fraud risks

1

(973) 822(973) 822--22202220

FraudFraud

Objectives of this programTo introduce participants to internal control guidance relating to fraud.Program/Course Level: OverviewProgram Content:• The CPA’s responsibility regarding fraud

1) General duties CPAs have with regard to fraud 2) Duties imposed by:

i. Sarbanes-Oxley Act ii. SAS 99: the new auditing standard with respect

to fraudiii. Private Securities Litigation Reform Act (1995)

Advance Preparation: NoneType of Delivery: Live and Group-Internet-BasedAmount of Recommended CPE Credits: 3 - Auditing

Overview

1

2

Prevention of Financial Statement Fraud

Employee Fraud

Employee Motives for Committing Fraud

Fraud: The CPA’s ResponsibilityFraud: The Issues

2

3


Employee Fraud


Fraud: The CPA’s ResponsibilityFraud: The IssuesFraud: The Issues

3

Fraud: The Issues

I. Fraud: The IssuesA. Fraud’s impact must be addressed by all

CPAs:1. Public confidence must be restored2. CPAs are perfectly positioned to help

address the issues of fraud3. Fraud has destroyed large and small

companies

4

Fraud: The Issues4. Fraud: The Associated Cost:

In the Association of Certified Fraud Examiners release of its second Report to the Nation on Occupational Fraud and Abuse, the following findings were noted:a. Occupational fraud and abuse causes six percent of

business revenue to be lost each year. b. Losses have been approximated at $600 billion or

$4,500 per employee each year.c. Over half of the frauds resulted in losses of at least

$100,000 and about one in six resulted in losses in excess of $1 million.

5

4

Fraud: The Issuesd. Fraud scheme typically lasted 18 months.e. The most frequent method for detecting occupational

fraud was a tip from a co-worker, customer, vendor, or anonymous source. The second most frequent method of detection was by “dumb luck.”

f. The most common “villain” (93%) was a first-time offender. Only seven percent of the “villains” had prior fraud-related convictions.

g. Small businesses are the most likely targets. The typical fraud of a small business caused over $125,000 in losses. The typical fraud of the public companies costs nearly $100,000.

6

Fraud: The Issues

B. The ways fraud is committed:Three categories of occupational fraud and abuse:

a. Misappropriations of assets

b. Fraudulent financial statements

c. Corruption

7

Discussed in detail later

5

8


Employee Fraud


Fraud: The CPAFraud: The CPA’’s Responsibilitys ResponsibilityFraud: The Issues

Fraud: The CPA’s Responsibility

II. Fraud: The CPA’s ResponsibilityA. Introduction

The general duties with regard to fraud mandated by the Sarbanes-Oxley act, the new Statement on Auditing Standards (SAS) No. 99, and the Private Securities Litigation Reform Act.

B. Management within a companya. Officers and directors: General responsibilities

a. Duty of care:Officers and directors occupy a fiduciary relationship with the corporation. Directors and officers are required to act in good faith and with due care. Legally, they are required to exercise “that degree of care usually expected of a reasonably prudent and diligent person under similar circumstances.”

9

6

Fraud: The CPA’s Responsibilityb. Duty of loyalty:

Directors and officers must act in the best interest of the corporation and should refrain from self-dealing.

1. Knowingly and willingly misstating the business results of the company.

2. Approving related party transactions that benefit friends or relatives at the expense of the company.

3. Padding personal expense report.4. Accepting kickbacks or bribes.

Examples: Breach of the Duty of Loyalty:

10

Fraud: The CPA’s Responsibility2. Sarbanes-Oxley Act Duties

a. Officers and Directors:The Chief Executive Officer and Chief Financial Officer of public companies must personally certify annual and quarterly SEC filings (Section 302 of the Act requires)

b. Corporate Responsibility for Financial Reports1) SEC report being filed has been reviewed2) Report does not contain any untrue statements

or omit any material facts necessary to make the statements made not misleading

3) Financial statements fairly present, in all material respects, the financial position, results of operations and cash flows

11

7


c. Public Company Audit CommitteesThe audit committee is responsible for overseeing the appointment, compensation and work done by the audit firm. Each audit committee member shall be a member of the issuer’s board of directors and shall be independent. The member can only receive compensation from the issuer for his or her position on the board of directors and cannot accept any other compensation from the issuer or be affiliated with the issuer. The SEC can exempt persons from these requirements.

12


a. The Audit Committee shall establish procedures for:

1) Treatment of complaints received by the issuer regarding accounting, internal accounting controls and auditing matters; and

2) Confidential, anonymous submission by the issuer’s employees concerning questionable accounting procedures.

b. Authority and fundingAudit committees must be sufficiently funded and have authority to hire independent advisers.

13

8


d. Corporate Responsibility (Sarbanes-Oxley Act)

Corporate ResponsibilityTitle 3, Sections 301-308

· Adds a new provision to the Securities Exchange Act of 1934 relating to Audit Committee Standards:

Makes the Audit Committee responsible for the appointment, compensation and oversight of the work of any registered public accounting form employed by the issuerRequires members of the Audit Committee be on the Board of Directors and otherwise independentRequires Audit Committees to establish procedures for the receipt, retention and treatment of complaints received concerning accounting, internal accounting controls or auditing matters as well as the anonymous submission by employees concerning questionable accounting or auditing matters

Sec. 301

14



• Requires the CEO and CFO to certify with respect to each annual or quarterly report of the issuer, that:

The signing officer has reviewed the report, andThe report fairly presents, in all material respects, the operations and financial condition

• CEOs and CFOs must reimburse their companies for any bonuses, incentive-based or equity-based compensation, and any profits realized from the sale of securities of the issuer during the one-year period following an accounting restatement due to material non-compliance

Sec. 302

Sec. 304

15

9



Prohibits insider trades during pension fund blackout periods when at least 50% of beneficiaries are prohibited from trading. Blackout periods require 30 days’ prior notice. Profits from such insider trades share insure to and be recoverable by the issuer,regardless of any intention on the part of such insider

Requires the SEC to issue rules setting minimum standards of professional conduct for attorneys appearing and practicing before the SEC, including:

Requiring attorneys to report evidence of a material violation of securities law or breach of fiduciary duty or similar violation by the issuer to the general counsel or CEO of the issuer,If the general counsel or officer does not appropriately respond to the evidence, requiring the attorney to report the evidence to the Audit Committee or to another committee of the Board comprised solely of directors not employed by the issuer, or to the Board of Directors

Sec. 306

Sec. 307

16


a. Corporate Responsibility for Financial ReportsCompanies filing Forms 10-K and 10-Q reports must have the CEOs, CFOs, or similar person certify in each report that:i. The report is true, does not contain material

deficiencies and fairly represents the issuer’s financial position based on the officer’s knowledge;

ii. The signing officer is responsible for establishing internal controls, has designed the controls to ensure that material information is made known to the officer, and has evaluated the controls within 90 days of the report;

17

10

Fraud: The CPA’s Responsibilityiii. The signing officer has disclosed to the issuer’s

auditors and the audit committee all significant deficiencies in internal control design that might adversely affect the issuer’s ability to process financial data and also any fraud (whether or not material) involving management or other employees with a significant role in the issuer’s internal controls; and

iv. The signing officer has indicated any significant changes in internal controls that could affect internal controls after the date of the evaluation. The SOA imposes criminal fines of up to $1 million and up to 10 years’ imprisonment for knowingly making a certification that does not comply and fines of up to $5 million and imprisonment of up to 20 years for willfully certifying a report that does not comply.

18


2. Prohibition Against Improper Influence on AuditsNo director or officer shall fraudulently influence or mislead any independent public auditor for purpose of making the financial statements materially misleading. This rule is enforceable only by the SEC.

3. Forfeiture of Bonuses and ProfitsIf an issuer must restate financial papers because of misconduct, the CEO and CFO must reimburse the issuer for any bonus or incentive based compensation received and turn over any profit made from the sale of the issuer’s securities during a one year period following the filing. The SEC may exempt officers from this rule.

19

11

Fraud: The CPA’s Responsibility4. Officer and Director Bars

The SEC may prohibit any person from acting as an officer or director of an issuer if the SEC finds such person unfit to serve.

5. Prohibition Against Insider Trades During Pension Blackout PeriodsDirectors, officers and insiders may not purchase or sell the issuer’s securities during a blackout period if the securities were acquired in connection with their services for the issuer. A blackout period is one where employees were prohibited from trading securities in an issuer sponsored retirement plan.

a. RemediesAny profits resulting from violations of this section are recoverable by the issuer. Any shareholder can file suit to recover the profit if the issuer fails to take action against the officer or director.

20

AICPA Code of Professional Conduct (continued)

6. New section 1513 of Title 18 of the U.S. Code:Creates criminal liability for anyone who knowingly, with the intent to retaliate, takes any harmful action against a person for providing truthful information relating to the commission or possible commission of any federal offense.

7. New section 1514A of Title 18 of the U.S. Code:Creates civil liability for companies that retaliate against whistleblowers. This particular section only applies to employees of publicly traded companies. It makes it unlawful to fire, demote, suspend, threaten, harass, or in any other manner discriminate against an employee for providing information or aiding in an investigation of securities fraud. However, in order to trigger these protections, the employee must report the suspected misconduct to a federal regulatory or law enforcement agency; an member of Congress or a committee of Congress; or a supervisor.

21

12


8. Civil and criminal penalties for noncompliancea) It increases the jail term for existing crimes such as

mail fraud and wire fraud from five to twenty years.

b) It also makes it a crime to destroy documents and requires auditors of public companies to keep work papers for at least five years.

c) The Act also authorizes the SEC to freeze questioned assets during an investigation and allows courts to order the disgorgement of any bonuses received by a CEO or CFO resulting from the company having to restate its financial due to misconduct.

22


e. Independent Auditor: Sarbanes-Oxley ActAuditors must timely report the following directly to the audit committee:

a. All critical accounting policies and practices used;

b. Alternative GAAP methods that were discussed with management, the ramifications of the use of those alternative treatments, and the treatment preferred by the auditors; and

c. Any other material written communications between the auditors and management.

23

13

Polling Question #1

In your opinion, has the initiatives of SOX, Section 404, added value to financial reporting and been financially (cost) worth the effort:

Added Value Worth the EffortA. Yes YesB. Yes NoC. No YesD. No No

23a

Fraud: The CPA’s Responsibilityf. Independent Auditor: SAS 99

The certified public accountant has the responsibility “to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.”

1. Characteristics of FraudFraud is a combination of incentives, pressure, opportunity, attitude and rationalization. Auditors must have an understanding of the principle characteristics of fraud.

2. Consider how fraud is committed:The engagement team is required to consider the various ways the client could commit material fraud. The relevant factors are: a. Nature of the businessb. Managementc. Internal controlsd. Ethical values.

24

14

Fraud: The CPA’s Responsibility3. Assessing the risk of material fraud requires the following.

Auditors must interview management and other appropriate personnel of the company to assess the organization’s risk of material misstatements due to fraud.

a. When performing or planning analytical procedures, consider unusual or unexpected relationships that have been identified

b. Consider whether fraud risk factors are present.c. With respect to fraud risks and countermeasures, make inquiry

of the audit committee .4. Identify risks that may result in misstatements due to fraud.

Assess the significance, likelihood, and pervasiveness of the risk of fraud.

5. Assess fraud risks of the entity’s programs and controls.The auditor should evaluate programs and controls designed to address fraud risks. Factors such as control mechanisms over management overrides and education, prevention, and deterrence programs for employees should be considered.

25

Fraud: The CPA’s Responsibility6. Plan testing based upon the fraud risk assessment.

Once the auditor has assessed the risk of material misstatement due to fraud, he or she will determine the nature, extent and timing of the audit procedures.

7. Assess audit test results.The auditor will evaluate the test results looking for such things as:.

a. Discrepancies in accounting records,b. Conflicting missing evidential matter,c. Problematic or unusual relationships between the client and the

auditor.8. Communication with the Audit Committee.

The auditor must notify the client, even when the suspected fraud is not material to the financial statements. If the suspected fraud is material, or involves senior management, the auditor must report the incident directly to the audit committee.

9. Auditor Documentation: Required.The auditor must document the various steps taken in assessing the entity’s risk of material misstatement due to fraud.

26

15

Polling Question #2

In your opinion, what should be the CPA/Auditor’s level of responsibility regarding fraud:

A. CPA/Auditor should be responsible for detecting all material fraudB. CPA/Auditor should be responsible for detecting all fraudC. CPA/Auditor should be responsible for designing an audit program

that should reasonably detect fraudD. CPA/Auditor should only be responsible for fraud that comes to

his/her attention

26a


1. UUnderstand and Document• Obtain an understanding of internal control.

As part of planning, the auditor is required to perform procedures to understand the design of controls and whether they have been placed in operation.

– A control that has been placed in operation is being used.

– The auditor is not required to evaluate the operating effectiveness of controls during planning.

The auditor may, however, choose to perform some tests of controls while obtaining an understanding of internal control if it is more efficient to do so.

The auditor may obtain some evidence about the operating effectiveness of the controls if procedures performed to obtain an understanding of internal control also provide sufficient evidence to serve as tests of control.

• Document this understanding using flowcharts, questionnaires, narratives, and/or decision tables.

27

16


2. CControl Risk Assessment (Tests of Controls)Assess control risk and document this assessment. Any assessment of control risk at less than the maximum must be based on evidence provided by tests of controls.

28


3. PPerform Tests of ControlPerform additional tests of controls if a further reduction in the assessed level of control risk is desired. Such additional testing is generally performed only if:

a. Sufficient evidence is likely to be available, and

b. It would be efficient. The auditor evaluates whether the effort required to perform additional tests of controls is justified by the expected reduction in substantive testing.

29

17


4. AAssess ResultsReassess control risk and document this assessment.

30


5. SSubstantive TestingThe auditor reviews and modifies(if necessary) the planned level of substantive testing to be performed.

31

18


INTERNAL CONTROL RISK ASSESSMENT

OBTAIN AN UNDERSTANDING OF INTERNAL CONTROL SUFFICIENT

TO PLAN THE AUDIT

(a) Design of policies and procedures (b) Placed in operation? (c) Document the understanding

ASSESS CONTROL RISK AT MAXIMUM?

Consider relevancy and adequacy of controls, and whether testing controls would be efficient.

Less Than Maximum Maximum

Level

PLAN EXTENSIVE SUBSTANTIVE TESTS

CONSIDER A FURTHER REDUCTION IN THE ASSESSED LEVEL OF

CONTROL RISK

(a) Can a lower risk level be supported? (b) Cost/benefit from additional tests

of controls?

PERFORM ADDITIONAL TESTS OF CONTROLS

(a) Reassess control risk (b) Document assessment

DESIGN SUBSTANTIVE TESTS

DESIGN SUBSTANTIVE TESTS AT A REDUCED LEVEL

No Yes

No

Yes

ASSESS CONTROL RISK

(a) Use tests of controls to evaluate operating effectiveness

(b) Document this assessment

U

C

P

A

S 32

Fraud: The CPA’s ResponsibilityREVIEW: UNDERSTANDING INTERNAL CONTROL AND ASSESSING CONTROL RISK

1. Understand internal control

1. Understand the operation of the five components of internal control.

2. Understand the design of the relevant internal control policies and procedures.

3. Determine whether the policies and procedures have been placed in operation.

4. Document the understanding of internal control in order to plan the audit.

2. Control risk assessment 1. Consider the types of potential misstatements that could occur in the financial statements.

2. Identify the policies and procedures that are relevant to specific management assertions.

3. Determine the appropriate strategy for auditing each significant assertion.

3. Perform tests of controls*

1. Evaluate the effectiveness of the design and operation of the policies and procedures.

2. Identify any significant deficiencies in internal control. 3. Can a new risk level be supported based upon additional tests of controls?

Will evidence be available to support the new risk level?

Will the cost of additional tests of controls be more than offset by a reduction in substantive testing?

4. Assess results (based on tests of controls)

1. Consider a reduction (or increase) in the assessed level of control risk based on the results of the tests of controls.

2. Document conclusions. Document the basis for the conclusion that the

assessed level of control risk is less than the maximum level.

Document the conclusion that control risk is assessed at maximum level. (The basis for the conclusion need not be documented.)

5. Substantive testing Determine the nature, extent and timing of substantive tests based on the assessed level of control risk and the resulting acceptable level of detection risk.

UU

CC

PP

AA

SS33

19

Fraud: The CPA’s ResponsibilityG. Independent Auditor: Private Securities Litigation Reform Act:

a. The Private Securities Litigation Reform act (PSLRA), passed in 1995,requires additional responsibilities for independent auditors of public companies. It provides that the audit of the financial statements of a public company must include the following:a) Procedures designed to provide reasonable

assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts;

b) Procedures designed to identify related party transactions that are material to the financial statements or otherwise require disclosure

c) An evaluation of whether there is substantial doubt about the ability of the issuer to continue as a going concern during the next fiscal year.

“Illegal Act” Defined:The term illegal act is defined to mean any act or omission “that

violates any law, rule, or regulation having the force of law.”

34

Fraud: The CPA’s Responsibility2. Auditor steps if an illegal act is detected

a) Determining that an illegal act has occurred:1) Address the possible effect of the illegal act on

the financial statements2) Notify the appropriate level of management

immediately, and verify that the audit committee is adequately informed

b) Auditor must determine (regarding company management)1) Has senior management taken “timely and

appropriate remedial actions” and2) Does the failure to take corrective action is

“reasonably expected to warrant departure from a standard report of the auditor, or consider resignation from the audit engagement.”

35

20

Polling Question #3

In your opinion, in regards to SOX, Section 404, the CPA/Auditorshould:

A. Express an audit opinion on internal controlB. Express an audit opinion on management’s assertion regarding

internal controlC. Provide assurance regarding the effectiveness of internal controlD. Should only be responsible for assessing internal control in order to

perform the audit of the financial statement

35a

36


Employee FraudEmployee Motives for Committing FraudEmployee Motives for Committing Fraud


21


III. Employee Motives for Committing Fraud

A. Fraud: Three required elements:The accepted reason for why “good people” commit fraud is the following:

a. Pressures/Incentives

b. Opportunity

c. Rationalizations/Attitudes

37

Employee Motives for Committing FraudB. Pressures/Incentives

Pressure is caused by a financial need. The financial problem can be personal (excessive personal debt) or professional (their employment or business is in jeopardy).

1. Financial problems and their root in “status”:All involve some sort of embarrassment, shame, or disgrace. Theythreaten the violator’s status as a person who is respected by others.

• Inability to pay one’s bills• Requirement of meeting earnings to sustain investor

confidence• Drug or gambling addiction• Status symbols (big house, nice car)• Required to meet productivity targets

Examples of pressures that can lead to fraud:

38

22


C. Opportunity“Perceived” opportunity creates the means by which the fraud can be committed. The violator not only has to be able to steal assets, they need to be able to do so and believe that they will not be caught or the fraud itself will not be detected.

39


D. Rationalizations/AttitudesThe majority of violators are first-time offenders with no criminal past. They do not consider themselves as criminals or thieves.

1. Common rationalizations include the following:

a) They were only borrowing the asset

b) They were entitled to the asset

c) They had to steal to provide for their family

d) They are underpaid/ employer had cheated them

e) Their employer is dishonest to others and deserved it

40

23


E. The Fraud Model does not always apply:It does not apply to the “predatory employee” – the violator who takes a job with the sole intent of stealing from the company. Frauds are not isolated events. They typically start as small thefts or misstatement and they eventually increase in size and frequency. As the violator repeats the fraud, it becomes easier to rationalize until not justification is required.

F. The Fraud Elements LessonAll three factors must be present for fraud to occur. When one of the three elements is missing, fraud will not usually occur. Status (not greed) is the single most typical motivator for occupational fraud.

41


G.The fraud (elements) consideration:1. The opportunity:

The threat of punishment is a non-factor with a violator because they never expect to get caught

2. The rationalization:They do not view their actions as conduct that is or should be punishable

3. The pressures/incentives:The biggest threat to them is that their fraud will be uncovered. Detection will result in shame. Any punishment that follows is only a secondary consideration.

42

24


H. Deterrence program elements:An effective deterrence program will directly target the three elements of fraud. To be effective, the company should:1. Identify and reduce pressures that might push

employees into committing fraud crimes2. Identify and reduce perceived opportunities to

commit fraud3. Educate and communicate in order to dispel

rationalizations for committing fraud

43

44

Prevention of Financial Statement FraudEmployee FraudEmployee Fraud



25

Employee Fraud

IV. Employee Fraud

Employee fraud can be listed into three major categories:• Financial statement fraud

• Asset misappropriations

• Corruption.

Key Point

45

Employee Fraud

A. Financial statement fraud defined:Financial statement fraud is the deliberate misrepresentation ofthe financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users.1. Typical Method

Financial statement fraud will involve:a. Overstating assets, revenues and profitsb. Understating liabilities, expenses and losses.

2. Atypical method:The overall objective of the misrepresentation may occasionally require the opposite action (e.g., concealing over-budget results in a good year in order to have “cushions” for the next year that is expected to be more competitive).

46

26

Employee Fraud

B. The impact of financial statement fraud:Financial statement fraud will have a devastating effect

on the reputation and the financial condition of the

company and employees. The stock market valuation

impact of the financial statement fraud will result in the

company’s stock value falling dramatically overnight,

losing billions of dollars for shareholders.

47

Employee Fraud

C. The CPA: Impact of Financial Statement FraudConsequences include:1. The shame of being escorted into court by police, in

view of family and friends2. Sentenced to prison3. A felony conviction 4. Newspaper and television coverage seen by friends,

family and neighbors5. Loss of personal income6. Loss of CPA license7. Large legal fees8. Expulsion from the AICPA and state societies of CPAs9. Social outcast

48

27

Employee FraudD. The Financial Statement Fraud Culprits

There are three main groups who commit financial statement fraud.1. Organized criminals2. Mid- and lower-level employees3. Senior management

E. Motive for Committing Financial Statement Fraud1. Desire to conceal business results.2. Attempt to maintain their status/control.3. Sustain income/wealth from company sources (salary,

bonus, stock, and stock options)

49

Employee Fraud4. Meet or exceed the expectations of stock market analysts

regarding earnings or revenue growth5. Loan covenants compliance6. Increase opportunity for asset-based loans7. Criteria for granting/extending loans required by

lender8. Criteria set by the parent company9. Employee performance criteria10. Merit performance-related compensation11. In anticipation of a merger, acquisition or sale of

personal stockholding, improve the stock price

50

28

Employee Fraud12. Demonstrate growth to support a planned stock or

bond offering or sale of the business13. Shift “surplus” earnings to the next year when current

period budgets have been achieved and there is no incentive for additional performance, managers may direct additional earnings into the next year to ensure they meet new goals

14. Take all write-offs in one “big slam” thus future earnings should be consistently higher

15. Reduce market expectations, so future growth will be rewarded

16. Avoid volatile results, maintain consistency17. Reduce the value of a small/family company during a

divorce18. If management is planning a buyout, reduce the value

of a corporate unit

51

Employee Fraud

F. Methods of Financial Statement FraudThe three methods of fraudulent financial statements are:1. Accounting system: Tricks

The violator uses the accounting system to generate the results they want. For example:a. Manipulate the calculation of:

(1) Depreciation(2) Bad debt expense(3) Obsolete inventory

b. Vendor invoices can be recorded at the wrong time (typically, later) to avoid recognizing the expense and liability

c. Sales might be recorded prematurely to accelerate income

d. Transactions in the accounting system are real, however, the dollar amounts are intentionally incorrect

52

29

Employee Fraud2. Accounting system: Lies

The violator submits false and fictitious data and transactions into the accounting system to manipulate results in a manner greater than can be achieved by simply “tricking” the accounting system. Examples are:a. Fictitious sales may be recorded to real or fake

customersb. Inventory and receivables amounts may be created,

with documents later being forged to support the “lies”

c. Journal entries might be hidden or miscoded in an attempt to conceal the fraud

d. Transactions can be concealed through use of intercompany accounts

e. Transactions in the system have no basis in fact or are improperly recorded

No documentary trail to support certain transactions or balances will be located unless the violator prepares forged or altered documents to help support this fraud.

Key Point

53

Employee Fraud

3. Accounting system: Beyond the systemThe violator produces whatever financial statements they desire by using a personal computer.

To catch this type of fraud, trace the financial statements back to the trial balance and related general ledger from the accounting system. There should be no documentary trail to support transactions or balances reported in the financial statements unless the fraudsters prepare forged or altered documents to help support this fraud.

Key Point

54

30

Employee Fraud

G.Financial Statement Fraud: StatisticsAccording to the 1999 COSO study of approximately 200 financial statement frauds from 1987 to 1997, the most common fraud schemes were as follows:1. Revenue Fraud

a. 50% involved manipulation of revenue recognitionb. 26% involved fictitious revenuesc. 24% involved premature revenue recognition

2. Asset Frauda. 50% involved overstatement of assetsb. 37% involved overstatement of existing assetsc. 12% involved fictitious or unowned assetsd. 6% involved improperly capitalized costs

3. Liability and Expense Frauda. 18% involved understatement of liabilities/expenses

4. Disclosure Frauda. 8% involved inappropriate disclosure

55

Polling Question #4

In your opinion, by whom should the audit of “management’s assessment of internal control” be performed:

A. The same firm that performs the audit of the financial statementsB. A different firm then the one that performs the audit of the financial

statementsC. The company should be able to select any CPA firm they want

55a

31

Employee Fraud

H. Financial Statement Fraud: MethodsThe five types of financial statement fraud are:

1. Fictitious RevenuesFictitious sales typically involve fake or non-existent customers, however it could involve actual customers.

56

• Fictitious Revenues• Timing Differences• Improper Asset Valuations• Concealed Liabilities and Expenses• Improper Disclosures

Employee Fraud

In December 1999, the Securities and Exchange Commission issued Staff Accounting Bulletin No. 101, Revenue Recognition in Financial Statements (SAB 101) which gives additional guidance on revenue recognition and to cease some inappropriate practices that had been noted. SAB 101 indicates that revenue generally is realized or realizable and earned whenall of the following criteria are met:

Persuasive evidence of an arrangement exists;Delivery has occurred or services have been rendered;The seller’s price to the buyer is fixed or determinable; andCollectibility is reasonably assured.

Key Point

57

32

Employee Fraud

a. Indirect Methods: Fictitious SalesThese methods do not attempt to overstate gross sales, instead, they understand those accounts which reduce gross sales to arrive at net sales. For example, by understating discounts, returns and allowances, it will artificially overstate net sales. There are two basic methods:

• Failure to record mark down discounts on merchandise when the sale is made

• Failure to record returns as a reduction from gross sales

58

Employee Fraudb. Warning Signs, indicating the possibility of

fictitious revenues• Excessive growth or unusually high profitability,

when compared to other companies in the same industry

• Repeatedly reporting negative cash flows from operations while reporting earnings and earnings growth.

• Large transactions with related parties or special purpose entities not in the ordinary course of business

• Significant, unusual, or highly complex transactions, typically those close to period end that pose difficult “substance over form” issues

• Unusual increase in the number of days sales in receivables

• A large volume of sales to companies whose ownership is not known

59

33

Employee Fraud2. Timing Differences

Financial statement fraud often involves timing differences, such as, the recording of revenue and/or expenses in improper periods. This is done to move revenues or expenses from one period and the next, thereby increasing or decreasing earnings.a. Premature Revenue recognition

Revenue should be recognized when the four criteria set out in Staff Accounting Bulletin No. 101 have been satisfied:

• Persuasive evidence of an arrangement exists;• Delivery has occurred or services have been

rendered;• The seller’s price to the buyer is fixed or

determinable; and• Collectibility is reasonably assured

60

Employee Fraud1. Persuasive evidence of an arrangement must exist:

a. The documentation for the arrangement must contain all the finalterms and conditions between the parties and conform to customary business practices.

1) Incorporation by reference of other signed agreements is acceptable

2) Signed general purpose agreement followed by complying purchase orders is acceptable

3) Bifurcation of one contract into two contracts – presents issues4) All terms and conditions of the arrangement must be finalized

b. All the documentation must be signed by both parties prior to any revenue recognition

a) Without the customer’s signature – the agreement is not an enforceable claim on the customer, even if the software has beendelivered

b) Without seller’s signature – the agreement is only an offer by seller to license and/or sell the product or service

c. Risks and rewards of ownership passd. No right of returne. Not a consignment, demonstration, etc.

61

34

Employee Fraud2. Delivery has occurred or services have been rendered:

a. Physical delivery occurs upon the transfer of a disk or tape containing the software, accompanied by documentation, to customer – not to an intermediary site or a fulfillment house1) “F.O.B. Shipping Point” or “F.O.B. Destination” –

needs to be specific in the contract2) Example – software shipped on September 30 – F.O.B.

Destination3) Does the customer have software testing and

acceptance rights?b. Electronic Delivery occurs when the customer takes

possession of the software via a download or is provided with access to the software via a code (“key”)1) Examples: Software buyouts: network-wide base

generic software pools; list of GA features

62

Employee Fraudc. Multiple copies of the same software: an obligation to

delivery additional software copies, physically or electronically, does not impact revenue recognition. Software duplication is considered incidental to meeting the delivery criteria1) Revenue can be recognized upon physical or electronic

delivery of the first copy2) Should accrue the cost of duplicating the software

d. Multiple licenses of the same software: the price in the contract is on a per-license basis and the value of the contract is a function of the number of licenses purchased by the customer1) Revenue is recognized when each separately-licensed

software copy is deliverede. If there is an undelivered element (hardware or software)

that is essential to the functionality of the delivered software element, delivery has not occurred for purposes of revenue recognition.

63

35

Employee Fraudf. Terms and conditions presumed substantive

1) Acceptance2) Installation or other services

g. Substantial completion1) Only inconsequential or perfunctory actions2) Failure to complete would not result in a refund or rejection of

delivered products/services3) No undelivered elements essential to functionality

h. Multiple element arrangement (MEA): a contract to provide more than one software product (the “element”), software product and services, or software product with customer support (PCS)

1) Software arrangements with one element• Recognize revenue when all the revenue recognition criteria discussed

previously have been met2) Software arrangements with multiple elements• Must allocate the contract price to each element based on vendor-

specific objective evidence (VSOE) of fair value• Recognize the allocated revenue when all the revenue recognition

criteria have been met, on an element-by-element basis

64

Employee Fraudi. Allocation of contract price to multiple elements

1) Vendor-specific objective evidence (VSOE) is limited to either of:

• The price charged when the element is sold separately to other customers – must be supportable by invoices and auditable

• If the software is not yet sold separately, VSOE is the price established by management having the requisite authority

2) Separately stated prices in the contract does not meet the VSOE requirement

3) List prices do not meet the VSOE requirement

65

36

Employee Fraudj. Vendor-specific objective evidence of fair value

1) If VSOE does exist for all the elements, or

• All the elements are delivered (exceptions are PCS and unspecified additional software products),

• VSOE does exist for all the undelivered elements(SOP 98-9: Residential Method)

2) VSOE criteria was intentionally made very narrow, past “front-loading” abuses within the software industry

• Future deliverables cause valuation issues

• Invoice price (that will not change)

66

Employee Fraud3. The seller’s price to the buyer is fixed or determinable:

a. Price is stated, not subject to change, and payable in accordance with normal terms.

b. Any extended payment terms in a software arrangement may indicate that the price is not fixed or determinable

1) Normal payment terms are net 30 days2) Need to determine the reason – does that reason jeopardize revenue

recognition?c. If payment extends for more than twelve months after delivery, the

entire price should be presumed not to be fixed or determinabled. If payments are a function of the number of units copies or the expected

number of users, the price is not fixed or determinable at the outset of the arrangement

e. Rationale: the longer the payment terms the greater the risk of price concessions due to the technological obsolescence of the delivered software or the introduction of new and improved software

f. Revenue Recognition: if it is determined that the contract price is not fixed or determinable, revenue is recognized as non-refundable, contractual payments become due

67

37

Employee Fraud4. Collectibility is not reasonably assured:

a. Customer financing arrangements need to be reviewed closely1) Credit issue or competitive issue

b. A past practice of providing concessions to the customer is difficult to overcome1) History of concessions (to possibly encourage payment)2) Concession is defined broadly

c. Customer acceptance clauses need to be evaluated in detail1) Linking payment terms to acceptance may crate

uncertainty about collectibility upon delivery of the software

d. Returns must be reasonably estimablee. Collection is contingent upon some future events, e.g., resale

of the product, receipt of additional funding, or litigationf. The customer does not have the ability to pay, e.g., it is

financially troubled, it has purchased far more than it can afford, or it is a shell company with minimal assets

68

Employee Fraud2. Timing Differences (continued)

b. Long-term ContractsManagers can “play with” the percentage of completion and the estimated costs to complete a construction project, hence, the company will recognize revenues prematurely and cover-up contract cost overruns.

c. Channel Stuffing/Trade LoadingThe sale of an unusually large volume of a product to customers who are encouraged to over purchase through the use of large discounts or extended financing terms.

69

38

Employee Fraud

The negative consequence is that by “robbing” from the next period’s sales, it is more difficult to achieve sales goals in the following period, this leads to increasingly aggressive levels of channel stuffing and ultimately a restatement. Issues include:Unrecorded side agreements that grant a right of return, effectively making the sales into consignment salesGreater risk of returns for certain products if they cannot be sold before their shelf life expires.

Key Point

d. Postponing the proper recording of expensesThe timely recording of expenses is often violated due to excessive pressures to meet goals and budget projections

70

Employee Fraud

e. Warning Signs of Possible Timing Difference Fraud• Excessive growth or unusual high profitability, when

compared to other companies in the same industry• Repeated reporting negative cash flows from

operations while reporting earnings• Significant, unusual, or highly complex transaction,

especially near the end of the period end that pose difficult “substance over form” questions

• Unusual spike in gross margin or margin in excess of industry standards

• Unusual increase in the number of days sales in receivables

• Unusual decrease in the number of days purchases in accounts payable

71

39

Polling Question #5

Have you (and/or the business you worked for) ever been involvedin an issue regarding revenue recognition?

A. Yes – multiple times.B. Yes – once or twice.C. No – not that I am aware of.D. Don’t know

71a

Employee Fraud3. Failure to properly value assets

Applying the “lower of cost or market value” rule, where an asset’s cost exceeds its current market value (example: obsolete technology), it must be written down to lower market value.

It is often necessary to use estimates in accounting. For example, estimates are used in determining the residual value and the useful life of a depreciable asset, the uncollectible portion of accounts receivable or the excess or obsolete portion of inventory. Whenever estimates are used, there is an additional opportunity for fraud by manipulating those estimates.

Key Point

72

40

Employee Fraud3. Improper Asset Valuation (continued)

a. Inventory ValuationInventory must be valued at cost except when the cost is higher than the current market value, inventory should be written down to its current value which is lower.

• Method of Manipulationa. Physical inventory counts can be manipulatedb. Unit costs used to price out inventory can be manipulatedc. Failure to reduce inventory for costs of goods soldd. Programmed fraudulent computer reports that incorrectly

added up valuese. A co-conspirator represents they are to be holding inventory

for the companyf. “Bill and hold” items that have been recorded as sales are

included in the physical inventory countg. Goods held by the company on consignmenth. Pallets of inventory with empty centersi. Moving inventory overnight between locations being

observed by auditorsj. Insert phony count sheets or changing quantities on the

sheets during the inventory

73

Employee Fraud

3. Improper Asset Valuation (continued)b. Accounts Receivable

The two most common fraud methods involving accounts receivable are fictitious receivables and failure to write off accounts receivable as bad debts.1) Fictitious Accounts Receivable

The entry for a fictitious accounts receivable is to debit accounts receivable credit sale. These schemes occur most often at the end of the accounting period, because accounts receivable should be paid in cash within a reasonable time after period end.

DR: Accounts Rec. $XXXCR: Sales $XXX

74

41

Employee Fraud• Auditor Issue: Confirmation

Fictitious accounts receivable will attempt to conceal by providing false confirmation of balances to auditors. The mailing address provided for the fake customers is either a mailbox under violators control, a home address, or the business address of a co-conspirator. Such fraud schemes can be detected by reviewing business credit reports, public records, or even the telephone book, to identify significant customers.

• Understating the “Allowance for Doubtful accounts”Companies in need of more profits and income will omit the recognition of such losses because of the negative impact on the income statement.

75

Employee Fraudc. Business Consolidations

Violators may attempt to misappropriate the purchase price. Violators may create excessive reserves for various expenses at the time of acquisition, planning to utilize those “cookie jars” into earnings at a future date.

d. Fixed AssetsFixed assets can be fictitiously created by a variety of schemes. They are subject to misstatement through many different fraudulent methods:

1) Recording Fictitious AssetsThe false reporting of assets affects the asset balance on a business balance sheet. The most common fictitious asset schemes are:

• Fictitious documents being created• Equipment is leased, not owned, and the asset is capitalized2) Fixed Asset Valuation Issues

Fixed assets should be reported at cost (NBV). Financial statement frauds have involved the recording of fixed assets at the higher market values instead of the lower acquisition costs,or at even higher inflated values with fake valuations to documentation.

76

42

Employee Fraud3) Fixed Asset Understatement (to secure capital expenditure

approval)Funding may be based on asset amounts. An understatement can be done directly or through improper depreciation.

4) Capitalization Policy ViolationsInterest and finance charges incurred in the purchase should be excluded from the cost of a purchased asset.

5) Misclassifying AssetsDue to budget requirement, and many other reasons, assets are misclassified into general ledger accounts which are improper. The manipulation affects financial ratios and conceals non-compliance with loan covenants or other borrowing requirements.

77

Employee Fraud6) Warning Signs of Possible Fixed Asset Fraud:

Recurring negative cash flows from operations while reporting earnings and earnings growthSignificant declines in customer demand and increasing business failures in either the industry or overall economyAssets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborateNonfinancial management’s excessive participation in or preoccupation with the selection of accounting principles or the determination of significant estimates

78

43

Employee FraudUnusual spike in gross margin or margin in excess of industry standardsUnusual increase in the number of days sales in receivablesUnusual increase in the number of days purchased in inventoryAllowances for bad debts, excess and obsolete inventory, that are decreasing in percentage terms or are out of line with industry standardsUnusual change in the ratios between fixed assets and depreciationAdding to assets while the industry is reducing capital expenditures

79

Employee Fraud4. Understating Liabilities and Expenses

Pre-tax income will increase when an expense or liability not recorded. This is less difficult to commit than falsifying sales transactions. Missing transactions are harder for auditors to detect than improperly recorded ones because there is no audit trail.

There are three common schemes for understating liabilities and expenses:A. Liability/Expense OmissionsB. Capitalized ExpensesC. Failure to Disclose Warranty Costs and Liabilities.

Key Point

80

44

Employee Fraud

Wrong-doers often plan to make up for their omitted liabilities with expectations of other income sources such as profits from future price increases.

Key Point

a. Liability/Expense OmissionsUnder this method of understating liabilities/expenses the violator fails to record them. Debit memos can be created for chargebacks to vendors, for claim permitted rebates or allowances or simply to create additional income.

Because they are easy to conceal, understated liabilities are often the most difficult to uncover. A detailed review of all post-financial-statement-date transactions can aid in the discovery of omitted liabilities. Further, the auditor should carefully review the client’s files, a physical search may uncover concealed invoices and unpostedliabilities.

81

Employee Fraud

Financial Statements Trial Balance

General Ledger Subsidiary Ledger

Books of Original Entry Source of Documents

Execution of Event Transaction Approved

V O U C H

Testing for Existence Testing for Support

T R A C E

Testing for Completeness Testing for Coverage

race

ouch

82

45

Employee Fraud

b. Capitalized ExpensesCapitalizing expenses will result in an increase to income and assets since capitalized items are depreciated over a period of years rather than expensed in the current period.

83

Employee Fraud

1) Capital expenditures may be expensedThe privately owned business may want to minimize its net income due to tax issues, or to increase earnings in future periods.

c. Returns and Allowances and WarrantiesA certain percentage of products sold will, be returned. In warranty liability fraud, the liability is either omitted or substantially understated.

d. Warning Signs of Possible Liability & Expense Fraud1) Recurring negative cash flows from operations or

an inability to generate cash flows from operations while reporting earnings and earnings growth

2) Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate

84

46

Employee Fraud

3. Nonfinancial management’s excessive participation in or preoccupation with the selection of accounting principles or the determination of significant estimates

4. Unusual spike in gross margin or margin in excess of industry standards

5. Allowances for sales returns, warranty claims that are decreasing in percentage terms or are out of line with industry standards

6. Unusual decrease in the number of days purchases in accounts payable

7. Reducing accounts payable reduction while the industry is delaying payments to vendors

85

Employee Fraud5. Improper Disclosures

Improper disclosures associated with financial statement fraud will typically involve the following: Liability Omissions, SubsequentEvents, Management Fraud, Related-Party Transactions, and Accounting Changes.

a. Liability OmissionsOmissions include the failure to disclose loan covenants or contingent liabilities. These agreements usually contain various types of covenants including certain financial ratio limits and restrictions.

b. Subsequent EventsViolators ill fail to disclose court judgments and regulatory decisions that adversely effect the reported values of assets, that indicate unrecorded liabilities, or that negatively reflect upon management.

c. Management FraudManagement has the responsibility to disclose to the shareholders significant fraud committed by officers, executives, and others in positions of trust. Failure to disclose such information from auditors would involve lying to auditors, an illegal act in itself.

d. Related-Party TransactionsThere is nothing inherently wrong with related-party transactions, however they must be fully disclosed.

86

47

Employee Fraude. Accounting Changes

Violators will fail to restate financial statements or disclose the cumulative effect of a change in accounting principle made, simply to improve earnings. They will fail to disclose significant changes in estimates such as:

1) Depreciable assets’ useful lives and estimated salvage values2) Estimates of warranty3) Change the reporting entity.

f. Warning Signs of Possible Disclosure Fraud1) Domination of management by a single person or small group (in

a nonowner-managed business) without compensating controls2) Ineffective board of directors or audit committee oversight over

the financial reporting process and internal control3) Ineffective communication, implementation, support, or

enforcement of the entity’s values or ethical standards by management or the communication of inappropriate values or ethical standards

4) Rapid growth or unusual profitability, especially compared to that of other companies in the same industry

5) Significant, unusual, or highly complex transactions, especiallythose close to period end that pose difficult “substance over form”questions

87

Employee Fraud6) Significant related-party transactions not in the ordinary

course of business or with related entities not audited or audited by another firm

7) Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions for which there appears to be no clear business justification

8) Overtly complex organizational structure involving unusual legal entities or managerial lines of authority

9) Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or board members alleging fraud or violations of laws and regulations

10) Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality

11) Formal or informal restrictions on the auditor that inappropriately limit access to people or information or the ability to communicate effectively with the board of directors or audit committee

88

48

89

Prevention of Financial Statement FraudPrevention of Financial Statement Fraud

Employee Fraud




V.Preventing Financial Statement FraudThe 1999 COSO study indicated that either the CEO or the CFO was involved in 83% of the financial statement frauds studied. Individuals with high level management positions can use their authority to override most internal controls, so those controls can be of limited value in preventing financial statement fraud. A CPA’s approach to reducing financial statement fraud is:

i. Reduce pressuresii. Reduce the opportunityiii. Reduce rationalization

90

49

Polling Question #6

In your opinion, should SOX have adopted the COSO-Internal Control/Integrated Framework:

A. Yes, this framework is the “best practices” standardB. Yes, however, there should be modifications madeC. No, this standard is too highD. No, there are better standards internationally that should be considered

90a

Prevention of Financial Statement FraudA. Reduce pressures

1. Directors and officers should “set the tone”

2. Avoid setting unreasonable financial targets

3. Avoid applying excessive pressure on employees to achieve goals

4. Adjust goals when market conditions change

5. Establish fair compensation systems

6. Discourage excessive external expectations of future corporate performance

7. Remove operational obstacles blocking effective performance

91

50

Prevention of Financial Statement FraudB. Reduce the opportunity

1. Maintain strong internal controls2. Monitor the business transactions and interpersonal relationships

of suppliers, buyers, purchasing agents, sales representatives, and others

3. Establish a physical security system to secure company assets, 4. Maintain segregation of duties5. Human resources should have accurate personnel records

including background checks on new employees6. Establish strong supervision within groups to enforce accounting

procedures7. Establish clear and uniform accounting procedures with no

exception clauses

92

Prevention of Financial Statement FraudC. Reduce rationalization

1. Promote good values and integrity within the organization2. Clearly define prohibited behavior with respect to accounting and

financial statement fraud3. Provide regular training to all employees 4. Establish confidential reporting systems to communicate problems5. Senior executives must communicate to employees that integrity is

a priority6. Management practices and sets an example by promoting honesty

in the accounting area7. The consequences of violating the rules and the punishment of

violators should be communicated clearly

93

51

Polling Question:Polling Question:

• Which is your preference?

A. Questions.

B. Comments.

C. Just give me my CPE Certificate!

94