Detection of Financial Statement Frauds
description
Transcript of Detection of Financial Statement Frauds
3 | P a g e
BRIEF CONTENTS
Section # 01: DETECTION AND INVESTIGATION OF FRAUDS 05 What is fraud 05 Symptoms of frauds 05
i) Irregularities in Source Documents 06
ii) Faulty Journal Entries 06
iii) Inaccuracies in Ledgers 07
iv) Extravagant Lifestyles 07
v) Unusual Behaviors 08
Section # 02: MOTIVES FOR FINANCIAL STATEMENT FRAUD 09
Who commits fraud? 09
Elements or motives of fraud 10
i) The Element of Pressure 10
ii) The Element of Opportunity 10
iii) Element of Rationalization 11
Section # 03: INTERNAL CONTROL SYSTEM 12
What is internal control? 12
Internal control system description 12
Internal control system weakness 13
4 | P a g e
Section # 04: MONITORING 15
Monitoring employees and having a whistle-blowing system 15
Section # 05: RISK ASSESSMENT & CONTROL ACTIVITIES 17
What is risk? 17
Risk assessment 17
Preventing fraud through control activities 18
1. Adequate Separation of Duties 18
2. Proper Authorization of Transactions and Activities 18
3. Adequate Documents and Records 19
4. Physical Control over Assets and Records 19
5. Independent Checks on Performance 20
5 | P a g e
SECTION # 01: DETECTION AND INVESTIGATION OF FRAUD
What is fraud? There are two principal methods of getting something from others illegally. Either you physically
force someone to give you what you want (using a gun, knife, or other weapon), or you trick
them out of their assets. The first type of theft we call robbery, and the second type we call
fraud. Robbery is generally more violent and more traumatic than fraud and attracts much more
media attention, but losses from fraud far exceed losses from robbery. Although there are many
formal definitions of fraud, probably the most common is the following:
“Fraud is a generic term, and embraces all the multifarious means which human ingenuity can
devise, which are resorted to by one individual, to get an advantage over another by false
representations. No definite and invariable rule can be laid down as a general proposition in
defining fraud, as it includes surprise, trickery, cunning and unfair ways by which another is
cheated. The only boundaries defining it are those which limit human.”
Fraud is deception that includes the following elements:
1. A representation
2. About a material point,
3. Which is false,
4. And intentionally or recklessly so,
5. Which is believed
6. And acted upon by the victim
7. To the victim’s damage
SYMPTOMS OF FRAUD
A person’s lifestyle may change, a document may be missing, a general ledger may be out of
balance, someone may act suspiciously, a change in an analytical relationship may not make
sense, or someone may provide a tip that fraud is occurring. Unlike videos in robbery or bodies
6 | P a g e
in a murder, however, these factors are only symptoms rather than conclusive proof of fraud.
Symptoms of financial statement frauds can be separated as:
Irregularities in Source Documents Common fraud symptoms involving source documents (either electronic or paper)—such as
checks, sales invoices, purchase orders, purchase requisitions, and receiving reports—include the
following:
• Missing documents
• Stale items on bank reconciliations
• Excessive voids or credits
• Common names or addresses of payees or customers
• Increased past-due accounts
• Increased reconciling items
• Alterations on documents
• Duplicate payments
• Second endorsements on checks
• Document sequences that do not make sense
• Questionable handwriting on documents
• Photocopied documents
Faulty Journal Entries Accounting is a language, just as English and Japanese are languages. For example, consider the
following journal entry:
Legal Expense ...........................................5,000
Cash ...........................................5,000
In the English language, this entry says, “An attorney was paid $5,000 in cash.”
The problem with the language of accounting is that it can be manipulated to tell a lie, just as can
English or Japanese or any other language. For example, with the above entry, how do you know
7 | P a g e
that an attorney was actually paid $5,000? Instead, maybe an employee embezzled $5,000 in
cash and attempted to conceal the fraud by labeling the theft as a legal expense. Smart
embezzlers sometimes conceal their actions in exactly this way, realizing that the fraudulent
legal expense will be closed to Retained Earnings at the end of the accounting period, making the
audit trail difficult to follow. And, if the fraudulent employer routinely pays large amounts of
legal expenses, this small fraud could easily go unnoticed.
Inaccuracies in Ledgers Two common fraud symptoms relating to ledgers are as follows:
1. A ledger that does not balance; that is, the total of all debit balances does not equal the total
of all credit balances.
For example, a perpetrator may embezzle inventory (an asset) but not reflect the reduction of
inventory in the accounting records. In this case, the actual inventory balance, as determined by a
physical count, is lower than the recorded amount of inventory, and the ledger does not balance.
2. Master (control) account balances that do not equal the sum of the individual customer or
vendor balances.
The second ledger symptom is indicative of manipulation of an individual customer’s or
vendor’s balance without altering the master receivable or payable account in the ledger. In this
case, the sum of the individual customer or vendor balances does not agree with the master
account balance.
Extravagant Lifestyles Most people who commit fraud are under financial pressure. Sometimes the pressures are real;
sometimes they merely represent greed. Once perpetrators meet their financial needs, they
usually continue to steal, using the embezzled funds to improve their lifestyles. Often, they buy
new cars.
For example, Kay embezzled nearly $3 million from her employer. She and her husband worked
together to perfect the scheme over a period of seven years. Because they knew they might
someday get caught, they explicitly decided not to have children. With their stolen funds, they
purchased a new, expensive home (supposedly worth $500,000) and five luxury cars—a
8 | P a g e
Maserati, a Rolls-Royce, a Jeep Cherokee, and two Audis. They filled their home with expensive
artwork and glass collections. They bought a boat and several expensive computers, and they
paid cash to have their yard extensively landscaped. They frequently invited Kay’s coworkers to
parties at their home and served expensive foods, including lobster flown in from the east coast.
Yet none of the employees noticed the change in lifestyle. They did not note, for example, that
Kay drove a different car to work every day of the week and that all her cars were extremely
expensive.
Unusual Behaviors Research in psychology reveals that when a person (especially a first-time fraud perpetrator)
commits a crime, he or she becomes engulfed by emotions of fear and guilt. These emotions
express themselves as stress. The individual often exhibits unusual and recognizable behavior
patterns to cope with the stress.
No particular behavior signals fraud; rather, changes in behavior are signals. People who are
normally nice may become intimidating and belligerent. People who are normally belligerent
may suddenly become nice.
Even perpetrators recognize their behavioral changes. A woman who stole over $400,000 said, “I
had to be giving off signals. I could not look anyone in the eye.” A man who embezzled over
$150,000 said, “Sometimes I would be so wound up I would work 12 or 14 hours a day, often
standing up. Other times I would be so despondent I could not get off the couch for over a week
at a time.”
9 | P a g e
SECTION # 02: MOTIVES FOR FINANCIAL STATEMENT FRAUD
Who commits fraud? Research shows that anyone can commit fraud. Fraud perpetrators usually can’t be distinguished
from other people on the basis of demographic or psychological characteristics. Most fraud
perpetrators have profiles that look like those of other honest people.
Several years ago, a study was conducted to determine the physical and behavioral
characteristics of fraud perpetrators. In this study, fraud perpetrators were compared with (1)
prisoners incarcerated for property offenses and (2) a sample of noncriminal, college students.
The personal backgrounds and psychological profiles of the three groups were compared. The
results indicated that incarcerated fraud perpetrators were very different from other incarcerated
prisoners. When compared to other criminals, they were less likely to be caught, turned in,
arrested, convicted, and incarcerated. They were also less likely to serve long sentences. In
addition, fraud perpetrators were considerably older. While only 2 percent of the property
offenders were female, 30 percent of fraud perpetrators were women. Fraud perpetrators were
better educated, more religious, less likely to have criminal records, less likely to have abused
alcohol, and considerably less likely to have used drugs. They were also in better psychological
health. They enjoyed more optimism, self-esteem, self-sufficiency, achievement, motivation, and
family harmony than other property offenders. Fraud perpetrators also seemed to express more
social conformity, self-control, kindness, and empathy than other property offenders.
When fraud perpetrators were compared with college students, they differed only slightly. Fraud
perpetrators suffered more psychic pain and were more dishonest, more independent, more
sexually mature, more socially deviant, and more empathetic than college students. However,
fraud perpetrators were much more similar to college students than they were to property
offenders.
It is important to understand the characteristics of fraud perpetrators because they appear to be
very much like people who have traits that organizations look for in hiring employees, seeking
10 | P a g e
out customers and clients, and selecting vendors. This knowledge helps us to understand that (1)
most employees, customers, vendors, and business associates and partners fit the profile of fraud
perpetrators and are capable of committing fraud and (2) it is impossible to predict in advance
which employees, vendors, clients, customers, and others will become dishonest. In fact, when
fraud does occur, the most common reaction by those around the fraud is denial. Victims cannot
believe that trusted colleagues or friends have behaved dishonestly.
ELEMENTS OR MOTIVES OF FRAUD
The Element of Pressure Studies suggest that approximately 95 percent of all frauds involve either financial or vice-
related pressures. Common financial pressures associated with fraud that benefits perpetrators
directly include the following:
1. Greed
2. Living beyond one’s means
3. High bills or personal debt
4. Poor credit
5. Personal financial losses
6. Unexpected financial needs
This list is not comprehensive, and these pressures are not mutually exclusive. However, each
pressure in this list has been associated with numerous frauds.
The Element of Opportunity A perceived opportunity to commit fraud, conceal it, or avoid being punished are the essential
part for the motives of fraud. In this section, we will discuss fraud opportunities. At least six
major factors increase opportunities for individuals to commit fraud within an organization. The
following list of these factors is not exhaustive, but it does provide a sufficient number of
settings to illustrate the role of opportunities in the fraud triangle.
1. Lack of controls that prevent and/or detect fraudulent behavior
11 | P a g e
2. Inability to judge quality of performance
3. Failure to discipline fraud perpetrators
4. Lack of access to information
5. Ignorance, apathy, and incapacity
6. Lack of an audit trail
Element of Rationalization The final component needed to complete the fraud triangle is rationalization. This is the ability
to persuade yourself that something you otherwise know is wrong is really OK. A lot of mental
gymnastics are obviously needed to do so, but that is the point. If a person goes through those
gymnastics, than what was wrong before is now acceptable. How can that happen?
One easy way for this to happen is the “borrowing” approach. I have a serious problem so I will
just borrow this money until next payday. Then I’ll pay it back. Then on the next payday, the
problem has not gone away, so the thought is: I’ll borrow a little bit more and pay it back for
sure next month. All internal restraint has been removed.
Another approach is the entitlement mentality. I’ve worked so hard for this organization that I
deserve a raise. That’s all this is – just a raise. Or, I am making a big sacrifice working at this
salary because I could get another job at a much higher rate so I deserve a big raise. Even after
this small raise I am still a bargain.
The atmosphere created by senior management can lend itself to rationalization: I know what the
top bosses get away with, so the company will never miss this little amount.
The scary part here is rationalization takes place in the mind and cannot be seen. The entire shift
in mind set could take place invisibly. It is possible this shift could manifest itself in comments
or a change in attitude but not likely. The rationalization most likely will never be visible.
12 | P a g e
SECTION # 03: INTERNAL CONTROL SYSTEM
What is internal control? In accounting and auditing, internal control is defined as a process affected by an organization's
structure, work and authority flows, people and management information systems, designed to
help the organization accomplish specific goals or objectives.
INTERNAL CONTROL SYSTEM DESCRIPTION
The most widely recognized way to deter or prevent fraud is by having a good system of
controls. The Institute of Internal Auditors’ Web site contains the following statement, for
example:
“Internal auditors support management’s efforts to establish a culture that embraces ethics,
honesty, and integrity. They assist management with the evaluation of internal controls used to
detect or mitigate fraud.”
As stated previously, definition of an internal control framework for an organization should
include:
1. A good control environment
2. A good accounting system
3. Good control activities
4. Monitoring
5. Good communication and information.
The control environment is the overall tone of the organization that management establishes
through its modeling and labeling, organization, communication, and other activities. Control
environment factors include the integrity, ethical values, and competence of the entity’s people,
management’s philosophy and operating style, the way management assigns authority and
responsibility and organizes and develops its people, and the attention and direction provided by
13 | P a g e
the board of directors. The control environment also includes well-defined hiring practices, clear
organization, and a good internal audit department.
The second element—having a good accounting system—is important so that the information
used for decision making and provided to stakeholders is valid, complete, and timely. The
system should also provide information that is properly valued, classified, authorized, and
summarized.
Good control activities involve policies and practices that provide physical control of assets,
proper authorizations, segregation of duties, independent checks, and proper documentation. A
control system that meets these requirements provides reasonable assurance that the goals and
objectives of the organization will be met and that fraud will be reduced. No internal control
structure can ever be completely effective, regardless of the care followed in its design and
implementation. Even when an ideal control system is designed, its effectiveness depends on the
competency and dependability of the people enforcing it.
Internal Control Weaknesses Fraud occurs when perceived pressure, perceived opportunity, and rationalization combine.
Many individuals and organizations have pressures. Everyone rationalizes. When internal
controls are absent or overridden, the risk of fraud is great.
Internal control is comprised of the control environment, the accounting system, and control
procedures. Common internal control weaknesses or failure that can become fraud symptoms
include the following:
1. Lack of segregation of duties
2. Lack of physical safeguards
3. Lack of independent checks
4. Lack of proper authorization
5. Lack of proper documents and records
14 | P a g e
6. Overriding of existing controls
7. Inadequate accounting system
Many studies have found that the element most common in frauds is the overriding of existing
internal controls.
15 | P a g e
SECTION # 04: MONITORING
MONITORING EMPLOYEES AND HAVING A WHISTLE-BLOWING SYSTEM Individuals who commit fraud and hoard stolen proceeds are virtually nonexistent. Almost
always, perpetrators use their stolen money to support habits, increase their lifestyle, or pay for
expenses already incurred. When managers and their colleagues pay close attention to lifestyle
symptoms resulting from these expenditures, fraud can often be detected early. Most stolen funds
are spent in conspicuous ways. Fraud perpetrators usually buy automobiles, expensive clothes,
or new homes; take extravagant vacations; purchase expensive recreational toys, such as boats,
condominiums, motor homes, or airplanes; support extramarital relationships or outside business
interests. Consider the case of Marjorie, bank proof operator:
Marjorie first started working for the bank in 1980. During her first four years of employment,
she took out a debt consolidation loan of approximately $12,000 and had 97 personal overdrafts.
During the next seven years, while committing fraud, her salary never exceeded $22,000 per
year. Yet, colleagues and officers of the bank knew that she had done the following:
1. Taken several expensive cruises.
2. Built a home on a golf course, costing over $600,000.
3. Purchased and was currently driving the following cars; Rolls Royce, Jeep Cherokee, Audi
and Maserati.
4. Held extravagant parties for employees and others at her home.
5. Purchased expensive jewelry, including 16 diamonds and sapphires.
Anyone paying attention would have realized that Marjorie’s lifestyle was inconsistent with her
level of earnings. When a coworker finally asked her how she could afford everything, she
explained that her husband had received a one-third inheritance of $250,000. The story wasn’t
true, but even if it had been, the $83,333 that her husband had supposedly inherited wouldn’t
have paid for the Maserati, let alone all the other luxuries that managers knew she had purchased.
16 | P a g e
Close monitoring facilitates early detection. It also deters frauds because potential perpetrators
realize that “others are watching.” It is because monitoring by colleagues is such an effective
way to catch dishonest acts.
In most cases of fraud we have studied, individuals suspected or knew that fraud was occurring
but were either afraid to come forward with information or didn’t know how to reveal the
information. The new whistle-blowing laws should help in these cases.
Even with advances in technology, the most common way in which fraud is detected is through
tips. In one empirical study, for example, the authors found that 33 percent of all frauds were
detected through tips, while only 18 percent were detected by auditors. A company that
experienced over 1,000 frauds in one year determined that 42 percent were discovered through
tips and complaints from employees and customers. A good whistle-blowing program is one of
the most effective fraud prevention tools. When employees know that colleagues have an easy,
nonobligatory way to monitor each other and report suspected fraud, they are more reluctant
to become involved in dishonest acts.
17 | P a g e
SECTION # 05: RISK ASSESSMENT & CONTROL ACTIVITES
RISK ASSESSMENT
What is Risk ? A situation involving introduction to danger OR Risk is the effect (positive or negative) of an
event or series of events that take place in one or several locations.
Risk = Probability x Impact
The equation of risk usually answers the two basic questions, 1. Probability: How likely is it to
happen? and 2. Impact: How bad will it be if it happens?
Risk Assessment Risk assessment identifies the risks of doing business with e-business partners. A key part of the
assessment focuses on the control environment of those organizations. Another part identifies
key risks in the electronic exchange of information and money, so that control procedures
tailored to the special challenges that these exchanges present can be installed—procedures that
counter the risk of data theft, sniffing, unauthorized access to passwords, falsified identity,
spoofing, customer impersonation, false Web sites, and e-mail or Web site hijacking.
A specialized branch of risk assessment is intrusion detection. Firms specializing in intrusion
detection try to gain access to networks and secure information, and they report their findings
directly to management. Normally, a security audit includes an investigation into technology,
processes, controls, and other factors at a client.
18 | P a g e
PREVENTING FRAUD THROUGH CONTROL ACTIVITIES
Control activities are the policies and procedures that ensure that necessary actions are taken to
address risks and frauds. As you also learned, control activities generally fall into the following
five types:
1. Adequate separation of duties.
2. Proper authorization of transactions and activities.
3. Adequate documents and records.
4. Physical control over assets and records.
5. Independent checks on performance.
1. Adequate Separation of Duties In e-business, this control is useful for making sure that individuals who authorize
transactions are different from those who actually execute them. Probably the most common
frauds in purchasing and sales transactions are kickbacks and bribery. Kickbacks occur when
one individual becomes too close to suppliers or customers. Adequate segregation of duties
prevents bribery because employees don’t have complete control of transactions.
2. Proper Authorization of Transactions and Activities Proper authorization is another key control in e-business. The most common authorization
controls are passwords, firewalls, digital signatures and certificates, and biometrics. Every
transaction must be properly authorized. For example, Biometrics, one of the most promising areas of technology and systems
security is biometrics—the use of unique features of the human body to create secure access
controls. Because each person possesses unique biological characteristics (for example, iris
and retina patterns, fingerprints, voice tones, facial structures, and writing styles), scientists
and technology firms are developing specialized security devices that have the potential to be
highly accurate in authenticating identity. Access and permission to execute a transaction is
granted or denied based on how similar the subsequent reading is to the reference template.
19 | P a g e
3. Adequate Documents and Records Documents and records (sales invoices, purchase orders, subsidiary records, sales journals,
employee time cards, and even checks) are the physical objects by which transactions are
entered and summarized. In e-business, these documents are present in electronic form. This
lack of hard-copy documentation, the very essence of e-business, creates new opportunities
for fraud. Documents and records typically are detective controls, not preventive controls.
They are the audit trail and enable auditors and fraud examiners to investigate suspected
wrongdoing. Although most computer systems create records of transactions that can be
accessed or reconstructed, smart perpetrators figure out how to remove evidence of
transactions from servers
and computers.
Because many of the traditional document controls aren’t available in e-commerce,
additional controls must be put in place. The primary electronic transaction and document
control is encryption, which protects confidential and sensitive information (such as checks
or purchase or sales transactions) from being “sniffed” or stolen.
4. Physical Control over Assets and Records When records—electronic or paper—are not adequately protected, they can be stolen,
damaged, or lost. Highly computerized companies need to go to special lengths to protect
computer equipment, programs, and data files. As with other types of assets, physical
controls are used to protect computer facilities. Examples are locks on doors to the computer
room and terminals and adequate and safe storage space for software and data files. In
addition to software-based security, the software and hardware that comprise the IT
infrastructure must be physically secure.
Remember that authorized personnel who can access computers and servers can also execute
unauthorized transactions or steal sensitive information. Sometimes physical infrastructure is
so sensitive and critical to e-business operations that the system is placed in an isolated
location with only high-level security access.
20 | P a g e
5. Independent Checks on Performance
As with traditional business, key component in e-business controls is the careful and
continuous review of the other four components—the independent checks and internal
verification. The need for independent checks arises because internal controls change over
time. Personnel forget or fail to follow procedures, or become careless—unless someone
observes and evaluates their performance. The likelihood of fraudulent transactions goes up
when controls break down.
Independent checks are particularly important in preventing fraud in e-business.
Organizations should always conduct checks on their e-business partners.
“ONE OF THE BEST WAYS TO PREVENT
FRAUD IS BY FOCUSING ON REDUCING OPPORTUNITIES
THROUGH SOUND SECURITY MEASURES AND A SOLID
INTERNAL CONTROL SYSTEM”