learning from worldcom: implications for fraud detection through continuous assurance

Kenneth G. DixonSchool of Accounting

LEARNING FROM WORLDCOM: IMPLICATIONS FOR FRAUD DETECTION THROUGH CONTINUOUS ASSURANCE

J. Randel Kuhn, Jr.

University of Central Florida

Steve G. Sutton


University of Melbourne


Purpose of the Study

• To examine the key methods of fraud utilized by the management at WorldCom and to demonstrate how the use of established principles of analytic monitoring could be used to detect fraud executed through normal operating transactions.

• To demonstrate integration procedures for the prescribed monitoring in an SAP-based enterprise systems environment similar to WorldCom’s.

• To highlight the intractable monitoring problem presented by the myriad of loosely connected legacy systems feeding into WorldCom’s consolidated SAP system.


Contribution to Continuous Audit Research

• Provides detailed understanding of how continuous assurance techniques explored in the research literature can be applied to effectively identify fraud in a known fraud situation.

• Moves the literature on continuous audit modules forward by addressing the complexities of implementation within a standardized enterprise software environment.

• Addresses the realities and risks associated with large numbers of disparate legacy systems.


• Categorize operating expenses as capital expenditures.

• Reclassify acquired MCI assets as goodwill.

• Include future company expenses as write-downs of acquired assets.

• Manipulate the bad debt reserve calculations.

Fraud Strategies at WorldCom


Continuous Assurance Framework

• Traditional attestation framework provides only a snapshot of the financial reporting system, thus inhibiting timely decision-making and limiting audit scope.

• Continuous auditing addresses these faults by immediately identifying irregularities, increasing audit coverage, and functioning remotely.


Continuous Assurance Framework

• Early work by Groomer and Murthy (1989) and Vasarhelyi and Halper (1991) laid the foundation for continuous auditing research.

• The three phases of continuous auditing are:1. Measurement – key management reports (e.g. financials)2. Monitoring – comparison to metrics and error notification 3. Analysis – auditor review of alarms and investigation

• Nature of auditing transforms from substantive-based test of details approach to auditing by exception.


Framework

Internal Information

Corporate IT structure incorporating,legacy, ERPs, middleware, and Web

Monitoring IT Structure

Corporate Strategic andTactical Metrics

Internal and ExternalMonitoring Metrics

MonitoringAnalytics and

Exception Reporting

Alarms

External Information

To Other Stakeholders

Audit Exceptions

To Operations

Scorecard

Obtained from Vasarhelyi working paper, Rutgers University.


System Architecture

• The integrated platforms and automated business processes of ERP applications enable effective use of continuous auditing procedures.

• WorldCom utilized an SAP R/3 enterprise system to process business transactions and produce consolidated financial statements.


System Architecture

• Two continuous auditing system architecture models exist in research literature:1. Monitoring and Control Layer (MCL)

2. Embedded Audit Module (EAM)

• MCL uses an independent server controlled by the auditor that receives scheduled data interfaces from the client’s enterprise system (i.e. near real-time) and is analyzed against a set of rules.


System Architecture

• EAM functionality/logic is embedded into the client’s system and operates real-time.

• MCL represents the least intrusive, most efficient, and more independent alternative; especially in a resource-constrained SAP environment.

• Data extraction for MCL can occur via either BAPI with RFC or direct extraction from table data (e.g. GLPCT/GLPCA).


Continuous Audit Data Flow (MCL)

CA Analyzer(with rule-set)

RelationalDatabase

Extractor

ExceptionReport Auditor

Continuous Extraction via RFC

Alerts

Data Testing

SAP R/3(GLPCA/GLPCT)


CA Analyzer Rule-Set #1

Fraud:

Categorize operating expenses as capital expenditures.

Detection Measure:Compare ratios of Operating Expenses to Sales Revenue andCapital Expenditures to Sales Revenue to industry averages.

Analytic Metric:

IF OpEx to Sales ratio is > 2% below .93 AND CapEx to Sales ratiois > 5% above .15, THEN create alert.

Note: WorldCom’s 12/31/01 OpEx/Sales and CapEx/Sales ratios were .90 and .22exceeding the threshold by $946m and $585m, respectively.



Fraud:

Reclassify acquired MCI assets as goodwill.

Detection Measure:Identify significant changes to asset and goodwill accounts.

Analytic Metric:

IF Property, Plant, and Equipment and Goodwill account balancesincrease or decrease by > .01% from the last extraction, THENcreate alert.

Note: WorldCom Goodwill balance as of 12/31/01 was $50.5b. A .01% change wouldhave been $5.05m. Actual account balance change for the year was $3.9b.



Fraud:

Include future company expenses as write-downs of acquired assets.

Detection Measure:Compare operating profit (i.e. revenue – operating expenses) toindustry trend.

Analytic Metric:

Graph the monthly statistic of (revenue – operating expenses) forthe past 12 months. IF the slope of the trend (x=exp, y=rev) is positive,THEN create alert.

Note: During the fraudulent years, the telecommunication industry experienced rising operatingcosts in relation to revenue (i.e. consistent negative slope).



Fraud:

Manipulate the bad debt reserve calculations.

Detection Measure:Compare estimates of bad debt allowance to historical averages.

Analytic Metric:

IF the change in the ratio of Bad Debt Allowance to Accounts Receivable is > 1% below last month’s figure, THEN create alert.

Note: A 1% decrease in estimate for WorldCom in 2001 would have resulted in arevenue increase of $23m. WorldCom actually reduced the estimate by 1.4% from prioryear saving $87m in bad debt expense.


Continuous Audit Data Flow (MCL)

CA Analyzer(with rule-set)

RelationalDatabase

Extractor

ExceptionReport Auditor

Continuous Extraction via RFC

Alerts

Data Testing

SAP R/3(GLPCA/GLPCT)


Legacy System Complexities

• Disparate systems built on various technological foundations complicate the design, use, and maintenance of continuous auditing applications.

• Auditing the consolidated financial system provides only limited assurance.

• The nature of the data collection for the billing process at WorldCom illustrates the complexity.


Telephone Switches Traffic SystemsLegacy

Billing Systems

SAP R/3(Revenue & A/R)

Billing #1

Billing #2

Billing #30

WorldCom Billing Process


Importance of the Study

• Demonstrates how a reasonable and practical implementation of continuous assurance would have detected a major fraud.

• Emphasizes practicality of implementation in an enterprise systems environment.

• Recognizes the inherent complexities of continued use of legacy systems and the related risk in any financial audit.


Implications for Future Research

• Continuous audit is possible, but what are the challenges facing a comprehensive implementation? Cost? Consumption of system resources? Scalability? Maintainability of comparison data/trends?


Implications for Future Research

• What are the organizational and human issues involved? Perceptions of trust? Gaming behavior? Human interpretation and use of data? Information processing biases? Information overload?


LEARNING FROM WORLDCOM: IMPLICATIONS FOR FRAUD DETECTION THROUGH CONTINUOUS ASSURANCE

J. Randel Kuhn, Jr.


Steve G. Sutton


University of Melbourne

learning from worldcom: implications for fraud detection through continuous assurance

Documents