do they believe the ends justify the means? Management should display and communicate an appropriate attitude regarding the internalcontrol and financial-reporting processes.

78

Chapter 4: Fraud Prevention: Opportunities

Risk Factor: Employees with a Criminal or Questionable Background One control feature that is often lacking is a background check on all potential employees. To illustrate their importance, consider the case of a large company that decided to check carefully the backgrounds of all potential employees. They screened 6,398 employees and rejected 851 (13.3 percent) of them. This is in line with industry estimates that 10 to 15 percent of screened employees will be rejected. Most are rejected due to previous unsatisfactory employment, providing false information (education, employment, military, etc.), and a past criminal record. The importance of thorough employee-background checks is underscored by the following case: Example 1: Philip Crosby Associates (PCA), a consulting and training firm, undertook an exhaustive search to select a financial director. The person hired was John C. Nelson, an MBA and CPA with a glowing reference from his former employer. In reality, however, both the CPA license and the reference were phony. John C. Nelson was really Robert W. Liszewski, who had recently served an 18-month jail sentence for embezzling $400,000 from a bank in Indiana. By the time PCA discovered this, Liszewski had embezzled $960,000 using wire transfers to a dummy corporation supported by forged signatures on contracts and authorization documents. Great care should also be taken when an entity or its senior management has a known history of securities-law violations or claims against them alleging fraud or securities-law violations. People who have committed prior offenses are more likely to become repeat offenders. Example 2: In the Salad-Oil Swindle, Tony De Angelis converted an old petroleum-tank farm into salad-oil storage tanks and hired American Express Warehousing to independently operate the warehouse. He placed 22 handpicked men at the warehouse and they were able to fool American Express inspectors. They filled the tanks with seawater and then placed a thin layer of oil on the top. The tanks were connected by pipes, and the men piped oil back and forth between the tanks. These and other tricks allowed De Angelis to claim 937 million pounds of oil when only 100 million pounds actually existed. He claimed to own and store more oil than existed in the whole country. De Angelis used the warehouse receipts issued by American Express to borrow money. When the fraud scheme collapsed, it also caused 20 banks to collapse, and lenders were defrauded out of over $200 million. It is important to note that De Angelis had a long history of fraud and deception. Auditing firms should be aware that when they accept a new client the probability of fraudulent activity is much greater than with an existing client. When investigating potential clients, both the principals and the company itself should be examined. Example 3: One of the then-Big Six CPA firms was approached by a cattle operation. In investigating the background of the president, they found that he had previously been involved in a fraud. They declined the engagement. Another of the then-Big Six

79

Chapter 4: Fraud Prevention: Opportunities

firms accepted the engagement and within a few years they were involved in a multimillion-dollar lawsuit because the company had perpetrated a fraud. Prevention Technique Conduct background checks. Check potential employees, audit clients, and major vendors. One way to do that is to use an investigative agency. Investigative agencies can check out: • Underworld or questionable connections; • Financial history to determine credit history, heavy indebtedness, previous bankruptcies, and whether the principals are living beyond their means; • Employment history, including the number of years with the company, previous employers, reputation among associates, and reasons for terminating previous affiliations; • Undesirable conduct, such as gambling, drug abuse, etc.; • Past criminal background; • Personal reputation and educational background; and • Conflicts of interest that may not allow the principals to act objectively. Risk Factor: Related-Party Transactions A related party is anyone the company deals with that can influence company management or operations. Related-party transactions include corporate officers dealing among themselves, with family members, with affiliated companies or with companies they control, or with shell companies. Related-party transactions are inherently more risky than other transactions because they are not at “arm’s length.” There is, therefore, a greater potential for fraud. Example: ESM, a brokerage company dealing in government securities, used a multilayered organizational structure to hide a $300 million fraud. Company officers funneled cash to themselves and hid it by reporting a fictitious receivable from a related company in their financial statements. Prevention Technique Minimize related-party transactions. It is important to carefully control and scrutinize any necessary related-party transactions. Risk Factor: Mutually Beneficial Personal Relationships with Customers or Suppliers These relationships are business transactions that are no longer arm’s length. Purchasing agents and salespeople who develop close associations with vendors and customers are often able to commit a fraud. This is especially true where large amounts of money are at stake. For example, vendors can easily afford to provide a purchasing agent with a kickback in order to win a multimillion-dollar contract. A purchasing agent who is struggling to make ends meet can easily be tempted by these kickbacks. Procurement frauds are especially difficult to detect since the perpetrator does not have to alter the company’s books to cover up the fraud. Example 1: A purchasing agent responsible for acquiring janitorial supplies for a mediumsized city was approached by a paper supplier with a deal. If he would allow them to

80

Chapter 4: Fraud Prevention: Opportunities

supply the municipality with lower-quality paper at the current price, they would give him a kickback of half the excess profits. After this had been going on for a few months, the paper supplier began raising the prices and billing the municipality for five times what they shipped. They also reduced the purchasing agent’s share of the kickback. When he complained, they said: “What are you going to do? Tell your bosses that you have been accepting a kickback?” They were right; he was trapped. There was nothing he could do short of confessing his part in the fraud. Example 2: In the $300 million ESM fraud case, the partner in charge of the audit accepted under-the-table payments from his client to not disclose the fraudulent financial statements. The CPA had been the partner on the job for over eight years. Prevention Techniques • Control association with outsiders -- Frequent associations with suppliers, buyers, and other business agents cannot be eliminated. However, businesses can require that accurate records be kept of all transactions and check these records carefully for irregularities, such as purchases made without the benefit of competitive bids. Any companies found to be violating company policies relating to gratuities should be dropped as a supplier. • Require explicit conflict-of-interest statements -- Companies should develop a manual that outlines the company’s policies and procedures regarding the business associations of purchasers, buyers, sales representatives, and others. • Periodically communicate to vendors and customers the company’s policies regarding gifts and gratuities -- When company policies are clearly communicated to customers and vendors, they are able to determine whether a company’s purchasing agents and salespeople are acting in accordance with company rules. Many frauds have been uncovered after such letters were sent. Example: After a fast-food restaurant discovered a kickback fraud, they sent letters to all their suppliers explaining that it was against company policy for purchasing agents to accept gratuities of any kind from vendors. As a result of the letter, two suppliers stepped in and disclosed two additional frauds perpetrated by purchasing agents. Risk Factor: Operating In a Crisis or Rush Mode During times of crisis, abnormal pressure, or rush jobs there are additional opportunities to commit fraud. For example, when a special project is being hurried for completion, the normal controls are often pushed aside, which results in the following: • Signatures are obtained authorizing uncertain purchases; • Reimbursements are made rapidly and with little documentation; • Record keeping falls behind and cannot be reconstructed; • Materials come and go rapidly and can easily be misplaced; and

81

Chapter 4: Fraud Prevention: Opportunities



Ultimately, no one is entirely sure who is doing what.

Example: One Fortune 500 company was hit with three multimillion-dollar frauds in the same year. All three took place when the company was trying to resolve a series of crises and neglected to follow the standard control activities. Prevention Technique Continue to enforce internal control at all times. General or Administrative Risk Factor: Lack of an Effective Internal-Auditing Staff The fear of someone checking your work and looking for things that are wrong is a powerful motivator not to commit a fraud. When that fear is gone, potential perpetrators are more likely to believe they can commit and conceal a fraud. Prevention Technique Maintain a competent and effective internal-audit department. A competent and effective internal-audit staff that is conducting audits, independently testing and checking transactions, and investigating irregularities is a significant deterrent to fraud. Even though most fraud is not detected by internal auditors (they only catch about 20 percent of all frauds), they are more likely to detect it than most other internal employees. To perform their duties effectively and objectively, the internal-audit function must be organizationally independent of accounting and operating functions. For example, the head of internal auditing should report to the audit committee of the board of directors, the chief financial officer, or the president, rather than to the controller. Risk Factor: No Internal Security System Knowing that there is no internal security system can entice a would-be perpetrator to follow through with a fraudulent activity. Prevention Technique Design and implement a good internal security system. A good internal security system should be developed that focuses on: • Traffic patterns in and out of the company; • Procedures governing the storage and flow of materials; • Internal and external lock-up procedures; • Efficient and effective guard force; and • Protection of sensitive information within the corporation. Risk Factor: Assets Highly Susceptible to Misappropriation Assets such as cash and small, valuable items are vulnerable to theft and abuse. Prevention Technique Certain company assets are especially susceptible to misappropriation; take special care with them.

82

Chapter 4: Fraud Prevention: Opportunities

Since employees with situational pressures are more likely to misappropriate them, special care should be taken with the following assets: • Cash, especially where large amounts are on hand or processed; • Inventory that is small and easy to move and that has a high value or is in high demand; • Assets that are easily convertible to cash, such as bearer bonds, diamonds, or computer chips; and • Fixed assets that are small, marketable, or lack ownership identification. Risk Factor: Unclear Policies and Procedures When policies and procedures are clearly spelled out, they act as a deterrent to potential perpetrators. Prevention Technique Publish a policies and procedures manual containing specific conflict-of-interest statements. A written policy and procedures manual is an important tool for assigning authority and responsibility in many organizations. The manual should spell out management policy with respect to handling specific transactions. In addition, it should document the systems and procedures employed to process those transactions. It should include a detailed listing of the organization’s chart of accounts, along with sample copies of forms and documents. Risk Factor: Placing Too Much Trust in Employees Opportunities arise when too much trust is placed in key employees who are not subject to the normal checks and balances that are so important to safeguarding company assets. Victimized employers are often heard saying, “I cannot believe that person would commit a fraud. That person was one of my most trusted employees.” Example: At Ribeye Corporation, the payroll clerk never missed handling the payroll. Because he was trusted, no one had the responsibility of reviewing his work. Every two weeks the clerk forwarded payroll data for each employee to an outside organization to prepare the checks. When the checks were returned, he ran them through a check-signing machine and forwarded them to the restaurants for distribution. However, the clerk created extra employees and added them to the regular payroll data. It was easy for him to sign the checks using the machine, endorse them, and deposit them into an account he controlled. Periodically, he would terminate the fictitious employees and replace them with others at different restaurants so that his exposure at any one restaurant was limited. The clerk defrauded Ribeye out of almost $300,000. Many fellow employees found it hard to believe that he was guilty of the fraud. In today’s environment of downsizing and re-engineering, more responsibility and trust is being placed in employees. As a result, they are more likely to operate in isolated or specialized contexts that separate them from other individuals, thus making independent checks and supervision difficult.

83

Chapter 4: Fraud Prevention: Opportunities

Prevention Techniques • Persons in positions of trust should be subject to more frequent and thorough accountability. • Do not phase out checks and balances needed for proper controls. Risk Factor: No Policy of Mandatory Vacations during Which Someone Else Performs Duties Many fraud schemes, such as lapping and kiting,1 require the ongoing attention of the perpetrator. Therefore, employees should be required to take an annual vacation, during which time their job functions are performed by others. If mandatory vacations were coupled with a temporary rotation of duties, these types of ongoing fraud schemes would fall apart. Example 1: When federal investigators raided an illegal gambling establishment, they found that Roswell Steffen, who earned $11,000 dollars a year, was betting up to $30,000 a day at the racetrack. Investigators at Union Dime Savings Bank discovered he had embezzled and gambled away $1.5 million dollars of their money over a three-year period. Steffen, a compulsive gambler, started out by borrowing $5,000 to place a bet on a “sure thing” that did not pan out. He embezzled ever-increasing amounts trying to win back the original money he had “borrowed.” He committed his fraud by transferring money from inactive accounts to his own account. If the owner of an inactive account complained, Steffen, who was the chief teller and had the power to resolve these types of problems, replaced the money by taking it from some other inactive account. After he was caught, he was asked how the fraud could have been prevented. He said the bank could have coupled a two-week vacation period with several weeks of rotation to another job function. That would have made his embezzlement, which required his physical presence at the bank and his constant attention, almost impossible to cover up. When perpetrators take time off they run a great risk of getting caught. Example 2: One perpetrator went on vacation and left his secretary very detailed instructions about what transactions to enter for processing and when to enter them. She followed the instructions to the letter, but the person processing the transactions made an error and called the perpetrator for help in correcting the mistake. Since the perpetrator was unavailable, and the secretary knew nothing about the transactions, the person had to investigate the transaction to make the needed correction. The investigation brought the fraud to light.

1

Lapping means that cash receipts are not recorded right away but are shifted between different accounts. This is done to cover up a cash shortage. Kiting refers to writing a check against an account at one bank (which usually does not have sufficient funds to cover it) and depositing or cashing the check through a different account at another bank to take advantage of the time lapse before the check clears.

84

Chapter 4: Fraud Prevention: Opportunities

Prevention Techniques • Set and enforce a policy that requires all employees to take an annual vacation. • Have someone else perform the duties of the person on vacation. The ability to commit and conceal a fraud is thwarted when another person is required to perform the perpetrator’s job when they are on vacation. People who are not required to take a vacation are sometimes caught when they become sick or are not able to be present at work. Example:

A $250,000 management fraud was uncovered when the vice president suddenly died of a heart attack. The other executive involved in the fraud was unable to juggle all of the paperwork needed to conceal the fraud.

Risk Factor: Lengthy Tenure in a Key Job Long-term employees who hold key positions may start to think of themselves as “above the law.” Example: Frank Coccia, the top civilian official at a Defense Department procurement agency, was responsible for purchasing $1.3 billion of military clothing each year. He had been in charge of buying the same products for over 10 years and had won numerous awards for outstanding service. Unfortunately, he began taking kickbacks from companies that wanted to do business with the government. When he was arrested, federal investigators seized over $400,000 in cash, money orders, gold coins, and securities he had received as payoffs. Prevention Technique Rotate key employees periodically or transfer them to different functions. When employees are rotated it often leads to actions that bring misconduct to light. Example: When Grant Thornton’s audit-rotation policy required Richard Knight, the managing partner of its Pittsburgh office, to be replaced as the audit partner of Chambers Development Co., Knight left the firm to go with the client. The SEC claimed that, as the audit partner, Knight knew of Chamber’s improper capitalization methods that led to a $362 million restatement of earnings and class-action lawsuits. The SEC also alleged that at Chambers, Knight “... became a leading actor in the company’s misconduct by directing the preparation of financial statements reflecting increasingly inflated financial results.” Knight neither denied nor confessed to the charges. Risk Factor: Lack of Support for Company Values There should be an effective means of communicating and supporting company values or ethics. Prevention Technique Develop a code of ethics. This should communicate corporate values and motivate employees to live by it. Of particular importance is a formal company code of conduct addressing such matters as standards of ethical behavior, acceptable business practices, regulatory requirements, and conflicts of interest.

85

Chapter 4: Fraud Prevention: Opportunities

Risk Factor: No Audit Trails Knowing that there are no audit trails can further entice a potential perpetration. Prevention Technique Design and implement an accounting system with adequate audit trails. Risk Factor: Managerial Carelessness or Inattention to Technical Details Prevention Technique Train managers to adequately supervise subordinates and to pay attention to technical details. Risk Factor: No Effective Oversight By Board of Directors If there is no supervision by an independent party, such as a board of directors, potential perpetrators might have added confidence that they can execute their schemes without ever getting caught. Prevention Technique Organize an audit committee consisting of independent board of directors’ members as appropriate. They should be given charge of providing adequate management oversight. Risk Factor: Inadequate Training Inadequate training of staff poses a significant fraud risk. Prevention Technique Develop and implement a training program that provides employees with needed skills. This should include fraud prevention and detection skills. Risk Factor: Inaction Management’s failure to correct known reportable conditions on a timely basis also makes an organization appear “fraud-friendly.” Prevention Technique Design, implement, and enforce controls to ensure management’s correction of known reportable conditions on a timely basis. Exhibit 4-1 summarizes these risk factors and lists prevention techniques to make fraud less likely. Exhibit 4-1 Risk factor Inadequate internal control

1. 2.

Nonenforcement of internal control 3. Inadequate monitoring of significant controls

4.

Prevention technique Develop strong internal control. Develop controls to ensure enforcement of internal control. Develop controls to ensure internal control is not overridden. Ensure adequate involvement by management in the

86

Chapter 4: Fraud Prevention: Opportunities

Insufficient separation of duties

Inadequate safeguarding of assets No independent checks on performance Inadequate documents and records

Inadequate supervision Unnecessarily complex organizational structure Inadequate or questionable accounting practices Dominant and unchallenged management

Management disregard for guidelines, controls, and regulatory authorities Employees with a criminal or questionable background Related-party transactions Mutually beneficial personal relationships with customers or suppliers, such that business transactions are no longer arm’s length Operating in a crisis or rush mode Lack of an effective internal-auditing staff No internal security system Assets highly susceptible to misappropriation

design and monitoring of controls. Design and enforce internal control that incorporates an adequate separation of duties. 2. Design clear and proper authorizations procedures. 3. Use the computer to help segregate duties. Design and implement adequate safeguards over physical assets. Design and implement independent checks. 1.

1.

Require that accurate records be kept and check them carefully for irregularities. 2. Require properly designed documents and use them appropriately. Develop and implement controls for ensuring that employees are effectively supervised. Adopt a clear and appropriate organizational structure. Design an accounting system that facilitates and promotes proper accounting practices. 1. Ensure that no one person or small group has so much power that their decisions and actions cannot be challenged and examined. 2. Require periodic changes that eliminate the degree of domination required to commit and conceal a fraud. 3. Set up compensating controls such as effective oversight by the board of directors or an audit committee. Develop a management philosophy and operating style that emphasize honesty and adherence to controls. Conduct background checks on potential employees, audit clients, and major vendors. One way to do that is to use an investigative agency. Minimize related-party transactions and carefully control and scrutinize those that are necessary. 1. Control association with outsiders. 2. Develop explicit conflict-of-interest statements. 3. Periodically communicate to vendors and customers company policies regarding gifts or gratuities. Continue to enforce internal control, even during times of company crisis. Maintain a competent and effective internal-audit department. Design and implement a good internal security system. Take special care with susceptible assets.

87

Chapter 4: Fraud Prevention: Opportunities

Unclear policies and procedures Placing too much trust in employees

No policy of annual vacations during which someone else performs duties

Lengthy tenure in a key job No effective means of communicating and supporting company values or ethics, such as a code of conduct. No audit trails Managerial carelessness or inattention to technical details No effective oversight by board of directors Inadequate training

Management’s failure to correct known reportable conditions on a timely basis

Develop a policies and procedures manual containing specific conflict-of-interest statements. 1. Require more frequent and thorough accountability from persons in positions of trust. 2. Do not reengineer out the checks and balances needed for proper controls. 1. Set and enforce a policy that requires all employees to take an annual vacation. 2. Have someone else perform the duties of the person on vacation. Rotate key employees periodically or transfer them to different functions to make fraud less convenient. Develop a code of ethics that communicates corporate values and motivates employees to live by it. Design and implement an accounting system with adequate audit trails. Train managers to adequately supervise their subordinates and to pay attention to technical details. Organize an audit committee consisting of independent board of directors’ members as appropriate and give them charge of providing adequate management oversight. Develop and implement a training program that provides employees with the skills they need, including fraud prevention and detection skills. Design, implement, and enforce controls to ensure that management corrects known reportable conditions on a timely basis.

88

Chapter 4: Review Questions

Chapter 4 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

For which of the following risk factors would the use of a computer to perform the custody and recording of cash be a proper prevention technique? A. B. C. D.

2.

Restricting access to computer files and information by using passwords and security codes would be a proper prevention technique for: A. B. C. D.

3.

C. D.

The use of a computer to perform the custody and recording of cash. Restricting access to computer files and information by using passwords and security codes. A reconciliation of independently maintained records. Requiring accurate records be kept and checked for irregularities.

For which of the following risk factors would requiring that accurate records be kept and checked for irregularities be a proper prevention technique? A. B. C. D.

5.

Insufficient separation of duties. Inadequate safeguarding of assets. No independent checks on performance. Inadequate record keeping.

A proper prevention technique for the risk factor related to no independent checks on performance would be: A. B.

4.

Insufficient separation of duties. Inadequate safeguarding of assets. No independent checks on performance. Inadequate record keeping.

Inadequate supervision. Inadequate safeguarding of assets. No independent checks on performance. Inadequate record keeping.

Training and assisting employees, monitoring employee performance, and overseeing employees would be a proper prevention technique for: A. B.

Inadequate supervision. Lack of a security system. 89

Chapter 4: Review Questions

C. D. 6.

True or false: Dominant and unchallenged management reduces an organization’s level of fraud risk. A. B.

7.

True. False.

For which of the following risk factors would developing a code of ethics be a proper prevention technique? A. B. C. D.

8.

No independent checks on performance. Managerial carelessness or attention to detail.

Lack of a security system. Unclear policies and procedures. Lack of support for company values. Managerial carelessness or attention to detail.

True or false: Management’s failure to correct known reportable conditions on a timely basis also makes an organization appear “fraud-friendly.” A. B.

True. False.

90

Chapter 4: Review Question Answers and Rationales

Chapter 4 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

For which of the following risk factors would the use of a computer to perform the custody and recording of cash be a proper prevention technique? A.

B.

C.

D.

2.

Restricting access to computer files and information by using passwords and security codes would be a proper prevention technique for: A.

B.

C.

D.

3.

Insufficient separation of duties. This answer is correct because the use of a computer to perform the custody and recording of cash would be a proper prevention technique for the risk factor related to insufficient separation of duties. Inadequate safeguarding of assets. This answer is incorrect because restricting access to computer files and information by using passwords and security codes would be a proper prevention technique for the risk factor related to inadequate safeguarding of assets. No independent checks on performance. This answer is incorrect because reconciliation of independently maintained records would be a proper prevention technique for the risk factor related to no independent checks on performance. Inadequate record keeping. This answer is incorrect because requiring accurate records be kept and checked for irregularities would be a proper prevention technique for the risk factor related to inadequate record keeping.

Insufficient separation of duties. This answer is incorrect because the use of a computer to perform the custody and recording of cash would be a proper prevention technique for the risk factor related to insufficient separation of duties. Inadequate safeguarding of assets. This answer is correct because restricting access to computer files and information by using passwords and security codes would be a proper prevention technique for the risk factor related to inadequate safeguarding of assets. No independent checks on performance. This answer is incorrect because reconciliation of independently maintained records would be a proper prevention technique for the risk factor related to no independent checks on performance. Inadequate record keeping. This answer is incorrect because requiring accurate records be kept and checked for irregularities would be a proper prevention technique for the risk factor related to inadequate record keeping.

A proper prevention technique for the risk factor related to no independent checks on performance would be: A.

The use of a computer to perform the custody and recording of cash. This answer is incorrect because the use of a computer to perform the custody and recording of

91

Chapter 4: Review Question Answers and Rationales

B.

C.

D.

4.

For which of the following risk factors would requiring that accurate records be kept and checked for irregularities be a proper prevention technique? A.

B.

C.

D.

5.

cash would be a proper prevention technique for the risk factor related to insufficient separation of duties. Restricting access to computer files and information by using passwords and security codes. This answer is incorrect because restricting access to computer files and information by using passwords and security codes would be a proper prevention technique for the risk factor related to inadequate safeguarding of assets. A reconciliation of independently maintained records. This answer is correct because a reconciliation of independently maintained records would be a proper prevention technique for the risk factor related to no independent checks on performance. Requiring accurate records be kept and checked for irregularities. This answer is incorrect because requiring accurate records be kept and checked for irregularities would be a proper prevention technique for the risk factor related to inadequate record keeping.

Inadequate supervision. This answer is incorrect because developing and implementing controls to ensure effective supervision of employees would be a proper prevention technique for the risk factor related to inadequate supervision. Inadequate safeguarding of assets. This answer is incorrect because restricting access to computer files and information by using passwords and security codes would be a proper prevention technique for the risk factor related to inadequate safeguarding of assets. No independent checks on performance. This answer is incorrect because reconciliation of independently maintained records would be a proper prevention technique for the risk factor related to no independent checks on performance. Inadequate record keeping. This answer is correct because requiring accurate records be kept and checked for irregularities would be a proper prevention technique for the risk factor related to inadequate record keeping.

Training and assisting employees, monitoring employee performance, and overseeing employees would be a proper prevention technique for: A.

B.

Inadequate supervision. This answer is correct because training and assisting employees, monitoring employee performance, and overseeing employees would be a proper prevention technique for the risk factor related to inadequate supervision. Lack of a security system. This answer is incorrect because designing a good internal security system is the only proper prevention technique for the risk factor related to the lack of a security system.

92

Chapter 4: Review Question Answers and Rationales

C.

D.

6.

True or false: Dominant and unchallenged management reduces an organization’s level of fraud risk. A. B.

7.

True. This answer is incorrect because dominant and unchallenged management increases an organization’s level of fraud risk. False. This answer is correct because dominant and unchallenged management increases an organization’s level of fraud risk because they are fee to do virtually anything.

For which of the following risk factors would developing a code of ethics be a proper prevention technique? A.

B.

C.

D.

8.

No independent checks on performance. This answer is incorrect because reconciliation of independently maintained records would be a proper prevention technique for the risk factor related to no independent checks on performance. Managerial carelessness or attention to detail. This answer is incorrect because training managers to adequately supervise subordinates and to pay attention to technical details is a proper prevention technique for the risk factor related to managerial carelessness or attention to detail.

Lack of a security system. This answer is incorrect because designing a good internal security system is the only proper prevention technique for the risk factor related to the lack of a security system. Unclear policies and procedures. This answer is incorrect because publishing a policies and procedures manual containing specific conflict-of-interest statements is a proper prevention technique for the risk factor related to unclear policies and procedures. Lack of support for company values. This answer is correct because developing a code of ethics would be a proper prevention technique for the risk factor related to the lack of support for company values. Managerial carelessness or attention to detail. This answer is incorrect because training managers to adequately supervise subordinates and to pay attention to technical details is a proper prevention technique for the risk factor related to managerial carelessness or attention to detail.

True or false: Management’s failure to correct known reportable conditions on a timely basis also makes an organization appear “fraud-friendly.” A.

B.

True. This answer is correct because management’s failure to correct known reportable conditions on a timely basis does make an organization appear “fraud-friendly.” False. This answer is incorrect because management’s failure to correct known reportable conditions on a timely basis does make an organization appear “fraudfriendly.”

93

Chapter 5: Fraud Detection

Chapter 5 – Fraud Detection Learning Objectives After completing this section of the course, you should be able to: 1. Identify company vulnerabilities and the various symptoms indicating the presence of fraud in order to detect fraud when it occurs or prevent the occurrence of fraud. Fraud detection can be defined as all of the procedures or actions undertaken to ascertain that a fraud has, in fact, been committed. To detect fraud, a person must first understand where a company is vulnerable. These include the points at which goods and cash flow in and out of the company, the use and storage of assets, and the reporting of financial information. Most crimes leave unmistakable evidence. For example, when a bank is robbed, there are often witnesses and even videotapes of the theft. When a restaurant is robbed after hours, there are broken cash registers and signs of forced entry. In contrast, fraud is a crime that is hard to detect because it is almost never observed directly. There are no videotapes, witnesses, smoking guns, or dead bodies. Instead, the perpetrator takes great pains to conceal his tracks. Therefore, there often is no direct evidence of the fraud. Those looking for fraud must learn to identify the indicators, or red flags, that are present in most frauds. These clues, which are often referred to as fraud symptoms, can point to the existence of fraud. The fact that a person finds a fraud symptom in a company does not mean that fraud actually exists. At that point, there are merely suspicions that a fraud might have taken place. Fraud symptoms should be thoroughly investigated to determine whether they are present due to fraud or due to other conditions. Company Vulnerabilities Four Areas of Vulnerability One of the first steps in fraud detection is to evaluate a company to determine where it is vulnerable to fraud. The four areas of vulnerability are listed below. 1. Receipt of Goods or Cash A company is susceptible to fraud as goods and cash are received into the company. Cash receipts could be stolen or misapplied, or goods intended for the company could be stolen or diverted to unauthorized uses. As a result, the prime areas to look for fraud are the areas of purchasing, receiving, cash receipts, and accounts receivable. 2. Purchasing, Disbursement of Cash, and Shipment of Goods The points at which goods are purchased, shipped out of the company, and cash is paid for ordered goods are especially vulnerable for most companies. Company disbursements could be stolen or diverted to pay personal bills, fictitious bills could be paid, kickbacks or bid-rigging could result in inflated billings, and payments could be made for hours not worked or for

94

Chapter 5: Fraud Detection

employees who do not exist. As a result, the prime areas to look for fraud are purchasing, shipping, cash disbursements, and payroll. 3. Misappropriation of Company Assets Almost any company asset of value is susceptible to fraud. The most frequently stolen asset is cash. Inventory, supplies, equipment, machinery, and fixed assets are also susceptible to fraud. 4. Fraudulent Reporting of Company Results The objective of most fraudulent financial reporting is to make the company results look better than they actually are by inflating assets or net income. Current-year net income can be inflated by: • Recording revenues too soon; • Recording bogus revenues; • Shifting current expenses to a later period; and • Failing to record all liabilities or expenses. Subsequent-year income can be inflated by: • Shifting current income to a later period; or • Shifting future expenses to the current period. Example:

Management at Matrix Science Corporation felt intense pressure to meet what they considered to be unrealistic sales goals. To meet the goals, they kept their books open beyond the last day of the quarter to record subsequent sales, preprinted invoices for orders that had not been shipped, and delayed issuing credit memos for goods returned near the end of the quarter.

Critical areas to watch include revenues of all kinds, major expense categories, and assets such as inventory and receivables. It is also important to be attuned to the possibility of an intentional misapplication of accounting principles. Use of Specialists One important way to increase the probability of detecting fraud is to use specialists trained in assessing company vulnerabilities and detecting fraud. Two types of specialists are discussed: computer security officers and forensic accountants. Computer-Security Officers Most frauds are not detected by internal or external auditors. In one study, only 4.5 percent of 259 cases of fraud were uncovered by auditors. Normal system controls uncovered 45 percent, 32 percent were discovered by accident, and eight percent were found by computer-security officers. The study shows that having a computer-security officer who is responsible for fraud deterrence and detection has a significant deterrent effect on computer frauds. The security officer can monitor the system and disseminate information about improper system uses and their consequences.

95

Chapter 5: Fraud Detection

Forensic Accountants Forensic accountants specialize in fraud prevention, detection, investigation, and audit. Many have degrees in accounting and have received specialized training with the FBI, the IRS, or other law-enforcement agencies. A professional designation has been created to recognize this field. The Association of Certified Fraud Examiners in Austin, Texas, has developed a Certified Fraud Examiner (CFE) certification program. To become a CFE, candidates must pass a two-day exam. There are approximately 16,000 CFEs around the world. There are not very many CFE firms; instead, most CFEs work for CPA or law firms and private and public companies. Fraud Symptoms Fraud is not easy to detect. The perpetrator usually takes great pains to cover up the fraud and to make everything appear normal. However, the perpetrator is left exposed at three key points: • When the item of value, such as cash, is stolen or some part of the financial statement is materially misrepresented. • When the perpetrator conceals actions so that the fraud scheme is not detected. Concealment often requires documents or records to be created or altered, journal entries to be made, or some other effort made to ensure that the books balance. • When the perpetrator converts noncash assets into a form that can be used or spent. As each of these three steps is undertaken, the perpetrator is vulnerable. For example, the perpetrator could be spotted taking the physical asset or misstating the information. The created or altered documents that hide the fraud can be spotted by someone else. The perpetrator could be caught trying to cash stolen checks. The vulnerability is not limited to the point in time when these three steps are taken. It extends for some time, often almost indefinitely. For example, it could be days or weeks later that the stolen item is missed. The auditor could note the altered document during the year-end audit. When a company reconciles its checking account, it could spot a stolen check that was cashed. Whenever a fraud takes place, there are a number of signs or manifestations that a fraud has taken place. For example, there could be missing assets, fraudulent documents, and forged checks. These signs or manifestations are referred to as fraud symptoms. There are symptoms at each point of the fraud: the theft, the concealment, and the conversion. Being aware of these symptoms and actively searching for them is one of the best ways to detect fraud. The fact that fraud symptoms are present is not a guarantee that fraud actually exists. However, every time there is a fraud, one or more of these symptoms is present. Unfortunately, most people are unaware of what constitutes a fraud symptom. As a result, the symptoms are rarely recognized. Oftentimes, those familiar with fraud symptoms are so busy they do not notice them. Many of those that are noticed are never properly investigated. As a result, many frauds are not

96

Chapter 5: Fraud Detection

detected or uncovered as soon as they could be. The result is an ever-increasing amount lost to fraud. When fraud symptoms are recognized and investigated, frauds often can be detected early. This saves the company money. An active approach to searching for symptoms and investigating fraud also serves as a deterrent to further fraud taking place. Several fraud symptoms will now be discussed. Accounting Symptoms All organizations have an accounting system that collects data about company transactions and activities. In a typical company: • Data is captured on paper documents or electronic forms; • Data is summarized and entered into accounting files and ledgers in the form of journal entries; and • Data in these files and ledgers is periodically summarized and organized into financial statements that are provided to the managers and owners of the business. When a fraud is committed, some element of the documents, journal entries, or ledgers is often altered, forged, manipulated, or destroyed to hide the fraud. This action usually produces what is referred to as an accounting symptom. This section of the chapter discusses some accounting symptoms. Time and space limitations do not permit us to discuss all of the accounting symptoms, but some of the more prevalent are discussed below. Altered, Forged, or Unusual Documents The following are different types of document symptoms. • Altered or forged -- They can contain erasures, whiteouts, or markovers. A favorite trick of fraud perpetrators is to create new documents from pieces of original documents. Then the new document is photocopied so that you cannot tell it was created from other documents and used to replace the original. Example:

When Barry Minkow needed audited financial statements, he offered Mark Morze, the ZZZZ Best accountant, a $200,000 bonus if he could fool the auditor into issuing a clean opinion. Morze created the documentation needed to support the fraudulent financial statements. He created hundreds of fake cashier's checks by making a clean photocopy of an original; whiting out the payee, date, and amount; typing in the new information; and making another photocopy. He made phony bank statements by borrowing originals, cutting and pasting individual lines on ZZZZ Best statements, and then photocopying them. He also used a copy machine to create fake invoices and worksheets.

97

Chapter 5: Fraud Detection

When a lender insisted on seeing a nonexistent eight-story building being restored in Arroyo Grande, he went there to take a picture. However, the tallest building in town was only three stories high. Undaunted, he lay down and took a picture that cut off the top of the building and made it look taller than it was. This "proof" convinced the lender. • • • • •

Destroyed or "missing" documents. Duplicated documents -- An example might be a second payment for a single invoice, or duplicate vendor invoices. Documents that were previously “used” and/or recorded out-of-sequence. Voided documents -- The perpetrator can use a document or its number for some unauthorized reason and then mark it void. When the document is examined later, there may be no evidence that it was ever used for unauthorized purposes. Documents that contain unusual or abnormal items -- These may include things such as questionable handwriting, second endorsements on checks, information that does not make sense, an overabundance of common names or addresses, and stale items on bank reconciliations.

Large, Unusual, or Complex Transactions at Year-End Of concern are unique, highly complex, and material transactions close to year-end that pose difficult "substance over form" questions. Also of concern are large and profitable transactions near the end of the year or quarter. Numerous Adjusting Entries at Year-End A company that is in trouble or is trying to improve its financial results may choose to manipulate its books with a flurry of adjusting entries near the end of the year. Year-end adjusting entries should always be scrutinized carefully. However, when there are more than usual, the entries should be scrutinized especially well. Example:

At the end of almost every quarter, Lincoln Savings and Loan made journal entries that artificially inflated its earnings. There were at least 13 of these transactions, and most of them resulted in Lincoln reporting a net income instead of a net loss. In total, Lincoln overstated its income by more than $100 million dollars.

Unusual Journal Entries Anytime a journal entry does not adhere to the normal company format and procedures, it is suspect. Suspect journal entries would include the following: • Entries that are inaccurate, such as ones that do not balance. • Entries that are made by an unauthorized individual. • Entries that are not logical entries to an account. This is especially important in accounts such as cash and inventory that are particularly susceptible to fraud. • Entries that do not have the usual supporting documentation.

98

Chapter 5: Fraud Detection

Ledger Problems These include ledgers that do not balance or general-ledger control accounts that do not tie to subsidiary ledger balances. Some perpetrators are unable to effectively cover up their frauds. For example, in an inventory fraud, the perpetrator may not be able to make an entry in company records to decrease the inventory account. At some point, when inventory is counted, the inventory shortage is noted when the balance on hand does not match the amount on the books. However, since this symptom could also be the result of an employee error or spoilage, many companies do not adequately investigate the shortages. They simply accept them as a cost of doing business. This failure to investigate the shortages makes it possible for perpetrators to continue to perpetrate their fraud, as long as they do not get too greedy. Selecting or Changing to More Liberal Accounting Practices A company president once asked his controller what the year-end net income was going to be. The controller responded "What do you want it to be?" This illustrates the point that management can often juggle their books to make net income be whatever they want it to be. One way of doing this is to adopt unusually liberal accounting policies. Various approaches are available to value inventory, amortize or depreciate an asset, recognize revenue, estimate warranty costs, or write off bad debts. When more than one accounting principle can be chosen by a company, care should be exercised if the more liberal practice is selected, unless there is a clear reason why that practice is more acceptable and appropriate. Example:

In 1980, Union Carbide was legitimately able to increase its net income for the first quarter by $217 million. This increase was made possible by three changes in its accounting policies: o Changing from a conservative to a liberal depreciation policy; o Changing the way the company accounted for investment tax credits; and o Capitalizing rather than expensing interest costs during construction.

"Going-Concern" or Adverse Opinions Companies that receive a "going-concern" or adverse opinion are under more pressure than companies that do not receive one. The "going-concern" or adverse opinion may be indicative of more serious problems at the company, problems that might motivate management to resort to fraudulent means to keep the company operating. Example:

The CPA firm for AFCO, a Utah-based land-development company, issued an adverse opinion on its financial statements. The adverse opinion was given because the company insisted in presenting its development property at what it considered to be its market value, rather than its cost. In addition, most of the rest of AFCO's assets consisted of a receivable from a non-arm's-length sale of property to a related party.

99

Chapter 5: Fraud Detection

The adverse opinion was prophetic; the $21 million of assets on the balance sheet was grossly overstated. AFCO declared bankruptcy and most of the $70 million dollars investors sunk into AFCO limited partnerships was lost. Premature Recognition of Revenue Revenue is normally recognized when the earnings process is complete. Companies that recognize revenue before the process is completed or before an exchange has occurred may be trying to manipulate net income. There are a number of ways to recognize revenue prematurely besides shipping goods before a sale has been completed. A few of those are recording revenues even though: • Material uncertainties exist; • The buyer is unlikely to pay for the goods or is likely to return them; • Future services are due; or • The company bills for goods that are never shipped. Example:

Jiffy Lube was accused, in a civil lawsuit, with prematurely recognizing franchise-fee revenue and thereby overstating its revenues and net income. The company had to restate its financial results. As a result, its 1989 net income of $7 million was turned into a loss of $79 million.

Current Expenses Moved to a Later Period Delaying current-year expenses and moving them to a later period is another way to boost current-year revenues and profits. There are a number of ways to do this. Some of the more common are: • Improperly capitalizing costs, such as start-up, research and development, advertising, and administrative costs. Example:

• •

The SEC investigated Savin Corporation and decided that from 1981 to 1984 they had improperly capitalized research and development costs. As a result, assets and net worth for those years were, in total, overstated by almost $100 million.

Depreciating or amortizing assets too slowly. Not writing off bad loans or uncollectible receivables.

While some of these approaches to delaying costs may not be viewed as fraud, the fact that a company chooses to use them may be indicative that there are more serious problems that do constitute fraud. Analytical Symptoms According to SAS No. 56, analytical procedures are evaluations of plausible relationships among financial and nonfinancial data.

100

Chapter 5: Fraud Detection

The auditor uses historical records, projections, and trends to develop expectations about the company and its data. These expectations are then compared to the company's recorded amounts. Unless there are legitimate reasons, any significant deviation from the expectations signals an area for further investigation. Financial statements can be compared to those of prior periods. The actual dollar amounts can be compared as well as the ratios calculated from the statements. Company ratios and financial data should also be compared to those of companies in the same industry. We discuss analytical symptoms in three main sections: • Financial-statement review; • Ratio and trend analysis; and • Relationships or conditions that are so unusual or unrealistic that they might indicate the presence of fraud. Financial-Statement Review We discuss two approaches to reviewing financial statements: vertical and horizontal analysis and cash-flow statement analysis. Vertical and Horizontal Analyses These analyses are means of analyzing individual financial-statement account balances. This approach converts financial-statement numbers to percentages so that relationships between data are easier to understand. For example, for most people, it is more meaningful to say that the cost of goods sold went up by 50 percent than to say it went from $400,000 to $600,000. • Vertical analysis. o On the balance sheet, total assets as well as total liabilities and equity are assigned a value of 100 percent. All other balance-sheet items are shown as a percentage of these two totals. o In performing a vertical analysis on an income statement, net sales are assigned a value of 100 percent. All other income-statement numbers are shown as a percentage of sales. Exhibit 5-1 shows a vertical analysis of a balance sheet and an income statement for an example company (note that differences are due to rounding). •

Horizontal analysis -- In a horizontal analysis, account balances for two separate years are analyzed by comparing the percentage changes between the years. The total dollar change is also shown. Exhibit 5-2 shows the horizontal analysis for the example company (note that differences are due to rounding).



Vertical/horizontal analysis -- What does vertical and horizontal analysis show us? Look at the vertical analysis of the income statement in Exhibit 5-1. o Note that the gross margin percentage for Year 1 was 50 percent and for Year 2 it was 60 percent.

101

Chapter 5: Fraud Detection

o Now look at the income-statement horizontal analysis in Exhibit 5-2. o Note that sales went up by 25 percent, but the cost of goods sold remained the same. Also note that inventory on the balance sheet is $400,000 in Year 1 and $500,000 in Year 2. Is it logical that sales could increase by 25 percent without the cost of goods sold increasing? There may be an explanation for this, but in this case, the increase is a result of management intentionally overstating inventory by $100,000 to cause net income to rise. To illustrate this, consider the example below. Assume that the correct value of ending inventory is $400,000. Example:

+ Sales + Beginning inventory + Purchases - Ending inventory - Cost of goods sold = Gross margin

= Cost of goods sold

Correct $1,000,0 00 300,00 0 600,00 0 400,00 0 500,000 500,00 0 $500,000

Fraudulent $1,000,00 0 300,00 0 600,00 0 500,00 0 400,000 400,00 0 $600,000

By overstating ending inventory by $100,000, management was able to increase its gross margin by that same amount. And of course, net income before taxes went up by the same amount. There is another fraud in these statements that the vertical and horizontal analysis can help discover. Note in Exhibit 5-1 that cash went from 20 percent of assets in Year 1 to 14 percent in Year 2 and that receivables went from five percent to nine percent. Note in Exhibit 5-2 that cash declined by 25 percent, while receivables went up by 100 percent. That is a huge percentage rise in accounts receivable. In this case, an investigation showed that an employee stole $50,000 in cash and concealed the fraud by inflating accounts receivable.

102

Chapter 5: Fraud Detection

Exhibit 5-1 Example Company Vertical Analysis of Balance Sheet Year 2

Year 1

ASSETS Cash Accounts receivable Inventory Fixed assets

$150,000 100,000 500,000 350,000

Total assets

$ 1,100,000

14% 9% 45% 32%

$ 200,000 50,000 400,000 350,000

20% 5% 40% 35%

100% $ 1,000,000

100%

LIABILITIES AND EQUITY Accounts payable Note payable Common stock Retained earnings

100,000 200,000 400,000 400,000

Total liabilities and equity

$ 1,100,000

9% 18% 36% 36%

100,000 200,000 400,000 300,000

10% 20% 40% 30%

100% $ 1,000,000

100%

Example Company Vertical Analysis of Income Statement Year 2

Year 1

Sales Cost of goods sold Gross margin

$ 1,000,000 400,000 $ 600,000

100% 40% 60%

$ 800,000 400,000 $ 400,000

100% 50% 50%

Expenses: Administrative Selling Income before taxes

75,000 125,000 $ 400,000

8% 13% 40%

65,000 105,000 $ 230,000

8% 13% 29%

Income taxes Net income

200,000 $ 200,000

20% 20%

115,000 $ 115,000

14% 14%

103

Chapter 5: Fraud Detection

Exhibit 5-2 Example Company Horizontal Analysis of Balance Sheet Year 2

Year 1

Change

% Change

Cash Accounts receivable Inventory Fixed Assets

$150,000 100,000 500,000 350,000

$200,000 50,000 400,000 350,000

$(50,000) 50,000 100,000 -

-25% 100% 25% 0%

Total Assets

$1,100,000

$1,000,000

$100,000

10%

100,000 200,000 400,000 400,000

100,000 200,000 400,000 300,000

100,000

0% 0% 0% 33%

$1,100,000

$1,000,000

$100,000

10%

ASSETS

LlABILITlES AND EQUITY Accounts Payable Note Payable Common Stock Retained Earnings Total Liabilities and Equity Example Company Horizontal Analysis of Income Statement Year 2 Sales Cost of Goods Sold Gross Margin Expenses: Administrative Selling Income before taxes Income taxes Net income

Year 1

Change

$1,000,000 400 000 $600,000

$800,000 400,000 $400,000

$200,000 $200,000

% Change 25% 0% 50%

75,000 125,000

65,000 105,000

10,000 20,000

15% 19%

$400,000 200,000 $200,000

$ 230,000 115,000 $115,000

170,000 (85,000) $(15,000)

74% 74% 74%

Analysis of the Cash-Flow Statement Another statement that can be used to detect fraud is the statement of cash flows. Since cash is the most frequently stolen asset and the statement of cash flows shows how cash changed during the year, an analysis of this statement is an excellent means of detecting fraud. 104

Chapter 5: Fraud Detection

Exhibit 5-3 shows a simple cash-flow statement for Cougar Creations. Assume that from the other statements you know that sales are rising significantly. The company had held the land it sold for a number of years, and the sale amount was rather large. Exhibit 5-3 Cougar Creations Statement of Cash Flows Cash flows from operations Net income Adjustments to net income Depreciation expense Increase in receivables Decrease in inventory Increase in accounts payable Net cash inflow from operations Cash flows from investing activities Purchase of equipment Sale of land Net cash outflow from investments Cash flows from financing activities Payment of dividends Borrowings from bank Net cash outflow from financing Net increase in cash

$140,000 30,000 (10,000) 45,000 30,000 $235,000

($40,000) 15,000 ($25,000)

($40,000) 20,000 ($20,000) $190,000

An analysis of this statement would lead a fraud investigator to ask and investigate the following types of questions: • Did the company's cash balance actually increase by $190,000? If not, what happened to it? Was it stolen? • If sales are up significantly, why did receivables increase by only $10,000? Could the company be booking bogus sales? • If sales are up significantly, why did inventory decrease by $45,000? Again, could the company be booking bogus sales? • If inventory decreased by $45,000, why did the accounts payable balance rise by $30,000? Is a theft of cash being hidden by delaying payment? • If the land was owned for a number of years and sold for a rather large amount, why was it sold for only $15,000? Was the land sold at fair market value or was the sales price artificially small because it was sold to a related party? • Why was the equipment purchased? Was it purchased at a fair market value, or from a related party at an inflated price? • If cash increased by $190,000, why borrow $20,000?

105

Chapter 5: Fraud Detection

It is important to realize that financial-statement analysis merely suggests areas where fraud MIGHT have occurred; it does not prove that a fraud took place. Ratio and Trend Analysis Symptoms Auditors often use ratio and trend analysis to identify unusual relationships between key numbers on the financial statements. They find that it provides a good understanding of the entity's performance and is an excellent technique for discovering material errors. Exhibit 5-4 below lists a number of common ratios used to evaluate company data. Since most accountants are familiar with ratio and trend analysis, we forgo an explanation of those items in favor of other items less readily understood. Unusual Relationships Many analytical fraud symptoms are conditions or data relationships that are unusual, unexpected, or unrealistic. Many are found using the ratios shown in Exhibit 5-4 below. Exhibit 5-4 Profitability Ratios Gross profit margin Operating margin Net profit margin Return on assets (ROA) Return on equity (ROE) Price/earnings (PE) ratio Cost of goods sold percentage

= = = = = = =

Gross profit/Net sales Operating profit/Net sales Net income/Net sales Net income/Total assets Net income/Total equity Price per share of stock/EPS Cost of goods sold/Net sales

= = = = =

(Cash + Securities)/Current liabilities Current assets/Current liabilities Current assets - Current liabilities (Current assets - Inventory)/Current liabilities Inventory/(Current assets - Current liabilities)

= = = =

Total debt/Total assets Total debt/Total equity Long-term debt/Total equity Operating income/Interest expense

Liquidity Ratios Cash ratio Current ratio Working capital Quick (acid test) ratio Inventory to net working capital Solvency Ratios Debt-to-assets ratio Debt-to-equity ratio Long-term debt-to-equity ratio Interest coverage ratio Activity Ratios

106

Chapter 5: Fraud Detection

Accounts receivable Days to collect receivables Inventory turnover Days to sell inventory Property, plant, and equipment (PPE) turnover PPE percentage Sales return percentage Asset turnover

= = = =

Sales/Average accounts receivable turnover 365/Accounts receivable turnover Cost of sales/Average inventory 365/Inventory turnover

= = = =

Net sales/Average net PPE Net PPE/Total assets Sales returns/Total sales Net sales/Average total assets

Other Ratios Receivable percentage = Bad-debt percentage of receivables receivable Bad debt of total sales = Inventory percentage = Debt percentage ratio =

Accounts receivable/Total assets = Bad-debt expenses/Average accounts Bad-debt expense/Total sales Inventory/Total assets Total liabilities/Total assets

However, there are a number of other analyses that can be performed to detect fraud. Many require a fraud investigator to compare financial-statement data to nonfinancial data and determine if the comparison makes sense. Many of the other analyses also involve being creative, challenging explanations, and actively looking for relationships between data items that do not make sense. CPAs should look for transactions or data that are: • Too large or too small; • Too frequent or too rare; • Too high or too low; • Too much or too little; or • Too early or too late. They should also include transactions or data that: • Happen at odd times or places; • Are not performed by the usual people; • Do not follow the normal policies, procedures, or practices; or • Are out of order or sequence. Example:

Kimberly Scott was an auditor at Elann Industries, a large conglomerate. When she reviewed the sheet-metal subsidiary financials, she could not understand why inventory had increased fivefold in one year. Her analytical tests revealed the following: o Based upon the cubic volume of their warehouse and the inventory, more than two warehouses would be required to house all of the inventory.

107

Chapter 5: Fraud Detection

o Some rolls of sheet metal supposedly weighed 50,000 pounds; their largest forklift could only lift 3,000 pounds. o Purchase orders supported an inventory of 30 million pounds. The reported amount was 60 million pounds. When she confronted management with her evidence, they admitted to grossly overstating inventory to inflate profits. They had forecast increased earnings and overstated inventory to meet their target. Inventory, which was originally shown at $30 million, was written down to $7 million. Management inflated inventory by preparing fictitious inventory records. Late at night, a manager at Elann had added fictitious tags to the box where auditors stored the tags previously verified. Because they did not want to add too many tags and a massive amount of inventory to be fabricated, they made the mistake of including bogus tags for 50,000pound rolls of sheet metal. The manager also had to substitute new inventory-reconciliation lists that agreed with the total of the valid and fraudulent tags. A number of unusual conditions or relationships that are seen frequently are presented below in the form of fraud symptoms. • A company whose ratios and operating performance are significantly better than others in its industry -- Since companies in the same industry face the same competitive and economic challenges, it is likely that all companies in the same industry will have somewhat similar ratios. Therefore, company ratios and trend analyses should be compared to those of other companies in the same industry. These statistics are available from organizations such as Moody's and Dun and Bradstreet. Any notable divergences should be investigated. Example:



In the early 1970s, Equity Funding stock was a favorite of stock market investors. A main reason for its popularity was that it was showing record profits at a time when other insurance companies were showing losses. Only later was it discovered that their profits were fabricated. Equity Funding generated more than $2 billion worth of fictitious insurance policies that it sold to reinsurance companies.

An increase in accounts receivable without a corresponding increase in sales -- There may be a logical explanation for this, such as a recession or financial problems in the industry or with a specific customer. On the other hand, the explanation may be that cash or short-term securities are being stolen, and to balance the financial statements receivables are being overstated. Example:

Over a seven-year period, accounts receivable in one large industrial company increased until it was 90 percent of total assets. The large increase was required to hide management's theft of $300 million.

108

Chapter 5: Fraud Detection



A significant rise in the number of overdue or related-party receivables. Example:



An increase in inventory without a corresponding increase in sales -- When the growth in inventory outstrips the growth in sales, a company usually ends up with inventory it has a hard time selling or that becomes obsolete. Example:

• •

In the mid-1980s, Crazy Eddie was a fast-growing electronics retailer. Between 1984 and 1986, its stock rose from a split-adjusted price of $2 to almost $22. However, it lost control of its inventory. In 1986, sales increased 88 percent as inventory increased 125 percent. In 1987, sales increased 34 percent and inventory increased 83 percent. When the stock price collapsed, Crazy Eddie was sued. The lawsuits alleged that Crazy Eddie manipulated its inventory, and falsely recorded the sale of excess goods to other retail stores at retail prices rather than at cost or market value.

An increase in inventory without a corresponding increase in warehouse, storage, and handling costs. An increase in inventory without a corresponding increase in accounts payable and purchases. Example:

• •

Donald Sheelen, the CEO of Regina Vacuum, owned 40 percent of the stock and was vitally interested in having the stock rise. To improve earnings, Regina booked bogus sales, prematurely recognized revenues, and did not book millions of dollars of defective merchandise that was returned because plastic parts were melting. The defective merchandise also resulted in a significant increase in uncollectible and overdue receivables.

The financial-statement fraud at Comptronix Corporation was uncovered when a college professor who was reading the company's annual report noticed that inventory increased but accounts payable and purchases did not. He also noted that sales increased but receivables did not. An investigation showed that management was overstating sales and inventory to increase reported earnings.

Persistent inventory shortages for portable and easily sold items. An increase in sales without a corresponding increase in cash sales or cash balances. Example:

Sales at an automobile-repair business went up each year, but the amount of cash sales and cash balances steadily declined. The owner finally discovered that his accountant was stealing increasing amounts of cash by pocketing the money from cash sales. By the time the fraud was discovered, he was stealing over half of all cash receipts.

109

Chapter 5: Fraud Detection



An increase in sales even though the company loses major customers. Example:

Sales at Miniscribe, a personal computer disk-drive maker, increased from $114 million to $603 million between 1985 and 1989. This increase took place even though it lost IBM, Apple, and Digital Computer Corporation as customers. Sales increased because the company: o Packaged and shipped bricks and recorded the shipments as sales of hard drives; o Repeatedly sold and shipped defective merchandise; o Flooded their suppliers with excess inventory before year-end; and o Shipped drives to warehouses and booked them as sales.

• • •

Increased dependence on one or two suppliers or customers. An increase in sales or purchases without a corresponding rise in freight expenses. An inordinate number of sales returns or credit memos after the beginning of the year -Suppose a company's profits or revenues are below expectations. One way to increase them is to ship merchandise to customers and recognize revenue as each shipment is made, even though a sale has not actually been finalized. In many frauds of this nature, customers are pressured to accept goods they do not want or are shipped goods they did not order. This symptom is even more important if these shipments occur just before the company's fiscal year-end. Example:

The SEC accused Datapoint Corporation, a maker of local area network systems, with boosting revenues and net income by: o Shipping products ahead of scheduled delivery dates; o Sending partial shipments; and o Knowingly shipping orders that customers had canceled. The SEC investigation and disclosure played a large part in the stock falling from almost $120 a share to $11 a share.

• •

Sales returns or credit memos rising faster than sales. An increase in variable costs without a corresponding increase in revenue. Example:

• •

An auditor for a large motel chain noticed that the cost of laundry and toiletries at one of its units was rising significantly at the same time revenues remained flat. An investigation showed that room occupancy was up (requiring more laundry and toiletries), but the manager was pocketing many of the room rentals paid for in cash.

An increase in manufacturing volume without a corresponding decrease in per-unit labor and materials costs. An increase in manufacturing volume without a corresponding increase in scrap sales and discounts on purchases.

110

Chapter 5: Fraud Detection



Inadequate or overly generous reserves -- One way to manipulate net income is not to set up adequate reserves for actual or estimated losses. For example, a property and casualty company could grossly underestimate its losses due to hurricane damage. Example:

First Executive Life Insurance Company suffered extensive losses in both the junk-bond market and the real estate market. In an effort to disguise the true financial condition of the company, the losses were not adequately written down. In April 1991, regulators seized First Executive and its affiliates. In May, First Executive filed for Chapter 11 bankruptcy; it was one of the biggest insurance failures in American history.

Though much less common, companies can also set up overly generous reserves. The most common reason for doing this is to "smooth" earnings. In other words, companies can "store" earnings in a reserve account so that they can hedge against a future downturn. Income smoothing is often symptomatic of more serious problems that might result in fraudulent activity. •

Cash disbursements that do not make sense. Example:

• • • • • • • • •

One alert auditor noticed there was no supporting documentation for a payment to the Oldsmobile dealer for bodywork on the president's Cadillac. Curious about why they would send the Cadillac to the Olds dealer for bodywork, he investigated further. He found that no claims had been sent to the organization’s insurance company. He also found that a payment of exactly the same amount was made every month, and none of them had any supporting documentation. He was unable to find any record of a fixed-fee maintenance agreement. When he called the Olds dealer, he found that the payments were being applied to a woman's car loan. Further investigation revealed that the woman was the business manager's girlfriend, and he was paying off her car loan.

An increase in net income without a corresponding increase in cash flow from operations. Deteriorating quality of earnings. A significant increase in the number of voids, credits, reconciling items, or late charges. Significant increases, decreases, or adjustments to "at-risk" accounts such as payables, receivables, or inventory. “Missing” employees at unscheduled payroll distributions. A significant increase in the number of dormant accounts activated. A significant percentage rise in expense reimbursement amounts. Persistent cash shortages in any cash account or cash register. Unexplained changes in financial-statement balances. Behavior Symptoms

111

Chapter 5: Fraud Detection

Altered Behavior How would you feel if you began committing a fraud? Would you feel fear? Guilt? Anxiety? How do you think these feelings would affect you? Behavioral psychologists and experienced fraud investigators say that most fraud perpetrators, especially if they are first-time offenders, alter their behavior in recognizable ways. Unexplained Behavior Changes Some of the more recognizable changes are: • Nervousness and fidgety appearances; • Inability to look others in the eye; • Stress, tension, and an inability to relax; • Unusual irritability, constantly on the defensive; • Being very suspicious of others and their motives; • Insomnia; • Becoming argumentative, belligerent, or adopting an overbearing manner; • Being unable to admit mistakes, or always excusing behavior; • Unhappiness and the inability to enjoy life; • Obsession with what will happen to them if they are caught; • Drinking binges, taking drugs, or beginning chain-smoking; and • Thoughts of suicide. A number of fraud perpetrators who can no longer live with their actions take their own lives. Example 1:

Eddie Antar, who orchestrated the Crazy Eddie fraud, became increasingly overbearing as the fraud progressed. Finally, unable to live with his fear that he would be caught and his obsession with what would happen to him if he were caught, he disappeared. He was later extradited from Israel to face fraud charges.

Example 2:

Lester B. Nay, the president of First Securities of Chicago, left a suicide note explaining how he had tricked investors into placing money in nonexistent, high-yielding escrow accounts. He defrauded them out of millions of dollars.

Management Pressures Other behavior symptoms (listed below) do not involve change, but have more to do with management inquisitiveness, pressures, or turnover. • Management is overly inquisitive about the effect of alternative accounting treatments on earnings per share. • Management has excessive interest in maintaining or increasing the company's stock price or earnings trend through the use of unusually aggressive accounting practices. • There could be client pressure to complete the engagement in an unusually short amount of time.

112

Chapter 5: Fraud Detection



Rapid turnover -- This is characterized by the unexplained resignation or frequent turnover of management or board of director members. Also, rapid turnover of key employees, either through firing or voluntary terminations can also indicate problems. Key employees are often either fired because they will not cooperate with the dishonest acts or they quit because they do not agree with the dishonest attitudes of other key officials. Example:

Equity Funding had three different controllers in one year. The first one quit because of the irregularities. When his replacement discovered them, he refused to sign SEC documents concerning the financial condition of the company. The president offered the second controller a promotion in exchange for his cooperation. The promotion was declined, and the second controller left the company. A third controller was hired and he was eventually implicated in the fraud.

Tip and Complaint Symptoms Of all the people in an organization, who has the most opportunity to detect a fraud? Who would be most aware of the perpetrator's theft, concealment, or conversion actions? It is not those who have typically been viewed as responsible for fraud detection, because internal and external auditors move around and associate with company employees on an infrequent basis. It is not the board of directors or the audit committee, since they too are not at the company on a daily basis. Even top managers (unless they are the perpetrators) are not in a position to detect the fraud since they are often isolated from other employees. So, who is in the best position to detect fraud? It is the perpetrators' co-workers and immediate supervisors, the ones who interact with them on a daily basis. However, co-workers and immediate supervisors who witness or are aware of fraudulent behavior are often torn between two conflicting feelings. On the one hand, they feel an obligation to protect company assets and turn in fraud perpetrators. However, they are often uncomfortable in the "whistle-blower" role and find it easier to remain silent. There are several reasons why they are reluctant to take action. • They are uncertain that a fraud has actually taken place; they do not want to falsely accuse anyone. • They do not want to get involved or to make trouble for someone else. • They have fear of the consequences. They fear reprisals, such as getting fired, damage to their career, and being ostracized by fellow workers. • They have been taught not to be a squealer. • They are uncertain about how to go about making the information available or who to tell.

113

Chapter 5: Fraud Detection

As a result, most people who are aware of a fraud will not make a formal complaint to someone in a position of authority. However, they may begin to complain about the person or make hints or otherwise give off indications that they know something is not right. Unfortunately, most co-workers and mangers are not trained to pick up on these symptoms or to separate them from the normal complaints and office gossip. As a result, the company misses out on one of the best sources of fraud information: co-workers who have seen or know of fraudulent actions. Hotlines If employees are able to report someone anonymously, they are often able to overcome the above-mentioned reluctances. Therefore, an important way to uncover fraud is to set up an anonymous fraud hotline. Hotlines have been very effective. Researchers at Brigham Young University studied 212 frauds and found that 33 percent of them were uncovered by anonymous tips. The insurance industry set up a hotline so people could report dishonest practices in an attempt to control an estimated $17 billion a year in fraudulent claims. In the first month, they received in excess of 2,250 calls. Between 10 percent and 15 percent of the calls resulted in investigative action. The downside of hotlines is that many of the calls are not worthy of investigation. Some informants are motivated by personal problems, anger, jealousy, or a desire for revenge. Some are vague reports of wrongdoing, and others have no merit. Therefore, it is essential that no one reported on a hotline is presumed guilty until he or she is proven so or he or she confesses. A potential problem with a hotline is that the people who operate the hotline may report to people who are involved in top-management fraud. This can be overcome by using a fraud hotline set up by a trade organization or commercial company. Reports of management fraud can be passed by this outside company directly to the board of directors. Whistle-Blowing There are many instances of fraud uncovered due to someone in the organization blowing the whistle. Example 1:

One high official at a food-processing company acted as a mole for the FBI and was instrumental in bringing price-fixing charges against the company.

Example 2:

A machine foreman at General Electric tried unsuccessfully to get GE to stop falsifying timecards and billing vouchers on U.S. government jobs. When he reported the problem to the senior vice president in charge of the plant, he was fired. A subsequent investigation showed that 27 percent of the timecards had been falsified, allowing GE to overbill the government $7.2 million.

114

Chapter 5: Fraud Detection

Example 3:

Department of Defense auditors received three anonymous tips that a major defense contractor was shifting cost overruns on fixed-fee contracts to costplus contracts. When they investigated, they found that almost $40 million in expenses had been reallocated. The officials responsible for the fraud were jailed, and the company was fined $100 million.

Organizational Structure Symptoms Companies should be organized in an orderly and efficient fashion. There should be a logical reason for each organizational entity and for everything a company does. When an element of the organization does not have a well-defined or logical business purpose, the fraud investigator should look more closely to determine if the company is trying to hide something. Overly Complex Organizational Structure This includes numerous or unusual subsidiaries and divisions, managerial lines of authority, or contractual arrangements. Unnecessary complexity makes it easier for inappropriate items to be lost in the shuffle or intentionally buried under a blizzard of paperwork. Example:

Lincoln Savings and Loan was a subsidiary of American Continental. American Continental had 55 separate, but related, companies. There were numerous related-party transactions between Lincoln and other subsidiaries.

The following are symptoms of an overly complex organizational structure: • It is difficult determining which organization or individual(s) control the entity; • Bank accounts/subsidiary/branch operations are in tax-haven jurisdictions for which there appears to be no clear business justification; • Lack of a competent and effective internal-audit department that conducts audits, tests transactions, and investigates fraud; and • Lack of an audit committee composed of outside members of the board of directors. Outsider/Related-Party Symptoms Sometimes the relationships that a company has with outsiders and related parties can provide us with the clues we need to detect a fraud. A few of the more important related-party and outsider symptoms are discussed below. • Frequent changes of auditors or lawyers -- The risk of a fraud is higher at companies that change auditors or legal counsels frequently. A CPA or law firm that suspects or concludes that its client is not trustworthy or is involved in illegal activities would probably resign. A company that suspects its auditors are getting close to detecting an illegal act will likely fire its auditors because a new auditor, without any suspicions, is less likely to detect a fraud. Likewise, a company faced with a request to provide damaging information to existing legal counsel will likely fire its lawyers because a new law firm, without any suspicions, is less likely to realize there is anything wrong.

115

Chapter 5: Fraud Detection

Accountants who audit firms with frequent legal and auditor changes should be especially careful to investigate the reasons for the changes and to discuss with management and predecessor auditors and lawyers, as appropriate, the reasons for the changes. Example:





• • •

• • • •



Lincoln Savings and Loan had three different auditors in four years. Arthur Andersen and Co. was the auditor in 1985, and Ernst and Young was the auditor in 1986 and 1987. Deloitte and Touche was engaged to do the 1988 audit, but never issued an audit opinion on their statements.

Strained relationships between management and its current or predecessor auditors -Specific indicators might include: o Frequent disputes with auditors on accounting or reporting matters, including "opinion shopping"; o Unreasonable demands on auditors, including time constraints for audit completion or issuance of the auditor's reports; o Formal or informal restrictions on auditors that inappropriately limit their access to people, information, or ability to communicate effectively with the board of directors or the audit committee; o Domineering management behavior in dealing with auditors; and o Reluctance to give auditors needed data. Several different auditing firms, legal counsels, and banks -- When a company has different auditors, lawyers, and banks for its different subsidiaries, it is much more difficult for any one firm to see the whole picture. This makes it easier for management to commit and conceal a fraud. Unusually large expenditures to lawyers, consultants, or agents. Significant litigation -- This is of concern especially if the litigation is between management and shareholders. Prior or ongoing problems with regulatory agencies -- These would include revoked licenses, frequent review by regulators, and significant or frequent tax adjustments or problems with the IRS. For example, Lincoln Savings and Loan was constantly on the industry regulator's list of problem institutions. Difficulty borrowing from lending institutions -- This includes violation of lending institution debt restrictions. Pressures to restructure, sell, merge, or be taken over. Pending legislation with a potentially serious impact on the company's operations. Long-term purchasing contracts at prices significantly below current prices -- A number of companies, expecting either significantly rising costs or high inflation, have entered into long-term purchasing contracts. These work well if prices do, in fact, rise. If, instead, prices fall significantly, and the company cannot extricate itself from the contracts, they often face financial pressures that can lead them to fraudulent actions. Disproportionate amount of purchasing from one or few vendors -- Procurement fraud, in which a buyer either extracts favors from vendors as a condition of doing business with them or works in collusion with the vendor, is one of the most prevalent types of fraud. The vendor and the buyers profit by raising prices, shipping inferior goods, billing for more than is shipped, and shipping more goods than the company needs. 116

Chapter 5: Fraud Detection

Indicators that point to procurement fraud include: o Steady and frequent increases in inventory and supplies costs; o Customer and employee complaints about inferior goods; o The quantity of the goods on hand rises much higher than what is needed to support usage or sales; o The purchase of goods that are not needed or cannot be easily sold result in inventory buildup and obsolete merchandise; o Altered or photocopied contracts, bills, etc.; o Purchases from unapproved vendors; o Billing for work not performed; o Padding overhead charges; and o Increased reliance on one or more customers.

• •

When a company wants to book bogus sales, it usually finds it easier to confine these sales to one or a few customers. Doing so makes it easier to separate the legitimate from the bogus and to steer auditors and investigators away from the bogus accounts. Significant related-party transactions not in the ordinary course of business. Intercompany transactions with related entities that are not audited or are audited by another firm.

Internal-Control Symptoms Chapter 4 discussed in depth the internal-control deficiencies that allow fraud to take place. The absence of any one of these controls is a fraud symptom. The importance of these controls is illustrated by several studies showing that one of the most effective fraud detectors is effective internal control. Internal-control symptoms could be much more effective in detecting fraud than they currently are. However, management and auditors who detect internal-control weaknesses do not view the weaknesses as fraud symptoms. When an internal-control weakness is found, the typical reaction is either concern (“We need to fix that immediately") or a lack of concern ("We need to fix that someday"). The first reaction is certainly a proper one and the better of the two. However, it does not go far enough. The company must also recognize that the weakness is a fraud symptom that must be thoroughly investigated to determine if a loss has occurred. Periodically assessing internal control and investigating all weaknesses with the intent of looking for fraud is one of the most effective fraud-detection methods available. Example 1:

One international banking organization uncovers as many as 1,000 employee frauds a year. They have stated that their most effective detection tool is to find, fix, and investigate internal-control weaknesses. In a recent year, 31 percent of the frauds they detected were discovered in this manner.

117

Chapter 5: Fraud Detection

During this evaluation, it is important not to just look at the internal controls that are in place, but to evaluate whether they are enforced. Having an internal control in place, yet not enforcing it, is like not having the control at all. Example 2:

The bookkeeper at a small bank embezzled over $3 million dollars from her employer. She wrote personal checks on her account at the bank and intercepted them when they were returned by the Federal Reserve. She had accounts at other banks and wrote checks from those accounts and deposited them into her account. These were intercepted before they were sent to the Federal Reserve for collection. The net result was that she had an "unlimited" checking account. Because of the fraud, the amount in the master demand deposit did not match the total of the individual demand deposit balances. To keep the auditors from discovering the fraud, she parked the difference at the Federal Reserve on the days the auditors checked the books. She did this by sending the Federal Reserve enough previously used cashier’s checks to cover the amount of her fraud. The Federal Reserve gave the bank credit for the amount of the bank's outgoing cash letter. The next day, when the Federal Reserve discovered that the cashier’s checks were the bank's own checks, they reversed the credit they had given the bank the previous day. The net result: the books balanced only on the day the auditors checked the books. The fraud was uncovered when a check was rejected by the Federal Reserve sorter because it had been used so many times it could not be read. The bank had the controls needed to detect the fraud. Unfortunately, they were not enforced nor were the following noted weaknesses investigated: o Although the accounts balanced at the end of the month, they were out of balance the rest of the time. The bank received daily reports that showed the out-of-balance condition, but they were never investigated. o Individual accounting records were altered. o The bookkeeper said that her workload was too heavy for her to take the bank's mandatory two consecutive weeks' vacation. As a result, management gave her permission to not follow the policy. o The bank required two signatures on all general-ledger tickets. The bookkeeper asked the other signatories to presign tickets to avoid the hassle of getting signatures when people were busy with other tasks.

118

Chapter 5: Fraud Detection

In addition to these control weaknesses, the bookkeeper lived an extravagant lifestyle that could not possibly be supported by her bank income. Lifestyle Symptoms Almost all perpetrators spend their ill-begotten gains as quickly as they get them to upgrade their lifestyle. Perpetrators seem to need instant gratification; perhaps that is what leads them to commit a fraud in the first place. It is very rare to hear of a perpetrator that "saves" the money taken. One particular fraud expert reports that he has investigated or studied hundreds of frauds and can only remember two where the perpetrator could be said to be saving, rather than spending, the money taken. One was a man who bought gold bullion and stored it in his basement. The other was a woman who used the money to set up trust funds for her grandchildren. Their spending eventually leads to some form of conspicuous consumption. For example, they spend the money on: • Fancy cars; • Luxurious homes; • Vacation homes; • Expensive vacations; • Expensive clothes, jewelry, and restaurant meals; • Presents for family and friends; and • Gambling, drugs, alcohol, and sexual relationships. If employers were more observant, they could easily pick up on these symptoms. Many perpetrators like to show off their trappings of success and few seek to hide their newfound wealth. After all, who wants to buy a brand new expensive sports car and let it sit at home in the garage? Any evidence of company employees living beyond their means should be thoroughly investigated. Chapter 6 discusses some of the methods that can be used to conduct this investigation. As illustrated in the following example, in many cases of conspicuous consumption, the evidence will lead to proof that a fraud is taking place. Example:

One Saturday night, an observant bank auditor in London noticed a vice president of the bank's leasing subsidiary driving a restored Rolls Royce Silver Cloud. Wondering how he could afford a car worth several hundred thousand dollars, he began an investigation. He found that the leasing officer had negotiated eight sale-and-leaseback agreements with shipping firms for a total of $244 million. The treasurer of each of the shipping companies was paid a legal five-percent commission, but the leasing officer had taken 40 percent of the commission as a kickback. In all, the leasing officer received $4.88 million. The man who appraised all of the equipment took a $25,000 bribe on each lease to inflate the price of the equipment by 20 to 25 percent. The bank absorbed a substantial loss.

119

Chapter 5: Fraud Detection

Environmental Symptoms Why do some organizations seem to be plagued with more fraud than others? Could something the company says or does affect the amount of fraud that takes place? Could the example and behavior of management affect how other employees behave? Studies have found that the honesty of some employees is significantly affected by the cultural standards of management and their co-workers. That means, for example, that companies that teach, emphasize, and reward honesty, as well as clearly label and define honest and dishonest actions, are likely to experience less fraud. Conversely, management and companies that do not believe in or follow a high ethical standard often face more than their share of fraud. The following are environmental symptoms that might indicate the presence of fraud. • Confusion about honesty and ethics -- As described above, management and employees must believe in and live a high ethical standard. • Past occurrences of fraud. • Domineering and overbearing management -- Individuals with sufficient power to direct and control an organization without being questioned can impose their views on others. They can also use their position to intimidate other employees into remaining silent, even when the other employees know that a fraud is taking place. Example:



The head of a merchant bank in England always bought three tickets, from three different sources, for every business trip he took. He used one ticket and traded the other two for vouchers that could be used to buy tickets anytime within the next year. He used the vouchers to fly himself and his wife to their estate in Ireland. He approved one set of tickets before leaving. Upon his return, he submitted the other two for reimbursement. The secretary knew what was going on, but was afraid to disclose anything for fear of losing her job.

The company does not prosecute fraud perpetrators -- As mentioned in Chapter 3, companies that fail to prosecute perpetrators unknowingly send the message to their other employees that nothing bad will happen if an employee does commit a fraud. As is shown in the following example, perpetrators who are not prosecuted often proceed to commit a second fraud. Example:

A consultant reviewing a company's security environment uncovered a fraud committed by a computer-room operator. The perpetrator confessed to the $175,000 fraud and was fired. However, the fraud was not mentioned in his personnel file, and he was given a three-month consulting job with the company. Six months later, the consultant saw the same operator with another client. He checked the same computer application where he had found the previous fraud. Sure enough, the operator had committed an $85,000

120

Chapter 5: Fraud Detection

fraud. The second company decided to investigate the perpetrator and then prosecute him. They found he had committed the same fraud at a third company and had spent three years in jail for it. The perpetrator received another three-year sentence. •

• • •

• •



• •

The company does not conduct background checks on all potential employees -- A person's past behavior can often give clues to his future behavior. Background checks can help uncover employees with criminal records or past troubles with regulatory or governmental agencies. The importance of using background checks to uncover these types of problems is discussed in Chapter 4. The company frequently operates in a crisis or rush mode -- During times of crisis or in an effort to complete a rush job, the normal controls are often pushed aside. This makes it easier to not only commit, but to conceal a fraud. Management is carelessly inattentive to details and fails to correct errors or problems on a timely basis. Management routinely disregards company guidelines and controls -- Management that ignores company controls and guidelines sets a bad example for employees. The employees also start to resent the fact that there are two sets of rules, one for them and another for management. Compensation plans that are contingent upon achieving unduly aggressive sales, profitability, other goals -- This may motivate a person to overstate company performance in order to increase compensation. Unrealistic performance standards -- These can lead to desperation and anger, resulting in dishonesty or to "get even" attitudes. In essence, the company may be motivating employees to fraudulent behavior rather than improved performance. It may be forcing them to choose between failing through no fault of their own and cheating. Low employee morale or loyalty -- Fraud is more likely to occur in situations where morale is low, or where there are significant feelings of ill will, resentment, anger, or alienation. Employees may have these feelings because they: o Have substandard working conditions; o Fear they may lose their jobs; o Severely resent someone in the company; o Are underpaid and "deserving" of more money; o Feel their contributions are not appreciated or recognized; and o Feel the company is taking advantage of them. The company is in poor financial condition. Absence of employee support and assistance programs.

Lack of a fraud policy -- This includes policies to prevent, detect, investigate, and handle fraud.

121

Chapter 5: Review Questions

Chapter 5 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

The areas of purchasing, receiving, cash receipts, and accounts receivable are the prime areas to look for fraud in: A. B. C. D.

2.

With regard to fraudulent financial reporting, subsequent year net income can be inflated by: A. B. C. D.

3.

True. False.

The presence of alleged, forged, or unusual documents may indicate that a fraud has occurred and is considered a(n) _______ symptom. A. B. C. D.

5.

Recording revenues too soon. Recording bogus revenues. Shifting current expenses to a later period. Shifting future expenses to the current period.

True or false: The fact that fraud symptoms are present is a guarantee that fraud exists. A. B.

4.

Receipt of goods or cash. Purchasing, disbursement of cash, and shipment of goods. Misappropriation of company assets. Fraudulent reporting of company results.

Analytical. Behavior. Accounting. Organizational structure.

An example of an accounting symptom that a company may experience is: A. B. C. D.

A significant rise in the number of overdue or related-party receivables. An employee with recognizably altered behavior such as stress, tension, and inability to relax. The selection of or changing to more liberal accounting practices. A lack of an audit committee composed of outside members of the board of directors.

122

Chapter 5: Review Questions

6.

True or false: Vertical and horizontal analyses are means of analyzing individual financial statement account balances by converting financial statement numbers to percentages so that relationships between data are easier to understand. A. B.

7.

An unusual or unexpected gross profit margin may indicate that a fraud has occurred and is considered: A. B. C. D.

8.

B. C. A.

An outsider/related party symptom. A behavior symptom. An internal control symptom. An organizational structure symptom.

True or false: Co-workers and immediate supervisors who witness or are aware of fraudulent behavior often feel uncomfortable in the whistle-blower role and find it easier to remain silent. A. B.

11.

An increase in inventory without a corresponding increase in warehouse, storage, and handling costs analytical symptom. An employee that seems to be living beyond his means by purchasing expensive assets. Numerous adjusting entries at year end. Compensation plans that are contingent upon achieving unduly aggressive profitability.

An unexplained change in an employee’s mannerisms, such as nervous or fidgety appearances, may indicate that a fraud has occurred and is considered: A. B. C. D.

10.

An analytical symptom. A lifestyle symptom. An accounting symptom. An environmental symptom.

An example of an analytical symptom that a company may experience is: A.

9.

True. False.

True. False.

Numerous or unusual subsidiaries and divisions, managerial lines of authority, or contractual arrangements may indicate that a fraud has occurred and is considered: A. B. C.

A lifestyle symptom. An outsider/related party symptom. An internal control symptom.

123

Chapter 5: Review Questions

D. 12.

Which of the following symptoms would a strained relationship between management and its current or predecessor auditors be an example of? A. B. C. D.

13.

An organizational structure symptom.

A lifestyle symptom. An outsider/related party symptom. An internal control symptom. An organizational structure symptom.

An example of an environmental symptom is: A. B. C. D.

Persistent inventory shortages for portable and easily sold items. A company that frequently operates in crisis or rush mode. An increase in variable costs without a corresponding increase in revenue. The lack of an audit committee composed of outside members of the board of directors.

124

Chapter 5: Review Question Answers and Rationales

Chapter 5 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

The areas of purchasing, receiving, cash receipts, and accounts receivable are the prime areas to look for fraud in: A.

B.

C.

D.

2.

With regard to fraudulent financial reporting, subsequent year net income can be inflated by: A.

B.

C.

D.

3.

Receipt of goods or cash. This answer is correct because the prime areas to look for fraud in receipt of goods or cash are purchasing, receiving, cash receipts, and accounts receivable. Purchasing, disbursement of cash, and shipment of goods. This answer is incorrect because the prime areas to look for fraud in purchasing, disbursement of cash, and shipment of goods are purchasing, shipping, cash disbursements, and payroll. Misappropriation of company assets. This answer is incorrect because the prime areas to look for fraud in misappropriation of company assets are inventory, supplies, equipment, machinery, and fixed assets. Fraudulent reporting of company results. This answer is incorrect because the prime areas to look for fraudulent reporting of company results are revenues of all kinds, major expense categories, and assets such as inventory and receivables.

Recording revenues too soon. This answer is incorrect because recording revenues too soon is a way to inflate current year net income, not subsequent year net income. Recording bogus revenues. This answer is incorrect because recording bogus revenues is a way to inflate current year net income, not subsequent year net income. Shifting current expenses to a later period. This answer is incorrect because shifting expenses to a later period is a way to inflate current year net income, not subsequent year net income. Shifting future expenses to the current period. This answer is correct because shifting future expenses to the current period can inflate the subsequent year net income.

True or false: The fact that fraud symptoms are present is a guarantee that fraud actually exists. A. B.

True. This answer is incorrect because fraud symptoms may indicate the existence of fraud but they do not guarantee that fraud exists. False. This answer is correct because fraud symptoms may indicate the existence of fraud but they do not guarantee that fraud exists. However, every time there is fraud, one or more of the symptoms are present. 125

Chapter 5: Review Question Answers and Rationales

4.

The presence of alleged, forged, or unusual documents may indicate that a fraud has occurred and is considered a(n) _______ symptom. A.

B.

C. D.

5.

An example of an accounting symptom that a company may experience is: A.

B.

C.

D.

6.

Analytical. This answer is incorrect because an example of an analytical symptom would be a significant rise in the number of overdue or related-party receivables. Behavior. This answer is incorrect because an example of a behavior symptom would be an employee with recognizably altered behavior such as stress, tension, and inability to relax. Accounting. This answer is correct because the presence of alleged, forged, or unusual documents is considered an accounting symptom. Organizational structure. This answer is incorrect because an example of an organizational structure symptom would be a lack of an audit committee composed of outside members of the board of directors.

A significant rise in the number of overdue or related-party receivables. This answer is incorrect because significant rise in the number of overdue or relatedparty receivables would be an accounting symptom, not an accounting symptom. An employee with recognizably altered behavior such as stress, tension, and inability to relax. This answer is incorrect because an employee with recognizably altered behavior such as stress, tension, and inability to relax would be a behavior symptom, not an accounting symptom. The selection of or changing to more liberal accounting practices. This answer is correct because the selection of or changing to more liberal accounting practices is considered an accounting symptom. A lack of an audit committee composed of outside members of the board of directors. This answer is incorrect because the lack of an audit committee composed of outside members of the board of directors would an organizational structure symptom, not an accounting symptom.

True or false: Vertical and horizontal analyses are means of analyzing individual financial statement account balances by converting financial statement numbers to percentages so that relationships between data are easier to understand. A.

B.

True. This answer is correct because vertical and horizontal analyses are means of analyzing individual financial-statement account balances by converting financial-statement numbers to percentages so that relationships between data are easier to understand. False. This answer is incorrect because vertical and horizontal analyses are means of analyzing individual financial-statement account balances by converting financial-statement numbers to percentages so that relationships between data are easier to understand.

126

Chapter 5: Review Question Answers and Rationales

7.

An unusual or unexpected gross profit margin may indicate that a fraud has occurred and is considered: A. B. C.

D.

8.

An example of an analytical symptom that a company may experience is: A.

B.

C. D.

9.

An analytical symptom. This answer is correct because an unusual or unexpected gross profit margin is considered an analytical symptom. A lifestyle symptom. This answer is incorrect because an example of a lifestyle symptom would be an employee that seems to be living well beyond his means. An accounting symptom. This answer is incorrect because an example of an accounting symptom would be the presence of journal entries that are not logical entries to an account. An environmental symptom. This answer is incorrect because an example of an environmental symptom would be a company that does not conduct background checks on all potential employees.

An increase in inventory without a corresponding increase in warehouse, storage, and handling costs analytical symptom. This answer is correct because an increase in inventory without a corresponding increase in warehouse, storage, and handling costs is considered an analytical symptom. An employee that seems to be living beyond his means by purchasing expensive assets. This answer is incorrect because an employee that seems to be living well beyond his means by purchasing expensive assets is a lifestyle symptom. Numerous adjusting entries at year end. This answer is incorrect because numerous adjusting entries at year end are an analytical symptom. Compensation plans that are contingent upon achieving unduly aggressive profitability. This answer is incorrect because compensation plans that are contingent upon achieving unduly aggressive profitability are an environmental symptom.

An unexplained change in an employee’s mannerisms, such as nervous or fidgety appearances, may indicate that a fraud has occurred and is considered: A.

B.

C. D.

An outsider/related party symptom. This answer is incorrect because an example of an outsider/related party symptom would be the use of several different auditing firms, legal counsels, and banks. A behavior symptom. This answer is correct because an unexplained change in an employee’s behavior, such as nervous or fidgety appearances, is considered a behavior symptom. An internal control symptom. This answer is incorrect because an example of an internal control symptom is a weakness in the internal control. An organizational structure symptom. This answer is incorrect because an example of an organizational structure symptom is compensation plans that are contingent upon achieving unduly aggressive profitability.

127

Chapter 5: Review Question Answers and Rationales

10.

True or false: Co-workers and immediate supervisors who witness or are aware of fraudulent behavior often feel uncomfortable in the “whistle-blower” role and find it easier to remain silent. A.

B.

11.

Numerous or unusual subsidiaries and divisions, managerial lines of authority, or contractual arrangements may indicate that a fraud has occurred and is considered: A. B.

C. D.

12.

A lifestyle symptom. This answer is incorrect because an example of a lifestyle symptom would be an employee that seems to be living well beyond his means. An outsider/related party symptom. This answer is incorrect because an example of an outsider/related party symptom would be the use of several different auditing firms, legal counsels, and banks. An internal control symptom. This answer is incorrect because an example of an internal control symptom is a weakness in the internal control. An organizational structure symptom. This answer is correct because numerous or unusual subsidiaries and divisions, managerial lines of authority, or contractual arrangements is considered an organizational structure symptom.

Which of the following symptoms would a strained relationship between management and its current or predecessor auditors be an example of? A. B.

C. D.

13.

True. This answer is correct because it is true that many frauds go unreported because co-workers and immediate supervisors who witness or are aware of fraudulent behavior often feel uncomfortable in the “whistleblower” role and find it easier to remain silent. False. This answer is incorrect because on one hand, supervisors and co-workers feel an obligation to protect company assets, but may feel loyalty to those they work with as well.

A lifestyle symptom. This answer is incorrect because an example of a lifestyle symptom would be an employee that seems to be living well beyond his means. An outsider/related party symptom. This answer is correct because a strained relationship between management and its current or predecessor auditors is considered an outsider/related party symptom. An internal control symptom. This answer is incorrect because an example of an internal control symptom is a weakness in the internal control. An organizational structure symptom. This answer is incorrect because an example of an organization structure symptom is numerous or unusual subsidiaries and divisions, managerial lines of authority, or contractual arrangements.

An example of an environmental symptom is:

128

Chapter 5: Review Question Answers and Rationales

A.

B.

C.

D.

Persistent inventory shortages for portable and easily sold items. This answer is incorrect because persistent inventory shortages for portable and easily sold items are an analytical symptom. A company that frequently operates in crisis or rush mode. This answer is correct because frequently operating in crisis or rush mode is considered an environmental symptom. An increase in variable costs without a corresponding increase in revenue. This answer is incorrect because an increase in variable costs without a corresponding increase in revenue is an analytical symptom. The lack of an audit committee composed of outside members of the board of directors. This answer is incorrect because the lack of an audit committee composed of outside members of the board of directors is an organizational structure symptom.

129

Chapter 6: Fraud Investigation and Audit

Chapter 6 – Fraud Investigation and Audit Learning Objectives After completing this section of the course, you should be able to: 1. Explain the key elements of a fraud investigation and audit. 2. List the types of evidence gathered and illustrate them through some real-world fraud cases. Fraud is like an iceberg. We see only a small part of what has actually taken place. Just as one must "go under water" to determine the actual size of an iceberg, so a fraud investigator must probe deeply to discover the true extent of fraud. The purpose of a fraud investigation is to determine if, in fact, a fraud occurred and, if it did, the extent of the fraud. To make this determination, there are a number of different types of evidence that can be gathered and analyzed. Fraud investigators have classified the different types of fraud evidence into four major categories: documentary, people, personal observation, and physical evidence. Each of these four types of evidence is discussed in this chapter. Before the evidence types are discussed, however, this chapter discusses the fraud investigation process and fraud examination theory. The Fraud Investigation Process As mentioned in Chapter 5, companies that want to detect fraud should be on the lookout for fraud symptoms. When symptoms are noted, they should be investigated. The purpose of the investigation is to gather sufficient evidence to determine whether or not a fraud actually occurred. In investigating fraud, it is important to remember that the mere occurrence of one or more fraud symptoms does not indicate that a fraud has, in fact, occurred. The symptom often has a very logical explanation other than fraud. Great care should be exercised during an investigation. Investigations can be time-consuming and disruptive. Questions are raised and people want answers. Employee productivity can suffer as employees spend time wondering about the investigation, its outcome, and the aftermath. Great care also needs to be exercised in determining who is a suspect and who should be investigated. It can be very traumatic to be investigated. Once people realize who is the target of an investigation, the rumors and innuendos start flying. Questions are asked about the person, and suspicions are raised in the minds of family members, business associates, and community members. Some suspects who are confronted with allegations or investigation findings are unable to handle it and have suffered heart attacks, emotional breakdowns, or they commit suicide. If a fraud investigation is handled badly, one or more of the following undesirable things might happen. • Employee morale can be damaged significantly.

130

Chapter 6: Fraud Investigation and Audit

• Innocent people may receive irreparable harm to their reputations. This may result in a lawsuit. • The perpetrator(s) are not caught and are thus free to repeat the fraud at the company or elsewhere. • The company is unable to prevent similar incidents or recover damages because they never find out how the fraud was committed and concealed. Four-Step Investigation Strategy Fraud investigations begin with a suspicion that a fraudulent action has occurred. Those perpetuating the fraud do their best to hide it. The investigator must examine whatever evidence is available and hope it leads to more evidence. Thus, these bits and pieces of evidence must be added up in an attempt to establish the amount taken. This is often accomplished best by using the following four-step process. Step One -- Problem Recognition and Definition The objective of this phase is to determine if there is sufficient cause, or predication, to investigate the fraud symptom(s). Predication is defined as the totality of circumstances that would lead a reasonable, prudent, and professionally trained person to believe a fraud has occurred, is occurring, or will occur. Note that predication is not proof that a fraud or even overwhelming evidence exists; it is merely sufficient reason to warrant a fraud investigation. Before beginning a formal investigation, management approval must be obtained because a fraud investigation can be disruptive and quite expensive. Step Two -- Evidence Collection Once predication is established, evidence is collected in an attempt to determine if, in fact, a fraud did occur. Evidence is gathered to determine: • What was stolen or misrepresented, and the amount or extent of the theft or misrepresentation; • Who committed it; • How they committed it; • When the fraud was committed; • Why it was committed; and • Where the fraud took place. One way to organize fraud information so that all of the above-mentioned fraud elements are considered is to use a vulnerability chart. Exhibit 6-1 shows a vulnerability chart for three separate frauds: a theft of a customer deposit, an inventory theft, and an overcharge on goods. For each of these three frauds it shows:

131

Chapter 6: Fraud Investigation and Audit

• • • • • • • • •

Missing assets; Individuals who could have taken the assets; Ways the theft could have occurred; Methods the perpetrator could have used to conceal the fraud; Methods the perpetrator could have used to convert the assets to cash or personal use; Observed symptoms; Possible motivating pressures; Probable rationalizations used by the perpetrator; and Internal controls that were probably compromised in committing the fraud.

132

Chapter 6: Fraud Investigation and Audit

Exhibit 6-1 Vulnerability Chart

Source: Fraud: Bringing Light to the Dark Side of Business, by W. Steve Albrecht, Gerald W. Wernz, and Timothy L. Williams, p. 145. 133

Chapter 6: Fraud Investigation and Audit

To avoid arousing suspicions and implicating an innocent suspect, it is customary in evidencegathering to: • Begin using investigative techniques that are not easily recognized; • Involve as few people at the beginning as possible; • Gradually work inward toward the prime suspect, until he or she is finally confronted in an interview; and • Refer to the "investigation" by using less intimidating words, such as audit and inquiry. Step Three -- Evidence Evaluation In this step, the evidence collected is evaluated to determine whether it is sufficient to effectively evaluate and report the fraud. Evidence is not gathered to render an opinion on whether a fraud took place, nor is it gathered to "prove" the fraud, because that can only be done in a court of law. However, the evidence must be evaluated to determine if it is complete and accurate. If the evidence is deemed insufficient, then more evidence may need to be gathered. The evidence can also be evaluated to determine the company's best course of action (go to court, get the perpetrator to confess, etc.). Step Four -- Report Findings The final phase of the fraud investigation is writing up the results. This can be both challenging and demanding because the fraud report is often the only evidence available to support the fraud investigation. The report is very important since lawsuits are often won or lost based upon the quality of the fraud report. Characteristics of a Fraud Report Some important characteristics of a quality fraud report are: • Accuracy; • Timeliness; • Comprehensiveness; • Impartiality; • Clarity; and • Relevance. A fraud report should never contain a conclusion or opinion as to whether a fraud actually took place. When a case goes to court, the fraud report is admitted as evidence. If it contains opinions and conclusions, the defending attorney can attempt to use them to show prejudice toward the client. Fraud Examination Theory In order to investigate frauds efficiently, the investigator must: • Examine the available facts; • Make some assumptions;

134

Chapter 6: Fraud Investigation and Audit

• • •

Develop a hypothesis using as many of the who, what, when, where, why, and how elements as possible; Gather the evidence needed to test the hypothesis to see if it is accurate; and Refine and improve the hypothesis.

This approach gives the investigation structure and direction and helps the investigator avoid an uncoordinated, ill-defined, and inefficient investigation. It is especially important to use this approach when the fraud is large or complex. Without a hypothesis, an investigator strikes out blindly, hoping to stumble onto evidence of importance. Example:

Suppose that CLR Corporation received an anonymous tip on its fraud hotline saying that Kimberly Miles, a sales manager, was conspiring with one of its customers, Ashton Industries. Company administrators decide that the tip is sufficient predication to proceed with a fraud investigation. An investigator could hypothesize the following: • Kimberly is in a position to do something that can benefit both herself and Ashton Industries. • The benefit to Ashton Industries must be something that Kimberly has the power to grant, either legally or illegally. That might be approving the sale of goods at reduced prices or granting Ashton credit on goods they never return. • Kimberly is benefiting somehow, possibly by receiving a kickback. • If Kimberly is receiving a kickback, she is probably spending it to pay off a debt or to buy luxury items. Based upon these hypotheses, the investigator could: • Examine Kimberly's personnel file to determine if she had or now has financial difficulties. Since this is a normal audit step, this can easily be done without Kimberly's knowledge and without arousing the suspicion of others. • Search public records and other sources to gather evidence about the suspect's lifestyle and spending habits. While this is not a normal audit procedure, it can be done without the suspect's permission or knowledge. • Analyze sales trends and prices to determine if special prices are being granted to Ashton. Likewise, credit memos and receiving reports of returned goods can be examined. Again, this is a normal audit step that will not arouse suspicions. • Perform surveillance or other covert operations. When properly performed, this can be accomplished without arousing suspicions.

135

Chapter 6: Fraud Investigation and Audit



Conduct interviews. This is usually when the suspect learns of the investigation. However, a suspect is less likely to know he or she is under investigation if people that he or she is not close to are interviewed first. This avoids creating undue stress or suspicion in the suspect's mind and also protects the suspect if evidence later reveals no involvement.

As the investigation progresses, people closer and closer to the suspect are interviewed. Among them are other customers and present and former sales personnel (to see if Kimberly or people at Ashton had ever approached them with under-the-table deals). Care must be taken to not interview anyone who may be colluding with Ashton Industries or Kimberly. Simultaneously, Kimberly and Ashton Industries buyers should be interviewed. If Kimberly is guilty and the investigator can show that the evidence against her is overwhelming, there is a good chance she will confess to the fraud. Evidence Evidence is something that can help prove or disprove the facts of a fraud case. Documents, testimony, objects, and facts can all be used as evidence. The quality of evidence gathered can make or break a fraud case. For example, the evidence gathered can be so pervasive that the perpetrator is convicted of fraud. On the other hand, the evidence can be so weak that the case is dismissed. It is important to note that in between those two extremes are many gradations of evidence pervasiveness. It is the responsibility of a fraud investigator to gather as much evidence as possible. Doing so ensures that the prosecution has a strong case against the perpetrator. To be legally acceptable as evidence, these items must be: • Gathered lawfully; • Competent; • Objective; • Relevant; and • Material to the issues being litigated. All evidence gathered in a fraud investigation is admissible unless the trial judge decides that an item of evidence does not meet the above standards. The investigator must be careful to meet all of the above criteria or else the defense attorney is sure to question an item's admissibility as evidence. Most fraud investigators classify evidence into one of the following four types: • Document evidence;

136

Chapter 6: Fraud Investigation and Audit

• • •

Physical evidence; People evidence -- This includes witnesses, victims, informants, complainants, and anyone else who can provide information about the fraud; and Personal observation.

Document Evidence One of the most important types of evidence a fraud investigator gathers is document evidence since it is the largest and the most frequently gathered type of evidence. To a trained eye, documents can tell a great deal about a fraud. For example, a document can disclose what happened, who performed a particular function, who authorized the amount of the transaction, and much more. Documents also contain valuable information that can lead an investigator to witnesses. The information of a canceled check, for example, can lead to the teller who cashed it. The teller may remember who came in to cash the check and the circumstances under which it was cashed. Documents also provide a paper trail that shows an investigator what happened during each step as the document was processed. Documents have a number of distinct advantages. One of those is that they are not plagued with the problems that attend some witnesses. For example, they do not forget important information, cannot become flustered or confused during an opposing attorney's cross-examination, lie and commit perjury, or tell inconsistent stories on different occasions. Rules for Gathering and Handling Documentary Evidence Fraud investigators can never be sure how important a particular piece of documentation will be. Therefore, they ought to treat each piece of documentary evidence with the same care. The following are 10 general rules about how to care for documentary evidence. • Retain all documents that may have any bearing on the case. • Retain the original documents wherever possible. Original copies are considered primary evidence and are easily admitted as evidence in a trial. • Do not touch the original documents any more than is necessary. The documents may have fingerprints, erasures, alterations, etc., which can be harmed or destroyed by handling. They also may be needed later for forensic analysis. • Do not change a document's appearance. Do not repair torn or mutilated documents. Do not bend, fold, mark, or otherwise alter or damage the document in any way. Do not expose the document to moisture, sunlight, or heat. Do not leave it unprotected at any time. • Place the originals in a see-through cover that allows them to be viewed and handled without damaging them. On each cover, mark the date the document was received and the name of the investigator who received it. • Make a copy of the original and store the original in a safe place. Use the copy in your investigation whenever possible. • Maintain a chain of custody for each document from the time it is received until it is turned over to the court as evidence. Without this chain, a document may not be accepted by the courts as evidence. In addition, the opposing attorney will try to show that the document was altered or tampered with after the investigator received it. 137

Chapter 6: Fraud Investigation and Audit







o To create the chain, write a memo when it comes into your hands and every time there is a change. The memo should show when the document was received and from whom it was received. Where it is not possible to obtain physical possession of an existing original document, make a copy of it. Copies are considered secondary evidence and are only permissible as evidence when: o The original has been lost or destroyed by someone other than the party introducing it as evidence; o An adverse party has control of the document and it can not be obtained; o A public office has custody of the document; or o A summary of the document is required because the original is too large to allow it to be carefully examined. Develop a filing system that allows you to quickly find the documents you need. Documents can be filed by witness, by transaction, or chronologically. For example, in the Lincoln Savings and Loan case, the judge placed millions of documents in a document depository. All interested parties could draw from the depository as needed. Create a database containing the following information: o The date the document was created and the date it was received; o The source of the document; o The subject of the document and a brief description of its contents; and o A number that identifies the document.

Obtaining Documentary Evidence There are a number of ways to obtain possession of documentary evidence. • Voluntary consent -- Many of the companies and people being investigated have nothing to hide and will willingly provide fraud investigators with the documentary evidence they need. Consent can either be oral or written, with written consent preferred when the document is obtained from an adverse company or witness. • Subpoena -- Documentary evidence in the possession of a third party may be difficult to obtain without a court order. For example, bank and brokerage records, as well as tax returns, usually require a subpoena from a court or grand jury. Failure to turn over records when requested by a subpoena is punishable by law. • Search warrant -- These are issued by a judge when there is probable cause to believe the records are being used or have been used in committing of a crime. Search warrants are not granted easily and are usually only used in criminal cases. They are executed by law-enforcement officials. Validating Documentary Evidence Since documentary evidence plays such a large role in most fraud cases, opposing attorneys often question the authenticity of a document or claim that it has been altered. Such documents are called questioned documents, and a document examiner is usually called in to examine it. Types of Document Analysis Document examiners perform many different types of document analysis. The following are some of the most common. • Handwriting analysis -- To determine if a handwritten document or signature is genuine.

138

Chapter 6: Fraud Investigation and Audit

• • • •

Typewriter and printer analysis -- To determine if a document was written or printed by a particular machine (all typewriters and printers are different). Alteration analysis -- To determine if a document has been doctored or altered. They look for additions (inserts between lines or added words, sentences, or paragraphs) and deletions (erasures or obliterations). Ink analysis -- To determine if all the ink on a document came from the same pen or pencil, or to determine the age of the ink or lead. Paper analysis -- To determine if paper a document is written on is the same texture, thickness, color, and opacity as the other pages.

In addition, document examiners are sometimes hired to restore a document that has been torn, mutilated, or burned. Finding Documentary Evidence There are a number of ways to find documentary evidence. • Chance or accident -- Sometimes fraud examiners stumble onto documentary evidence. Often, an informant or anonymous tip will lead to the discovery of the evidence. • Audits -- During the course of an audit, auditors search for and accumulate documentary evidence. These documents can be used in the fraud investigation. The company can also request special audits that produce additional evidence for the investigation. One specific audit procedure, discovery sampling, is frequently used in fraud audits. Discovery sampling helps a fraud investigator quantify the probability that there are not any fraudulent items in a given population. To use discovery sampling, the investigator selects a random sample from the population and examines every item to see if it is valid or fraudulent. The investigator can determine the sample size by looking at a discovery sampling table, such as the one in Exhibit 6-2. Example:

Suppose the investigator wanted to be 98-percent sure that not more than one percent of the population contains a fraudulent item. To determine the sample size, refer to Exhibit 6-2 and do the following: • Since the table columns indicate the rate of occurrence in the population, we select the second column from the right (an occurrence rate of one percent). • Look down that column until 98 percent is found. • Move to the left to reach the leftmost column, which contains a sample size of 400. • Then, if 400 randomly selected items are audited and no evidence of fraud is found, the investigation can be 98-percent sure that the true population fraud rate does not exceed one percent.

139

Chapter 6: Fraud Investigation and Audit

Exhibit 6-2 Discovery Sampling Table Probability (percentage) of including at least one error in the sample Rate of Occurrence in the Population (percent) Sample 0.01 0.05 0.1 0.2 0.3 0.5 1 Size 50 2 5 9 14 22 39 60 1 3 6 11 16 26 45 70 1 3 7 13 19 30 51 80 1 4 8 15 21 33 55 90 1 4 9 16 24 36 60 100 1 5 10 18 26 39 63 120 1 6 11 21 30 45 70 140 1 7 13 24 34 50 76 160 2 8 15 27 38 55 80 200 2 10 18 33 45 63 87 240 2 11 21 38 51 70 91 300 3 14 26 45 59 78 95 340 3 16 29 49 64 82 97 400 4 18 33 55 70 87 98 460 5 21 37 60 75 90 99 500 5 22 39 63 78 92 99 800 8 33 55 80 91 98 99+ 1,000 10 39 63 86 95 99 99+ 1,500 14 53 78 95 99 99+ 99+ 99 2,500 22 71 92 99 + 99+ 99+

2 64 70 76 80 84 87 91 94 96 98 99 99+ 99+ 99+ 99+ 99+ 99+ 99+ 99+ 99+

Evidence can also be found by accessing public and private records. The next section discusses the public records that are available and the information they contain. Public Records It is often necessary during a fraud investigation to find out information about people and companies. For example, a fraud investigator might want to find out about the lifestyle and spending habits of a person suspected of fraud. Investigators typically have to hunt down this information themselves because: • They do not want to alarm a suspect who turns out to be innocent; • They do not want to tip off a guilty suspect; and • Many suspects, especially those who are guilty, will not divulge this information willingly. In searching for information about others, it is important to obey privacy laws. However, obeying these laws does not preclude anyone from finding out a great deal about a person or company by

140

Chapter 6: Fraud Investigation and Audit

searching public records. Some laws require that records of certain financial transactions be disclosed and subject to review by the public. There are many different sources of very valuable financial information, and they should be one of the first items that a fraud investigator checks out. Public records are available from private companies and the federal, state, and local governments. Public Databases Public databases contain a wealth of information, such as: • Backgrounds of individuals; • Bankruptcies; • Employment histories; • News stories about a person or company in newspapers and magazines; • Real estate owned; • Tax assessments on personal property; • Tax liens; and • Uniform Commercial Code (UCC) filings. No listing of investigative databases would be complete, since new ones are created frequently. However, a few of the more useful are listed below: • CompuServ; • Dialog; • Dow Jones; • Lexis/Nexis; • Newsearch; • Newsnet; • Prentice-Hall Legal and Financial Services; • Redi-Data Services; and • Westlaw. Credit Records The Fair Credit Reporting Act was passed in 1971 to regulate the activities of credit, insurance, and employment investigations. The law requires these companies to provide individuals with any information the companies provided to a third party. A number of companies have developed databases containing a wide variety of credit information. They use publicly available information and also obtain information from other organizations such as insurance and credit-card companies. These records are a good source of information for people's names, family members, addresses, age, income, expenses, purchases, payment schedules, and buying habits. Federal Government The federal government maintains an amazing amount of information on its citizens. Some of the data is available to private fraud investigators and some is available only to law-enforcement agencies. Having access to this data is only one of many good reasons to involve lawenforcement agencies in fraud investigations.

141

Chapter 6: Fraud Investigation and Audit







Department of Defense -- This department maintains records on everyone who has ever served in the military. Therefore, it is a good source for current and past addresses of those who have or are serving in the military. The agency also keeps records of anyone who might be a threat to national security. Department of Health and Human Services -- This department is responsible for substance abuse, mental health, Medicare and Medicaid, food and drugs, and Social Security. Social Security information is especially useful in an investigation. A person's Social Security number can be used to tap many other information sources. It can also tell you where the person was living when the number was issued to them. Department of Justice -- This department is in charge of the following four agencies, each of which has databases with large quantities of valuable information: o Bureau of Prisons; o Drug Enforcement Administration (DEA); o Federal Bureau of Investigation (FBI); and o Immigration and Naturalization. The Justice Department also administers the offices of the U.S. Attorney and the U.S. Marshal.

• • •





The FBI maintains the National Crime Information Center (NCIC), an electronic database that contains information on a wide variety of stolen items, missing persons, and people wanted on outstanding warrants. The FBI also maintains the Interstate Identification Index, which is an offshoot of the NCIC. It is maintained for the benefit of state and local law enforcement agencies and contains nationwide information on arrests and criminal records. Department of Labor -- This department maintains records of worker's compensation benefits. Department of State -- This department maintains passport and visa information. A special office keeps track of everyone investigated for passport fraud. Department of the Treasury -- This department is in charge of the following four agencies, each of which has databases with large quantities of valuable information: • Bureau of Alcohol, Tobacco, and Firearms; • U.S. Customs; • Internal Revenue Service (IRS); and • U.S. Secret Service. U.S. Postal Service -- The postal service has inspectors that investigate fraud using the mail. Since most frauds make use of the postal service at some point, federal mail statutes are important investigation tools. Most postal inspectors are eager to help and easy to work with. Central Intelligence Agency (CIA) -- The CIA maintains records on people applying for work in governmental agencies and on U.S. citizens employed in foreign countries.

State Government State governments also have resources that are useful to fraud investigators.

142

Chapter 6: Fraud Investigation and Audit

• • • • •

• •

State Attorney General -- This state office cooperates with local agencies to enforce all civil and criminal state laws. Most states have an investigative division called the State Bureau of Investigation. Comptroller's Office -- This office investigates violations of local tax laws. State Corrections Departments -- This department maintains records of all those who have been imprisoned or placed on probation or parole. Alcoholic Beverage Control -- This board investigates violations of state and local alcoholic-beverage laws. Secretary of State -- This office maintains a wealth of business records that reveal when an organization was incorporated, its initial officers and board of director members, its principal shareholders and business affiliations, and whether the corporation has paid its taxes. It is especially useful in trying to identify dummy corporations, trace assets, determine conflicts of interest, and evaluate changes in financial status. It also maintains Uniform Commercial Code filings that contain information on loans and mortgages on personal property, collateral on the loans, the organization loaning the money, and the company's or the individual's bank. Department of Motor Vehicles -- These records can be accessed to obtain a person's name, address, picture, date of birth, and driving history. Department of Business Regulation -- This department maintains records about people who need a license or permit to work in their professions. These records provide business addresses, professional credentials and specializations, and any investigations or complaints about the individual.

City and County Records Fraud investigators can find a great deal of valuable information about people and companies in city and county records. • County Clerk -- This office maintains voter registration records, which contain a person's name, family members who also vote, current and past address, age, unlisted phone number, birth date, signature, and Social Security number. ƒ



• • •

The county clerk also maintains marriage-license records, which contain much of the voter registration information plus the addresses of the parents, driver’s license numbers, passport numbers, prior marriages, and witnesses to the marriage.

County Land Office -- This office maintains records of all the real estate in the county. For each parcel of land, the records show the present and former owners, any indebtedness, the mortgage holder, and trustees. These records sometimes reveal the identity of the seller, the broker, and the attorneys involved in the transaction. Tax Assessor -- This office maintains property-tax records, which contain the property's legal description, assessed value, and whether the taxes were paid. Law enforcement -- The police, sheriff, and county constable's offices maintain information on arrests, indictments, convictions, incarceration, and probation. Courts -- The courts maintain information on bankruptcies, divorces, property settlements, lawsuits, wills, and probate. These records may contain information about a suspect's lifestyle, living expenses, debts, and inheritances. 143

Chapter 6: Fraud Investigation and Audit

Net Worth The most popular method for determining the amount of money a perpetrator stole is a net-worth calculation. It is a circumstantial rather than a direct method of proving that illicit income exists. The technique is especially useful when the perpetrator receives cash or funds that cannot be traced directly to them. The higher the percentage of illicit income to total income, the more valuable the method is. Net worth analysis reveals discrepancies between reported income and expenditures. The logic behind the analysis is that one cannot spend more than one makes. These discrepancies can be uncovered using either the asset method or the expenditure approach. Asset Method The asset method uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to purchase assets. For example, a $25,000-a-year bank clerk cannot afford a 40foot yacht and a Porsche convertible unless there has been a large inheritance. Expenditure Method The expenditure method is used when the illicit income is spent on expensive living, travel, and entertainment, rather than to buy assets such as cars and boats. For example, the abovementioned bank teller could not afford to eat at expensive restaurants every night and take multiple trips to South America and Europe. Net-Worth Calculation and Formula Net-worth analysis requires the investigator to put together a financial profile of the suspect before and after the suspected fraud. At both periods of time, all material assets and liabilities, all sources of income, other sources of funds (loans, asset sales, etc.), and all material expenses must be determined. Exhibit 6-3 lists typical assets, liabilities, sources of funds, and expenditures. It also lists some questions that investigators should answer about these items. Exhibit 6-3 Financial Profile Checklist Typical Assets Cash on hand Jewelry Residence Clothing Real estate Bank accounts

Collectibles Insurance

Stocks and bonds Home furnishings Automobiles Boats Typical Liabilities Mortgage(s) Other loans Lines of credit

For each significant asset, determine: • When was it acquired and from whom? • How much did it cost? • How was it paid for (currency, check, cashier’s check, etc.)? • What source of funds was used to acquire it? • What documentation exists for the purchase and where is it? For each significant liability, determine: • What was the original amount of the liability? • What is the present balance due? • When was the liability incurred? 144

Chapter 6: Fraud Investigation and Audit

Credit cards Accounts payable Taxes Alimony, child support

Typical Sources of Funds Salary Insurance proceeds Commissions and Gifts fees Rental income Dividends

Awards Inheritances Disability payments

Interest Sale of assets Typical Expenditures Rent and mortgage Clothing Health costs Interest on loans Credit cards Car payments

Utilities Food Insurance Travel

• What was the purpose for the loan or debt? • How were the proceeds used and where were they deposited? • What security, if any, was given for the debt? • What documentation exists for the transaction and where is it? • Was the debt written off as a bad loan for tax purposes? • Who was the creditor or lender? For each source of funds, determine: • What was the total amount during a given period? • What was the source? • How was it paid for (currency, check, by other means)? • Where were the funds deposited? • How was it spent? • What documentation exists and where is it? For each major expenditure item, determine: • What was the total amount spent? • How was it paid for (currency, check, credit card, etc.)? • Where were the funds obtained to pay the expense? • What documentation exists and where is it? • When was the payment made?

Source: Financial Investigation: A Financial Approach to Detecting and Resolving Crimes, Department of the Treasury, Internal Revenue Service. The information needed for net-worth analysis is found by examining the public and private records mentioned earlier. This information can be supplemented by interviewing vendors from whom the subject purchased items. The net-worth method is frequently used in fraud investigations. For example, the DEA uses it to determine whether suspected drug dealers have illegal income from illicit sources. The IRS uses it in tax-fraud cases to estimate a taxpayer's unreported income. The FBI also uses it. The net-worth method produces a conservative calculation of the amount of money the perpetrator has taken. As a result, it is readily accepted as documentary evidence in a court of law. The net-worth method is also very useful for obtaining perpetrator confessions. In an interview, the investigators ask the perpetrators questions about financial status. When they catch the perpetrators in enough lies, they reveal the information gathered and their calculations. The

145

Chapter 6: Fraud Investigation and Audit

perpetrators usually recognize that the investigators know both the financial situation and that they have spent more money than they earned. They also realize it is futile to try and lie their way out of the situation, and they confess. The basic formula for the net-worth calculation is as follows: + Assets – Liabilities = Net worth Net worth – Net worth in prior period = Net-worth increase Net-worth increase + Living expenses = Income Income – Funds from known sources = Funds from unknown sources Exhibit 6-4 is an illustration of the use of the net-worth method to calculate the amount of money a person took from the company. The figures in the illustration were found using many of the public records discussed above. You will note from looking at this figure that: The perpetrator took an estimated $113,000; and • The money was used to buy a new $50,000 sports car, pay off $50,000 of his • mortgage and the rest of his debts, and stash an additional $9,000 in his bank account. Exhibit 6-4 Net-Worth Analysis Year 1

Year 2

ASSETS AT COST Cash Home Cars Investments TOTAL ASSETS

SOURCES OF FUNDS 1,000.00 150,000.00 1,000.00

10,000.00 150,000.00 5,000.00 1,000.00

$157,000.00

$211,000.00

146

Salary Sale of old car 50,000.00

Year 2 37,000.00 3,000.00

TOTAL SOURCES OF FUNDS $40,000.00

Chapter 6: Fraud Investigation and Audit

LIABILITIES Mortgage Car loan Credit Card balances TOTAL LIABILITIES NET WORTH

LIVING EXPENSES 125,000.00 4,000.00 4,000.00

75,000.00 -

$133,000.00

$75,000.00

$24,000.00

$136,000.00

Mortgage payment Auto loan payment Other living expenses TOTAL LIVING EXPENSES

12,000.00 1,000.00 28,000.00 $41,000.00

Net-Worth Calculation Net worth year 1 Net worth year 2 Net worth increase Living expenses Income Funds -- Known sources Funds -- Unknown sources

$24,000.00 (136,000.00) 112,000.00 41,000.00 153,000.00 (40,000.00) $113,000.00

Vertical and Horizontal Analysis Vertical and horizontal analysis, which was described in Chapter 5, is also used to develop documentary evidence. People Evidence People in and out of the defrauded company are sources of evidence for fraud investigators. Perpetrators do not live in a vacuum; they interact with others who are most likely to see a change in their behavior. The people with whom the perpetrator interacts may notice that the perpetrator has purchased a new home, car, or expensive toys or that they are hiding something or acting strangely. For whatever reason, these people may actually know what the perpetrators are doing or have strong suspicions. These are the people the fraud investigator wants to find. One of the challenges of a fraud investigation is finding these people. Some may come forward voluntarily; others may anonymously provide the information; and still others will not divulge what they know until they are interviewed or interrogated. The last three of these are discussed in this section. Hotlines and Informants For a hotline to be successful, it must possess the following: • A guarantee of anonymity, to open up lines of communication and allay fears of reprisal. • Call-back ability, so the investigator can get additional information from the tipster. Since most callers will not leave a number, they can be encouraged to call back. • Experienced phone operators to maximize the amount of information given by the tipster and to screen out calls without merit.

147

Chapter 6: Fraud Investigation and Audit



• •

It should prompt investigations to show employees that the tips are taken seriously by management. Such investigations can also keep the trail from “getting cold.” Awareness campaigns, so employees are made aware of and periodically reminded of the hotline and its guarantee of anonymity. Top management support, so everyone in the organization takes the hotline seriously.

Interviews An interview is a systematic questioning of people who might know something about a fraud. It is one of the most important tools in the fraud investigator's tool bag. Interviews are used to obtain the following: • Information about the essential elements of the fraud; • Information about a witness's personal background and motives; • Cooperation from victims and witnesses; and • Leads to witnesses or other evidence to help build the case. Types of Interviewees An investigator will interview the following three distinct types of people. • Cooperative interviewees -- These people are overly helpful, and the investigator must carefully determine their motives. Do the interviewees have a sincere desire to help? Are they trying to get even with the suspect? Are they trying to direct attention away from themselves as suspects? • Neutral interviewees -- They have no hidden motives or agendas. They have nothing to gain or lose from the interview and are usually the most helpful and objective of all the interviewees. • Hostile interviewees -- They are often associated in some way with the suspect or the crime. They are the most difficult to interview and normally should be interviewed without prior notice. The element of surprise makes it harder for hostile interviewees to prepare defenses. Interview Phases A good interview has three distinct phases. • Introduction -- The purpose of the interview should be clearly stated. Background information about the person is obtained as is a commitment to cooperate with the investigation. • Body -- Here is where the person is questioned to determine the facts of the fraud. The interviewer should make every effort to find out as much about the who, what, when, where, why, and how of the fraud. • Close -- The investigator should thank interviewees for their cooperation. The investigator should also ask for leads by asking if there is anything else to discuss or anyone else to talk to. Interview Guidelines The following guidelines, if followed, will produce the most useful interviews.

148

Chapter 6: Fraud Investigation and Audit

• • •



• • • • • • • • • • •

Carefully plan the interview to maximize the information received and minimize the time conducting it. Determine in advance as many facts as possible about the fraud and the person being interviewed. Determine when to conduct the interview. If the interviewee is believed to be cooperative or neutral, set up an appointment. The best interview location is the interviewee’s place of business since there is greater access to any needed papers, books, or people. Look for a room where distractions from colleagues and telephones can be eliminated or minimized. Allow more than enough time for each interview. Select a room that is as bare as possible. Do not have a desk or other physical barrier between you and the person being interviewed. This provides the investigator with a full view of the body posture and language of the suspect. Sit approximately four to five feet away from the interviewee. Stay seated; do not walk around the room. Interview one person at a time and inform each interviewee ahead of time of any information that will be needed in the interview. Conduct the interview in a professional manner. Remember that you are seeking the truth, not trying to get a confession or a conviction. Ask short questions that are clearly and easily understood. Avoid asking yes and no questions; instead ask questions that require narrative answers. Do not ask leading questions that suggest part of the answer. Concentrate on the interviewee's answer rather than the next question you plan to ask. Make sure you understand the answer before you continue. Control the interview. Do not allow interviewees to wander, get you sidetracked, confuse the issue, or not answer important questions. Be courteous, respectful, and polite and do not talk down to the person. Do not be authoritarian or attempt to dominate the interview. Be friendly but maintain a professional distance. Be sensitive to personal matters such as gender, race, religion, and ethnic background. Avoid politically incorrect language, and do not use technical jargon. Be sympathetic, where appropriate, and tell the person that anyone might have done the same thing if the circumstances were the same. Do not take notes during the interview. Ask permission to tape the interview. Ask the interviewee to provide the factual basis for conclusions. Thank the interviewee for taking the time and trouble to cooperate.

Stages of Those Affected by Fraud Interviewers who understand how people are affected by a fraud are more effective than interviewers who do not. Most people are shocked to learn that a fraud has taken place at the company. When the fraud is brought to light, most go through denial, then anger, rationalization, depression, and finally acceptance. Each of these stages is now briefly discussed. •

Denial -- A person's first reaction to any crisis is denial. People manifest their denial by refusing to accept that the fraud occurred, insisting that there is some mistake, acting stunned or dazed, or being unable to comprehend what took place. The denial phase is dangerous to

149

Chapter 6: Fraud Investigation and Audit



the company since it provides the perpetrator with time to hide, change, or destroy documentary evidence. Anger -- Once people realize that a fraud actually did take place, they become angry. Their anger may cause them to strike out at those around them and to say and do things they later regret. Sometimes this results in lawsuits for slander, libel, assault, battery, or wrongful termination. For obvious reasons, this stage is not a good time to try and investigate or resolve frauds. Example:

One angry fast-food restaurant manager suspected an employee of stealing. He called the police and had him handcuffed and dragged out of the store in front of customers. The employee was innocent and won a $250,000 lawsuit. Some guilty perpetrators have won legal settlements larger than the amounts they embezzled.



Rationalization -- In this stage, people try to explain away or minimize the fraud. They rationalize that: o The fraud was not all that bad; o The perpetrator must have had a good reason; or o The perpetrator is a good person who made a mistake and deserves a second chance. o Interviews during this stage can lack objectivity, make finding the truth difficult, and harm prosecution efforts. The rationalizations lead to a decision not to prosecute, to weak testimonies and to easy penalties.



Depression -- As a person realizes the fraud is more than just a little mistake, a period of depression sets in. This is often caused by a sense of loss, disappointment, or embarrassment. If people withdraw, lose interest, or become uncooperative, they may not be willing to help with the investigation. Interviews in this stage are often not as useful as those in the acceptance stage.



Acceptance -- Most people affected by a fraud eventually accept what happened, put it behind them, and move on. The acceptance stage can be reached faster and easier by explaining the perpetrator's motivations and sharing the facts surrounding the fraud. Interviews in this stage are the most useful since witnesses are the most willing to help and cooperate.

Interrogation An interrogation is a structured interview of a suspect or target for the purpose of obtaining a voluntary and legally binding confession of guilt. • Purposes -- An interrogation has three main purposes: o To obtain an admission of guilt. However, many fraud perpetrators do not confess during an interrogation. o To identify and neutralize any defenses the perpetrator may raise. o To obtain information that can be used to impeach the perpetrator. Information impeaching a suspect's honesty is almost as good as a confession.

150

Chapter 6: Fraud Investigation and Audit

The difference between an interview and an interrogation is that an interview is conducted to obtain information about the fraud, while an interrogation is conducted to obtain a confession or information that can impeach the suspect. Investigators can move from one to the other. For instance, an interview can turn into an interrogation if the investigator begins to suspect the interviewee is guilty. Likewise, an interrogation can turn into an interview if the investigator perceives the interviewee not to be guilty. The suspect is usually the last person the investigator interviews. An investigator cannot be too prepared for this interrogation since the strength of the case may depend heavily on a confession or evidence to impeach the suspect. The interrogation should only be conducted when: o As much information as possible has been gathered from sources other than the suspect; o There is evidence that only the suspect can provide; and o The investigator is able to control the time and place, as well as the subject matter of the interrogation. The investigator should follow the interview guidelines mentioned above. In addition, the investigator must be very patient since getting a person to confess guilt is not easy and takes time. The investigator should also follow the traditional guidelines listed below. o Make sure the suspect voluntarily consents to the interrogation. o Allow the suspect to terminate the interrogation when desired. o Never make suspects feel as though they are trapped, such as by locking the interview room. o Never deny suspects the right to consult with an attorney or have one present during the interrogation. o Whenever possible, never have anyone other than the suspect in the room. • Techniques -- There are a number of techniques the investigator should use when guilt is reasonably certain. o The investigator should begin by introducing himself or herself and explaining why he or she would like to talk to this person. o Help suspects get used to answering questions by asking about their background. Also try to pick up leads in case the suspect later refuses to cooperate. While asking these nonthreatening questions, carefully look for suspicious behavior. o Politely, but directly and without qualification, confront the suspect and observe the reaction. If the suspect strenuously denies the allegation, that is often a sign of innocence. A passive reaction by the suspect could be an indication of guilt. o Provide suspects with a morally acceptable excuse for their behavior. The intent is for the suspect to be able to say "It was okay for me to do it because … " If the excuse is accepted, this may be an indication of guilt.

151

Chapter 6: Fraud Investigation and Audit

o If guilt is denied, show the evidence. Suspects never confess as long as they are still denying guilt. Again, provide a morally acceptable rationalization for the behavior. o If the suspect does not accept the rationalization, offer alternate rationalizations and ask about guilt again in a nonoffensive way. o If that does not work, try to get the suspect to explain the behavior. Try for a partial admission of guilt because that often leads to a full admission later on. o Try to catch the subject lying about some aspect of the fraud. Suspects lose confidence when they realize you know when they are lying. o If the suspect does confess, assure the suspect that it is the right thing to do. Keep the suspect talking and try to get all the details. o Write the confession down. Be sure to include the suspect's reason for committing the fraud. Do everything possible to get the suspect to sign the confession before leaving. o End the interrogation on a positive note because the suspect's cooperation may be needed in the future. Suspects are more likely to cooperate later if they believe the investigator is not out to hurt them. In order for an interrogation to be successful, the fraud investigator must confront perpetrators in a positive way and provide them with an "out" (rationalization for their behavior). People who commit fraud need a safe harbor, and the fraud investigator must provide this. The investigator should minimize the crime and maximize the sympathy offered to the perpetrator. Personal-Observance Evidence Most auditors use observation as a means of gathering evidence in their audits. For example, they observe the client taking inventory and test count it. Fraud investigators also observe items or activities of interest. However, they expand the observation evidence to include surveillance, undercover operations, and invigilation. Surveillance Surveillance is the secret and continuous observation of persons, places, and things to obtain information about the identity and activity of individuals suspected of fraud. It provides evidence that is probably not available through any other means. The objectives of surveillance are to: • Obtain information and evidence regarding the fraud; • Develop investigative leads; • Catch perpetrators in the act of committing the fraud; • Obtain sufficient evidence for a search warrant to be obtained; and • Identify people who are colluding with or helping the perpetrator. Surveillance can be stationary, such as a stakeout, where the investigator does not move, or it can be a moving surveillance, where the investigator follows the subject moving

152

Chapter 6: Fraud Investigation and Audit

from place to place. Electronic surveillance is the use of some sort of electronic device, such as a hidden tape recorder or video camera. Great care should be used to make sure that surveillance does not violate applicable privacy laws. It is a good idea to receive clearance from human resources and the legal department before using surveillance as a tool in a fraud case. Undercover Operations In an undercover operation, a person assumes a new identity in order to gather information about a fraud. These operations require a high degree of skill and planning to be successful. Done properly, they can produce a great deal of information and evidence. If the surveillance backfires, someone could get hurt or the company could blow its whole case. An undercover operation is best used when there is collusive fraud on a large scale that cannot be investigated thoroughly in any other way. It is wise to use or consult law-enforcement agencies in undercover operations. Searches Searching a suspect's desk, locker, or other work area can produce valuable evidence. However, improper searches can open an investigator and the company to many charges. These charges include assault, battery, false imprisonment, invasion of privacy, slander, defamation, wrongful or abusive discharge claims, or grievances and arbitration in a union environment. To avoid these problems: • Consult legal counsel before conducting any searches. • Develop a policy allowing you to search ALL company property. Have employees read and sign it. Give them a copy and keep a copy in the employee's personnel file. • Post the search policy where employees will see it and include it in all company handbooks and policy statements. • If appropriate, clear the search policy with company unions. • Do not conduct the search in the presence of other company employees. • Conduct the search on company time and in a dignified and reasonable manner. • Do not touch employees. Invigilation Invigilation is a process of observing and controlling company activities so closely for a period of time that fraud is virtually impossible. Company results before or after the period of invigilation are then compared to the results during the fraud. Example:

A gasoline distributor suspected it was losing fuel in an inventory fraud. It hired a virtual army of guards for a 30-day period to patrol the plant so closely that fuel could not leave without the guards knowing about it. After the invigilation, investigators compared the before-invigilation orders of its customers to their orders during invigilation. Two gas

153

Chapter 6: Fraud Investigation and Audit

stations went from ordering 2,000 gallons a month to almost 19,000 gallons. The orders of these stations were monitored after the invigilation period and within a few months their orders were back down to 2,000 gallons. A surveillance using night cameras caught the stations receiving stolen gasoline. An examination of their books showed they had colluded with a company employee to defraud the distributor out of 62,000 gallons of gas. Invigilation can, however, be a time-consuming and expensive investigative technique. As a result, it is usually not used unless other investigative techniques fail. The following guidelines help maximize the use of the technique: • Obtain top management approval for the operation. • Determine exactly what the invigilation should accomplish. • Restrict the invigilation to a specific and self-contained area. • Review the records of the area to be controlled during the invigilation to become more familiar with its normal operations. • Determine beforehand exactly which controls are needed to prevent the fraud during the invigilation period. • Conduct the invigilation for a minimum of two weeks. Physical Evidence Physical evidence is the least-used type of evidence in a fraud investigation. In other crimes, it involves the examination and analysis of items such as murder weapons, drug paraphernalia, etc. A fraud investigation can sometimes involve the examination and analysis of things like: • Fingerprints; • Broken locks; • Physical objects, such as stolen inventory; • Substances, such as grease and fluids; • Traces, such as paints and stains; and • Impressions, such as cutting marks and tire tracks. Case Study Directions: 1. Review the information. 2. Use the space provided for your notes. The Facts: The property/casualty insurance industry estimates that 10 percent of the $200 billion in annual claims payouts is bogus. Insurance and law-enforcement officials say that the profits from fraud are enormous and the chance of prosecution is usually small. Consider the following three types of scams: 1.

Staged car accidents, in which con artists hire people to cause a collision so they can inflate legal and medical bills.

154

Chapter 6: Fraud Investigation and Audit

2.

Faked deaths, especially those taking place overseas. Desktop publishing systems are used to create authentic-looking copies of death certificates. In Long Beach, Calif., these certificates had a street value of up to $1,000. In addition, for the right amount of money, officials in some countries are willing to hand out death certificates. Example:

3.

In an actual incident, one father tried to collect on a $10,000 insurance policy on his son who supposedly died in a taxi accident in Mali. An investigator found his son playing in his grandfather's yard. The official who signed the death certificate admitted signing it without seeing the body.

Inflated property-loss claims, such as in the following example: • Transamerica Insurance received a $90,000 claim from E. Vincent Leather Goods, a luggage retailer. A fire that killed two people also destroyed a third of its inventory and damaged its building. Domenick Casati, the owner of Vincent Leather, hired Seymour Berson, a public adjuster, to prepare its case and present it to the insurance company. Berson's fee for such cases sometimes reached 33 percent of the settlement amount. Transamerica hired an independent salvage company to inspect the damage. Joseph Rigney, the salvage-company employee, claimed that the inventory was so badly damaged it could not be salvaged. Dennis Stern, a claims adjuster for Transamerica, disagreed with the claim amount and reduced it by several thousand dollars before signing off on the claim. Unfortunately, the actual loss was only about $10,000, and the claim was inflated by more than $80,000. The fraud was detected when the storeowner's son let it slip to Transamerica's broker that the claim was inflated. The ensuing investigation revealed that Berson, Rigney, and Stern were all linked to several other suspicious claims. Investigators got the storeowner to confess to his part of the scheme and to tape Berson saying that if everyone "kept their mouths shut," Transamerica would suspect nothing and pay the claim. With the scam falling apart, Casati, Berson, and Stern plea-bargained; Rigney was convicted of fraud. The Justice Department, the Postal Service, and the IRS undertook a massive investigation into these types of property losses. What did the investigation uncover? • •



The U.S. Postal Inspector on the case stated that he had never seen such pervasive fraud in his 21 years as an investigator. More than 100 defendants were accused of cheating insurance companies out of more than $500 million by fabricating or inflating claims; over 90 have been convicted. Insurance claims adjusters admitted to taking bribes of up to $75,000 per claim.

Case Questions:

155

Chapter 6: Fraud Investigation and Audit

1.

What red flags might indicate a fraudulent life insurance claim?

2.

Why is the property/casualty claims adjusting process highly susceptible to fraud?

3.

What can insurance companies do to increase the likelihood of detecting bogus claims?

4.

How could computers be used to detect bogus claims?

1.

Suggested Solutions -- Case Study The following red flags indicate that a claim may be fraudulent: a. Death occurred overseas. In places such as Haiti and Zaire, political turmoil makes investigations difficult and false death certificates easy to get. b. Lack of physical evidence. Fake claims often state that the body was cremated. c. Papers are in perfect order. Relatives of someone who dies often do not know what insurance paperwork is needed. A red flag is raised when the beneficiary quickly provides all of the required documentation.

2.

The property/casualty claims adjusting process is susceptible to fraud for the following reasons: a. Claims of less than $50,000 are rarely investigated. b. Insurance companies are forced to rely on independent contractors over whom they have little control to estimate the damages. c. There are few checks on employee honesty and there are many opportunities to commit fraud.

3.

Insurance companies can take the following steps to detect fraudulent claims: a. Pay attention to details such as photos that do not show the reported damage and water beaded up on surfaces days after an accident supposedly happened. (Note: One investigator found two claims to totally different insurance companies that had the exact same damage photos.) b. Pay special attention to water damages, as they are a common theme of many property/casualty claims. (Note: One public adjuster had a plumber install a urinal in a business so employees could break the connecting pipes and cause water damage.) c. Inspect more claims sites.

4.

Computers can be used in the following ways to detect fraudulent claims: a. Develop a program that flags suspicious claim patterns or statistical anomalies such as: • Does a particular adjuster file a disproportionate number of water claims? • Does the pairing of a particular adjuster and salvage inspector result in an unusual number of decisions to leave the damaged goods with the policyholder?

156

Chapter 6: Fraud Investigation and Audit

b.

Create massive databases using law-enforcement and insurance company records. For example, the National Insurance Crime Bureau (NICB) has gathered 300 million records. Their investigators search for suspicious claims that have the same doctor, lawyer, address, or driver’s license number. Since the insurers who fund NICB do not share information directly, they avoid privacy and anti-trust issues. The Sarbanes-Oxley Act of 2002

How the Sarbanes-Oxley Act of 2002 Impacts the Accounting Profession President George W. Bush signed the Sarbanes-Oxley Act on July 30, 2002. The Act, which has a significant effect on the accounting profession, applies to publicly held companies and their audit firms. The biggest impact of the Act is on all CPAs who audit publicly traded companies, especially the largest accounting firms. However, there is concern that there will be a cascade effect. Of special concern is the possibility that the Act may influence other federal and state legislative or rule changes. That could result in Sarbanes-Oxley requirements trickling down and directly affecting small businesses, nonpublic companies subject to other regulations, and the CPAs that provide services to them. The most important aspects of Sarbanes-Oxley Act are discussed as follows. Public Company Accounting Oversight Board Sarbanes-Oxley created a new Public Company Accounting Oversight Board (PCAO Board). The PCAO Board will oversee and investigate the audits and the auditors of public companies. Details of the PCAO Board are as follows. • Composition -- The SEC appoints and oversees the five full-time PCAO Board members to five-year terms. Three of the five PCAO Board members must not be and cannot have been CPAs (they are known as the “Non-CPA members”). The remaining two must be or have been CPAs (they are the “CPA member”). The chairperson can be a CPA member, but cannot have practiced accounting during the five years preceding the appointment. PCAO Board members can be removed by the Commission “for good cause.” Salaries of the PCAO Board members are in the range of $400,000 per year and above. • Funding -- The PCAO Board is funded in several ways. Public companies will pay mandatory fees and accounting firms that audit public companies must register with the PCAO Board and pay registration and annual fees. • Standard setting -- For public company audits, the PCAO Board will set standards for audit-firm quality controls. They can do this by setting the standards themselves or by adopting standards set by other groups or organizations, such as the FASB, ASB, etc. The PCAO Board is to set standards for services such as auditing and other related attestation services, quality control, ethics, independence, and any other standards that are necessary to protect the public interest. All public accounting firms that assist in the preparation or issuance of any audit report must register with the PCAO Board. • Investigative and disciplinary authority -- The Sarbanes-Oxley Act gave the PCAO Board the following powers: o The power to regularly inspect the operations of registered accounting firms.

157

Chapter 6: Fraud Investigation and Audit

o The power to investigate potential violations of securities laws, standards, competency, and conduct. During these investigations, the PCAO Board has the power to require registered accounting firms to testify or produce documents. They can also request information from relevant persons outside the firm. In certain circumstances, and with SEC approval, the PCAO Board can also refer investigations to the Department of Justice, state attorneys general, or state boards of accountancy. o The power to sanction firms and individuals for violations of laws, regulations and rules. Sanctions can be imposed for a number of reasons, including noncooperation, violations, or failure to supervise a partner or employee in a registered accounting firm. The PCAO Board can impose the following sanctions: • Revocation or suspension of an accounting firm's registration; • Prohibition from auditing public companies; and • Imposition of civil penalties. • International authority -- In one of its more controversial parts, the Sarbanes-Oxley Act requires foreign accounting firms: (i) to be subject to the authority of the PCAO Board if they prepare or furnish an audit report involving U.S. registrants; and (ii) to supply their audit workpapers upon request to the PCAO Board or the SEC if a registered U.S. accounting firm relies on the opinion of the foreign accounting firm. New Roles for Audit Committees and Auditors Sarbanes-Oxley changed the relationship between accounting firms and their publicly held audit clients. • Auditors now report to and are overseen by the company's audit committee, not company management. All audit committee members must be independent members of the board of directors. • All audit and nonaudit services provided by the auditor must be preapproved by the audit committee. • The auditor must report the following new information to the company’s audit committee: o Critical accounting policies and practices to be used; o Alternative treatments of financial information within GAAP that have been discussed with management; o Accounting disagreements between the auditor and management; and o Other relevant communications between the auditor and management. • Sarbanes-Oxley statutorily prohibits the following eight services and makes it unlawful for an auditor to provide them to a publicly held client company. (Services other than those banned are allowed if the audit committee preapproves them): o Bookkeeping; o Information systems design and implementation; o Appraisals or valuation services; o Actuarial services; o Internal audits; o Management and human-resources services;

158

Chapter 6: Fraud Investigation and Audit

• •

o Broker/dealer and investment banking services; o Legal or expert services unrelated to audit services; and o Other services the PCAO Board decides to prohibit. On public-company engagements the lead audit partner as well as the audit-review partner must be rotated every five years. Accounting firms are not allowed to provide audit services to public companies if one of their company's top officials was employed by the accounting firm and worked on the company's audit during the previous year. Top officials would include the CEO, Controller, CFO, Chief Accounting Officer, and other such officers.

Criminal Penalties Sarbanes-Oxley created several penalties. • Individuals who willfully fail to maintain audit and review workpapers for at least five years can be convicted of a felony, with penalties of up to 10 years. The law instructs the SEC to establish a rule covering the retention of audit records. The PCAO Board is to issue standards that compel auditors to keep other documentation for seven years. • Destroying documents in a federal or bankruptcy investigation is a felony, with penalties of up to 20 years. • Securities-fraud criminal penalties were increased to 25 years. • The statute of limitations for the discovery of fraud was changed. It is now extended to the earlier of two years (rather than one) from the date of discovery and five years (rather than three) after the act. • Sarbanes-Oxley bans personal loans to executives and directors. • The Act prohibits insider trading during blackout periods. • Directors, officers, and 10% owners must report certain transactions by the end of the second business day following the day on which the transaction was made. • A violation of the Sarbanes-Oxley Act or of any SEC or PCAO Board rule is treated as a violation of the SEC Act of 1934. • Employees of public-companies and accounting firms are given “whistleblower protection” when they lawfully disclose private employer information to certain parties when there is a fraud claim. Financial Reporting and Auditing Process Additions With respect to financial reporting and auditing processes, issuers of public stock and their auditors must follow certain new rules and procedures. • Every public-company audit report must undergo a thorough second partner review and approval. • Management is now required to assess the effectiveness of the company’s internal-control structure and procedures and make representations about them. • All audit reports must attest to management’s assessment of the company's internal-control structures. The audit report must also include a specific notation about any significant weaknesses or any material noncompliance found during the tests. • Every public-company must state whether or not it has adopted a code of ethics for senior financial officers.

159

Chapter 6: Fraud Investigation and Audit

Business and Industry CPAs CPAs in business and industry are also impacted by the Act, as CEOs and CFOs are now required to certify company financial statements and have new requirements regarding enhanced financial disclosures. Top management also has greater responsibilities with respect to communicating and coordinating with corporate audit committees. Recent Accounting Scandals The Collapse of Enron Corporation How could America’s seventh-largest company (the sixteenth largest in the world) go from billions of dollars in revenue to one of the largest corporate bankruptcies in United States history in a matter of months? In the wake of Enron’s downfall, thousands of employees have become jobless with worthless pensions, one of the former Big Five accounting firms, Arthur Andersen, has utterly crumbled, and hundreds of American companies using aggressive accounting methods have been affected. In sum, the entire ambit of financial-statement reporting has come under scrutiny -- all due to the catalytic disclosure of Enron’s corrupt accounting practices. A Rocky Start to Rocketing to the Top Enron Corporation was formed in July 1985 as the result of the merger of Houston Natural Gas and InterNorth of Omaha, Nebraska. From the company’s inception, Enron was saddled with considerable debt acquired from the merger. Furthermore, natural-gas pipelines had just been federally deregulated and Enron no longer had exclusive rights to its pipelines. Struggling to cope with the new forces of the marketplace, Enron realized it was necessary to change its business strategies in order to turn a profit. The company resorted to assistance from the consulting firm of McKinsey and Company. There, a young consultant named Jeffrey Skilling was given the task of improving Enron’s approach. Skilling was indeed the remedy to Enron’s woes; in fact, he came up with an innovative plan that revolutionized the gas-pipeline business. Skilling created the idea of a “gas bank” in which Enron would purchase gas from a ring of suppliers and then sell it to a group of consumers. The price and supply were both guaranteed in the form of a contract, and Enron extracted fees for transactions and for assuming the risks. This idea of the energy derivative immediately took off, and Enron’s CEO, Kenneth Lay, rewarded Skilling’s ingenuity by making him head of the newly created Enron Finance Corporation in 1990. Enron soon became one of the world’s leading energy, commodities, and service companies by marketing electricity and natural gas, delivering energy and other physical commodities, and providing financial and risk-management services to customers around the world.2 By the early 1990s, Enron Corporation had established itself as one of the largest corporations in the United States and was a favorite of Wall Street as the leading trader of electricity in the nation. On the 2001 Fortune 500 list, Enron ranked seventh with revenues of $101 billion in the year 2000.3 In

2 3

www.enron.com. www.fortune.com.

160

Chapter 6: Fraud Investigation and Audit

early January 2001, shares of Enron stock were trading for slightly more than $80 a share, and the market capitalization of the company was around $60 billion. Cracks Appear Enron’s success of the 1990s would not last, however. The company’s good fortune really began to sour at the beginning of 2001, and the company hit rock bottom on December 2, 2001 when it voluntarily filed for Chapter 11 reorganization with the U.S. Bankruptcy Court for the Southern District of New York. To date, Enron’s $63 billion filing is one of the largest corporate bankruptcies in United States history. What led to this demise of such massive proportions? First of all, Enron’s corporate culture made conditions ripe for wrongdoing. The company adopted a diehard obsession with being the best, and that obsession was filtered down through the ranks. Enron sought out the best employees and the brightest recruits, while showering them with limitless merit-based bonuses. The perks of being affiliated with one of the world’s top corporations, however, did not come without a price. Pressure to deliver solid earnings was exuded through every facet of the company. Performance reviews became little more than profit-assessment evaluations where employees were sized up through a merciless ranking system. Internal competition and secrecy reigned wildly and the burden of delivering immediate tangible profits caused the company to value instant earnings rather than slowly maturing deals. Enron’s financial difficulties started in the late 1990s when the company incurred millions of dollars of investment losses. Despite the company’s apparent financial difficulties, Enron executives began to look for ways to hide the company’s losses instead of getting financial help and making early, full public disclosures. This was done to meet Wall Street’s demand for smoothly growing earnings and to keep the company’s stock price rising. Enron employed all kinds of tactics to remove assets from its books, and executives started running mysterious offbalance-sheet partnerships. Assets were taken off Enron’s books and parked with partnerships controlled by Enron executives.4 Debt was taken on by the related partnerships and then ignored in Enron’s audited financial statements.5 Enron disclosed as little as possible about these partnerships, and financial-statement users were left with a set of highly complicated financial statements that were difficult to understand.6 In short, Enron was cooking the books. Enron’s partnerships were only part of the financial scandal. Enron was also overly aggressive in its use of mark-to-market accounting. Mark-to-market accounting entails pricing securities at their fair value and running gains or losses through the income statement. While mark-to-market accounting is not illegal in and of itself, it creates the potential for abuse and manipulation of the financial statements, especially when companies have no benchmark of fair value. Enron’s longterm energy contracts were priced in an illiquid market where there was no benchmark of fair value. As a result, Enron often relied on internal models to determine the fair value of its securities, which created the potential for abuse and manipulation of the financial statements.7 Under grueling pressure to deliver ever-higher earnings, Enron‘s valuation estimates probably

4 5 6 7

Stewart, Thomas. “Two Lessons From the Enron Debacle,” Business 2.0, December 5, 2001. Schonfeld, Erick. “Enron is Dead. Long Live Enron,” Business 2.0, December 7, 2001. McLean, Bethany. “Why Enron Went Bust,” Fortune, December 24, 2001. McLean, Bethany. “Monster Mess,” Fortune, February 4, 2002.

161

Chapter 6: Fraud Investigation and Audit

significantly overstated earnings. In fact, in 2000 unrealized trading gains made up more than half of Enron’s stated $1.41 billion pretax profit.8 Exacerbating the Downward Spiral It did not help matters that Enron’s competitive edge was beginning to dull during the last years of the 1990s. Companies with clout began copying Enron’s unique strategy and filled the industry with Enron clones competing against each other. By the end of 2000, the firm’s huge profit margins were becoming a thing of the past. Consequently, energy prices were beginning to tumble as the year 2001 began, and a world recession was on the horizon. This squelched the opportunities for taking advantage of market volatility and making massive, swift trading gains that Enron had so easily capitalized on in the past. Driven to diversify, Enron clung to the notion of being the world’s largest trading market for every type of industry it entered. Unfortunately, Enron also overextended itself in many areas and was too arrogant to admit defeat. Take Enron’s lofty venture into broadband, for example. In January 2000, Enron went public with its plan of constructing a high-speed broadband telecommunications network. The ill-fated firm figured it could cash in on the Internet technology boom by trading bandwidth just as it had built a grandiose empire around energy trading. While Enron dumped millions and millions of dollars into the project, the investment sustained a stingy return. Wall Street, however, turned a blind eye to this fact, and instead rewarded the venture with an even higher stock price. Fortune and other magazines repeatedly praised Enron as one the most admired companies in the world. Exposing the Antics Enron’s creative accounting went on for a few years (from as early as 1995 to 2001), despite warnings from several individuals both inside and outside the company that something was going on. For instance, in February 2001 an Arthur Andersen memo to David Duncan, the manager in charge of auditing Enron’s books, expressed concern about Enron and indicated that discussions had taken place about the company’s substantial related-party transactions. Later in October, Duncan led efforts to shred thousands of Enron audit documents and to erase a slew of electronic files in keeping with the company’s once-obscure document-retention policy. This frenzied effort to destroy sensitive documents was conducted after the Securities and Exchange Commission requested information for an informal investigation of Enron. Perhaps more telling than the Andersen memo was a letter sent to chairman and CEO Kenneth Lay in August 2001. Sherron Watkins, Enron’s vice president of corporate development, sent the letter to Lay expressing concern that Enron would “implode in a wave of accounting scandals.” Watkins complained about the “veil of secrecy” that surrounded the so-called special-purpose entities in which Enron masked hundreds of millions of dollars of debt and investment losses. She also indicated that company officials “consistently and constantly” complained about the company’s accounting practices to former Enron CEO Jeffrey Skilling. The letter raised questions about Lay’s knowledge of the company’s inner workings. Lay reacted to the letter with concern and surprise and assured Watkins he would look into the matter. He asked Enron’s

8

Thomas, C. William. “The Rise and Fall of Enron,” Today’s CPA, March/April 2002.

162

Chapter 6: Fraud Investigation and Audit

law firm, Vinson and Elkins, to look into the matter, but Enron suggested the lawyers should not “second-guess the accounting treatment” given by the company’s auditor, Arthur Andersen.9 In a testimony before the House Energy Commerce Committee on February 14, 2002, Watkins expanded on what she wrote in her August 2001 letter by saying that Skilling had considerable knowledge about the controversial private partnerships run by the firm’s former chief financial officer, Andrew Fastow. Watkins also testified that she believed Mr. Skilling and Mr. Fastow, along with the accounting firm Arthur Andersen and Enron’s legal counsel, Vinson and Elkins, duped Kenneth Lay and the board of directors.10 In October 2001, Enron announced a third-quarter loss of $638 million and indicated that its value was $1.2 billion less than had previously been reported. In November 2001, Enron restated its earnings since 1997, reducing profits by nearly $600 million. For the next couple of years, the Enron fraud sparked lengthy investigations into many aspects of the company, several of which are still unresolved. On March 11, 2002, the chairman of the Commodity Futures Trading Commission indicated that the government would investigate whether Enron Corporation committed fraud or manipulated markets through improper trading. The Justice Department, the Securities and Exchange Commission, and a dozen congressional committees are still investigating Enron, its accounting practices, and the influence Enron’s longtime auditor Arthur Andersen had on Enron’s accounting practices. The Labor Department is investigating Enron’s actions in banning employees who lost their retirement savings from selling stock in their §401(k) plans for about three weeks. Finally, the Federal Energy Regulatory Commission is examining energy-price manipulation by Enron and other traders in Western wholesale power markets,11 especially since former Enron energy trader Jeffrey S. Richter pleaded guilty in February 2003 to criminal conspiracy while attempting to manipulate California’s energy markets during its 2000-2001 electricity crisis. What About the Board? Doubt has also rightfully fallen on Enron’s board of directors. Many inquiring minds marvel how the board could be so ignorant of the company’s shady tactics or so paralyzed to act. A panel of Senate investigators wondering the same questions released a report in July 2002 of their inquiries. In their findings, members of the subcommittee concluded that Enron’s board members not only knew about Enron’s risky accounting practices, but they also could have prevented many of them, as well as the pervasive debt-hiding and conflicts of interest. In January 2005, 10 of the 18 former directors settled a class-action lawsuit by agreeing to pay a total of $13 million from their own pockets. This sum is rather meager considering that the group sold shares worth $250 million prior to the collapse of the company. Furthermore, findings show that the compensation committee gave its stamp of approval on issuing Ken Lay a $7.5 million credit line while allowing him to pay back those loans with company stock. No board member seemed to catch on to the suspicious fact that Lay cashed out 9 10

11

Dizikes, Peter. “Arthur Andersen Fires Chief Enron Auditor,” www.Abcnews.com, January 15, 2002. Douglass, Linda and Yesner, Stephen. “Enron Whistle-Blower Rips Execs in Congress,” www.Abcnews.com, February 14, 2002. Gordon, Marcy. “Government Investigates Enron Trade Fraud,” www.Newsday.com, March 12, 2002.

163

Chapter 6: Fraud Investigation and Audit

$77 million worth of Enron stock in a single 12-month period. Other conclusions prove that the board was told as early as 1999 by its auditing firm, Arthur Andersen, that Enron was “pushing the limits” of accounting practices.12 While the board was cleared of any disciplinary action by the SEC in September 2002, it still has a lot of explaining to do. Inquiries into the actions and inactions of Enron’s board of directors have simply turned up more and more blame. A Painful Lesson Enron’s auditing firm, Arthur Andersen, on the other hand, has undergone severe punishment in the aftermath of the Enron fiasco. In April 2002, David Duncan pleaded guilty to obstruction of justice for his document-shredding shenanigans. Six months later, in October 2002, Arthur Andersen was sentenced to five years probation and fined $500,000 for obstruction of a federal investigation of Enron, the maximum penalty dictated by law. A few years later (May 2005), this sentence was overturned by the Supreme Court. While Andersen eventually won its case, it seems highly unlikely that it can ever return to is level of prominence in the accounting industry. Andersen still faces civil suits from its Enron audits, as well as suits from other former clients. However, the recent Supreme Court ruling may make it easier for Andersen to defend itself. The federal Enron Task Force could also invoke further prosecution if it determines that the people managing and reporting Enron’s earnings can be charged with stock manipulation. The tarnished reputation of the former Big Five accounting firm has cost the company more than penal fines, however; the conviction has stripped Arthur Andersen of its entire core business. As of August 31, 2002, Andersen ceased auditing public companies, and the firm currently employs a meager 200 workers, down from the 28,000 workers it employed at its peak. The flames of the Enron inferno have almost single-handedly sucked the life out of the 89-year-old firm. Arthur Andersen is not the only entity that has been punished for its dishonesty. In September 2003, Ben Glisan Jr., former Enron treasurer, pleaded guilty to conspiracy charges and became the first former Enron executive to be sent to jail. Glisan was sentenced to five years. On October 31, 2002, Andrew Fastow, former Enron CFO, was indicted on 78 counts for devising the accounting practices that artificially inflated Enron’s profits. Fastow’s wife Lea, along with seven other former executives, was also charged on May 1, 2003 for taking part in some of her husband’s deals. The pair pleaded guilty on January 14, 2004, after striking an agreement: Andrew pleaded guilty to conspiracy in a deal and received a 10-year sentence (later reduced to six years) with a requirement to help in the ongoing investigation, while his wife admitted guilt in filing false tax forms and received a 12-month prison sentence. In addition, Andrew Fastow settled civil charges with the SEC by surrendering more than $23 million in civil and criminal penalties. In November 2006, two Enron executives received reduced sentences after helping prosecutors convict the architects of Enron’s accounting fraud. Mark Koenig, the former investor-relations head, received a sentence of 18 months. He pleaded guilty in August 2004 to one count of aiding and abetting securities fraud and could have served as many as 10 years in jail. Michael Kopper, who was at one time the top lieutenant to Andrew Fastow, was sentenced to just over three years in jail. He pleaded guilty to money-laundering and conspiracy to commit wire fraud in 2002 and 12

Byrne, John A. “No Excuses for Enron’s Board,” Business Week, July 29, 2002.

164

Chapter 6: Fraud Investigation and Audit

could have faced up to 15 years in jail. Both men were fined $50,000 each, and after prison will be on probation for two years. The indictments have not stopped there. On January 22, 2004, Richard Causey, former chief accountant at Enron, was indicted on six counts including conspiracy and fraud charges. Causey pleaded guilty on December 28, 2005 to securities fraud. In exchange for cooperating with the government he received only a five and a half year prison sentence, which he started serving at the beginning of 2007. After serving his time in prison, he will be on probation for two more years and will pay a $25,000 fine, to go along with the additional $1.5 million that he has already agreed to pay or forfeit. A month after Causey’s indictment in 2004, Enron’s former CEO Jeffrey Skilling was finally indicted after over two years of investigation. Skilling was indicted on 35 counts including insider trading, conspiracy, securities fraud, and wire fraud. In July 2004, Lay was charged with and pleaded not guilty to 11 criminal counts. He immediately went on the offensive, holding a press conference to proclaim his innocence. He laid the blame for the company’s downfall on former CFO Andrew Fastow. In May 2006, Skilling and Lay were both convicted of conspiracy and fraud. However, Lay died from a heart attack on July 5, 2006, and his convictions were dropped, since he did not have a chance to appeal. It appears that Lay’s estate will get to keep all of his Enron proceeds unless civil court proceedings change things. In May, Skilling was convicted in federal court on 19 counts. He was sentenced in October 2006 to over 24 years in jail, but it now appears that he may serve much less time in jail, since the Fifth Circuit Court of Appeals has criticized many of the verdicts against Skilling. However, it is unlikely that all 19 counts will be dropped, so he will face some time in prison. The Enron web of deceit has also continued to grow as more and more companies have found their entanglements with the firm coming to light. For example, in September 2002, a complaint was filed in the federal court in Houston citing the role of Merrill Lynch and Company in knowingly aiding a bogus transaction to boost Enron’s quarterly earnings. In November 2004, five former executives from Enron and Merrill Lynch were convicted of conspiracy and wire fraud. Because their crimes cost the company at least $12 million, each could receive a 12-year jail sentence. Later, in December 2002, it was revealed that Citigroup and J.P. Morgan Chase helped Enron hide debt or avoid taxes in previously undisclosed deals. Although some firms have had to pay for their participation in the Enron fraud, others have been able to escape liability from the class-action lawsuit. In December 2006, a $1 billion claim brought against investment firm Alliance Capital Management LP, now known as AllianceBernstein LP, was dismissed. The claim had to do with alleged fraud relating to its underwriting of Enron securities. Then in March 2007, a federal court ruled that Enron shareholders could not continue with a class-action lawsuit against banks and other firms for their alleged participation in Enron’s accounting fraud. Internal employees were not the only ones deeply affected by the company’s collapse. In July 2004, Enron was granted approval to be removed from bankruptcy protection, under a plan that

165

Chapter 6: Fraud Investigation and Audit

grants creditors a return of a mere $.20 on the dollar from their investments. Shareholders, however, will receive absolutely nothing. Regardless of how all the investigations and negotiations turn out, one thing is for certain: the Enron case taught the world an alarming lesson about the comprehensiveness and subtleties of fraud, as well as the consequences and penalties of greed. Fortunes, companies, and lives have been shattered as a direct result of allowing wily accounting mechanisms to compensate for simple honesty. Fortunately, public disgust and outrage has helped create new legislation and regulations to crack down on corporate fraud. Hopefully, with these new procedures in place, the corporate world can work to ensure that Enron does not repeat itself somewhere else.13 The Rise and Fall of WorldCom On the outside, the rise of WorldCom seemed to be the ultimate tale of success. After all, when a business evolves from a loose idea on a coffee-shop napkin into a multibillion-dollar company in less than two decades, it must be doing something right. Unfortunately for WorldCom, it was also doing many things wrong, including perpetuating critical accounting irregularities. The fraudulent actions at WorldCom subsequently led to the undoing of the company, as well as the largest bankruptcy filing ever in U.S. corporate history. Origins of the Ill-Fated Company In a small coffee shop in Hattiesburg, Mississippi, a group of entrepreneurs met one evening in 1983 to discuss an idea for a new long-distance telephone company. Bernard Ebbers, a former high school teacher and basketball coach and the leader of the group, sketched out the vision of their discussion -- a company called Long-Distance Discount Service (LDDS). By the end of the evening, it was proposed that LDDS would function as a long-distance reseller and would begin providing service in 1984. LDDS, WorldCom’s predecessor, was created in the months following the coffee-shop meeting. After a rocky period laced with financial difficulties, Bernie Ebbers became CEO of LDDS in 1985 and took over the helm of the company. Ebbers was a master at cutting costs, and under his direction the company was steered back on course once again. In August 1989, Ebbers took LDDS public. For the next 15 years, LDDS grew through a flurry of acquisitions. Ebbers’ strategy was to grow his company through buying other firms and adding them to the LDDS stockpile. Helping to stimulate the telecommunications boom of the 1990s in the process, Ebbers made over 70 acquisitions that often shocked the industry. Unfortunately, this strategy was not infallible; LDDS funded its purchases through heavy debt that bogged the company down in a massive mire of loans. One of Ebbers’ larger acquisitions occurred in 1994 when LDDS purchased IDB WorldCom, the fourth-ranked carrier of international long-distance calls at the time. LDDS renamed itself WorldCom Inc. one year later.

13

For more information on the Enron scandal, see the following article: Thomas, C. William. “The Rise and Fall of Enron,” Today’s CPA, March/April 2002.

166

Chapter 6: Fraud Investigation and Audit

The Growth Continues WorldCom continued to expand throughout the latter half of the 1990s. In 1996 Ebbers resumed his shopping spree by purchasing MFS Communications for $12 billion. This acquisition combined the company’s local telephone network with the newly acquired UUNet Technologies Inc., an Internet network. WorldCom has managed one of the most expansive, wholly owned IP networks in the world ever since. In 1998 Ebbers used the growth-through-acquisition strategy once more and WorldCom reached its pinnacle. After winning a bidding war with British Telecom, WorldCom and industry giant MCI joined forces in a $42 billion merger, the largest merger in history at the time. Operating in more than 65 countries, the new MCI WorldCom was crowned America’s number two longdistance phone company. At the same time Ebbers was expanding WorldCom at such a rapid pace, he was also recklessly growing his own personal entrepreneurial empire. Borrowing millions at a time from corporate banks and from WorldCom itself, Ebbers purchased a diverse array of companies. These companies ranged from an all-terrain-vehicle dealership to a soybean-and-rice farm in Louisiana to a minor-league hockey team. In 1999, Ebbers purchased 460,000 acres of timberland (an area large enough to cover half the state of Rhode Island) in the southeastern United States from Kimberly-Clark for a whopping $400 million. Previously, in 1998, he spent over $65 million to buy the famous 500,000 acre Douglas Lake Ranch in British Columbia. The purchase personified Ebbers’ over-the-top business style and breathless yearning for expansion: the Douglas Lake Ranch is the largest privately held ranch in Canada, complete with 20,000 head of Hereford and crossbreed cattle, its own general store, and a fly-fishing resort. All of the expansion experienced by WorldCom, as well as by Ebbers’ personal kingdom, earned nothing but rave reviews on Wall Street and in the media. WorldCom stock became a darling of analysts and investors alike with its double-digit growth. Then, in June 1999, the company’s stock peaked at $64.51 a share. The most sought-after athlete in the world, Michael Jordan, appeared in WorldCom’s commercials. And CEO Bernie Ebbers was ranked by Forbes magazine as one of the richest men in America. Teetering on the Edge WorldCom’s nationwide domination would not last, however. The ever-burgeoning company with Ebbers at the reins decided to press its luck once more in October 1999. With its familiar “bigger by buyouts” imperative, MCI WorldCom announced that it would acquire Sprint Corporation for $129 billion in stock and debt. This deal would have been the largest corporate takeover in history had the Department of Justice not stepped in the next year and blocked the merger. During this same time period, behind the facade of indefatigable public vigor, WorldCom was beginning to experience problems. The debt and expenses from WorldCom’s mass acquisitions, often purchased at inflated prices, were finally beginning to take their toll. Further complicating the enormous debt bloating the company, the stock market began to fall, along with longdistance rates and subsequent sales. Taken together, WorldCom’s situation was especially precarious.

167

Chapter 6: Fraud Investigation and Audit

Despite these difficult times, WorldCom continued to grow in profitability, at least according to the firm’s financial statements. Under immense pressure to expand and support its stock price, WorldCom knew any reversal in this upward trend would not be easily condoned by Wall Street. As CEO, Ebbers was especially obsessed with keeping the company’s stock price up. He began meetings with a prayer, immediately followed by a discussion about how to enhance the price of WorldCom’s stock. Hiding the Hard Times For the next two years, WorldCom struggled to remain profitable despite a slowing market. Ebbers relied heavily on his Chief Financial Officer, Scott Sullivan, during this period. Sullivan, who joined forces with Ebbers in 1992 when WorldCom bought his company out, had already established himself as Ebbers’ right-hand man. The two even shared adjoining offices at the company’s headquarters in Clinton, Mississippi. With a reputation as one of the most renowned CFOs on Wall Street, Ebbers never made a significant business decision without running it past Sullivan first. It was Sullivan who decided to take a more aggressive approach to the company’s accounting practices as market conditions weakened in the telecommunications industry early in 2001. Not wanting to let on to the public that WorldCom was struggling, Sullivan sought to dilute reality by rearranging certain financial-statement accounts. Instead of properly reducing profits, Sullivan spread costs to a future time when he figured future revenue would roll in and swallow up the loss. For example, one of WorldCom’s largest expenses, known as “line costs,” was for transport charges and renting access to local telephone networks. By booking a part of these line expenses as a capital expenditure in 2001, WorldCom was able to amortize a monstrous $3.1 to $3.8 billion hunk of these charges over a period of time, possibly as much as 10 years, and come out with a healthy net income of $1.38 billion. According to generally accepted accounting principles (GAAP), however, these line costs should have been recorded as an operating expense. Following GAAP in this case would have required WorldCom to subtract the entire line-cost expense out of the revenues produced for that quarter, resulting in a loss. Sullivan, concerned about his company’s image, decided he would take his chances with the creative accounting. Suspicions Arise As WorldCom’s expense-hiding practices continued, most of the public was still hoodwinked into thinking the company was thriving. However, some astute investors were convinced that WorldCom smacked of misconduct. In June 2001, a group of WorldCom shareholders formally filed a lawsuit against the firm. The suit included testimonies from a dozen former WorldCom employees, who described the same problems that eventually destroyed the company a year later. Unfortunately, the lawsuit was dismissed. As the year 2002 unfurled, WorldCom wariness had spread all the way to the Securities and Exchange Commission (SEC). An inquiry into the company’s accounting practices was soon underway. Later, in May, the SEC took the company by surprise when it submitted a request for

168

Chapter 6: Fraud Investigation and Audit

information. Because WorldCom had continued to report a profit throughout 2001 when its biggest competitors were losing money, suspicion about the firm’s numbers was sufficiently heightened. Additionally, the SEC launched an investigation into the loans WorldCom had approved to Bernie Ebbers for his personal investments. One loan, granted by Max Bobbitt, the head of WorldCom’s audit committee, was for a hefty $408 million. On April 30, 2002, Ebbers resigned as WorldCom’s CEO in an attempt to quell some of the controversy surrounding his company. John Sidgmore, WorldCom’s vice-chairman, replaced Ebbers and immediately ordered an internal review of the company’s books. WorldCom’s new outside auditor, KPMG, as well as WorldCom’s internal-audit team, was given the grisly job of uncovering the truth. (KPMG had replaced Arthur Andersen as WorldCom’s auditor once it came to light that Andersen was entangled in the Enron scandal.) Discoveries from the Inside While the SEC and KPMG were searching for answers, WorldCom’s internal-audit department was already hot on the trail. Cynthia Cooper, vice president of WorldCom’s internal-audit department, and her team were slowly piecing together WorldCom’s incongruities on their own. Beginning in March 2002, Cooper became aware that something was very wrong with her company’s accounting, and she enlisted her team to find out exactly what it was. After raising questions about curious financial inconsistencies to various superiors without getting any convincing explanations, Cooper decided that if she wanted answers she was going to have to find them herself. Her boss, CFO Scott Sullivan, offered no support. She immediately told her department that they would begin self-imposed financial audits of the information WorldCom was reporting to the public even though no one had assigned them this responsibility. On May 28, 2002, Gene Morse, one of Cooper’s auditors, discovered $500 million in fraudulent, undocumented computer expenses that were recorded as capital expenditures. Cooper and her team continued to dig for more clues. By the first week of June, Morse had uncovered a total of $2 billion in questionable accounting entries by accessing WorldCom’s computerized accounting systems. A week later when Cooper casually mentioned the audit she was working on to her boss to gauge his reaction, Sullivan immediately requested that she delay the audit until the next quarter. Cooper refused. On June 20, with help from KPMG, Cooper presented her team’s findings to WorldCom’s board. It All Comes Tumbling Down Days after Cooper met with the board, Sullivan was fired. Company controller David Myers, who also had a hand in the misstatements, resigned. The next evening WorldCom took Wall Street by surprise and dropped the bomb that it had overstated its profits by $3.8 billion over the previous five quarters. On June 26, the SEC stepped in and slammed the telecommunications giant with a civil fraud suit. Trading of WorldCom’s stock came to a screeching halt, and the company was eventually delisted by NASDAQ.

169

Chapter 6: Fraud Investigation and Audit

On July 21, 2002 WorldCom declared bankruptcy to the astonishment of absolutely no one. WorldCom’s Chapter 11 filing eclipsed that of Enron Corporation, from the year before, to become the largest bankruptcy filing ever in U.S. history. The company listed over $100 billion in assets with the number of creditors exceeding 1,000. Additionally, WorldCom’s debt was ballparked at $32.8 billion. In August, Scott Sullivan and Buford “Buddy” Yates, a former midlevel accounting executive who carried out Sullivan’s orders, were indicted by the federal grand jury in New York. Both were charged with one count of conspiring to commit securities fraud, one count of securities fraud, and five counts of making false filings with the SEC. By March 2003, five former WorldCom executives had been indicted or charged by Manhattan prosecutors in connection with the scandal. All pleaded guilty -- except for Sullivan. However, after 18 months and almost $14 million in attorney fees, Sullivan finally gave in on March 2, 2004 and pleaded guilty to all three counts of securities fraud charged against him. In exchange for his plea, Sullivan traded the possibility of 165 years in jail if proven guilty for a sentence that capped jail time to 25 years. At his plea hearing, the former CFO fessed up to investors by saying “I knew what I was doing was wrong ... I did this in a misguided effort to preserve the company.”14 Sullivan was later given a five year prison sentence, and he was forced to surrender his $11 million Florida mansion and his depleted WorldCom retirement account. Later that same day, another breakthrough in the WorldCom investigation came in the form of an indictment, this time for former CEO Bernard Ebbers, who had so far staved off charges that he knew what was going on with WorldCom’s creative accounting. Thanks to Sullivan’s newfound cooperation, authorities were finally able to secure charges against the former CFO’s boss. Ebbers’ indictment consisted of the same three charges levied against Sullivan: conspiracy to commit securities fraud, securities fraud, and making false statements to the SEC. Ebbers pleaded not guilty. Ebbers’ trial began in late January 2005. He was convicted on nine counts and received a 25 year prison sentence. The conviction was upheld by an appeals court, so Ebbers, age 64, will likely spend the rest of his life in prison. The outcome of his trial was important because it provides insight into how future CEOs, who claim they knew nothing of the wrongdoing within their corporations, will be dealt with by juries. In addition to federal charges, the state of Oklahoma filed criminal charges against WorldCom, Sullivan, Ebbers, and four other executives for violating state security laws in August 2003. Frustrated at federal investigators for taking so long to punish those most directly involved in the massive fraud, Oklahoma’s attorney general initiated the charges to bring some justice to shareholders in Oklahoma and elsewhere. The charges were dropped against the company seven months later in return for jobs in the state and help in prosecuting former executives. Dealing with the Aftermath This painful turn of events was just the tip of the iceberg for WorldCom. Further investigation of the company has forced WorldCom to gorge on humble pie and make several more financial 14

Berman, Dennis K. “Sullivan Gives In, Pleads Guilty,” The Wall Street Journal, March 3, 2004.

170

Chapter 6: Fraud Investigation and Audit

restatements. What was once $3.8 billion of financial misstatements soon became $7.2 billion and then $9 billion in November 2002. The SEC rewarded these corrections with even more fraud charges expanding the purported types of financial manipulations that occurred. One additional complaint alleged that WorldCom kept a secret “cookie jar” stash of reserves used to infuse the bottom line whenever the company needed to offset expenses. On March 12, 2004, WorldCom restated financial results for 2000 and 2001, reducing pretax income by $74.4 billion. Fraud was said to account for $10.8 billion of the adjustment. On November 26, 2002, WorldCom announced that it had reached a settlement with the SEC to resolve claims from the civil lawsuit regarding WorldCom’s former misguided accounting practices. The agreement was seen as a significant milestone in the firm’s restructuring strategy. Days later marked another change for WorldCom: Michael Capellas began his new assignment as WorldCom’s latest CEO. As former CEO of Compaq Computers, and then president of Hewlett-Packard Co. after Compaq and HP merged, Capellas came into office pledging to continue to restructure WorldCom and lead it out of bankruptcy without hawking off large portions of company assets. Later, on May 20, 2003, the company agreed to pay investors $500 million to settle fraud charges, taking another step toward emerging from bankruptcy. In March 2003, WorldCom revealed that it would write down $79.8 billion of its goodwill and other assets-- an action viewed as an acknowledgement that several areas of the firm’s telecommunications holdings were practically worthless. While WorldCom previously alluded to making the write-downs, many analysts were surprised by the size of the amounts. The company’s reductions were second only to AOL Time Warner’s markdowns of almost $100 billion in assets. Following through with the markdowns, however, is another significant step for WorldCom to recover from bankruptcy: the move allows the firm to shrink its depreciation and amortization expenses from about $480 million in December 2002, to $143 million. In January 2005, the company’s lead investment banker, Citigroup, paid $2.65 billion to settle claims by investors affected by the company’s demise, and 10 former WorldCom directors have agreed to personally provide $18 million to settle the same lawsuit. This disbursement is important because it sends the critical message to directors that they can also be held accountable if they don’t keep a close watch on the workings of their company. In April 2006, Citigroup agreed to pay $13.25 million to settle a lawsuit that alleged that Jack Grubman, a star telecommunications analyst at Citigroup, gave overly optimistic research about WorldCom in order to increase investment-banking business. As is to be expected, restructuring the company has come at a costly price, including thousands of layoffs. In February 2003, WorldCom employed just 60,000 workers, down 17,000 from the prior year, with 10,000 more employees receiving pink slips in subsequent months. Additionally, WorldCom made arrangements to consolidate facilities to reduce square footage by 26 percent and to engage in extensive cost-cutting endeavors. The road out of bankruptcy has been a steep, uphill climb. However, for being listed as one of the worst frauds ever in American business, WorldCom has recently done an impressive job of instituting best-in-class corporate governance practices and controls to rebuild faith in the company. Besides hiring Michael Capellas to head the company, WorldCom has also

171

Chapter 6: Fraud Investigation and Audit

completely replaced the board and executive officers. WorldCom made it a point to fill the open positions with individuals known for integrity, including independent board members Eric Holder, former U.S. Deputy Attorney General, and Dennis Beresford, former chairman of the Financial Accounting Standards Board. In April 2003, the company hired Robert Blakely, a well-respected former CFO of Tenneco, as its new CFO. WorldCom also conducted a thorough internal investigation to root out any company employees that had a high likelihood of being aware of what was going on with the company during its shadier days. Fifty individuals were asked to resign as a result. WorldCom has made striking progress in cleaning up its past. The company emerged form bankruptcy protection in 2004 and formally changed its name to MCI. MCI was acquired by Verizon in January 2006 for $8.6 billion. MCI passed on a bid by Quest Communications that was $1.3 billion higher than Verizon’s in exchange for a stronger position in the market as well as a stronger financial position. Looking to the future In the wake of the scandal, the firm, as well as investors, has learned the hard way that the outward appearance of a company’s growth and vitality are not nearly as important as its genuine health. After all, one can only pull the artificial wool over the public’s eyes for so long before it gets intolerably itchy. To WorldCom’s credit, straightforwardness and honesty have now replaced the numbers games of yesteryear. The Secrets of Adelphia John J. Rigas, founder and former chairman and CEO of Adelphia Communications, was arrested on Wednesday, July 24, 2002 in Manhattan, along with two sons and two former company executives. All were charged with looting the nation’s sixth-largest cable television company on a massive scale and using the company as their personal “piggy bank.” The muchpublicized arrests were part of President Bush’s move to “investigate … arrest and … prosecute corporate executives who break the law. Today was a day of action and of accomplishment,” Bush told reporters.15 For Rigas and family, who were each released on a $10 million personal recognizance bond, it was a day of rude awakening. The road to this unpleasant day for the Rigas family had started out innocently, as do most cases. Little did John Rigas know that the apparently safe road he traveled at the beginning would only lead to a dead end. In the Beginning John J. Rigas was born in 1924 to a Greek immigrant who ran a restaurant in eastern New York. Rigas had served in the Armored Infantry Division of the United States Army during World War II and later attended Rensselaer Polytechnical Institute. Rigas graduated in 1950 with a B.S. in Management Science.16

15 16

“Adelphia officials arrested, charged with massive fraud,” Wall Street Journal, July 25, 2002, A3. http://www.sabres.com/team/rigas.html.

172

Chapter 6: Fraud Investigation and Audit

Rigas was a character. He was 5 feet 5 inches tall. He had a “gap-toothed smile, a wandering left eye, and a ton of energy.” His father had wanted him to work at the restaurant when he returned home from college, but after a few months John realized he could do much better. He was loaned money from his dad and other Greek businessmen and bought a movie theater for $72,000 in Coudersport, Pennsylvania. Rigas made it all happen himself -- he sold tickets, made the popcorn, and at times would sleep on a cot in the theater when he was too tired to make it home.17 The New Kid in Town John Rigas did not impress anybody when he first arrived with his wife Doris in Coudersport in 1951. Back then, Coudersport did not seem like a place anybody would go to make a fortune. Coudersport had missed nearly every economic boom in rural Pennsylvania. There was no coal to mine, no oil beneath the surface. The hills around town had been logged bare years before. The joke was that Coudersport had not felt the Great Depression because it had not known prosperity. People were not sure what to think about a man like John Rigas. He was perceived as almost a threat by the residents of the rural town. He attempted to be involved with the community, but he could not even get elected to the local school board. However, Rigas seemed determined to win everybody over. He stayed until midnight talking to moviegoers after the lights went up. He stopped people on Main Street to talk about their kids. He began attending the Episcopal Church preferred by the town’s business leaders, even though he was raised in the Greek Orthodox faith.18 Rigid Rigas Rigas was just as determined about winning his fortune as he was about establishing a credible reputation amongst Coudersport residents. In 1952 he overdrew his bank account to buy the town cable franchise for $300 from a local hardware store owner who had erected an antenna on Dutch Hill. A doctor and a state senator agreed to put up $40,000, and John was in the cable business. He wired up Coudersport. Four years later, he and his brother Gus did the same in Wellsville. After wiring the town, John acquired more rural cable systems in New York and Pennsylvania. From these beginnings, the two brothers steadily acquired cable systems in communities throughout Western Pennsylvania and Western New York State. In 1972, they incorporated their holdings in Adelphia Communications Corporation. Gus sold his interest in Adelphia in 1983, which was about the same time John’s sons returned from college.19 John pushed himself even after successful expansion of his cable company, never being quite satisfied. He and Doris pushed their children just as hard. They raised Michael, Tim, and James to be model students. Michael and James were class valedictorians. One by one the Rigas children went off to elite colleges. But for all their winning qualities, there was something odd about the Rigas boys. Unlike their father, they were awkward socially. The boys clearly preferred being with their immediate family in Coudersport. Not long after getting their degrees, Michael and Tim moved back in with their parents. Neither married. James spent a year and a half in San Francisco after graduating from Stanford, working at Bain and Company, but then he too returned to Coudersport, where he married and moved into a place of his own in town. "John 17 18 19

Leonard, Devin. “Adelphia Story,” Fortune, August 12, 2002, p. 140. Ibid., p. 140. Ibid., p. 142.

173

Chapter 6: Fraud Investigation and Audit

just controlled everything with those boys," lamented a relative. "He wouldn't give them any rope."20 All three sons went to work for their father. John could not have been happier. He now had three highly qualified young men to help run his cable company. The Rise of Adelphia Adelphia was still a shoestring operation: John ran the company out of an office over a hardware store with three secretaries and a lineman. Once his sons joined the business, things started to change. In 1981, Adelphia moved into an old church. People wondered what John was going to do with all the extra space. In 1985, Adelphia went from 53,538 subscribers to 122,500 after it acquired a cable system in Ocean County, New Jersey. When Rigas took Adelphia public the next year, it had 370 full-time employees and deals on the table that would increase its subscribers to 253,767. By the mid-1990s Adelphia had moved into the old Coudersport High School building on Main Street, where his sons had gone to school. It was an odd place for what was now one of the nation's 10 largest cable companies, managing 1.2 million subscribers. But the Rigas systems were the envy of their peers. They were clustered together in six areas -western New York, Virginia, Pennsylvania, New England, Ohio, and coastal New Jersey -making it easier for Adelphia to control costs. That allowed Adelphia to enjoy 56-percent operating cash margins, the highest in the cable industry.21 Rigas and his sons came to be considered savvy businessmen. John was the resident wiseman, but he was also obsessed with details. He knew every inch of his cable systems; he looked at each résumé that came in. Michael was responsible for the daily operations of the cable systems. Tim was CFO. James supervised Adelphia's push into new technologies, including telephone service.22 Company of (excessive) Brotherly Love Yet as the cable industry grew up, the Rigas family operated as if they were a million miles away from prying investors. Says Tom Cady, a former Adelphia sales and marketing executive, "Decisions were made at the dinner table rather than in a boardroom or somebody's office." They were famous for not returning calls from analysts. In addition, they structured Adelphia so that there were no checks and balances at the top. Tim Rigas was CFO, and he was also the chairman of the board's audit committee, which oversaw the CFO's work. So how effective was the audit committee?23 To anybody who followed John Rigas' career, what happened with Adelphia's financing was predictable. Rigas and his sons were famous in the cable industry for taking massive risks and leveraging Adelphia to the hilt. Rigas once said to his secretary “Well Angie, I’m either going to become a millionaire or I’m going to go bankrupt.” Go figure. The small-town businessman who had boasted about his stomach for leverage now saddled Adelphia with outlandish amounts of debt. In 1996, Adelphia's debt was 11 times its market 20 21 22 23

Ibid., p. 144. Ibid., p. 144. Ibid., p. 144. Ibid., p. 144.

174

Chapter 6: Fraud Investigation and Audit

capitalization, an off-the-chart number. Adelphia began commingling revenues from its own cable operations, family-owned systems, and loan proceeds in an account referred to internally, according to documents filed recently with the SEC, as the "cash-management system." It would be an understatement to say that this was a significant amount of money. After Adelphia made a series of acquisitions in 1999, its annual revenues reached $3 billion. From time to time the Rigas family dipped into the account for “personal business,” such as the following: • $63 million was used to pay margin loans. • $4 million was used to buy Adelphia stock. • $700,000 was used to pay for Tim's membership in the Golf Club at Briar's Creek on John's Island, South Carolina. • $371,000 went to Dobaire Designs, owned by Doris Rigas, for design services. • $2 million went to Wending Creek Farms, owned by John Rigas. The fees were charged to Adelphia for snowplowing and lawn care. • $3 million was paid to SongCatcher Films to finance production of a movie being produced by Ellen Rigas, John’s daughter. • $12 million was paid to Eleni Interiors, a furniture store owned by John himself and managed by his wife Doris. • $13 million was paid to the golf club at Wending Creek Farm to develop a ritzy golf club. • $26 million was paid to Wending Creek 3656 for company timber rights that would eventually turn into a Rigas partnership. • $65 million was paid to Praxis Capital Ventures to fund a venture capital firm run by Rigas’ son-in-law. • $150 million went to the Niagara Frontier Hockey LP to purchase the Buffalo Sabres hockey team of the NHL. • $1 billion went to Highland 2000 to guarantee a loan to the Rigas family, with which they would buy stocks.24 • The TOTAL was $1,339,071,000. King of Coudersport The Rigas family did not particularly care if investors shied away from Adelphia's stock. They cared about Coudersport. As Adelphia prospered, John Rigas became the town's biggest benefactor. He was just a small-town guy who loved helping his neighbors. He sent busloads of children to Buffalo Sabres games (since Rigas was the owner of the hockey club). He used Adelphia's corporate jet to fly ailing people to faith healers and cancer treatment centers. He hired many locals and paid them well. Employees built suburban-style houses. The newspaper store started selling fancy coffee. A gym opened on Main Street. The Adelphia Christmas party became the "fancy-dress event in Coudersport, a chance to hobnob with the Rigases and socialize in suits over catered canapés," said Donald Gilliland, managing editor of the Potter LeaderEnterprise. John combed the local papers and sent checks to down-on-their-luck families. People seeking favors camped out in Rigas' favorite restaurants, waiting for the CEO to arrive for lunch. He rarely turned anybody down. In a celebratory video, Decker Anstrom, CEO of the Weather Channel, said, "If there's one person I'd like my son to grow up to be, it would be John Rigas."25

24 25

Ibid., p. 140. Ibid., p. 138.

175

Chapter 6: Fraud Investigation and Audit

Coudersport treated the Rigases like royalty, and they behaved accordingly. John now traveled in a Gulfstream jet, which Adelphia purchased from King Hussein of Jordan. Doris rarely ventured into town, sending servants to do her shopping. No expense seemed to be spared. Sometimes people in Coudersport even wondered whether all the spending was legitimate, but the thought would pass. It seemed as though everyone in town had benefited from John's largesse. "He's our Greek god," Shirlee Lette, a local newspaper columnist, told a visiting reporter.26 Dial “F” for Fraud Oren Cohen thought there was something about the family's spending that did not add up. Then a high-yield-bond analyst for Merrill Lynch (and now a principal at Trilogy Capital), Cohen had followed Adelphia for years. He noticed that the Rigases were buying their own stock aggressively, but he could not figure out how in the world they were paying for it. They did not appear to have the cash themselves. John Rigas made $1.4 million in 2000. Michael, Tim, and James each took home $237,000.27 The Rigases had no sources of income outside Adelphia. Each time Cohen tried to get an explanation, Adelphia rebuffed him. In February 2001, Cohen noticed that the Rigases had bought or were committed to buying $1.8 billion of Adelphia stock and convertible bonds. At the time of the purchases the stock had been trading at about $40 a share. Now it was at $20. If John and his sons were using borrowed money, the Rigases were in trouble. It was time to call Adelphia again. "It seems to me the Rigases are $900 million or $1 billion in the hole," Cohen said to the head of investor relations. "How is this stuff being funded?" He got the brush-off.28 On March 27, 2002, Cohen nearly shouted for joy when he spied a footnote on the last page of Adelphia's quarterly earnings press release. It said Adelphia was liable for $2.3 billion in offbalance-sheet loans to the Rigas family. Near the end of a conference call that day, Cohen pressed Tim Rigas for details. Tim muttered something about family stock purchases and said he would provide details later.29 That might have sufficed in the past, but it was just months after the disclosure of off-balancesheet debt at Enron had led to the largest corporate bankruptcy in history at that time. Adelphia's stock tumbled 35 percent in three days. The SEC began an investigation. In addition to overstating cash flow, Adelphia had inflated its subscriber data by between 400,000 and 500,000 members.30 The Music Has Stopped and John Has No Chair Things in Coudersport quickly unraveled. John issued a statement acknowledging that shareholders were “looking for greater clarity and transparency." The stock continued to plummet as Adelphia announced it would be restating earnings for 1999, 2000, and 2001. The company delayed filing its 2001 annual report in order to sort out its books. On May 15, John resigned as chairman and CEO. His sons followed suit shortly thereafter.31 26 27 28 29 30 31

Ibid., p. 148. Ibid., p. 146. Ibid., p. 148. Ibid., p. 148. Frank, Robert. “Adelphia inflated subscriber data,” Wall Street Journal, June7, 2002, A3. Leonard, Devin. “Adelphia Story,” Fortune, August 12, 2002, p. 148.

176

Chapter 6: Fraud Investigation and Audit

Rigas was succeeded by interim CEO Erland Kailbourne, a retired Fleet Bank executive and Adelphia "independent" director. Kailbourne was a consummate Rigas family insider, an old friend from Wellsville, and a lot of observers suspected that John might still pull the strings.32 Fortunately Kailbourne remedied the situation by replacing himself with a new CEO and COO from AT&T, although the action was not easily accomplished due to shareholders who objected to their high salaries. That is a story in and of itself, but the executives at Adelphia felt that the salaries were necessary because of the challenges of running a company that by that point faced roughly $20 billion in debt, several government inquiries, and huge investor lawsuits.33 The independent directors had signed off on the lending agreements, but thought the Rigases were buying more cable systems, not taking out what were essentially margin loans to buy Adelphia stock. John had made them look like fools. Kailbourne and the three other independent directors hired David Boies, the attorney who led the case against Microsoft, to look into Adelphia's books.34 Adelphia's stock was soon worth pennies. The company was delisted by NASDAQ because it did not file its 2001 annual report. That triggered the default of $1.4 billion in Adelphia convertible bonds. Bankruptcy was all but certain. The company desperately needed a loan to stay afloat, but Wall Street was not about to lend it any more money as long as the Rigases were around. The family still held 100 percent of the company's class B voting stock. Technically they were still in control of Adelphia.35 The problem was that John Rigas did not think he had done anything wrong. The day after he resigned as chairman and CEO, he startled the independent directors by showing up at a directors' meeting. Surely, he told them, this mess could be sorted out and things would get back to normal. No, John, said his old friends, you and the boys have to go. Lawyers from Boies' firm tried to negotiate a severance package with John but could not reach an agreement. Finally the independent directors gave the Rigas family an ultimatum: The family could turn over their voting shares to the directors, or they would resign and go public with everything they had uncovered. After an all-night negotiating session on May 22, 2002 in Coudersport, the Rigases finally relinquished control at 5 a.m. Adelphia received a $1.5 billion bank loan. Since then, Adelphia has filed for Chapter 11 bankruptcy.36 Bizarre Beneficiaries of the Bankrupt Boys The travails of Adelphia Communications may have some unlikely beneficiaries. Although now known for operating under Chapter 11 bankruptcy and for the arrests of Rigas and sons, Adelphia was formerly known in its industry for something else: a strict adherence to traditional family values.37 Alone among major cable operators, Adelphia has shunned pornography and other sexually explicit programming. When it acquired cable systems, it routinely dumped such adult programming as the Playboy and Spice channels. Although other cable and satellite companies would make almost $1 billion from such programming in one year, Rigas still refused to carry it, even against outcries of proponents of the First Amendment and fans of adult 32 33 34 35 36 37

Ibid., p. 148. Wei, Lingling. “Adelphia pay packages win approval in Bankruptcy Court,” Wall Street Journal, March 4, 2003. Leonard, Devin. “Adelphia Story,” Fortune, August 12, 2002, p. 148. Ibid., p. 148. Ibid., p. 148. Beatty, Sally. “Once Taboo on Adelphia outlets, adult programs stage comeback,” Wall Street Journal, July 25, 2002.

177

Chapter 6: Fraud Investigation and Audit

entertainment. Rigas’ response was simply that “in the last five years, as cable has embraced more adult programming, we’ve never spent time thinking about reversing our decision.” While the adult-programming industry will benefit from Adelphia’s fall, other competing cable companies will be hurting, in addition to companies that provide shows to Adelphia and technology vendors that supply Adelphia with services and gear. Rival cable operators have found themselves under much pressure with so many investors wary of debt and similar Adelphia-like “shenanigans.”38 The Aftermath The ripple effects of this fraud case, like Enron, will be felt for some time. The Adelphia stock can be found listed now in “Pink Sheets” (a daily publication that lists the “bid” and “asked” prices of many over-the-counter stocks), where it sold as low as two cents.39 Erland Kailbourne, the ex-interim CEO, believes that Adelphia will not have to sell out completely, although many of its 1,200 Coudersport employees will be laid off. 40 His prognosticating abilities have come true in many ways, as the headquarters has since moved from Coudersport to Denver,41 and with the induction of new executives at Adelphia things are beginning to look up. One noteworthy event is the rise in the market that occurred the day of John Rigas’ arrest, implying the widespread approval of the government’s somewhat-tardy action against corporate/white-collar crime. John Rigas -- charged with fraud, arrested, suspected of tax violations, and facing a $1 billion lawsuit filed by Adelphia -- still believes that he did nothing wrong. The courts of justice, on the other hand, disagreed with Rigas; in fact, he, his sons, and Adelphia’s former director of internal reporting, Michael Mulcahey, were indicted in September 2002 on charges they looted the company out of hundreds of millions of dollars. In addition, the family has been sued by Adelphia for concealing evidence of fraud and creating fictitious documents and accounting books to mislead auditors.42 On February 23, 2004, the trial officially began for John Rigas, his sons Timothy and Michael, and Mulcahey, in Federal District Court in downtown Manhattan. All four were previously charged with conspiracy, securities fraud, wire fraud, and bank fraud. Bank fraud alone, the most severe count the four faces, carries a maximum sentence of 30 years. The Rigas family and Mulcahey, however, have pleaded not guilty, in spite of the guilty plea of two former executives who agreed to cooperate with government officials.43 These executives, James Brown, the former vice president of finance, and Timothy Werth, the former accounting director, will no doubt be called to the stand to testify that boss Timothy Rigas and kin had knowledge that what they were doing was wrong. The Rigas trial concluded in July 2004. The jury convicted John and Timothy Rigas of a single count of conspiracy, two counts of bank fraud, and fifteen counts of securities fraud. The jury found them not guilty of five counts of wire fraud. John Rigas was sentenced to 15 years in jail, 38 39 40 41 42 43

“Adelphia’s Fall Will Bruise a Crowd,” Business Week, July 8, 2002, p. 44. http://www.pinksheets.com/quote/quote.jsp?symbol=adelq. Lieberman, David. “CEO lays plans for Adelphia’s future.” USA Today, June 27, 2002 C1. http://online.wsj.com/article/0,,SB1043791845385455784,00.html Frank, Robert. “Adelphia Files fraud suit against Ex-Auditor Deloitte.” Wall Street Journal, November 7, 2002, A2/A10. “Former Adelphia executive pleads guilty in Fraud Case.” Wall Street Journal, January 10, 2003.

178

Chapter 6: Fraud Investigation and Audit

and Timothy was sentenced to 20 years. Both have appealed. Mulcahey Rigas was found not guilty on all 23 counts against him. In November 2005, Michael Rigas pleaded guilty to making false entries to Adelphia’s records. He faces up to three years in prison. Adelphia, now under the direction of chairman and CEO William Schleyer, continues to stay afloat with over 5.3 million cable subscribers in over 30 states. Even in bankruptcy, the company is valued at $17 billion. The company was placed on the auction block in late 2004. By the bid deadline in January 2005, it had attracted some major bidders, including a $17.6 billion bid by Time Warner Inc. and Comcast Corp., as well as several large private-equity corporations. Adelphia has subsequently accepted the Time Warner and Comcast bid, and the deal should take about a year to close. In August 2006, Time Warner and Comcast completed the acquisition of Adelphia. Time Warner’s cable unit took 3.3 million of Adelphias’s subscribers, and Comcast took 1.7 million Adelphia subscribers in exchange for $12.5 billion in cash and Time Warner Cable common stock. Through it all, Rigas still receives cards from Coudersport residents who remain faithful, and says that “most of the cards end with a message that is most meaningful and that is that ‘you are in our prayers.’ It does bring a tear to my eye.”44 Perhaps he has even shed a tear or two for the thousands of Adelphia shareholders who have shed some tears of their own.

44

Leonard, Devin. “Adelphia Story.” Fortune, August 12, 2002, p. 148.

179

Chapter 6: Fraud Investigation and Audit

Famous Frauds The following table shows the sentence and forfeitures of some of the more famous fraud perpetrators of the last decade or two.

180

Chapter 6: Fraud Investigation and Audit

181

Chapter 6 Review Questions

Chapter 6 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

Which of the following phases in the four-step investigation strategy involves determining if there is sufficient cause, or predication, to investigate the fraud symptoms? A. B. C. D.

2.

With regard to the four-step investigation strategy, determining if, in fact, a fraud actually occurred is the objective of the: A. B. C. D.

3.

Problem recognition and definition phase. Evidence collection phase. Evidence evaluation phase. Report findings phase.

With regard to the four-step investigation strategy, what is often the only evidence available to support the fraud investigation is the result of the: A. B. C. D.

5.

Problem recognition and definition phase. Evidence collection phase. Evidence evaluation phase. Report findings phase.

Which of the following phases in the four-step investigation strategy involves determining if the evidence collected is sufficient to effectively evaluate and report the fraud? A. B. C. D.

4.

Problem recognition and definition phase. Evidence collection phase. Evidence evaluation phase. Report findings phase.

Problem recognition and definition phase. Evidence collection phase. Evidence evaluation phase. Report findings phase.

True or false: A fraud report should contain a conclusion or opinion as to whether a fraud actually took place. A. B.

True. False. 182

Chapter 6 Review Questions

6.

The largest and most frequently gathered type of evidence is: A. B. C. D.

7.

Which of the following means of obtaining possession of documentary evidence is issued by a judge when there is probable cause to believe the records are being used or have been used in committing of a crime? A. B. C. D.

8.

B. C. D.

Is used when the illicit income is spent on expensive living, travel, entertainment, and buying assets such as cars and boats. Uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to purchase assets. Is used when the illicit income is spent on expensive living, travel, and entertainment, rather than to buy assets such as cars and boats. Uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to spend on expensive living, travel, entertainment.

True or false: The net-worth method produces a conservative calculation of the amount of money the perpetrator has taken and, as a result, is readily accepted as documentary evidence in a court of law. A. B.

11.

If a handwritten document or signature is genuine. If a document was printed by a particular machine. If a document has been doctored or altered. If a document is written on paper that is the same texture, thickness, color, and opacity as the other pages.

With regard to a net-worth calculation, the asset method: A.

10.

Consent. Court order. Subpoena. Search warrant.

By performing an alteration analysis, document examiners can determine: A. B. C. D.

9.

Documentary evidence. People evidence. Personal observation. Physical evidence.

True. False.

Which of the following must a hotline possess in order to be successful?

183

Chapter 6 Review Questions

A. B. C. D. 12.

Which of the following interviewee types are usually the most helpful and objective of all the interviewees? A. B. C. D.

13.

True. False.

The secret and continuous observations of people, places, and things to obtain information about the identity and activity of individuals suspected of fraud are known as: A. B. C. D.

16.

Denial. Anger. Rationalization. Depression.

True or false: The difference between an interview and an interrogation is that an interrogation is conducted to obtain information about the fraud, while an interview is conducted to obtain a confession or information that can impeach the suspect. A. B.

15.

Cooperative interviewees. Neutral interviewees. Guilty interviewees. Hostile interviewees.

Which of the following stages of those affected by fraud includes people insisting that there is some mistake, acting stunned or dazed, or being unable to comprehend what took place? A. B. C. D.

14.

A lack of anonymity, to open up lines of communication and allay fears of reprisal. Experienced phone operators to minimize the amount of information given by the tipster and to screen out calls with merit. It should prompt investigations to show employees that the tips are taken seriously by management. Delay investigations to let things “cool down” and allay fears of reprisal.

Surveillance. Undercover operations. Searches. Invigilation.

The observation evidence technique that is a process of observing and controlling company activities so closely for a period of time that fraud is virtually impossible is known as: A.

Surveillance.

184

Chapter 6 Review Questions

B. C. D. 17.

True or false: Physical evidence is the most-used type of evidence in a fraud investigation. A. B.

18.

One Non-CPA member and four CPA members. Four Non-CPA members and one CPA member. Two Non-CPA members and three CPA members. Three Non-CPA members and two CPA members.

Near the end 1999, WorldCom’s situation was made especially precarious because: A. B. C. D.

20.

True. False.

The SEC appoints the five full time members of the PCAOB which consists of: A. B. C. D.

19.

Undercover operations. Searches. Invigilation.

It carried enormous debt and the stock market, long distance rates, and subsequent sales all began to fall. Energy prices were beginning to tumble and a world recession was on the horizon. It overextended itself with a plan to construct a high-speed broadband telecommunications network. Its directors signed off on lending agreements that were essentially margin loans to buy company stock.

True or false: The Adelphia fraud engineer, John Rigas, still receives cards from Coudersport residents who remain faithful, and says that “most of the cards end with a message that is most meaningful and that is that ‘you are in our prayers.’ A. B.

True. False.

185

Chapter 6: Review Question Answers and Rationales

Chapter 6 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

Which of the following phases in the four-step investigation strategy involves determining if there is sufficient cause, or predication, to investigate the fraud symptoms? A.

B.

C.

D.

2.

With regard to the four-step investigation strategy, determining if, in fact, a fraud actually occurred is the objective of the: A.

B. C.

D.

3.

Problem recognition and definition phase. This answer is correct because the objective of the problem recognition and definition phase is determining if there is sufficient cause, or predication, to investigate the fraud symptoms. Evidence collection phase. This answer is incorrect because the objective of the evidence collection phase is determining if fraud actually occurred, not determining if there is sufficient cause, or predication, to investigate the fraud symptoms. Evidence evaluation phase. This answer is incorrect because the objective of the evidence collection phase is determining if the evidence collected is sufficient to effectively evaluate and report the fraud. Report findings phase. This answer is incorrect because the objective of the evidence collection phase is to write up the fraud report,.

Problem recognition and definition phase. This answer is incorrect because the objective of the problem recognition and definition phase is determining if there is sufficient cause, or predication, to investigate the fraud symptoms, not determining if a fraud actually occurred. Evidence collection phase. This answer is correct because the objective of the evidence collection phase is determining if a fraud actually occurred. Evidence evaluation phase. This answer is incorrect because the objective of the evidence collection phase is determining if the evidence collected is sufficient to effectively evaluate and report the fraud. Report findings phase. This answer is incorrect because the objective of the evidence collection phase is to write up the fraud report.

Which of the following phases in the four-step investigation strategy involves determining if the evidence collected is sufficient to effectively evaluate and report the fraud? A.

B.

Problem recognition and definition phase. This answer is incorrect because the objective of the problem recognition and definition phase is determining if the evidence collected is sufficient to effectively evaluate and report the fraud. Evidence collection phase. This answer is incorrect because the objective of the evidence collection phase is determining if a fraud actually occurred.

186

Chapter 6: Review Question Answers and Rationales

C.

D.

4.

With regard to the four-step investigation strategy, what is often the only evidence available to support the fraud investigation is the result of the: A.

B. C.

D.

5.

Problem recognition and definition phase. This answer is incorrect because the objective of the problem recognition and definition phase is determining if there is sufficient cause, or predication, to investigate the fraud symptoms. Evidence collection phase. This answer is incorrect because the objective of the evidence collection phase is determining if fraud actually occurred. Evidence evaluation phase. This answer is incorrect because the objective of the evidence collection phase is determining if the evidence collected is sufficient to effectively evaluate and report the fraud. Report findings phase. This answer is correct because the objective of the evidence collection phase is writing up the fraud report, which is often the only evidence available to support the fraud investigation.

True or false: A fraud report should contain a conclusion or opinion as to whether a fraud actually took place. A. B.

6.

Evidence evaluation phase. This answer is correct because the objective of the evidence evaluation phase is determining if the evidence collected is sufficient to effectively evaluate and report the fraud. Report findings phase. This answer is incorrect because the objective of the evidence collection phase is writing up the fraud report, not determining if the evidence collected is sufficient to effectively evaluate and report the fraud.

True. This answer is incorrect because a fraud report should not contain a conclusion or opinion as to whether a fraud actually took place. False. This answer is correct because a fraud report should not contain a conclusion or opinion as it can be used as evidence in court, and opinions could show prejudice.

The largest and most frequently gathered type of evidence is: A. B.

C.

D.

Documentary evidence. This answer is correct because the largest and most frequently gathered type of evidence is documentary evidence. People evidence. This answer is incorrect because, although the people who interact with the fraud perpetrator on a day to day basis may know what the perpetrator is doing, these people may be difficult to find. Personal observation. This answer is incorrect because, although personal observation may provide evidence not available through any other means, the high cost and relative danger related to it makes documentary evidence easier to collect. Physical evidence. This answer is incorrect because physical evidence is the least used evidence type due to its relative absence in a fraud case.

187

Chapter 6: Review Question Answers and Rationales

7.

Which of the following means of obtaining possession of documentary evidence is issued by a judge when there is probable cause to believe the records are being used or have been used in committing of a crime? A.

B. C.

D.

8.

By performing an alteration analysis, document examiners can determine: A.

B.

C. D.

9.

Consent. This answer is incorrect because voluntary consent would typically be given by companies and people being investigated that have nothing to hide and willingly provide fraud investigators with the evidence they need. Court order. This answer is incorrect because a court order requires a third party to hand over documentary evidence known to be in its possession. Subpoena. This answer is incorrect because a subpoena is a court order that requires a third party to hand over documentary evidence known to be in its possession. Search warrant. This answer is correct because a judge will issue a search warrant when there is probable cause to believe the records are being used or have been used in committing of a crime.

If a handwritten document or signature is genuine. This answer is incorrect because a handwriting analysis, not an alteration analysis, can determine if a handwritten document or signature is genuine. If a document was printed by a particular machine. This answer is incorrect because a printer analysis, not an alteration analysis, can determine if a document was printed by a particular machine. If a document has been doctored or altered. This answer is correct because an alteration analysis can determine if a document has been doctored or altered. If a document is written on paper that is the same texture, thickness, color, and opacity as the other pages. This answer is incorrect because a paper analysis, not an alteration analysis, can determine if a document is written on paper that is the same texture, thickness, color, and opacity as the other pages.

With regard to a net-worth calculation, the asset method: A.

B.

C.

Is used when the illicit income is spent on expensive living, travel, entertainment, and buying assets such as cars and boats. This answer is incorrect because the expenditure method is used when the illicit income is spent on expensive living, travel, entertainment, rather than buying assets such as cars and boats. Uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to purchase assets. This answer is correct because the asset method uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to purchase assets. Is used when the illicit income is spent on expensive living, travel, and entertainment, rather than to buy assets such as cars and boats. This answer is incorrect because the expenditure method is used when the illicit income is spent on expensive living, travel, entertainment, rather than buying assets such as cars and boats.

188

Chapter 6: Review Question Answers and Rationales

D.

10.

True or false: The net-worth method produces a conservative calculation of the amount of money the perpetrator has taken and, as a result, is readily accepted as documentary evidence in a court of law. A.

B.

11.

True. This answer is correct because it is true that the net-worth method produces a conservative calculation of the amount of money the perpetrator has taken and, as a result, is readily accepted as documentary evidence in a court of law. False. This answer is incorrect because it is true that the net-worth method produces a conservative calculation of the money the perpetrator has taken and is also very useful for obtaining confessions.

Which of the following must a hotline possess in order to be successful? A.

B.

C.

D.

12.

Uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to spend on expensive living, travel, entertainment. This answer is incorrect because the expenditure method is used when the illicit income is spent on expensive living, travel, entertainment, rather than buying assets such as cars and boats.

A lack of anonymity, to open up lines of communication and allay fears of reprisal. This answer is incorrect because a hotline must possess anonymity to be successful. Experienced phone operators to minimize the amount of information given by the tipster and to screen out calls with merit. This answer is incorrect because a hotline must possess experienced phone operators to maximize the amount of information given by the tipster and to screen out calls without merit to be successful. It should prompt investigations to show employees that the tips are taken seriously by management. This answer is correct because a hotline should prompt investigations to show employees that the tips are taken seriously by management. Delay investigations to let things “cool down” and allay fears of reprisal. This answer is incorrect because a hotline must not delay investigations in order to be successful.

Which of the following interviewee types are usually the most helpful and objective of all the interviewees? A. B.

C.

Cooperative interviewees. This answer is incorrect because cooperative interviewees are overly helpful and their motivations are suspect. Neutral interviewees. This answer is correct because neutral interviewees have nothing to gain or lose from the interview and are usually the most helpful and objective of all the interviewees. Guilty interviewees. This answer is incorrect because guilty interviewees are not one of the three distinct types of interviewees listed in the text.

189

Chapter 6: Review Question Answers and Rationales

D.

13.

Which of the following stages of those affected by fraud includes people insisting that there is some mistake, acting stunned or dazed, or being unable to comprehend what took place? A.

B. C. D.

14.

Denial. This answer is correct because in the denial stage people refuse to accept that the fraud occurred, insisting that there is some mistake, acting stunned or dazed, or being unable to comprehend what took place. Anger. This answer is incorrect because in the anger stage people may strike out at those around them and to say and do things they later regret. Rationalization. This answer is incorrect because in the rationalization stage people try to explain away or minimize the fraud. Depression. This answer is incorrect because in the depression stage people may become withdrawn and lose interest, or become uncooperative.

True or false: The difference between an interview and an interrogation is that an interrogation is conducted to obtain information about the fraud, while an interview is conducted to obtain a confession or information that can impeach the suspect. A.

B.

15.

Hostile interviewees. This answer is incorrect because hostile interviewees are often associated in some way with the suspect or the crime and are the most difficult to interview.

True. This answer is incorrect because an interview is conducted to obtain information about the fraud, not to obtain a confession of information that can impeach a subject. False. This answer is correct because the difference between an interview and an interrogation is that an interview is conducted to obtain information about the fraud, while an interrogation is conducted to obtain a confession or information that can impeach the suspect.

The secret and continuous observations of people, places, and things to obtain information about the identity and activity of individuals suspected of fraud are known as: A.

B.

C.

Surveillance. This answer is correct because surveillance is the secret and continuous observations of people, places, and things to obtain information about the identity and activity of individuals suspected of fraud. Undercover operations. This answer is incorrect because in an undercover operation, a person assumes a new identity in order to gather information about a fraud. Searches. This answer is incorrect because searches involve searching a suspect's desk, locker, or other work area that can produce valuable evidence, not the secret and continuous observations of people, places, and things to obtain information about the identity and activity of individuals suspected of fraud.

190

Chapter 6: Review Question Answers and Rationales

D.

16.

The observation evidence technique that is a process of observing and controlling company activities so closely for a period of time that fraud is virtually impossible is known as: A.

B.

C. D.

17.

B.

True. This answer is incorrect because physical evidence is the least used type of evidence in a fraud investigation. False. This answer is correct because document evidence is the largest and most frequently gathered type of evidence.

The SEC appoints the five full time members of the PCAOB which consists of: A.

B.

C.

D.

19.

Surveillance. This answer is incorrect because surveillance is the secret and continuous observations of people, places, and things to obtain information about the identity and activity of individuals suspected of fraud. Undercover operations. This answer is incorrect because in an undercover operation, a person assumes a new identity in order to gather information about a fraud. Searches. This answer is incorrect because searches involve searching a suspect's desk, locker, or other work area that can produce valuable evidence. Invigilation. This answer is correct because invigilation is a process of observing and controlling company activities so closely for a period of time that fraud is virtually impossible.

True or false: Physical evidence is the most-used type of evidence in a fraud investigation. A.

18.

Invigilation. This answer is incorrect because invigilation is a process of observing and controlling company activities so closely for a period of time that fraud is virtually impossible.

One Non-CPA member and four CPA members. This answer is incorrect because the Non-CPA members outnumber the CPA members. There must be three NonCPA members and two CPA members. Four Non-CPA members and one CPA member. This answer is incorrect because there is actually more than just one CPA member. There must be three Non-CPA members and two CPA members. Two Non-CPA members and three CPA members. This answer is incorrect because the required Non-CPA members and the required CPA members have been reversed. There must be three Non-CPA members and two CPA members. Three Non-CPA members and two CPA members. This answer is correct because the PCAOB members must consist of three Non-CPA members and two CPA members.

Near the end 1999, WorldCom’s situation was made especially precarious because:

191

Chapter 6: Review Question Answers and Rationales

A.

B.

C.

D.

20.

It carried enormous debt and the stock market, long distance rates, and subsequent sales all began to fall. This answer is correct because WorldCom’s enormous debt, the stock market began to fall, as well as long distance rates and subsequent sales made its situation especially precarious. Energy prices were beginning to tumble and a world recession was on the horizon. This answer is incorrect because energy prices beginning to tumble and a world recession on the horizon made Enron’s situation precarious. It overextended itself with a plan to construct a high-speed broadband telecommunications network. This answer is incorrect because overextending itself with a plan to construct a high-speed broadband telecommunications network made Enron’s, not WorldCom’s, situation precarious. Its directors signed off on lending agreements that were essentially margin loans to buy company stock. This answer is incorrect because directors signing off on lending agreements that were essentially margin loans to buy company stock made Adelphia’s situation precarious.

True or false: The Adelphia fraud engineer, John Rigas, still receives cards from Coudersport residents who remain faithful, and says that “most of the cards end with a message that is most meaningful and that is that ‘you are in our prayers.’ A.

B.

True. This answer is correct because, even though John Rigas defrauded investors out of millions of dollars, he still receives cards from Coudersport residents who remain faithful. False. This answer is incorrect because it is true that, even though John Rigas defrauded investors out of millions of dollars, he still receives cards from Coudersport residents who remain faithful.

192

Chapter 7: Review of Statement on Auditing Standards No. 99

Chapter 7 – Review of Statement on Auditing Standards No. 99 Learning Objectives After completing this section of the course, you should be able to: 1. Describe the requirements of Statement on Auditing Standards No. 99 and identify situations where these requirements would apply in the field. According to Statement on Auditing Standards (SAS) No. 47, determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk. SAS No. 47 also indicates that part of audit risk is the risk that the financial statements are materially misstated due to fraud. Accordingly, fraud risk must be considered when making inherent- and control-risk assessments and when designing auditing procedures. SAS No. 82, Consideration of Fraud in a Financial Statement Audit, was issued in 1997 by the Auditing Standards Board (ASB). Its purpose was to provide operational guidance to auditors on how to better consider material fraud while conducting a financial-statement audit. Subsequently, several panels and committees were organized and several studies of fraud were conducted to determine how to improve audit procedures and guidance with respect to fraud. In response to their findings, a Fraud Task Force was formed to revise SAS No. 82. The result is SAS No. 99, also titled Consideration of Fraud in a Financial Statement Audit. The ASB believes the requirements and guidance in SAS No. 99 will substantially improve audit performance and increase the likelihood that auditors will detect material fraudulent financial statements. Much of the improved performance will come from an increased focus on professional skepticism as well as the requirement to ask management and other employees about the existence of fraud in the company. Unfortunately, it is not possible for an auditor to be absolutely sure that the financial statements are free of material fraud. According to SAS No. 99, a “material misstatement may not be detected because of the nature of audit evidence or because the characteristics of fraud may cause the auditor to rely unknowingly on audit evidence that appears to be valid, but is, in fact, false and fraudulent. Characteristics of fraud include concealment through (a) collusion by both internal and third parties; (b) withheld, misrepresented, or falsified documentation; and (c) the ability of management to override or instruct others to override what otherwise appear to be effective controls.” Although auditors have a responsibility to detect material fraud, management has the responsibility of designing and implementing controls and programs to prevent and detect fraud. However, members of management are not the only ones who are responsible for overseeing the financial-reporting process. For example, the board of directors and the audit committee help establish appropriate controls to prevent and detect fraud. They also have a responsibility to help set a proper organizational tone and create and maintain an organizational culture of honesty, integrity, and high ethical standards. SAS No. 99 supersedes SAS No. 82, Consideration of Fraud in a Financial Statement Audit and AU sec. 316. It amends SAS No. 1, Codification of Auditing Standards and Procedures, vol. 1,

193

Chapter 7: Review of Statement on Auditing Standards No. 99

AU sec. 230, “Due Professional Care in the Performance of Work.” Brief Overview of SAS No. 99 SAS No. 99 has the following main components: • Description and characteristics of fraud (SAS No. 99, paragraphs 5-12); •

Discussion among engagement personnel regarding the risks of material misstatement due to fraud (SAS No. 99, paragraphs 13-16);



Obtaining the information needed to identify the risks of material misstatement due to fraud (SAS No. 99, paragraphs 17-31);



Identifying risks that may result in a material misstatement due to fraud (SAS No. 99, paragraphs 32-38);



Assessing the identified risks after taking into account an evaluation of the entity’s programs and controls that address the risks (SAS No. 99, paragraphs 39-42);



Responding to the results of the assessment (SAS No. 99, paragraphs 43-66);



Evaluating audit test results (SAS No. 99, paragraphs 67-77);



Communicating about possible fraud to management, the audit committee, and others (SAS No. 99, paragraphs 78-81);



Documenting the auditor's consideration of fraud (SAS No. 99, paragraph 82);



Appendix A: Examples of fraud risk factors; and



Appendix B: Proposed amendment to Statement on Auditing Standards No. 1, Codification of Auditing Standards and Procedures.

The first item in the above list, description and characteristics of fraud, was discussed earlier in the course. Each of the remaining items are now discussed. Discussion Regarding the Risks of Material Misstatement Due to Fraud While planning the audit, team members should discuss among themselves the potential for material misstatement due to fraud as well as how and where the company’s financial statements might be susceptible to material fraud. This will help team members remember how important it is to adopt an appropriate mindset of professional skepticism, especially with respect to the potential for material misstatement due to fraud. SAS No. 99 does not require any specific means of communication, only that the medium used should permit an interactive exchange of ideas. It does state that an oral discussion is preferred (as opposed to a memorandum or email discussion), probably because it best promotes and facilitates the desired free interchange of ideas among team members. Guidance is also provided as to the extent of the discussion, how it should occur, and who should be included. Clearly, professional judgment should be used in making these determinations and the following items should be considered: • The number of locations -- Because each location can be different, key audit-team

194

Chapter 7: Review of Statement on Auditing Standards No. 99

members should be involved in discussions at each significant location. SAS No. 99 states that auditors need to consider the guidance provided in SAS No. 47 (AU sec. 312.18) as they select locations. •

Whether or not to include specialists assigned to the audit team -- For example, when information technology plays an import role in an organization, it is often useful to include an IT specialist in the discussions.

SAS No. 99 also provides guidance as to what items the audit team should discuss. • Experienced audit-team members, especially the auditor with final responsibility for the audit, should share his or her insights and knowledge about the organization being audited and the industry in which it operates. •

Audit-team members should discuss the possibility and likelihood of management overriding the organization’s internal controls. Audit-team members should approach the discussion with a questioning mind and set aside any prior beliefs regarding management honesty and integrity.



Another issue that should be discussed is how the organization’s financial statements might be susceptible to material-misstatement fraud and where fraud is most likely to occur. This discussion should include all known external and internal factors affecting the organization that might create pressures (incentives, motives, etc.) for management or other employees to commit fraud, allow an opportunity to commit and conceal a fraud, and indicate a corporate culture or environment that enables management to rationalize fraud.



It is important to maintain the proper state of mind (an attitude of professional skepticism) throughout the entire audit engagement. o Auditors must have a questioning mind that recognizes that there may be material misstatements in the financial statements due to fraud. o They must also constantly be on the alert for any information that indicates a potential material misstatement. o Auditors should set aside any belief they have about management’s honesty and integrity. They should not be satisfied with evidence that is not persuasive just because they believe management is honest. o It is important to critically assess audit evidence regarding the potential for material misstatement due to fraud.

Obtaining the Information Needed to Identify Fraud To assess the risks of material misstatement due to fraud, SAS No. 99 requires auditors to gather more information than simply considering the risk factors, as was required in SAS No. 82. To obtain the information they need to identify the risks of material fraud, the audit team should

195

Chapter 7: Review of Statement on Auditing Standards No. 99

perform the procedures outlined below. Make Inquiries of Management and Others within the Entity About Fraud SAS No. 99 states “The auditor’s inquiries of management and others within the entity are important because fraud often is uncovered through information received in response to inquiries. One reason for this is that such inquiries may provide individuals with an opportunity to convey information to the auditor that otherwise might not be communicated.” However, in some cases responses to inquiries will be inconsistent. In other instances, the information an auditor is given while making inquiries will need to be substantiated. The auditor must exercise professional judgment in deciding what additional evidence must be gathered to resolve these concerns. Auditors should address their inquiries with several groups within an organization. • Management -- SAS No. 99 states that management should be interviewed to determine their views with respect to the organization’s fraud risks, and how those risks are addressed. The expanded inquiries of management should cover the following: o Whether management knows of any fraud that has taken place or is currently being perpetrated. o Whether management knows of any past or current allegations of fraudulent financial reporting. These fraud allegation tips often come from current or former employees, analysts, short sellers, or other investors. o The fraud risks the organization faces and management’s understanding of those risks. Of particular importance are specific fraud risks the organization has identified, or account balances or classes of transactions where the risk of fraud is more likely to exist. o The controls and programs management has put in place to reduce, deter, prevent, or detect fraud risks, and the procedures management uses to monitor them. o How, and to what extent, management monitors multiple locations and business segments. o Whether any of the operating locations or business segments has a higher risk than normal. o When and how management communicates its views on business practices and ethical behavior to its employees. o The nature and extent of management reports to the audit committee (or the board of directors, the board of trustees, or the company’s owner) with respect to the following: ¾ All five interrelated components of internal control: the control environment, control activities, risk-assessment processes, information and communication systems, and monitoring

196

Chapter 7: Review of Statement on Auditing Standards No. 99

activities; and ¾ How well management believes their internal controls prevent, deter, and detect material fraud. •

Audit committee -- Managers are not the only ones who should take an active oversight role with respect to the organization’s fraud-risk assessment and the controls and programs established to deter, prevent, or detect fraud risks. SAS No. 99 states that inquiries of the audit committee should cover the following: o How the audit committee oversees the organization’s fraud-risk assessment; o The controls, programs, and procedures the organization uses to eliminate or reduce fraud risks; o How the audit committee views the risks of fraud; and o Whether any of the audit-committee members know of any suspected or actual fraud.



Internal-audit personnel -- The auditor also should make inquiries of appropriate internal-audit personnel. The inquiries should cover the following: o How the internal-audit function views the risks of fraud; o The procedures they performed during the year to test for fraud; o How management responds to their fraud findings, and whether their response has been satisfactory; and o Whether any of the internal auditors know of any suspected or actual fraud.



Others in the organization -- Management, the audit committee, and internal audit are not necessarily the only ones that should be asked about fraud, as others in the organization can often provide auditors with valuable perspectives. The information they provide can support management responses, help uncover management override of controls, and indicate how effectively management communicates standards of ethical behavior.

The auditors must use his or her professional judgment to decide who else in the organization should be asked about fraud and the extent of those inquiries. The key consideration in making this decision is whether a person can provide information that will help the auditor identify fraud risks. Auditors are most likely to make inquiries of the following: • Anyone the auditor interacts with during the normal course of the audit, such as while obtaining an understanding of the organization’s internal-control system, observing inventory, performing cutoff tests, or investigating fluctuations uncovered during analytical procedures;

197

Chapter 7: Review of Statement on Auditing Standards No. 99



Operating personnel who are not part of the financial-reporting process;



Employees in positions of leadership or authority;



Employees who initiate, record, or process unusual or complex transactions;



Individuals who might know if there is any inappropriate or unauthorized activity with respect to processing journal entries and other adjustments; and



In-house legal counsel.

Consider the Results of the Analytical Procedures Performed While Planning the Audit Auditors perform analytical procedures as they plan audits in order identify items that need to be investigated, such as transactions, events, amounts, ratios, or trends that, based on the auditor’s understanding of the entity and its environment, do not agree with what the auditor expects to find. These analytical procedures, typically performed on high-level, aggregated data, can be a valuable tool in identifying where auditors should look to assess fraud risks. All unusual items should be investigated to determine if they are indicative of fraud. The most frequent type of financial-statement fraud involves improper revenue recognition. Accordingly, SAS No. 99 indicates that it is especially important to perform revenue-related analytical procedures. For example, monthly revenue for the current reporting period could be compared to revenue recorded in a comparable prior period. Consider Fraud Risk Factors The auditor should use his or her professional judgment to evaluate the evidence that is gathered to: (i) determine if the evidence indicates that one or more fraud risk factors are present; and (ii) identify and assess the risks of material fraud if risk factors are present. Most of the risk factors contained in SAS No. 82 are included in SAS No. 99 and a few additional risk factors have been added. However, the fraud risk factors have been reorganized to help facilitate risk assessment by the auditor. The fraud risk factors are presented based on the two types of fraud: fraudulent financial reporting and misappropriation of assets. Within each of these two fraud types, the risk factors are based on the fraud triangle, the three conditions generally present when material misstatements due to fraud occur: (i) pressure, sometimes referred to as incentive or motive; (ii) an opportunity to commit and conceal the fraud; and (iii) rationalization (sometimes referred to as attitude). These fraud risk factors are presented in SAS No. 99, Appendix A, which is titled “Examples of Fraud Risk Factors.” Because fraud risk factors were covered extensively in prior chapters, they are not covered again here. Consider Other Information That May Be Helpful in Identifying Risks Although SAS No. 99 indicates that the three most important ways for auditors to obtain the information they need to identify frauds risks are to make inquiries of management, perform analytical review tests, and consider fraud risk factors, there are other viable ways to obtain information about fraud risk, such as the following: • During the planning phase of the audit, audit-team discussions may provide useful

198

Chapter 7: Review of Statement on Auditing Standards No. 99

information; •

While obtaining and reviewing the information gathered during the acceptance and continuance of clients and engagements;



While conducting reviews of interim financial statements; and



While considering audit risk, especially with respect to identified inherent risks, at the individual account balance or class of transaction level.

Identifying Risks That May Result in a Fraudulent Material Misstatement The number of fraudulently misstated financial statements in any given year, in comparison to the total number conducted in a year, is very small. Many auditors never run across a single case of fraudulently misstated financial statements in their entire career. As a result, many auditors can be “lulled to sleep”; that is, they become lax in their fraud-detection efforts. Other auditors, due to lack of experience, find it hard to recognize fraud risk factors or to determine what additional evidence to gather when they are found. In any event, it is important that auditors do not conclude that one or more fraud risks are not present in a particular entity because of inattentiveness or lack of experience. The previous section described the ways auditors could obtain the information they need to identify the risk of material misstatement due to fraud. The auditor must use the information he or she obtains as well as his or her professional judgment to identify fraud risks. In doing so, the auditor needs to consider the following nine factors: • The type of risk (fraudulent financial reporting or misappropriation of assets) that exists. •

The significance of the risk. (Is it large enough to be material?)



The likelihood of the risk (the probability that the factor will actually result in a material misstatement).



The pervasiveness of the risk (whether it is pervasive to the financial statements as a whole or related to a particular assertion, account, or class of transactions).



The fraud triangle. Although fraud risks are more likely to exist when all three conditions are observed, the auditor does not need to find all three conditions to identify a fraud risk. Some of the conditions are hard to spot without the benefit of hindsight. For example, it is hard to observe the rationalization process.



The client’s size, complexity, and ownership attributes.



The number of operating locations or business segments, as this often requires a separate risk identification for each location or segment.



Assertions, accounts, and classes of transactions that have high inherent risk. Because these items are subject to significant judgment and subjectivity, managers are better able and more likely to manipulate them. SAS No. 99 provides the following two examples: “Liabilities resulting from a restructuring may be deemed to have high inherent risk because of the high degree of subjectivity and management judgment involved in their estimation. Similarly, revenues for software developers may be deemed to have high 199

Chapter 7: Review of Statement on Auditing Standards No. 99

inherent risk because of the subjectivity involved in recognizing and measuring software revenue transactions.” •

Management override of controls. The auditor needs to address the risk of management override of controls regardless of whether the auditor is able to identify specific fraud risks. In many cases, management has overridden controls to perpetrate fraud using such techniques as recording fictitious journal entries (particularly those recorded close to the end of an accounting period to manipulate operating results), intentionally biasing assumptions and judgments used to estimate account balances, and altering records and terms related to significant and unusual transactions.



Because revenue recognition is so susceptible to manipulation, the auditor will usually determine that there is a risk of material misstatement due to management override of internal controls. For example, revenues can be overstated (premature revenue recognition or recording fictitious revenues) or understated (misapplication of cash receipts).

Assessing the Identified Risks As a preamble to discussing how to assess identified fraud risks, SAS No. 99 reviews some of the requirements of SAS No. 55. These requirements are as follows: • The auditor must understand each of the five components of internal control well enough to plan the audit; •

The auditor should use his or her understanding of internal control to identify potential misstatements, consider factors that affect the risk of material misstatement, design tests of controls when applicable, and design substantive tests;



Understand that manual and automated controls can be circumvented by collusion of two or more people or inappropriate management override of internal control.

Organizations can implement controls to reduce or eliminate fraud on two levels: (i) specific controls can be designed to reduce or eliminate specific fraud risks (for example, controls to protect easily stolen assets such as cash or inventory); and (ii) general programs can be designed to prevent, deter, and detect fraud. An example is fraud awareness training for all employees on policies, procedures, and programs to promote a culture of honesty and ethical behavior. Once an understanding has been obtained of the client’s general and specific controls, the auditor must determine if they have been properly designed to prevent or detect the identified risks of material misstatement due to fraud or whether specific control deficiencies may exacerbate the risks. If the programs and controls are properly designed, auditors must verify that they are in place and operational. Then the auditor should use the controls evaluation to assess fraud risks and determine a response to those risks. These responses are discussed in the next section. Responding to the Results of the Assessment As previously explained, the nature and significance of fraud risks, as well as client programs 200

Chapter 7: Review of Statement on Auditing Standards No. 99

and controls to address those risks, influence the auditor's response to the fraud-risk assessment. The auditor can respond to the fraud-risk assessment in four ways: 1. An overall response to identified risks (that is, general considerations, apart from planned specific procedures, that have an overall effect on how the audit is conducted). 2. A response to identified risks that involves the nature, timing, and extent of procedures to be performed. 3. A response to the risk that management could override controls. (Because management can often override traditional controls, substantive tests should be conducted to evaluate the risk of management overrides.) 4. If the auditor decides it is impracticable to design auditing procedures to sufficiently address identified fraud risks, he or she should withdraw from the engagement and communicate with the appropriate parties. Overall Responses to Identified Risks Fraud-risk judgments can have a number of overall effects on how an audit is conducted. SAS No. 99 lists the following: • Professional skepticism and audit evidence -- Professional skepticism is an attitude that auditors must have regardless of whether or not fraud risks are identified. When fraud risks are identified the auditor should heighten his or her skepticism and seek to increase the quantity or quality of audit evidence, or both, in all areas of the audit. SAS No. 99 lists the following examples of how audit evidence would be affected when fraud risks are identified. o Design additional or different auditing procedures to obtain more reliable evidence in support of specified financial-statement account balances, classes of transactions, and related assertions; and o Obtain additional corroboration of management’s explanations or representations concerning material matters, such as through third-party confirmation; the use of a specialist; analytical procedures; examination of documentation from independent sources; or inquiries of others within or outside the entity. •

Assignment of personnel and supervision -- When fraud risks are identified, the auditor may respond by assigning more experienced personnel, assigning staff with specialized skills and knowledge, increasing the amount and quality of staff supervision, or some combination of those three alternatives.



Accounting principles -- Another overall audit impact when fraud risks are identified is a closer examination of management’s selection and application of significant accounting principles to determine if an inappropriate application of the principles results in a material misstatement of the financial statements. Of particular importance are principles related to subjective measurements and complex transactions, and whether the collective

201

Chapter 7: Review of Statement on Auditing Standards No. 99

application of principles indicates a bias that results in a material misstatement. •

Predictability of auditing procedures -- Auditors generally perform the exact same tests every year. Armed with this knowledge, perpetrators can use concealment schemes that are not detected by these audit tests. When risk factors are identified, the auditor should consider adding an element of unpredictability to his or her selection of auditing procedures. For example: o Change the sampling methods used; o Test immaterial or low-risk accounts the auditor does not normally test; o Vary the timing of the tests they perform so they are more unpredictable; and o Perform procedures on an unannounced basis or at different locations.

Responses to Identified Risks Involving the Nature, Timing, and Extent of Procedures to Be Performed The nature, timing, and extent of audit procedures performed (both substantive tests and tests of controls) is impacted by the types or combinations of risks the auditor identifies. It is also impacted by account balances and transaction classes and their related assertions. In most cases, substantive tests are affected because audit risk cannot be reduced sufficiently through tests of controls, as management may be able to override controls that seem to be operating effectively. Auditing procedures can be changed in the ways described below to address specifically identified fraud risks. • The nature of auditing procedures. When fraud risks are identified, auditors should consider obtaining more reliable evidence or additional corroborative evidence. The nature of auditing procedures performed may be changed in one or more of the following ways: o Obtain more evidential matter from independent or third-party sources. For example, the auditor might seek public-record information to verify the existence and the nature of key customers, vendors, or counter parties in a major transaction. o Physically observe or inspect more assets than are normally observed and/or observe assets not normally observed. o Make use of more or not previously used computer-assisted audit techniques. This facilitates the auditor gathering more extensive evidence about significant accounts and data stored in electronic data files. o Increase the number of people, especially those in management, that are interviewed about fraud risks to identify issues and obtain corroborating evidence. o Interview people in the areas where fraud risk is identified, seeking their insights into both the identified risk and how controls address the risk. o When independent CPA firms audit the statements of subsidiaries, divisions, or

202

Chapter 7: Review of Statement on Auditing Standards No. 99

branches, discuss with them how much evidence needs to be gathered to address fraud risk. •

Vary the timing of substantive tests. o Decide not to perform interim substantive tests because the risks of intentional misstatement or manipulation make them ineffective. o Perform substantive tests of transactions throughout the period being audited because intentional misstatements, such as inappropriate revenue recognition, may have taken place during the interim period. o Perform procedures at locations on a surprise or unannounced basis. For example, the auditor could observe inventory either on unexpected dates or at unexpected locations, or both. The auditor could also count cash on a surprise basis.



Change the extent to which procedures are applied. When fraud risks are identified, more evidence may need to be gathered. This can be done in the following ways: o Increase sample sizes. o Perform substantive analytical procedures using disaggregated data. For example, gross-profit or operating margins by location, by line of business, or by month could be compared to auditor-developed expectations. o Test electronic transactions and account files more extensively. Use computerassisted audit techniques to test entire populations or select transactions with specific characteristics. o Supplement written confirmations with oral inquiries of major customers and suppliers. Alternatively, confirmations could be sent to a specific person at the customer or supplier.

Example Responses to Specific Fraudulent-Financial-Statement Risks SAS No. 99 provides the following examples of how the nature, timing, and extent of tests can be modified in response to specific, identified fraudulent-financial-statement risks. • Revenue recognition -- Because there are more revenue-recognition financial statement frauds than almost any other type, revenue accounts are particularly susceptible to fraud. In addition, since industries can be very different, revenue recognition among industries can vary significantly. Accordingly, auditors need to develop auditing procedures based on their understanding of the entity, its environment, and its industry that take into account this additional fraud risk. If there is identified fraud risk involving improper revenue recognition, the auditor also may want to consider the following procedures: o Perform substantive revenue-related analytical procedures using disaggregated data. For example, the auditor could compare monthly, product-line, or businesssegment revenue to a comparable prior period. Computer-assisted audit techniques are especially useful in identifying unusual or unexpected revenue 203

Chapter 7: Review of Statement on Auditing Standards No. 99

o

o

o

o



relationships or transactions. Confirm contract terms and the absence of side agreements with customers. Some of the most important revenue-recognition-related items to confirm are: ¾ Acceptance criteria; ¾ Delivery and payment terms; ¾ The absence of future or continuing vendor obligations; ¾ The right to return the product; ¾ Guaranteed resale amounts; and ¾ Cancellation or refund provisions. Inquire about end-of-period sales or shipments and any unusual terms or conditions associated with them. The best people to ask are sales and marketing personnel and in-house legal counsel. Another effective procedure involves being physically present at one or more locations at period end, in order to: ¾ Observe goods being shipped; ¾ Observe goods being readied for shipment; ¾ Observe returns awaiting processing; and ¾ Perform sales and inventory cutoff procedures the auditor deems appropriate. Test whether controls provide assurance that recorded revenue transactions occurred and are properly recorded. This is especially important for revenue transactions that are electronically initiated, processed, and recorded.

Inventory quantities -- When identified fraud risks are related to inventory quantities, the auditor should consider the following audit procedures: o Examine inventory records to identify locations or items that, during or after the physical inventory count, require specific attention. o Observe inventory counts at certain locations on an unannounced basis. o Observe inventory counts at all locations on the same date. o Count inventory at the end of the reporting period, or on a date closer to periodend. This will help minimize the risk that account balances are manipulated between the date the count is completed and the date the reporting period ends. o Use a specialist. o Perform additional procedures during the observation of the count, such as: ¾ Examining the contents of boxed items more carefully; ¾ Examining the way goods are stacked (check for hollow squares, etc.) or labeled; ¾ Verifying the purity, grade, and concentration of liquid substances; and

204

Chapter 7: Review of Statement on Auditing Standards No. 99

¾ Testing more count sheets, tags, or other records to minimize the risk that they will be altered later or compiled improperly. o Test the reasonableness of physical counts in other ways, such as: ¾ Comparing current-period quantities with those of prior periods. This is best done by inventory class or category, location, or some other criteria. ¾ Agreeing count quantities to perpetual records. ¾ Sorting tags numerically to test tag controls or by item serial number to determine if tags have been duplicated or omitted. •

Management estimates -- Many financial-reporting frauds are perpetrated by intentionally misstating one or more of the estimates that are a part of financial statements. Estimates are based on both objective and subjective factors, and the subjective factors are susceptible to bias even when competent personnel use relevant and accurate data to make their estimates. Some of the more important estimates involve: (i) asset valuation; (ii) specific transactions, such as acquisitions, restructurings, and disposing of a business segment; and (iii) significant accrued liabilities, such as pension and other post-retirement benefit obligations and environmental remediation liabilities.



Management has final responsibility for making most of the assumptions or judgments that are used to make these estimates. They are also responsible, on an ongoing basis, for monitoring the reasonableness of the accounting estimates.



In addressing fraud risk involving management estimates, the auditor should consider supplementing management’s estimates with additional audit evidence, using it to develop an independent estimate, comparing it to management’s estimate, and determining if any differences indicate a possible bias on the part of management. If so, the auditor should reconsider the estimates taken as a whole.



Another way to test for possible management biases is to review management judgments and assumptions from prior periods. If they were not accurate or realistic, it may indicate that current-year estimates may be biased. The best choices for retrospective reviews are estimates significantly affected by management judgments or based on highly sensitive assumptions. It is important to realize that these reviews are not intended to call into question the auditor’s prior-year professional judgments that were based on the information available at the time. When auditors identify a possible prior-year bias in an accounting estimate they should determine if it represents a fraud risk. If so, the auditor should reconsider the estimates, taken as a whole.

Example Responses to Fraud Risks Related to Misappropriation of Assets The auditor may identify fraud risks related to misappropriation of assets, such as large amounts of easily accessible cash or inventory that can easily be stolen and sold. In such cases, audit response is usually directed toward the specific information that was identified and the account 205

Chapter 7: Review of Statement on Auditing Standards No. 99

balance in question. Appropriate responses include the following: • Analyze any controls designed to prevent or detect the misappropriation and test their operating effectiveness; •

Physically inspect the assets at or near the end of the reporting period; and



Perform substantive analytical procedures, such as comparing expected dollar amounts to recorded amounts.

Responses to the Risk of Management Override of Controls Management fraud is particularly difficult to detect for a number of reasons. Due to their position on top of the organization’s hierarchy, managers are in a unique position to both commit and conceal fraud. They are able to directly or indirectly manipulate accounting records and present fraudulent financial information. They are also in a position to direct employees to perpetrate the fraud or to ask for their help in perpetrating the fraud. Management is often able to override controls that, when not overridden, operate effectively and mitigate fraud risks. Also segment or division managers are often in a position to fudge their accounting records in a way that materially misstates the organization’s consolidated financial statements. Unless the auditor concludes that they should not be performed, the procedures to address the risk of management override of controls described below are appropriate for most audits. The procedures should always be performed for financial-statement audits of public entities because investors place pressures on management to achieve a given level of financial performance and management can be tempted to fudge numbers to achieve financial-performance objectives. These procedures should also be performed for nonpublic-entity financial statements audits. They also face pressures from the board of directors, contributors, investors, creditors, or vendors, or there is pressure to meet financial or other performance targets. Although infrequent, SAS No. 99 provides three examples of when the auditor may decide that some or all of these procedures are not necessary. • The client is a nonpublic entity or a not-for-profit organization for which the auditor concludes there is little incentive or pressure to achieve specified levels of financial performance to satisfy either external or internal users of the financial statements or to inappropriately minimize income-tax liabilities; •

An employee benefit plan performed to satisfy regulatory requirements and the auditor concludes there is little incentive or pressure to inappropriately report the financial condition or performance of the plan; or



A subsidiary performed solely to satisfy statutory requirements that are unrelated to financial condition or performance.

Should the auditor conclude that the procedures to test for management override of controls are not necessary, he or she should document that conclusion. Documentation requirements are discussed more fully later in this chapter.

206

Chapter 7: Review of Statement on Auditing Standards No. 99

SAS No. 99 recommends the following audit procedures to address the risk that management overrides controls: (i) an examination of journal entries and other adjustments, especially at or near period-end; (ii) a review of accounting estimates for bias, particularly a retrospective review of significant management estimates; and (iii) an evaluation of significant, unusual transactions, especially at or near period-end. Examining Journal Entries and Other Adjustments Fraudulent financial reporting is often perpetrated using inappropriate or unauthorized journal entries. It is also perpetrated by adjusting financial-statement amounts that are not reflected in formal journal entries. Examples include consolidating adjustments, report combinations, and reclassifications. As a result, auditors should test both journal entries recorded in the general ledger and adjustments made while preparing the financial statements, such as entries posted directly to financial-statement drafts, for appropriateness and authorization. Auditors are required to understand the client’s system of internal controls. They should also obtain an understanding of whether the controls are suitably designed and have been placed in operation. Auditors are also required to understand the automated and manual procedures their clients use to prepare financial statements and related disclosures, including procedures used to: (i) enter transaction totals into the general ledger; (ii) initiate, record, and process journal entries in the general ledger; and (iii) record recurring and nonrecurring adjustments to the financial statements. Auditors should use this understanding to identify the client’s normal journal entries and adjustments (nature or type, number, size, source, etc.) and the procedures and controls used (who is authorized to make them, required approvals, how they are recorded, etc). This knowledge will help the auditor spot inappropriate or unauthorized journal entries and adjustments, which often have one or more of the following unique identifying characteristics: • The entry or adjustment was made to unrelated, unusual, or seldom-used accounts or business segments; •

It was recorded at the end of the reporting period, as post-closing entries, or before or during the preparation of the financial statements;



It often has little or no explanation or description;



It often has no account number; and



It contains round numbers or a consistent ending number.

In testing journal entries and adjustments, the auditor should use his or her professional judgment to determine the nature, timing, and extent of the tests. In making those decisions, the auditor should consider the following: • Identified fraud risk factors can help the auditor select which journal entries to test and determine the extent of testing necessary. •

If the auditor tests the controls over the preparation and posting of journal entries and finds them effective, it may be possible to reduce the extent of substantive testing of

207

Chapter 7: Review of Statement on Auditing Standards No. 99

journal entries. •

Audit procedures will be different in a manual, paper-based system than in an automated financial-reporting system. In paper-based system, the auditor will inspect the general ledger to identify which journal entries to test and to examine support for the selected items. In a computer-based system, as journal entries and adjustments often only exist in electronic form, the auditor will normally use computer-assisted audit tools to identify the items to test.



Accounts or transactions that are complex or unusual in nature, contain significant estimates, or are associated with an identified fraud risk deserve added attention, as they are prone to fraud.



When clients have several locations or components, the auditor should consider using the factors set forth in SAS No. 47 to select journal entries from the various locations.



The auditor should consider testing journal entries and adjustments throughout the reporting period, as they can take place any time during the reporting period. However, special attention should be paid to end-of-period journal entries and adjustments, as that is when fraudulent entries are most likely to occur.

Evaluating the Business Rationale for Significant Unusual Transactions While performing an audit, the auditor should keep his or her eyes open for significant transactions that are either: (i) not part of the organization’s normal course of business; or (ii) unusual based on the auditor’s understanding of the organization and its environment. When one of these transactions is discovered, the auditor should determine the business rationale behind the transaction and evaluate whether its purpose was to misstate the financial statements. Of particular importance is whether the other party to the transaction: (i) is an unidentified related party; or (ii) needs the financial strength of the client to support or complete the transaction. Evaluating Audit-Test Results Assessing Fraud Risk Throughout the Audit Auditors are required to assess the risk of material fraudulent misstatements throughout the audit. In doing so, they may identify conditions during fieldwork that either change or support their judgment regarding the assessment of fraud risk. SAS No. 99 lists examples, which are provided below. • Accounting records discrepancies, such as: o Transactions that are incomplete or not recorded or timely manner; o Transactions that are not properly recorded as to company policy, amount, accounting period, or classification; o Balances or transactions that are unsupported or unauthorized; o Last-minute adjustments, especially those that significantly affect financial results; and o Employees accessing the organization’s information systems or accounting 208

Chapter 7: Review of Statement on Auditing Standards No. 99

records in ways that are inconsistent with their authorized duties. •

Evidential matter that is conflicting or missing, such as: o Documents that are missing; o Substituting photocopied or electronically transmitted documents for originals; o Items on reconciliations that are significant and unexplained; o Responses from management or employees that are inconsistent, vague, or implausible; o Organization records that are significantly different from third-party responses, such as confirmation replies; o Inventory or physical assets of significant magnitude that are missing; o Electronic evidence that is missing, unavailable, or is not maintained according to the organization’s record-retention practices or policies; and o No evidence that systems developed or updated during the year were tested prior to and during implementation.



Relationships between the auditor and client are problematic or unusual. For example: o The client denies the auditor access to records, facilities, or people (employees, customers, vendors, etc.). It is important to note that this denial may represent a scope limitation that might require the auditor to qualify or disclaim an opinion on the financial statements. o Management imposes undue time pressures, especially for complex or contentious issues. o Inappropriate management actions such as intimidation of audit-team members or complaints about how the audit is conducted. This is particularly serious when it relates to the auditor’s critical assessment of audit evidence or to how potential disagreements with management are resolved. o Unusual delays in providing requested information. o Tips or complaints about alleged fraud. o The client is not willing to allow the auditor access to electronic files so they can be tested using computer-assisted audit techniques. o Access is denied to IT facilities and personnel (security, operations, development, etc.).

Evaluating Whether Analytical Procedures Indicate a Previously Unrecognized Fraud Risk Auditors need to perform and review analytical procedures at least twice. They need to do so while planning the audit, in order to identify unusual or unexpected relationships that might indicate fraud. Identified fraud risks should be investigated during the course of the audit. Auditors also need to perform and review analytical procedures while reviewing audit results near the completion of the audit to determine whether analytical procedures performed as

209

Chapter 7: Review of Statement on Auditing Standards No. 99

substantive tests indicate any previously unrecognized fraud risks. SAS No. 99 gives a special emphasis to revenue-related analytical procedures, stating that they should be performed through the end of the reporting period. Any previously unrecognized fraud risks should be investigated. In analyzing the results of the analytical procedures, the auditor must exercise his or her professional judgment to determine which particular trends and relationships might indicate fraud risk. It is particularly important to carefully review year-end revenue and income. Two examples of unusual relationships that might indicate fraud are uncharacteristically large amounts of income from unusual transactions during the last few weeks of the reporting period and income that is not consistent with prior trends in cash flow from operations. When a fraud is perpetrated, normal relationships and trends are often thrown out of balance and can be spotted by the auditor. A clever perpetrator will cover his or her tracks by manipulating other data to make these relationships and trends appear normal. However, there are certain types of information that management and employees have a hard time manipulating in order to create seemingly normal or expected relationships. These unusual or unexpected analytical relationships are especially useful to auditors as they seek to uncover fraud risks and evidence of fraud. Some of the more useful relationships are presented in SAS No. 99: • The relationship of net income to cash flows from operations may appear unusual because management recorded fictitious revenues and receivables but was unable to manipulate cash. •

A change in inventory, accounts payable, sales, or cost of sales from the prior period to the current period may be inconsistent, indicating a possible employee theft of inventory, because the employee was unable to manipulate all of these accounts.



A comparison of the entity’s profitability to industry trends, which management cannot manipulate, may indicate trends or differences for further consideration when identifying risks of material misstatement due to fraud.



A comparison of bad-debt write-offs to comparable industry data, which employees cannot manipulate, may provide unexplained relationships that could indicate a possible theft of cash receipts.



An unexpected or unexplained relationship between sales volume as determined from the accounting records and production statistics maintained by operations personnel -- which may be more difficult for management to manipulate -- may indicate a possible misstatement of sales.

When the auditor spots unusual relationships, one way to investigate them is to ask the client to explain what might have caused them. In such cases, it is especially important to note the client’s reactions to the questions. Responses that are vague, implausible, or are contrary with other evidential matter gathered during the audit should be investigated very carefully, as the client may be trying to cover up fraudulent activity. However, there is another good explanation for the client’s behavior and that is that he or she might not know what caused the unusual relationship and might be reluctant to admit it.

210

Chapter 7: Review of Statement on Auditing Standards No. 99

Evaluating Fraud Risk At or Near the Completion of the Audit Before the audit can be completed, the audit team needs to make a qualitative evaluation, based primarily on the auditor's judgment, of whether or not the evidence gathered from auditing procedures, analytical relationships, and other tests and observations affect the fraud-risk assessment made during planning. Based on this evaluation, the audit team must decide whether or not they need to perform any additional audit procedures or perform different audit procedures. During this evaluation, the person in charge of the audit must also determine that there has been appropriate and sufficient communication with other audit-team members about potential fraud risks. Responding to Misstatements That May be the Result of Fraud When auditors identify a financial statement misstatement, they need to determine whether or not it indicates that fraud has occurred. They also need to determine if the amount of the misstatement is material to the financial statements. • When the amount is not material to the financial statements -- SAS No. 47 states “misstatements of relatively small amounts that come to the auditor’s attention could have a material effect on the financial statements.” So what should the auditor do if he or she believes misstatements are or may be the result of fraud, but the amount, by itself, is not material to the financial statements? According to SAS No. 99, the auditor “... should evaluate the implications, especially those dealing with the organizational position of the person(s) involved.” SAS No. 99 then gives the following two examples; o Petty-cash-fund misappropriations normally have little effect on an auditor’s assessment of fraud risk. Management typically does not have custody of the fund or administer it, and the amount lost is limited due to the small size of the fund. o Immaterial fraud involving management is more serious, as it might indicate a lack of integrity on the part of management. As a result, the auditor should determine how a lack of management or employee integrity will affect the audit. In particular, the auditor should re-evaluate the fraud-risk assessment and its resulting impact on the nature, timing, and extent of the tests of balances or transactions as well as the assessment of how effective the controls are if control risk was assessed below the maximum. •

When the amount is material to the financial statements -- When the misstatement is, or may be, the result of fraud and is material to the financial statements (or materiality is unknown), the auditor should do the following: o Determine how this impacts other aspects of the audit. o Talk to management that is at least one level above those involved, with senior management, and the audit committee. If senior management is thought to be involved, the auditor should go straight to the audit committee. These discussions should lead to a determination as to how to investigate the fraud.

211

Chapter 7: Review of Statement on Auditing Standards No. 99

o Gather additional evidence to determine whether material fraud has actually occurred or is likely to have occurred. If it has, the auditor should determine the fraud’s effect on the financial statements and the audit report. o Where appropriate, suggest that the client consult with legal counsel. •

The amount represents a significant risk of material misstatement -- When there is a significant risk of material misstatement due to fraud, the auditor should consider withdrawing from the audit and letting the audit committee (or those with equivalent authority and responsibility) know why. Because each engagement is so different and can have so many different variables, it is difficult to specify when withdrawal is appropriate. However, two of the most important considerations are: (i) what implications the auditor’s findings have on their evaluation of management integrity; and (ii) how diligent and cooperative the client (management, audit committee, the board of directors, etc.) is in investigating the circumstances and in taking appropriate action.

Before Withdrawing, the Auditor Should Consider Consulting with Legal Counsel. Communicating with Management, the Audit Committee, and Others When evidence that a fraud may exist is discovered, the auditor needs to bring it to the attention of an appropriate level of management. Note that SAS No. 99 does not state that if risk factors are found they must be brought to the attention of management. While the auditor may well want to bring identified risk factors to the attention of management so that they can institute controls to mitigate their effects, the auditor is not required to do so. The auditor is only required to bring evidence that a fraud may exist to the attention of management. Normally the auditor should take evidence about fraud to management at least one level above where the fraud is suspected or took place. The auditor should communicate this information even if the fraud is immaterial or inconsequential, such as an embezzlement by a lower-level employee. To avoid disagreements or problems regarding lower-level employee misappropriations, the auditor and the audit committee should reach an understanding, prior to the engagement, about the expected nature and extent of communications if such fraud takes place. When fraud involves senior management and when it causes a material misstatement of the financial statements it should be reported directly to the audit committee, who can take the matter to the entire board of directors. If an audit committee does not exist, the fraud should be reported to the senior executive in the firm. If there is a possibility that this senior executive is involved in the fraud, the auditor should consider withdrawing from the engagement. Sometimes the auditor will have to determine if the following items represent reportable conditions that should be communicated to the audit committee and senior management: (i) risk factors with continuing control implications (whether or not transactions or adjustments that could be the result of fraud have been detected); and (ii) the absence of, or the poor quality of, deficiencies in programs and controls to minimize or prevent specific fraud risks (or to otherwise

212

Chapter 7: Review of Statement on Auditing Standards No. 99

help prevent, deter, and detect fraud). Conditions other than reportable conditions may also be reported if it is possible for management to take actions to address them. The fraud risks the auditor identifies during his or her risk assessment can, and probably should, be communicated to the client. This can be communicated: (i) separately to the audit committee; (ii) as part of an overall communication of business and financial-statement risks affecting the organization; or (iii) as part of the auditor’s report on the quality of the entity’s accounting principles Ordinarily the auditor is not required to disclose possible fraud to anyone other than the client's senior management and its audit committee. In fact, the auditor's ethical or legal obligations of confidentiality do not allow him to disclose this information unless the matter is reflected in the auditor's report. However, SAS No. 99 specifies that auditors do have a responsibility, in the following circumstances, to disclose information to outsiders: • To comply with certain legal and regulatory requirements, such as engagement termination reports (reporting auditor changes on Form 8-K or when the fraud risk factors constitute a reportable event or are the source of a disagreement) or reports relating to an illegal act that has a material effect on the financial statements; •

To a successor auditor when they make an inquiry to comply with SAS No. 84, Communications Between Predecessor and Successor Auditors;



In response to a subpoena; and



To a funding or other specified agency in accordance with requirements for the audits of entities that receive financial assistance from the government.

Before discussing any of the items in this section with parties other than the client, the auditor may wish to consult with legal counsel to avoid potential conflicts with the auditor's ethical and legal obligations for confidentiality. Documenting the Auditor's Consideration of Fraud SAS No. 99 significantly extends the auditor’s documentation requirements with respect to fraud. Auditors are now required to document in their working papers evidence of their compliance with virtually all the major requirements of the SAS in order to help ensure that they comply with its new requirements. SAS No. 99 lists the following items that auditors must document: • Discussions among engagement personnel while planning the audit, including: o The susceptibility of the entity’s financial statements to material misstatement due to fraud; o How and when the discussion occurred; o The audit-team members who participated; and o The subject matter discussed;

213

Chapter 7: Review of Statement on Auditing Standards No. 99



The procedures they performed to gather the information they needed to identify and assess fraud risks;



The fraud risk factors that were identified during planning and field work and the auditor’s response to those risks;



When the auditor concludes that additional procedures to address the risk of management override of controls is not necessary, the support for that conclusion must be documented; and



The communications to management, the audit committee, and others regarding fraud.

Though not required, auditors may also want to consider documenting: • How fraud risk factors were considered; •

Why the auditor believes that the identified risk factors might lead to fraud;



The reasoning behind the auditor’s response to the risk factors;



Any current control policies that might alleviate the effect of the risk factors;



Any actions the client plans to take to alleviate the identified risks;



All inquiries of management and other client personnel (who was asked, what was asked, their response, etc.);



The auditor's response to the risk factors identified, whether the response was individual or in combination with other risk factors; and



The auditor’s conclusion as to whether or not there is a heightened risk of fraud. When there is a heightened risk, the auditor should document his or her basis for that conclusion, including the specific risk factors found and their effect on the nature, timing, and extent of audit procedures.

The auditor is allowed significant flexibility with respect to the form of documentation used to meet documentation requirements. It might take the form of: (i) a comprehensive checklist that lists risk factors by category; or (ii) a memo to document the risk factors identified and the planned response. Two other items of documentation that are important are the engagement letter and the management letter. SAS No. 99 does not mention the engagement letter, but it is important for the auditor to make sure that the responsibilities of both management and the auditors are spelled out in the engagement letter. Doing so may help reduce the auditor’s legal liability. Some audit firms currently send engagement letters with a sentence that goes something like. “An audit is not designed and cannot be relied upon to detect irregularities such as defalcations and embezzlements.” Unfortunately, this sentence has not accurately described the auditor’s responsibility to detect fraud for some time. Now that SAS No. 99 has become effective, the engagement letter should describe the auditor’s responsibility for fraud detection in terms that are consistent with the new pronouncement. For example, the auditor could use terminology

214

Chapter 7: Review of Statement on Auditing Standards No. 99

such as the following in their engagement letters: “The purpose of our audit is to express an opinion on the company’s financial statements that provides reasonable assurance that those statements are free of material misstatement, whether caused by error or fraud. However, an audit cannot provide absolute assurance that all material misstatements are detected. Also, an audit is not designed to detect error or fraud that is immaterial to the financial statements and cannot be relied upon to do so.” SAS No. 83, Establishing an Understanding with the Client, contains an example representation letter. The letter suggests the following management representations, which can be used to partially document the requirement in SAS No. 99 that the auditor inquire about management’s knowledge of frauds: • There has not been any fraud involving management or employees who have significant roles in internal control; and •

There has not been any fraud involving others that could have a material effect on the financial statements.

Prior to SAS No. 82, none of the communications with the client required the auditor to use the word “fraud.” Fraud, in the eyes of many, is an emotionally laden word. Therefore, it is a good idea for the auditor to verbally explain to top management that SAS No. 99 requires the use of the word “fraud” in all GAAP audits (not just their audit), rather than the word “irregularities,” which was previously used. This should help ensure that there is no misunderstanding or ill will created when they receive the engagement letter or when the suggested statements regarding fraud are requested in the management representation letter. It is certainly better to spend a little time up-front to maintain good client relations than it is to try and mend fences when a problem occurs. It is the policy of some CPA firms to require their personnel to write a memo at the end of the audit to document all client inquires and management responses concerning irregularities and illegal acts. With the issuance of SAS No. 99, this policy should be updated to include the fraudrelated inquiries. If the CPA firm does not have such a policy, it is highly advisable that they adopt one to comply with the new fraud-related documentation requirement. While SAS No. 99 does not actually require documentation regarding the client inquiries (as it does for the risk factors that are identified), peer reviewers will probably expect documentation that the inquiries were made and that consideration was given to management’s responses.

215

Chapter 7 Review Questions

Chapter 7 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1.

Which of the following Statements on Auditing Standards states that determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk? A. B. C. D.

2.

Although auditors have a responsibility to detect material fraud,: A. B. C. D.

3.

Management. Audit committee. Internal audit personnel. Others in the organization.

True or false: SAS 99 indicates that it is especially important to perform revenue-related analytical procedures. A. B.

5.

Management has the responsibility of designing and implementing controls and programs to prevent and detect fraud. The board of directors has the responsibility of designing and implementing controls and programs to prevent and detect fraud. The auditors also have the responsibility of designing and implementing controls and programs to prevent and detect fraud. The audit committee has the responsibility of designing and implementing controls and programs to prevent and detect fraud.

According to SAS 99, while making inquiries of management and others within the entity about fraud, which of the following groups should the auditor ask about how they oversee the organization’s fraud-risk assessment? A. B. C. D.

4.

SAS 1. SAS 47. SAS 82. SAS 99.

True. False.

In responding to the results of the fraud risk assessment, obtaining more evidential matter from independent or third-party sources is considered:

216

Chapter 7 Review Questions

A. B. C. D. 6.

According to the SAS 99 list of examples for conditions identified during fieldwork that either change or support their judgment regarding the assessment of fraud risk, balances or transactions that are unsupported or unauthorized are considered: A. B. C. D.

7.

Accounting records discrepancies. Evidential matter that is conflicting or missing. Relationships between the auditor and client that are problematic or unusual. Significant unusual transactions.

Which of the following conditions would be evidenced by management that imposes undue time pressures, especially for complex or contentious issues? A. B. C. D.

9.

Accounting records discrepancies. Evidential matter that is conflicting or missing. Relationships between the auditor and client that are problematic or unusual. Significant unusual transactions.

According to the SAS 99 list of examples for conditions identified during fieldwork that either change or support their judgment regarding the assessment of fraud risk, items on reconciliations that are significant and unexplained are considered: A. B. C. D.

8.

An overall response to identified risks. A response to identified risks involving the nature, timing, and extent of procedures to be performed. A response to the risk that management could override controls. A response to the risk of significant unusual transactions.

Accounting records discrepancies. Evidential matter that is conflicting or missing. Relationships between the auditor and client that are problematic or unusual. Significant unusual transactions.

When the amount is material to the financial statements, in responding to misstatements that may be the result of fraud, the auditor must: A. B. C. D.

Determine how this impacts other aspects of the audit. Contact local law enforcement. Withdraw from the engagement. Evaluate the implications, especially those dealing with the organizational position of the person(s) involved.

217

Chapter 7 Review Question Answers and Rationales

Chapter 7 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1.

Which of the following Statements on Auditing Standards states that determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk? A.

B.

C.

D.

2.

SAS 1. This answer is incorrect because SAS 1 Codification of Auditing Standards and Procedures does not state that determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk. SAS 47. This answer is correct because SAS 47 Audit Risk and Materiality in Conducting an Audit does state that determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk. SAS 82. This answer is incorrect because SAS 82 Consideration of fraud in Financial Statement Audit was issued to provide guidance to auditors on how to better consider material fraud while conducting a financial-statement audit but it does not state that determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk. SAS 99. This answer is incorrect because SAS 99 Consideration of fraud in Financial Statement Audit was issued to improve audit performance and increase the likelihood that auditors will detect material fraudulent financial statements, but it does not state that determining the nature, timing, and extent of the audit procedures is directly related to the auditor’s consideration of audit risk.

Although auditors have a responsibility to detect material fraud,: A.

B.

C.

D.

Management has the responsibility of designing and implementing controls and programs to prevent and detect fraud. This answer is correct because management has the responsibility of designing and implementing controls and programs to prevent and detect fraud. The board of directors has the responsibility of designing and implementing controls and programs to prevent and detect fraud. This answer is incorrect because the board of directors does not have the responsibility of designing and implementing controls and programs to prevent and detect fraud. The auditors also have the responsibility of designing and implementing controls and programs to prevent and detect fraud. This answer is incorrect because the auditors do not have the responsibility of designing and implementing controls and programs to prevent and detect fraud. The audit committee has the responsibility of designing and implementing controls and programs to prevent and detect fraud. This answer is incorrect because the audit committee does not have the responsibility of designing and implementing controls and programs to prevent and detect fraud. 218

Chapter 7 Review Question Answers and Rationales

3.

According to SAS 99, while making inquiries of management and others within the entity about fraud, which of the following groups should the auditor ask about how they oversee the organization’s fraud-risk assessment? A.

B.

C.

D.

4.

True or false: SAS 99 indicates that it is especially important to perform revenue-related analytical procedures. A. B.

5.

Management. This answer is incorrect because management is not tasked with the oversight of the organization’s fraud-risk assessment while making inquiries of management and others within the entity about fraud. Audit committee. This answer is correct because, according to SAS 99, auditors should ask the audit committee about how they oversee the organization’s fraud-risk assessment while making inquiries of management and others within the entity about fraud. Internal audit personnel. This answer is incorrect because internal audit personnel are not tasked with the oversight of the organization’s fraud-risk assessment while making inquiries of management and others within the entity about fraud. Others in the organization. This answer is incorrect because “others” in the organization are not tasked with the oversight of the organization’s fraud-risk assessment while making inquiries of management and others within the entity about fraud.

True. This answer is correct because SAS 99 does indicate that it is especially important to perform revenue-related analytical procedures. False. This answer is incorrect because SAS 99 does indicate that it is especially important to perform revenue-related analytical procedures. For example, monthly revenue for the current reporting period could be compared to revenue received in a comparable period.

In responding to the results of the fraud risk assessment, obtaining more evidential matter from independent or third-party sources is considered: A.

B.

C.

An overall response to identified risks. This answer is incorrect because professional skepticism and audit evidence is an overall response to identified risks. A response to identified risks involving the nature, timing, and extent of procedures to be performed. This answer is correct because obtaining more evidential matter from independent or third-party sources is considered a response to identified risks involving the nature, timing, and extent of procedures to be performed. A response to the risk that management could override controls. This answer is incorrect because examining journal entries and other adjustments is a response to the risk that management could override controls.

219

Chapter 7 Review Question Answers and Rationales

D.

6.

According to the SAS 99 list of examples for conditions identified during fieldwork that either change or support their judgment regarding the assessment of fraud risk, balances or transactions that are unsupported or unauthorized are considered: A.

B.

C.

D.

7.

A response to the risk of significant unusual transactions. This answer is incorrect because determining the business rationale behind the transaction is a response to the risk of significant unusual transactions.

Accounting records discrepancies. This answer is correct because, according to SAS 99, balances or transactions that are unsupported or unauthorized are considered accounting records discrepancies. Evidential matter that is conflicting or missing. This answer is incorrect because, according to SAS 99, balances or transactions that are unsupported or unauthorized are considered accounting records discrepancies, not evidential matter that is conflicting or missing. Relationships between the auditor and client that are problematic or unusual. This answer is incorrect because, according to SAS 99, balances or transactions that are unsupported or unauthorized are considered accounting records discrepancies, not relationships between the auditor and client are problematic or unusual. Significant unusual transactions. This answer is incorrect because, according to SAS 99, balances or transactions that are unsupported or unauthorized are considered accounting records discrepancies, not significant unusual transactions.

According to the SAS 99 list of examples for conditions identified during fieldwork that either change or support their judgment regarding the assessment of fraud risk, items on reconciliations that are significant and unexplained are considered: A.

B.

C.

D.

Accounting records discrepancies. This answer is incorrect because, according to the SAS 99 list of examples, items on reconciliations that are significant and unexplained are considered evidential matter that is conflicting or missing, not accounting records discrepancies. Evidential matter that is conflicting or missing. This answer is correct because, according to the SAS 99 list of examples, items on reconciliations that are significant and unexplained are considered evidential matter that is conflicting or missing. Relationships between the auditor and client that are problematic or unusual. This answer is incorrect because, according to the SAS 99 list of examples, items on reconciliations that are significant and unexplained are considered evidential matter that is conflicting or missing, not relationships between the auditor and client are problematic and unusual. Significant unusual transactions. This answer is incorrect because, according to the SAS 99 list of examples, items on reconciliations that are significant and unexplained are considered evidential matter that is conflicting or missing, not significant unusual transactions.

220

Chapter 7 Review Question Answers and Rationales

8.

Which of the following conditions would be evidenced by management that imposes undue time pressures, especially for complex or contentious issues? A.

B.

C.

D.

9.

Accounting records discrepancies. This answer is incorrect because, according to the SAS 99 list of examples, management that imposes undue time pressures, especially for complex or contentious issues is considered a relationship between the auditor and client that is problematic or unusual, not accounting record discrepancies. Evidential matter that is conflicting or missing. This answer is incorrect because, according to the SAS 99 list of examples, management that imposes undue time pressures, especially for complex or contentious issues is considered a relationship between the auditor and client that is problematic or unusual, not evidential matter that is conflicting or missing. Relationships between the auditor and client that are problematic or unusual. This answer is correct because, according the SAS 99 list of examples, management that imposes undue time pressures, especially for complex or contentious issues is considered a relationship between the auditor and client that is problematic or unusual. Significant unusual transactions. This answer is incorrect because, according to the SAS 99 list of examples, management that imposes undue time pressures, especially for complex or contentious issues is considered a relationship between the auditor and client that is problematic or unusual, not significant unusual transactions.

When the amount is material to the financial statements, in responding to misstatements that may be the result of fraud, the auditor must: A.

B.

C.

D.

Determine how this impacts other aspects of the audit. This answer is correct because SAS 99 does require an auditor to respond to material misstatements that may be the result of fraud by determining how it impacts other aspects of the audit. Contact local law enforcement. This answer is incorrect because SAS 99 does not require an auditor to respond to material misstatements that may be the result of fraud by contacting local law enforcement. Withdraw from the engagement. This answer is incorrect because SAS 99 does not require an auditor to respond to material misstatements that may be the result of fraud by withdrawing from the engagement. Evaluate the implications, especially those dealing with the organizational position of the person(s) involved. This answer is incorrect because SAS 99 does not require an auditor to respond to material misstatements that may be the result of fraud by evaluating the implications dealing with the organizational position of the person(s) involved.

221

Glossary

Glossary This is a glossary of key terms with definitions. Please review any terms you are not familiar with. Accounting symptoms: A type of fraud symptom that exists when some element of the documents, journal entries, or ledgers was altered, forged, manipulated, or destroyed to hide the fraud when a fraud is committed. Analytical procedures: Evaluations of plausible relationships among financial and nonfinancial data. The auditor uses historical records, projections, and trends to develop expectations about the company and its data. These expectations are then compared to the company's recorded amounts. Analytical symptoms: A type of fraud symptom that exists when analytical procedures produce results that deviate significantly from the auditor’s expectations. Asset method: One of the two types of net worth calculations used to reveal discrepancies between reported income and expenditures. The asset method uncovers inconsistencies in revenue and expenses when the perpetrator uses illicit income to purchase assets. Behavior symptoms: A type of fraud symptom. Behavioral psychologists and experienced fraud investigators say that most fraud perpetrators, especially if they are first-time offenders, alter their behavior in recognizable ways. Computer security officers: A type of specialist who is responsible for fraud deterrence and detection and has a significant deterrent effect on computer frauds. The security officer can monitor the system and disseminate information about improper system uses and their consequences. Customer fraud: A type of external fraud in which an outsider is able to get something of value without having to pay for it. Document evidence: One of the most important types of evidence a fraud investigator gathers is document evidence since it is the largest and the most frequently gathered type of evidence. Documents provide a paper trail that shows an investigator what happened during each step as the document was processed. Document symptoms: A type of accounting symptom. Document symptoms exist when documents are altered, forged, destroyed, missing, duplicated, used and/or out of order, voided, or contain unusual or abnormal items.

Environmental symptoms: A type of fraud symptom that exists when a company has confusion about honesty and ethics, past occurrences of fraud, domineering or overbearing management, or the company frequently operates in rush mode. Studies have found that the

222

Glossary

honesty of some employees is significantly affected by the cultural standards of management and their co-workers. Evidence collection: Step two of the four-step investigation strategy, the objective of this step is to determine if, in fact, a fraud did occur. Evidence evaluation: Step three of the four-step investigation strategy, the objective of this step is to determine whether it is sufficient to effectively evaluate and report the fraud. Expected fraud loss: The mathematical product of fraud risk and fraud exposure. Expenditure method: One of the two types of net worth calculations used to reveal discrepancies between reported income and expenditures. The expenditure method is used when the illicit income is spent on expensive living, travel, and entertainment, rather than to buy assets such as cars and boats. External fraud: A type of fraud in which an outsider steals company assets by committing either a customer fraud or a vendor fraud. Forensic accountant: A type of specialist who focuses on fraud prevention, detection, investigation, and audit. Many have degrees in accounting and have received specialized training with the FBI, IRS, or other law-enforcement agencies. Fraud: An intentional act of deceit for the purpose of gaining an unfair advantage that results in an injury to the rights or interests of another person. Fraud detection: The procedures or actions undertaken to ascertain that a fraud has, in fact, been committed. Fraud exposure: The dollar amount that could be lost if a particular risk factor led to a fraud. Fraud investigation: The purpose of a fraud investigation is to determine if, in fact, a fraud occurred and, if it did, the extent of the fraud. To make this determination, there are a number of different types of evidence that can be gathered and analyzed. Fraud risk: The likelihood or probability that a fraud will actually take place. Fraud symptoms: The signs or manifestations, such as missing assets; fraudulent documents; and forged checks; that a fraud has taken place. Fraudulent financial reporting: An intentional misstatement or omission of amounts or disclosures in financial statements to deceive financial statement users. Fraudulent reporting of company results: One of the four areas of fraud vulnerability, company results are manipulated to look better than they actually are by inflating assets or net income.

223

Glossary

Horizontal analysis: A means of analyzing individual financial statement account balances by comparing the percentage changes and the total dollar changes between the years. Internal control symptoms: A type of fraud symptom. Internal control symptoms exist when there is one or more of the following; inadequate internal control, non-enforcement of internal control, or inadequate monitoring of significant controls. Investment fraud: A type of fraud in which a perpetrator sells an investor a worthless or overpriced investment or promises an unusually high rate of return that cannot be honestly earned. Invigilation: The process of observing and controlling company activities so closely for a period of time that fraud is virtually impossible. Kiting: A common scheme used to hide a theft in which the perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank. Lapping: A common scheme used to hide a theft in which the perpetrator steals the cash or check that Customer A mails in to pay its accounts receivable. Funds received at a later date from Customer B are used to pay off customer A’s balance. Lifestyle symptoms: A type of fraud symptom that exists when perpetrators show off their trappings of success and do not hide their newfound wealth. Any evidence of company employees living beyond their means should be thoroughly investigated. Misappropriation of assets: A theft of an entity’s assets. Misappropriation can be accomplished in various ways, including embezzling receipts, stealing assets, or causing an entity to pay for goods or services not received. Misappropriation of assets may be accompanied by false or misleading records or documents and may involve one or more individuals among management, employees, or third parties. Misappropriation of company assets: One of the four areas of fraud vulnerability, it includes company cash, inventory, supplies, equipment, machinery, and fixed assets are susceptible to fraud. Opportunity: One of the three conditions of the fraud triangle, it refers to the condition or situation that allows a person or organization to do three things; commit the fraud, conceal the fraud, and convert the theft or misrepresentation to personal gain. Organizational structure symptoms: A type of fraud symptom, organizational structure symptoms exist when an element of the organization does not have a well-defined or logical business purpose which should be looked at more closely to determine if the company is trying to hide something.

224

Glossary

Outsider/related party symptoms: A type of fraud symptom, outsider/Related Party symptoms exist in examples such as frequent changes of auditors or lawyers or strained relationships between management and its current or predecessor auditors. Accountants who audit firms with frequent legal and auditor changes should be especially careful to investigate the reasons for the changes and to discuss with management and predecessor auditors and lawyers, as appropriate, the reasons for the changes. People evidence: People in and out of a defrauded company are sources of evidence for fraud investigators. Hotlines, informants, interviews, and interrogation can be used to gather the information from the people with whom the perpetrator interacts. Personal observance evidence: Evidence gathered by surveillance, undercover operations, and invigilation. Pressure: One of the three conditions of the fraud triangle, it refers to the non-sharable problems individuals have that motivate them to act dishonestly. Problem recognition and definition: Step one of the four-step investigation strategy, the objective of this step is to determine if there is sufficient cause, or predication, to investigate the fraud symptoms. Purchasing, disbursement of cash, and shipment of goods: One of the four areas of fraud vulnerability, company disbursements could be stolen or diverted to pay personal bills, fictitious bills could be paid, kickbacks or bid-rigging could result in inflated billings, and payments could be made for hours not worked or for employees who do not exist. Rationalization: One of the three conditions of the fraud triangle, it allows perpetrators to justify their illegal behavior. Receipt of goods or cash: One of the four areas of fraud vulnerability, cash receipts could be stolen or misapplied or goods intended for the company could be stolen or diverted to unauthorized uses. Report findings: Step four of the four-step investigation strategy, the objective of this step is to write up the results in a fraud report, which is often the only evidence available to support the fraud investigation. Surveillance: The secret and continuous observation of persons, places, and things to obtain information about the identity and activity of individuals suspected of fraud. Vendor fraud: An outsider gets a company or individual to fraudulently pay for goods or services. Vertical analysis (balance sheet): A means of analyzing individual financial statement account balances by assigning total assets and as well as total liabilities and equity a value of 100 percent and then showing all other balance sheet items as a percentage of these two totals.

225

Glossary

Vertical analysis (income statement): A means of analyzing individual financial statement account balances by assigning net sales a value of 100 percent and then showing all other income statement items as a percentage of sales.

226

Index

Index Evidence Collection182, 186, 187, 223, 238, 239 Evidence Evaluation ...... 182, 186, 187, 223, 238, 239 Expected Fraud Loss................... 39, 44, 223 Expenditure Method................................ 223 External Fraud....... 5, 8, 17, 19, 20, 223, 230

A Accounting Symptoms.................... 222, 237 Adelphia.......... 172, 173, 174, 176, 177, 178 Adverse Opinions...................................... 99 Analytical Procedures ............................. 222 Analytical Symptoms...................... 222, 236 Arthur Andersen.............................. 160, 169 Asset Method .......................................... 222 Association of Certified Fraud Examiners (ACFE) ........................ 1, 5, 16, 18, 58, 96 audit committee...... 193, 194, 196, 197, 211, 212, 213

F Financial Pressure ..................................... 42 Forensic Accountant ......................... 96, 223 forensic accountants............................ 95, 96 Forensic Accountants................................ 96 Fraud .... 1, 2, 4, 5, 6, 7, 8, 10, 16, 18, 21, 23, 24, 25, 26, 31, 32, 34, 35, 39, 43, 44, 45, 49, 53, 58, 59, 62, 71, 75, 94, 96, 121, 130, 131, 133, 134, 137, 143, 149, 152, 163, 171, 176, 178, 193, 194, 195, 196, 198, 201, 205, 208, 209, 211, 213, 215, 223, 229, 232, 237, 243, 245, 246 Fraud Detection................................. 94, 223 Fraud Exposure ............. 34, 39, 43, 223, 232 Fraud Investigation ......................... 131, 223 Fraud Perpetrator .............................. 2, 4, 21 Fraud Risk............... 34, 39, 43, 44, 223, 232 fraud symptoms..... 94, 96, 97, 106, 108, 117 Fraud Symptoms ....................... 94, 223, 237 fraud triangle ...................................... 26, 31 Fraud Triangle........................................... 26 fraudulent financial reporting .. 5, 7, 95, 196, 198, 199, 207 Fraudulent Financial Reporting ..... 7, 8, 207, 223, 230 Fraudulent Reporting of Company Results ..................................... 122, 125, 223, 236

B Behavior Symptoms........................ 222, 237 bust-out ....................................................... 9 C collusion.............. 5, 7, 23, 34, 116, 193, 200 Collusion ..................................................... 6 Company Vulnerabilities .......................... 94 Computer Security Officers .................... 222 Computer-Security Officers ...................... 95 concealment ................................................ 3 conversion ................................................... 3 Customer Fraud............................... 222, 230 D Discovery Sampling................................ 139 Document Evidence ........................ 136, 222 Document Symptoms.............................. 222 E Employee Fraud .............. 17, 19, 20, 56, 230 engagement letter ............................ 214, 215 Enron...... 160, 161, 162, 163, 166, 169, 170, 176, 178 Environmental Symptoms....................... 222 evidence 3, 6, 16, 19, 24, 58, 59, 94, 98, 108, 119, 131, 134, 135, 136, 137, 138, 139, 140, 145, 147, 150, 151, 152, 154, 156, 178, 183, 193, 195, 196, 198, 201, 202, 203, 205, 209, 210, 212, 213, 224

H Handwriting Analysis ............................. 138 Horizontal Analysis ........................ 101, 224 I internal control ........ 195, 196, 200, 207, 215 Internal Control Symptoms..................... 224 internal controls .......................... 3, 5, 7, 118 Interrogation............................................ 150

227

Index

Kiting ............................ 39, 42, 84, 224, 232

Public Company Accounting Oversight Board (PCAO Board) .......................... 157 Public Company Accounting Oversight Board (PCAOB) .......... 157, 185, 191, 241 Public Databases ............................. 141, 239 Purchasing, Disbursement of Cash, and Shipment of Goods ...... 122, 125, 225, 236

L

R

Lapping ......................... 39, 42, 84, 224, 232 Lifestyle Pressure...................................... 53 Lifestyle Symptoms ................................ 224

Ratio and Trend Analysis Symptoms ..... 106 Rationalization .. 30, 150, 184, 190, 225, 240 Receipt of Goods or Cash 122, 125, 225, 236 red flags................................... 11, 50, 58, 94 related-party transactions ..... 76, 80, 87, 115, 117 Report Findings182, 186, 187, 225, 238, 239 representation letter................................. 215

Interviews........................................ 148, 150 Investment Fraud ...... 5, 17, 19, 20, 224, 231 Invigilation..... 153, 154, 184, 185, 191, 224, 241 K

M Management Financial Pressure ............. 233 Management Fraud ... 5, 17, 19, 20, 206, 230 Manipulation ............................................... 7 mark-to-market accounting..................... 161 misappropriation of assets5, 6, 198, 199, 205 Misappropriation of Assets ............. 6, 8, 224 Misappropriation of Company Assets ... 122, 125, 224, 236

S Sarbanes-Oxley Act of 2002.................... 157 SAS No. 82 ..................... 193, 195, 198, 215 SAS No. 99 .. 5, 6, 7, 45, 193, 195, 196, 198, 199, 201, 203, 206, 208, 210, 211, 212, 213, 214 Searches .......... 153, 184, 185, 190, 191, 241 Securities & Exchange Commission (SEC) ...... 85, 100, 110, 113, 157, 158, 159, 164, 168, 169, 170, 171, 175, 176, 185, 191 situational pressures ............................ 27, 32 State Government.................................... 142 substantive test 200, 201, 202, 203, 207, 210 Surveillance..... 152, 184, 190, 191, 225, 241

N National Commission on Fraudulent Financial Reporting (Treadway Commission)............................................ 7 net worth ......................................... 144, 146 Net Worth Analysis................................. 144 O Opportunity ................. 38, 42, 224, 231, 232 Organizational Structure Symptoms ....... 224 Outsider/Related Party Symptoms.......... 225

T The National Commission on Fraudulent Financial Reporting (Treadway Commission)............................................ 7 Tip and Complaint Symptoms ................ 113 Treadway Commission ............................... 7 Typewriter and Printer Analysis ............. 139

P Paper Analysis ........................................ 139 People Evidence.............. 137, 183, 187, 225 Personal Observance Evidence ............... 225 Physical Evidence .. 137, 154, 183, 185, 187, 191 Ponzi schemes........................................... 10 Pressure ......................... 27, 28, 54, 161, 225 Problem Recognition and Definition ..... 182, 186, 187, 225, 238, 239 professional skepticism... 193, 194, 195, 201

U Undercover Operations .. 184, 185, 190, 191, 241 V Vendor Fraud .......................... 225, 230, 231

228

Index

Vertical Analysis (Balance Sheet) .......... 225 Vertical Analysis (Income Statement) .... 226

Whistle-Blower ................................. 24, 163 whistle-blowing....................................... 114 WorldCom............... 166, 167, 168, 169, 171

W whistle-blower........................................... 24

229

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF