Overview of Auditing for Fraud
"It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently."
Warren Buffet
-
1-3
Why Fraud is a Costly Business Problem
Fraud Losses Reduce Net Income $ for $
If Profit Margin is 10%, Revenues Must Increase by 10 Times the Losses to Recover the Affect on Net Income Losses……. $100 Million Revenue….$1 Billion
Fraud Robs IncomeFraud Robs Income
1-4
Fraud Cost….Two Examples
General Motors $436 Million Fraud Profit Margin = 10% $4.36 Billion in
Revenues Needed At $20,000 per Car,
218,000 Cars
Bank $100 Million Fraud Profit Margin = 10 % $1 Billion in Revenues
Needed At $100 per year per
Checking Account, 10 Million New Accounts
1-5
General Profile of White Collar Criminals Older (30+ years)
75% Male, 25% Female Stable Financial Position Above Average Education Less Likely to Have a Criminal Record Good Psychological Health Position of Trust Detailed Knowledge of Accounting Systems and its Weaknesses
Second COSO Report Major Characteristics of Companies Having
Perpetrated Fraud
Smaller companies - under $200 million in revenues Board of directors dominated by management Audit committees non-existent or inactive Overstated revenues and corresponding assets Most revenue frauds involved premature recognition or
fictitious revenues No internal audit department Perpetrated over relatively long-terms (average period 2 years) Companies were in loss situations or near break-even prior to
the fraud CEO and /or CFO involved in 83% of the cases
Fraud & Auditor Responsibilities
"The detection of material fraud is a reasonable expectation of users of audited financial statements. Society needs and expects assurance that financial information has not been materially misstated because of fraud. Unless an independent audit can provide this assurance, it has little if any value to society”
Public Companies Accounting Oversight Board
1-8
Overview of Auditors’ and Other Professionals’ Responsibilities
External Auditors (CPAs)External Auditors (CPAs)SAS 99:SAS 99: Consideration of Fraud in a Financial Statement Audit Consideration of Fraud in a Financial Statement Audit
Design audit to provide Design audit to provide reasonable assurancereasonable assurance of detecting fraud that could have a of detecting fraud that could have a materialmaterial effect on the financial statements.effect on the financial statements.
Perform fraud-related proceduresPerform fraud-related procedures
SAS 54:SAS 54: Illegal Acts --- Focused primarily is on Illegal Acts --- Focused primarily is on direct-effectdirect-effect illegal acts illegal acts SAS 114: “The Auditor’s Communication with Those Charged with Governance” SAS 114: “The Auditor’s Communication with Those Charged with Governance”
Other Professional’s ResponsibilitiesOther Professional’s ResponsibilitiesInternal Auditors (CIAs)Internal Auditors (CIAs)
Internal auditors support management's efforts to establish a culture that embraces ethics, Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.involved in any fraud investigations.
Governmental AuditorsGovernmental Auditors Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts, Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts,
report to the appropriate authorityreport to the appropriate authority
Certified Fraud Examiners (CFEs)Certified Fraud Examiners (CFEs) Assignments begin with Assignments begin with predicationpredication (probable cause) (probable cause)
3-8
1-9
Errors and Illegal ActsErrors --- unintentional misstatements or omissions of amounts
or disclosures in financial statements
Direct-Effect Illegal Acts --- violations of laws or government regulations by the company or its management or employees that produce direct and material effects on dollar amounts in financial statements.
Far Removed Illegal Acts --- violations of laws and regulations
that are far removed from financial statement effects (for example, violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity).
1-10
Auditor Responsibility for Detecting Errors, Frauds, and Illegal Acts
Auditor Responsible forDetection?
Must Communicate Findings?
Material
Immaterial
Material
Immaterial
Errors
Yes
No
Yes(Audit Committee)
No
Fraud
Yes
No
Yes(Audit Committee)
Yes
(One Level Above)
Illegal Acts
Yes
(Direct Effect)
No
Yes
(Audit Committee)
Yes
(One Level Above)
1-11
Defining Fraud
Four Elements:
Material False Statement
Knowledge the Statement was False
Reliance on the Statement by Victim
Damages
DefalcationEmployee takes assets from the organization for personal
gain
ACFE Classification:
Corruption
Asset Misappropriation
Note: Defalcation may create misleading financial statements if stolen assets are reported on the statements
1-14
Definitions Related to Employee Fraud
White Collar Crime --- fraud perpetrated by people who work in offices and steal with a pencil or a computer terminal in contrast to violent street crime.
Employee Fraud --- use of fraudulent means to take money or other property from an employer. It consists of three phases: (1) the fraudulent act, (2) the conversion of the money or property to the fraudster's use and (3) the cover-up.
Embezzlement --- employees' or nonemployees' wrongfully taking money or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up.
Larceny --- simple theft of an employers property that is not entrusted to an employee's care, custody or control.
1-15
Red Flags: Employee Fraudo Missing Documents. o Alterations on Documents.o Photocopied Documents.o Second Endorsements on
Checks.o Unusual Endorsements.o Old Outstanding Checks.o Unexplained Adjustments to
Accounts Receivable and Inventory Balances.
o Unusual Patterns in Deposits in Transit.
o General Ledgers do not Balance.
o Cash Shortages and Overages.o Excessive Voids and Credit
Memos.o Customer Complaints.o Common Names or Addresses
for Refunds.o Increased Past Due Receivables.o Inventory Shortages.o Increased Scrap.o Duplicate Payments.o Employees Cannot be Found.o Dormant Accounts that have
Become Active.
Cash Misappropriation Schemes
Larceny--- stealing cash after it has been recorded on the books
Skimming--- stealing cash before it is recorded on the books
Fraudulent Disbursements Billing-- set up false vendors and pay for fictitious
goods Payroll-- add fictitious employees to payroll Expense Reimbursement-- submit overstated
reimbursement requests Check Tampering-- alter check, e.g. change payee
or amount
Fraudulent Financial Reporting
Intentional Manipulation of Financial Statements Manipulation, falsification, or alteration of accounting
records or supporting documents Misrepresentation or omission of events, transactions, or
significant information Intentional misapplication of accounting principles
Most common types are Overstate assets and understate expenses Overstate revenues and assets Understate liabilities
Patterns of Financial Reporting Frauds
Complex Revenue Recognition Schemes
Incorrect Billings to the Government
Holding the Books Open
Accelerated Revenue Recognition
Capitalizing Expenses
1-19
Financial Statement Frauds
Revenue/Accounts Receivable Frauds (Global Crossing, Quest, ZZZZ Best)
Inventory/Cost of Goods Sold Frauds (PharMor)
Understating Liability/Expense Frauds (Enron)
Overstating Asset Frauds (WorldCom)
Overall Misrepresentation (Bre-X Minerals)
1-20
Transaction Accounts Involved Fraud Schemes
1. Estimate all uncollectible accounts receivable
Bad debt expense, allowance for doubtful accounts
1. Understate allowance for doubtful accounts, thus overstating receivables
2. Sell goods and/or services to customers
Accounts receivable, revenues (e.g. sales revenue)
2. Record fictitious sales (related parties, sham sales, sales with conditions, consignment sales, etc.)3. Recognize revenues too early (improper cutoff, percentage of completion, etc.)4. Overstate real sales (alter contracts, inflate amounts, etc.)
3. Accept returned goods from customers
Sales returns, accounts receivable
5. Not record returned goods from customers6. Record returned goods after the end of the period
4. Write off receivables as uncollectible
Allowance for doubtful accounts, accounts receivable
7. Not write off uncollectible receivables8. Write off uncollectible receivables in a later period
5. Collect cash after discount period
Cash, accounts receivable
9. Record bank transfers as cash received from customers10. Manipulate cash received from related parties
6. Collect cash within discount period
Cash, sales discounts, accounts receivable
11. Not recognize discounts given to customers
To Do Revenue-Related Transactions and Frauds
1-21
Transaction Accounts Involved Fraud Schemes
1. Purchase inventory Inventory, accounts payable 1. Under-record purchase2. Record purchases too late3. Not record purchases
2. Return merchandise to supplier
Accounts payable, inventory 4. Overstate returns5. Record returns in an earlier period (cutoff problem)
3. Pay vendor within discount period
Accounts payable, inventory, cash
6. Overstate discounts7. Not reduce inventory cost
4. Pay vendor without discount Accounts payable, cash Considered in another chapter
5. Inventory is sold; cost of goods sold is recognized
Cost of goods sold, inventory 8. Record at too low an amount9. Not record cost of goods sold nor reduce inventory
6. Inventory becomes obsolete Loss on write-down of inventory, inventory
10. Not write off or write down obsolete inventory
7. Inventory quantities are estimated
Inventory shrinkage, inventory 11. Over-estimate inventory (use incorrect ratios, etc.)
8. Inventory quantities are counted
Inventory shrinkage, inventory 12. Over-count inventory (double counting, etc.)
9. Inventory cost is determined Inventory, cost of goods sold 13. Incorrect costs are used14. Incorrect extensions are made15. Record fictitious inventory
To Do Inventory/Cost of Goods Sold Frauds
1-22
Understating Liability Frauds
Not recording accounts payable Not recording accrued liabilities Recording unearned revenues as earned Not recording warranty or service liabilities Not recording loans or keep liabilities off the
books Not recording contingent liabilities
1-23
Asset Overstatement Frauds
Overstatement of current assets (e.g. marketable securities)
Overstating pension assets Capitalizing as assets amounts that should be
expensed Failing to record depreciation/amortization
expense Overstating assets through mergers and
acquisitions Overstating inventory and receivables
1-24
Disclosure Frauds
1. Overall misrepresentations about the nature of the company or its products, usually made through news reports, interviews, annual reports, and elsewhere
2. Misrepresentations in the management discussions and other non-financial statement sections of annual reports, 10-Ks, 10-Qs, and other reports
3. Misrepresentations in the footnotes to the financial statements
1-25
Concealing Asset Misappropriations
False Debits
To expenses (most common) Expenses are not tangible (can’t be inventoried)
Expense accounts closed to zero at end of year
To assets Commonly debit accounts receivable
Debit to asset easier to detect
Stays on books
1-26
Concealing Asset Misappropriations
Omitted CreditsConcealment technique for cash skimming
Pocket cash, no credit to sales
Out-of-Balance ConditionsAsset removed from business (debit)
No corresponding credit
Person hopes nobody notices
1-27
Concealing Asset Misappropriations
Forced Balances Variation of out-of-balance technique
Instead of a false entry to cover loss, person simply adds wrong, carry false totals
Used by persons with access to the books
Lessons Learned From Fraud Cases
Need to look at economic assumptions underlying growth
Need to assess risk factors and when the risk of fraud is high, demand and gather stronger evidence
Computer errors should be viewed as a risk factor
Dominant clients can be a problem
Need to know what motivates management
Not assume all people are honest
When fraud risk indicators are discovered, they must be thoroughly investigated
1-29
Reasons Auditors Fail to Detect Fraud Not their JobNot their Job Audits too PredictableAudits too Predictable Auditors are not AuthenticatorsAuditors are not Authenticators Auditors Not TrainedAuditors Not Trained Limited or No ExperienceLimited or No Experience Over Reliance on Client Representations.Over Reliance on Client Representations. Lack of awareness or failure to recognize that Lack of awareness or failure to recognize that
an observed condition may indicate a material an observed condition may indicate a material fraud.fraud.
Personal Relationships with Clients.Personal Relationships with Clients.
Fraud Triangle
Incentives/PressuresIncentives/Pressures
OpportunitiesOpportunities Attitudes/RationalizationAttitudes/Rationalization
1-31
Fraud Elements
Motivation Opportunity
RationalizationHigh
Risk
Source: W.Hillison, D. Sinason, and C. Pacini, “The Role of the Internal Auditor in Implementing SAS 82,” Corporate Controller, July/August 1998, page 20.
6-31
1-32
Motive
Some kind of pressure a person experiences and believes unshareable with friends and confidants Actual or perceived need for money (Economic motive)
“Habitual criminal” who steals for the sake of stealing (Psychotic motive)
Committing fraud for personal prestige (Egocentric motive)
Cause is morally superior, justified in making others victims (Ideological motive)
6-32
Fraud Triangle Needs/Situational ‘Red Flags”
High Personal Debts
Lives Beyond Means
Excessive Investment Speculation
Excessive Gambling
Substance Abuse
Extra-marital Affairs
Job Frustration
Resentment of Superiors
Corporate Expectations for Performance
Fraud Triangle Opportunity “Red Flags”
Inadequate Internal Controls
Too “cozy” with suppliers
Annual vacations or sick days not taken
Weak management or excessive turnover
Ineffective or no internal audit unit
No rotation of job duties among employees
Procedures not well understood/ always in a “crisis mode”
Fraud Triangle More Opportunity “Red Flags”
Poor physical safeguards over cash, investments, inventory, or fixed assets
Large amounts of cash on hand or processed
Inventory that is small, high-value, or high in demand
Easily convertible assets (e.g. computer chips)
Fixed asset characteristics such as small size, marketability, or lack of ownership identification
1-36
RationalizationPeople do things that are contrary to their personal beliefs – outside their normal
behavior – they provide an argument to make the action seem like it is in line with their moral and ethical beliefs.
I need it more than the other person.
I’m borrowing the money and will pay it back
Everybody does it
The company is big and will never miss it
Nobody will get hurt
I am underpaid, so this is due compensation
I need to maintain a lifestyle and image.
SAS 99, "Fraud Detection in a Financial Statement Audit"
Requires auditors to search for risk factors related to fraud
If risk factors are present, auditor needs to modify audit to Actively search for fraud Require more substantive audit evidence In some cases, assign forensic (fraud) auditors to the
engagement
Emphasizes Professional Skepticism
1-38
Considering the Risk of Fraud (SAS 99) Staff discussion
Obtain information needed to identify risks
Identify and assess risks
Respond to risk assessment
Evaluate audit evidence
Communicate and document
Step 1: Audit Team Brainstorming
Designed to:
Allow experienced auditors to educate less experienced auditors
Set the proper level of professional skepticism for the audit
Topics covered: How fraud can be perpetrated and concealed
Presume fraud in revenue recognition
Incentives, opportunities, and rationalization for fraud
Industry conditions
Operating characteristics and financial stability
1-40
Step 2: Obtain Information to Identify Risks
Inquiries Management Audit Committee Internal Auditors Others
Planning Analytical Procedures Net income to cash flows (total accruals to total assets) Days sales in receivables Gross margin Asset quality index (non current assets- p,p&e to total
assets) Sales growth index
3-40
1-41
Step 3a: Identify Risk Factors Related to Fraudulent Financial Reporting
Management’s Characteristics and Influence
Industry Conditions
Operating Characteristics and Financial Stability
1-42
Management’s Characteristics and Influence
Motivation to engage in fraudulent reporting A failure to display an appropriate attitude
about internal control and financial reporting. Nonfinancial management excessive
participation in selection of accounting principles or determination of estimates
High turnover of senior management Strained relationship with auditor Known history of violations
1-43
Risk Factors: Industry Conditions
Company profits lag the industry.
New requirements are passed that could impair stability or profitability
The company’s market is saturated due to fierce competition
The company’s industry is declining The company’s industry is changing rapidly.
3-43
1-44
Risk Factors: Operating Characteristics
A weak internal control environment prevails. The company is not able to generate sufficient cash flows to
ensure that it is a going concern. There is pressure to obtain capital. The company operates in a tax haven jurisdiction. The company has many difficult accounting measurement and
presentation issues. The company has significant transactions or balances that are
difficult to audit. The company has significant and unusual related-party
transactions. Company accounting personnel are lax or inexperienced in
their duties.
3-44
1-45
Step 3b: Assess Fraud Risks
Type
Significance
Likelihood
Pervasiveness
Assess Controls and Programs
1-46
Required Risk Assessments
Presume that improper revenue recognition is a fraud risk.
Identify risks of management override of controls Examine journal entries and other
adjustments. Review accounting estimates for biases. Evaluate business rationale for significant
unusual transactions.
Analytical Indicators of Fraud RiskKey analytical factors the auditor should develop include:
Large revenue increase at the end of the period Sales increasing faster than industry sales which don't seem
justified Unusually large increase in gross margin Large number of sales returns after year-end Increase in number of day's sales in receivables Increase in number of day's sales in inventory Significant increase in debt/equity ratio Cash flow or liquidity problems Significant changes in non-financial performance measures
Relate Internal Control and Fraud Risk
Internal control weaknesses are a strong indicator of fraud riskThe auditor should examine a variety of control areas including:
Corporate governance
Management control and influence
Audit committee
Corporate culture
Internal auditing
Monitoring controls
Whistle blowing
Codes of ethics
Related party transactions
1-49
Step 4: Respond to Assessed Risks
Effect on audit. Assignment of Personnel Choice of Accounting Principles Predictability of Auditing Procedures Examination of Journal Entries and other
Adjustments Retrospective Review of Prior Year Accounting
Estimates Extended procedures
1-50
Extended Procedures
Count the petty cash twice in one day.
Investigate suppliers/vendors. Investigate customers. Examine endorsements on
canceled checks. Add up the accounts receivable
summary. Audit general journal entries. Match payroll to life and
medical insurance deductions. Match payroll to social security
numbers.
Match payroll with addresses. Retrieve customer checks. Use marked coins and currency. Measure deposit lag time. Examine documents. Inquire, ask questions. Covert surveillance. Horizontal and vertical analysis. Net worth analysis. Expenditure analysis.
1-51
Step 5: Evaluate Audit Evidence
Discrepancies in the accounting records. Conflicting or missing evidential matter. Problematic or unusual relationships between
the auditor and management. Results from substantive of final review stage
analytical procedures. Vague, implausible or inconsistent responses to
inquiries.
Responding to Misstatements that May be the Result of Fraud
When fraud is suspected,When fraud is suspected,the auditor gathersthe auditor gathersadditional informationadditional informationto determine whetherto determine whetherfraud actually exists.fraud actually exists.
1-53
Step 6:Communicate Fraud Matters
SAS 99—Evidence Fraud May Exist ---Appropriate Level of Management
Sarbanes Oxley --- Significant Deficiencies to Board of Directors
1-54
Step 7: Audit Documentation of Fraud
DiscussionDiscussion
Specific risksSpecific risks
ProceduresProcedures
ReasonsReasons
ResultsResults Other conditionsOther conditions
Nature of CommunicationsNature of Communications
Forensic AccountingForensic accounting is an extension of auditing, but with a number
of differences:
Detailed investigation where fraud has been identified or is suspected
Focuses on identifying perpetrators and getting a confession Builds support for legal action against the perpetrator May provide litigation support such as expert testimony Extensive use of interviews 100% examination of fraud-related documents Reconstruction of account balances Broader scope than auditing