fraud red flags
TRANSCRIPT
-
7/30/2019 Fraud Red Flags
1/15
Fraud Red Flags
This tool provides opportunity red flags, personal characteristic red
flags, and situational pressure red flags of possible fraudulent activity.
It also provides indicators of possible fraudulent activity for various
business processes including accounts payable process, purchasing
process, payroll process, cash receipts process, accounts receivable
process, inventory/production process, and finance process.
1. Opportunity Red Flags
a. Fraud Conducted By Employees Against The Company
Familiarity with operations (including cover-up capabilities and
in a position of trust)
Close association with suppliers and other key people
A firm that does not inform employees about the rules or the
action taken to combat fraud
Rapid turnover of key employees either by quitting or firing
No mandatory vacations, periodic rotations, or transfers of key
employees
Inadequate personnel-screening policies when hiring new
employees to fill positions of trust
An absence of explicit and uniform personnel policies
No maintenance of accurate personnel records of dishonest acts
or disciplinary actions
Executive disclosures and examinations not required
A dishonest or overly dominant management
Operating on a crisis basis
No attention paid to details
Unrealistic productivity measurements
Poor compensation practices
A lack of internal security
Inadequate training programs
b. Fraud Conducted By Individuals On Behalf Of The Company
Related party transactions
A complex business structure
No effective internal auditing staff
-
7/30/2019 Fraud Red Flags
2/15
A highly computerized firm
A firm in atypical or "hot" industries
A firm that uses several different auditing firms or changes
auditors often
A firm that is reluctant to give auditors needed data
A firm that uses several different legal firms or changes legal
counsels often
A firm that uses an unusually large number of different banks,
none of which can see the entire picture
Continuous problems with various regulatory agencies
Large year-end and/or unusual transactions
An inadequate internal control system or no enforcement of the
existing internal controls
Unduly liberal accounting practices Poor accounting records and inadequate staffing in the
accounting department
A firm that inadequately discloses questionable or unusual
accounting practices
c. Some circumstances that might contribute to fraud include:
Weak internal control environment
Management does not emphasize the role of strong internal
controls Management does not prosecute or punish identified
embezzlers
Management does not have a clear position about conflicts of
interest
Highly placed executives are less than prudent or restrained on
expenditures for travel and entertainment, furnishings of
offices, gifts to visitors and directors, etc.
Internal auditing does not have authority to investigate certain
executive activities involving heavy personal expenditures Accounting policies and procedures are on the lax or loose side
2. Personal Characteristic Red Flags
Warning Signals Should Go Off When Employees Evidence
Characteristics Such As:
Rationalization of contradictory behavior
-
7/30/2019 Fraud Red Flags
3/15
Lack of a strong code of personal ethics
A wheeler-dealer personality
Lack of stability
A strong desire to beat the system
A criminal or questionable background A poor credit rating and financial status
3. Situational Pressure Red Flags
Fraud Committed By Employees Against The Company
Significant observed changes from past behavior patterns
High personal debts or financial losses
Inadequate income for lifestyle
Extensive stock market or other speculation behavior
Excessive gambling
Undue family, company, or community expectations
Excessive use of alcohol or drugs
Perceived inequities in the organization
Resentment of superiors and frustration with job
Peer group pressures
Undue desire for self-enrichment and personal gain
Emotional trauma in home life or work life
Fraud Committed By Management On Behalf Of The Company
Unfavorable economic conditions within the industry
Insufficient working capital
Dependence on one or two products customers or transactions
Severe obsolescence
High debt
Extremely rapid expansion through new business or product
lines
Reduced ability to acquire credit or restrictive loan agreements Profit squeeze; costs and expenses rising higher and faster than
sales and revenues
Difficulty in collecting receivables
Progressive deterioration in quality of earnings
Significant tax adjustments
-
7/30/2019 Fraud Red Flags
4/15
Managers who regularly assume subordinates duties
Noncompliance with corporate directives and procedures
Managers dealing in matters outside their profit center's scope
Payments to trade creditors supported by copies instead of
originals Negative debit memos
Commissions not in line with increased sales
Telltale Signs of Management and Corporate Fraud
In every case of management and corporate fraud telltale signs of
the fraud exist for some period of time before a third party detects
or discloses it. These signs may be
1)Significant observed changes from the defrauder's past
behavior patterns2)Knowledge that the defrauder was undergoing emotional
trauma in his home life or work life
3)Knowledge that the defrauder was betting heavily, drinking
heavily, had a very expensive social life, or was sexually
promiscuous
4)Knowledge that the defrauder was heavily in debt
5)Audit findings deemed to be errors and irregularities that were
considered immaterial at the time
6)Knowledge that the company was having financial difficulties
such as frequent cash flow shortages, declining sales and/orprofits, and loss of market share
7)Knowledge that management was showing increasing signs of
incompetence, i.e., poor planning, organization communications
controls, motivation, and delegation, management indecision
and confusion about corporate mission, goals, and strategies,
and management ignorance of conditions in the industry and in
the general economy
8)Substantial growth beyond the industry norm versus regulated
industries
4. Characteristics of Top Management Fraud
Top Management Defrauders
Tend to have highly material personal values.
Success to them means financial success, not professional
recognition.
-
7/30/2019 Fraud Red Flags
5/15
Tend to treat people as objects, not individuals and often as
objects for exploitation.
Are highly self-centered.
Are often eccentric in the way they display their wealth or
spend their money. They tend to be conspicuous consumers and often boast of the
things they have acquired, the friends they have in high office,
and all the fine places they have visited.
Speak about their cunning achievements and winnings more
than their losses.
Appear to be reckless or careless with facts and often enlarge
on them.
Appear to be hard working, almost compulsive, but most of
their time at work is spent scheming and designing short cuts toget ahead or beat the competition.
Manage by crisis more often than by objectives.
Tend to drift with the times and have no long-range plans, tend
to override internal controls with impunity and argue forcefully
for less formality in controls.
Demand absolute loyalty from subordinates, but they
themselves are loyal only to their own self-interests.
Have few real friends within their own industry or company.
Their competitors and colleagues often dislike them.
5. Indicators of Possible Fraudulent Activities
1)Transactions that are odd as to:
Time (of day, week, month, year, or season), Frequency (too
many, too few), Places (too far &, too near, and too "Far out"),
Amount (too high, too low, too consistent, too alike, too
different), Parties or personalities (related parties, oddball
personalities, strange and estranged relationships between
parties, management performing clerical functions).
Internal controls that are unenforced or too often compromised
by higher authorities
2)Employee motivation, morale and job satisfaction levels that are
chronically low
3)A corporate culture and reward system that supports unethical
behavior toward employees, customers, competitors, lenders, and
-
7/30/2019 Fraud Red Flags
6/15
shareholders
Examples of fraud risk indicators that might be noted during
fieldwork are:
Discrepancies in Accounting Records
Account balances that are significantly over or understated
Transactions not recorded in a complete or timely manner or
improperly recorded as to amount, accounting period,
classification, or company policy
Unsupported or unauthorized records, balances, or
transactions
Last minute client adjustments that significantly affect
financial results (particularly those increasing income
presented after submission of the proposed audit adjustments)
6. Understanding Symptoms/Red Flags of Fraud
Understanding symptoms of fraud is the key to detecting fraud. A
symptom of fraud may be defined as a condition which is directly
attributable to dishonest or fraudulent activity. It may result from the
fraud itself or from the attempt to conceal the fraud.
The following are representative examples of symptoms or red flags of
fraud:
1) Accounts Payable Process
Recurring identical amounts from the same vendor.
Unusual even dollar or high cash disbursement amounts forroutine odd dollar or low value purchase.
Multiple remittance addresses for the same vendor.
Vendor addresses do not agree with vendor approval
application.
Sequential invoice numbers from the same vendor or invoice
numbers with an alpha suffix.
Payments to vendor have increased dramatically for no
apparent reason. slow or no payments not justified by
disbursement schedule.2) Purchasing Process
Turnover among buyers within the purchasing department
significantly exceeds attrition rates throughout the
organization.
Purchase order proficiency rates fluctuate significantly among
buyers within comparable workload levels.
-
7/30/2019 Fraud Red Flags
7/15
Dramatic increase in purchase volume per certain vendor(s)
not justified by competitive bidding or changes in production
specifications.
Unaccounted purchase order numbers or physical loss of
purchase orders. Rise in the cost of routine purchases beyond the inflation rate.
Unusual purchases not consistent with the categories
identified by prior trends or operating budget.
3) Payroll Process
Dramatic increase in labor force or overtime not justified by
production or sales volume.
Turnover within the payroll department significantly exceeds
attrition rates throughout the organization.
Missing or easy access to blank checks, facsimile, and manual
check preparation machine.
Tax deposits are substantially less than those required by
current payroll expenses.
High volume of manually prepared payroll checks.
4) Cash Receipts Process
Improper safeguarding of cash under lock and key.
No segregation of duties between the following:
Receiving cash and posting to customer accounts
Issuing receipts and deposit preparation
Infrequent bank deposits, allowing cash to accumulate.
Consistent shortages in cash on hand.
Consistent fluctuations in bank account balances.
Closing out cash drawer before end of shift.
Excessive number of voided transactions on a regular basis
without proper explanation.
Missing copies of pre-numbered receipts. Not balancing cash to accounts receivable subledger.
Insufficient supervisory review of cashier's daily activity.
5) Accounts Receivable Process
Lack of accountability for invoice numbers issued.
Lack of segregation of duties between the following:
-
7/30/2019 Fraud Red Flags
8/15
Processing of accounts receivable invoices and posting to
subledger
Posting to accounts receivable subledger and cash receipts
Lack of policies and procedures regarding write-offs to satisfy
industry standards. Frequent undocumented and/or unapproved adjustments,
credits, and write- offs to accounts receivable subledger.
Low turnover or slow collection cycle for accounts receivable.
Dramatic increase in allowance for doubtful accounts in view of
positive economic events and stringent credit policies.
No reconciliation of accounts receivable subledger to general
ledger control account.
Insufficient supervisory review of accounts receivable activity
as well as customer account aging schedule. Unrestricted access to subledgers and general ledger.
6) Inventory/Production Process
Credit balances in inventory accounts.
Consistent fluctuations in inventory accounts between months
(e.g. debit balance one month, credit balance the next).
Excessive inventory write-offs without documentation or
approvals.
Unusual volume of adjustments, write-offs, and disposal ofmaterial, inventory, or fixed assets.
Unrestricted access to inventory storage areas by non-
responsible employees and/or vendors.
Significant weaknesses in inventory cut-off procedures.
No policy regarding identification, sale, and disposal of
obsolete and surplus materials.
Finished goods inventory turnover rate does not correlate with
operating cycle.
7) Finance Process Significant adjustments to accrued liabilities, accounts
receivable, contingencies, and other accounts prior to
acquisition of new financing.
Dramatic change in key leverage, operating, and profitability
ratios prior to obtaining financing.
-
7/30/2019 Fraud Red Flags
9/15
Adopting a change in accounting principle or revising an
accounting estimate prior to obtaining financing.
A delay in issuance of monthly, quarterly, or annual financial
reports prior to seeking new financing.
The Fraud Diamond: Considering the Four Elements of
Fraud
Despite intense efforts to stamp out corruption,
missappropriation of assets, and fraudulent financial reporting, it
appears that fraud in its various forms is a problem that is increasing in
frequency and severity. KPMGs Fraud Survey 2003 documented a
marked increase in overall fraud levels since its 1998 survey, with
employee fraud by far the most common type of fraud. The 2003
survey also noted that fraudulent financial reporting had more thandoubled from 1998. This trend is consistent with the unprecedented
recent spate of large accounting frauds (Enron, WorldCom), as well as
the increased number of accounting restatements and SEC
enforcement actions in recent years. (See 2003 Annual Review of
Financial Reporting Matters by the Huron Consulting Group and the
SECs Report Pursuant to Section 704 of the Sarbanes-Oxley Act of
2002.)
In response to the fraud problem, Congress and regulatory
authorities have enacted tougher laws and increased enforcementactions. Organizations are implementing tighter controls and broader
oversight. The auditing profession has adopted more rigorous auditing
standards and procedures, and software developers are adding
continuous monitoring features to back-office systems. It remains
unclear whether these efforts are sufficient to mitigate the fraud
problem.
Many studies suggest fraud is more likely to occur when
someone has an incentive (pressure) to commit fraud, weak controls or
oversight provide an opportunityfor the person to commit fraud, and
the person can rationalize the fraudulent behavior (attitude). Thisthree-pronged framework, commonly known as the fraud triangle,
has long been a useful tool for CPAs seeking to understand and
manage fraud risks. The framework has been formally adopted by the
auditing profession as part of SAS 99.
A Different Way to Think About Fraud Risks
-
7/30/2019 Fraud Red Flags
10/15
The fraud triangle could be enhanced to improve both fraud
prevention and detection by considering a fourth element. In addition
to addressing incentive, opportunity, and rationalization, the authors
four-sided fraud diamond also considers an individuals capability:
personal traits and abilities that play a major role in whether fraud may
actually occur even with the presence of the other three elements.
Many frauds, especially some of the multibillion-dollar ones, would not
have occurred without the right person with the right capabilities in
place. Opportunity opens the doorway to fraud, and incentive and
rationalization can draw the person toward it. But the person must
have the capability to recognize the open doorway as an opportunity
and to take advantage of it by walking through, not just once, but time
and time again. Accordingly, the critical question is, Who could turn
an opportunity for fraud into reality?
Using the four-element fraud diamond, a fraudsters thought
process might proceed as follow :
Incentive: I want to, or have a need to, commit fraud.
Opportunity: There is a weakness in the system that the right
person could exploit. Fraud is possible.
Rationalization: I have convinced myself that this fraudulent
behavior is worth the risks.
Capability: I have the necessary traits and abilities to be the right
person to pull it off. I have recognized this particular fraudopportunity and can turn it into reality.
While these four elements certainly overlap, the primary
contribution of the fraud diamond is that the capabilities to commit
fraud are explicitly and separately considered in the assessment of
fraud risk. By doing so, the fraud diamond moves beyond viewing fraud
opportunity largely in terms of environmental or situational factors, as
has been the practice under current and previous auditing standards.
For example, consider a company where the internal controls
allow the possibility that revenues could be recorded prematurely by
altering sales contract dates in the sales system. An opportunity for
fraud exists, if the right person is in place to understand and exploit it.
This opportunity for fraud becomes a much more serious problem if the
companys CEO, who is under intense pressure to increase sales, has
the technical skills to understand that the control weakness exists, can
-
7/30/2019 Fraud Red Flags
11/15
coerce the CFO and sales manager to manipulate the sales contract
dates, and can consistently lie to analysts and board members about
the companys growth. In the absence of such a CEO, the fraud
possibility would never become reality, despite the presence of the
elements of the fraud triangle. Thus, the CEOs capabilities are a major
factor in determining whether this control weakness will ultimately lead
to fraud.
The Person with Capability
Based on one authors experiences in investigating frauds for the
past 15 years, there are several essential traits for committing fraud,
especially for large sums or for a long period of time. First, the persons
position or function within the organization may furnish the ability to
create or exploit an opportunity for fraud not available to others. For
example, a CEO or divisional president has the positional authority toinfluence when contracts or deals take effect, thus affecting the timing
of revenue or expense recognition. Fraudulent Financial Reporting:
19871997, An Analysis of U.S. Public Companies (Beasley et al., 1999)
found that corporate CEOs were implicated in over 70% of public-
company accounting frauds, indicating that many organizations do not
implement sufficient checks and balances to mitigate the CEOs
capabilities to influence and perpetuate fraud. Additionally, when
people perform a certain function repeatedly, such as bank
reconciliations or setting up new vendor accounts, their capability to
commit fraud increases as their knowledge of the functions processes
and controls expands over time.
Second, the right person for a fraud is smart enough to
understand and exploit internal control weaknesses and to use
position, function, or authorized access to the greatest advantage.
Many of todays largest frauds are committed by intelligent,
experienced, creative people, with a solid grasp of company controls
and vulnerabilities. This knowledge is used to leverage the persons
responsibility over or authorized access to systems or assets.
According to the Association of Certified Fraud Examiners, 51% of theperpetrators of occupational fraud had at least a bachelors degree,
and 49% of the fraudsters were over 40 years old. In addition, 46% of
the frauds the Association recently studied were committed by
managers or executives.
Third, the right person has a strong ego and great confidence
that he will not be detected, or the person believes that he could easily
-
7/30/2019 Fraud Red Flags
12/15
talk himself out of trouble if caught. Such confidence or arrogance can
affect ones cost-benefit analysis of engaging in fraud; the more
confident the person, the lower the estimated cost of fraud will be. In
The Human Face of Fraud (CA Magazine, May 2003), R. Allan notes
that one of the common personality types among fraudsters is the
egotistsomeone who is driven to succeed at all costs, self-
absorbed, self-confident and narcissistic. Similarly, Duffield and
Grabosky (The Psychology of Fraud, Trends & Issues in Crime and
Criminal Justice, March 2001) note that, in addition to financial strain,
Another aspect of motivation that may apply to some or all types of
fraud is ego/power. The authors go on to quote Stotland (White
Collar Criminals, Journal of Social Issues, 1977) regarding ego: As
[fraudsters] found themselves successful at this crime, they began to
gain some secondary delight in the knowledge that they are fooling the
world, that they are showing their superiority to others.Fourth, a successful fraudster can coerce others to commit or
conceal fraud. A person with a very persuasive personality may be able
to convince others to go along with a fraud or to simply look the other
way. In addition, Allan notes that a common personality type among
fraudsters is the bully, who makes unusual and significant demands
of those who work for him or her, cultivates fear rather than respect
and consequently avoids being subject to the same rules and
procedures as others. Many financial reporting frauds are committed
by subordinates reacting to an edict from above to make your
numbers at all costs, or else.
Fifth, a successful fraudster lies effectively and consistently. To
avoid detection, she must look auditors, investors, and others right in
the eye and lie convincingly. She also possesses the skill to keep track
of the lies, so that the overall story remains consistent. In the Phar-Mor
fraud, the auditors claimed that Phar-Mor had formed a fraud team
of executives and former auditors who continually worked to hide
evidence about the fraud from them. The auditors claimed that the
fraud team lied, forged documents and scrubbed everything the
auditors saw to hide any indications of malfeasance. (See FindingAuditors Liable for Fraud: What the Jury Heard in the Phar-Mor Case,
Cottrell and Glover, The CPA Journal, July 1997.)
Finally, a successful fraudster deals very well with stress.
Committing a fraud and managing the fraud over a long period of time
can be extremely stressful. There is the risk of detection, with its
personal ramifications, as well as the constant need to conceal the
-
7/30/2019 Fraud Red Flags
13/15
fraud on a daily basis. Former HealthSouth CEO Richard Scrushy now
faces numerous criminal charges for allegedly masterminding a long-
running scheme to inflate the companys earnings during the terms of
several different CFOs. Despite the enormous pressure on him, Scrushy
has remained resolute during the course of the investigation, even
appearing on 60 Minutes to proclaim his innocence. In contrast, during
his sentencing, former HealthSouth Assistant Controller Emery Harris,
who allegedly was coerced to participate in the fraud, told the judge
how relieved he was after the company was raided by federal agents,
thinking it provided him the opportunity to finally get out of this
mess.
Dealing with Capability
Appreciating the importance of capability as a fourth element of
fraud is only part of the challenge. The next task is to addresscapability when assessing fraud risk, and to use knowledge about fraud
capability to prevent or detect fraud. Beyond considering incentive,
opportunity, and rationalization, the following steps could shed light on
capability.
Explicitly assess the capabilities of top executives and
key personnel. Focusing on capability requires organizations and
their auditors to better understand employees individual traits and
abilities. The audit committee member, corporate accountant, or
auditor should focus on the personality traits and skills of top
executives and others responsible for high-risk areas when assessing
fraud risk or seeking to prevent or detect fraud. Routine background
checks on new employees can identify past criminal convictions. In
assessing individuals traits and abilities, several methods of gathering
information may be helpful. First, there is no substitute for spending
time with a person. Frequent interaction under a variety of
circumstances, both business and social, can provide a meaningful
picture of the persons capabilities. Second, look for signals in the
little things. If the person cuts corners on small issues or consistently
displays an absolute refusal to lose or fail, no matter what the issue orthe cost, this may suggest similar behavior on larger issues. For
example, many have said that an executive who cheats in golf will
cheat in business. Finally, pay attention to what others say about a
person. If there are consistent statements about certain traits or
tendencies, this information can supplement more direct observations.
For example, if people in the organization are consistently in awe of
-
7/30/2019 Fraud Red Flags
14/15
someones technical or creative ability, this provides additional insight
into the persons capabilities.
If there are concerns about capability, respond
accordingly. If someones capabilities present a significant risk factor,
respond with stronger controls or enhanced audit testing. For example,
if the sales vice president is overly aggressive, competitive, and
obsessed with hitting monthly sales quotas, there may be a need for
extra-tight controls over revenue recognition or expanded testing of
sales during the annual audit. In addition, implementing a periodic
rotation of routine, but key, functions among staff can minimize the
opportunities for fraud gained from long-term knowledge of the
function and its controls. In this response phase, a key to mitigating
fraud is to focus particular attention on situations offering, in addition
to incentive and rationalization, the combination of opportunity and
capability. In other words, Do we have any doorways to fraud that canbe opened by people with the right set of keys? If so, these areas are
especially high risk, because all the elements are in place for a fraud
opportunity to become reality.
For example, when designing detection systems, it is important
to consider who within the organization has the capability to quash a
red flag, or to cause a potential inquiry by internal auditors to be
redirected. Cynthia Cooper, the internal auditor at WorldCom credited
with discovering the massive fraud, has described in Time magazine
how CFO Scott Sullivan had exercised his position and seniority to
dissuade her team from looking into certain areas that later proved to
have been infested with massive fraud. But believing they were on to
something, her teams worked behind Sullivans back, on many
occasions at night or from home, to avoid detection and retribution.
Although it appears he tried, according to Cooper, in this instance
Sullivan was not capable of completely thwarting the persistent efforts
of the auditors to uncover the apparent fraud.
Reassess the capabilities of top executives and key
personnel. Assessing capability and responding to concerns should
not be viewed as one-time exercises. Continuous updating of thecapability assessment and response is warranted for two reasons. First,
people can develop new capabilities over time, especially if they are
climbing the corporate ladder and growing professionally. Just because
someone did not have enough power or knowledge of an area to
commit fraud in the past, there is no guarantee that the person will not
develop such power or knowledge in the future. Their capability to
-
7/30/2019 Fraud Red Flags
15/15
commit fraud may increase, and additional controls or scrutiny may be
warranted.
Second, organizational processes, controls, and circumstances
change over time. As a result, some people may be better suited to
commit fraud in the new environment, even though they were not
capable under previous conditions. For example, consider a company
that has recently implemented a complex new IT system. The new
system may render those less digitally sophisticated employees
incapable of exploiting its controls. On the other hand, for those with
strong IT skills, the change might increase their capability of
committing fraud. This new capability should be considered, and
appropriate responses implemented.
Beyond Standards
In the final analysis, recent legislation, increased enforcement,regulatory oversight, broader controls, improved auditing standards,
and sophisticated monitoring technology are all steps in the right
direction and will contribute to preventing and detecting fraud.
Limiting this effort to current standards and practices may not be
enough, however, especially for auditors. Consistent with this view, the
2004 Miller GAAS Guide describes the fraud triangle elements
presented in SAS 99 and notes that it is obvious that the Auditing
Standards Board is struggling with the broad topic of how to detect
fraud auditors should be careful about following relevant
professional standards and then having a sense of security about the
likelihood that fraud does not exist in a particular engagement.
Accordingly, if capability could play a role in influencing or
magnifying the other fraud elements, other checks and balances or
detection systems should be implemented, or an auditor should
expand audit scope, procedures, and testing for potential fraud.