Overview of Auditing for Fraud

"It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently."

Warren Buffet

-

1-2

An Abundance of Frauds

1-3

Why Fraud is a Costly Business Problem

Fraud Losses Reduce Net Income $ for $

If Profit Margin is 10%, Revenues Must Increase by 10 Times the Losses to Recover the Affect on Net Income Losses……. $100 Million Revenue….$1 Billion

Fraud Robs IncomeFraud Robs Income

1-4

Fraud Cost….Two Examples

General Motors $436 Million Fraud Profit Margin = 10% $4.36 Billion in

Revenues Needed At $20,000 per Car,

218,000 Cars

Bank $100 Million Fraud Profit Margin = 10 % $1 Billion in Revenues

Needed At $100 per year per

Checking Account, 10 Million New Accounts

1-5

General Profile of White Collar Criminals Older (30+ years)

75% Male, 25% Female Stable Financial Position Above Average Education Less Likely to Have a Criminal Record Good Psychological Health Position of Trust Detailed Knowledge of Accounting Systems and its Weaknesses

Second COSO Report Major Characteristics of Companies Having

Perpetrated Fraud

Smaller companies - under $200 million in revenues Board of directors dominated by management Audit committees non-existent or inactive Overstated revenues and corresponding assets Most revenue frauds involved premature recognition or

fictitious revenues No internal audit department Perpetrated over relatively long-terms (average period 2 years) Companies were in loss situations or near break-even prior to

the fraud CEO and /or CFO involved in 83% of the cases

Fraud & Auditor Responsibilities

"The detection of material fraud is a reasonable expectation of users of audited financial statements. Society needs and expects assurance that financial information has not been materially misstated because of fraud. Unless an independent audit can provide this assurance, it has little if any value to society”

Public Companies Accounting Oversight Board

1-8

Overview of Auditors’ and Other Professionals’ Responsibilities

External Auditors (CPAs)External Auditors (CPAs)SAS 99:SAS 99: Consideration of Fraud in a Financial Statement Audit Consideration of Fraud in a Financial Statement Audit

Design audit to provide Design audit to provide reasonable assurancereasonable assurance of detecting fraud that could have a of detecting fraud that could have a materialmaterial effect on the financial statements.effect on the financial statements.

Perform fraud-related proceduresPerform fraud-related procedures

SAS 54:SAS 54: Illegal Acts --- Focused primarily is on Illegal Acts --- Focused primarily is on direct-effectdirect-effect illegal acts illegal acts SAS 114: “The Auditor’s Communication with Those Charged with Governance” SAS 114: “The Auditor’s Communication with Those Charged with Governance”

Other Professional’s ResponsibilitiesOther Professional’s ResponsibilitiesInternal Auditors (CIAs)Internal Auditors (CIAs)

Internal auditors support management's efforts to establish a culture that embraces ethics, Internal auditors support management's efforts to establish a culture that embraces ethics, honesty, and integrity. They assist management with the evaluation of internal controls used honesty, and integrity. They assist management with the evaluation of internal controls used to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are to detect or mitigate fraud, evaluate the organization's assessment of fraud risk, and are involved in any fraud investigations.involved in any fraud investigations.

Governmental AuditorsGovernmental Auditors Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts, Focus on laws and regulations (compliance), design audit to detect abuse and illegal acts,

report to the appropriate authorityreport to the appropriate authority

Certified Fraud Examiners (CFEs)Certified Fraud Examiners (CFEs) Assignments begin with Assignments begin with predicationpredication (probable cause) (probable cause)

3-8

1-9

Errors and Illegal ActsErrors --- unintentional misstatements or omissions of amounts

or disclosures in financial statements

Direct-Effect Illegal Acts --- violations of laws or government regulations by the company or its management or employees that produce direct and material effects on dollar amounts in financial statements.

Far Removed Illegal Acts --- violations of laws and regulations

that are far removed from financial statement effects (for example, violations relating to insider securities trading, occupational health and safety, food and drug administration, environmental protection, and equal employment opportunity).

1-10

Auditor Responsibility for Detecting Errors, Frauds, and Illegal Acts

  Auditor Responsible forDetection?

Must Communicate Findings?

   

Material 

Immaterial

 

Material 

Immaterial

 

Errors 

Yes 

No 

Yes(Audit Committee)

 No

 

Fraud 

Yes 

No 

Yes(Audit Committee)

 Yes

(One Level Above)

 

Illegal Acts

 Yes

(Direct Effect) 

 

 No

 Yes

(Audit Committee)

 Yes

(One Level Above)

1-11

Defining Fraud

Four Elements:

Material False Statement

Knowledge the Statement was False

Reliance on the Statement by Victim

Damages

Categories of Fraud

Defalcations

Fraudulent Financial Reporting

DefalcationEmployee takes assets from the organization for personal

gain

ACFE Classification:

Corruption

Asset Misappropriation

Note: Defalcation may create misleading financial statements if stolen assets are reported on the statements

1-14

Definitions Related to Employee Fraud

White Collar Crime --- fraud perpetrated by people who work in offices and steal with a pencil or a computer terminal in contrast to violent street crime.

Employee Fraud --- use of fraudulent means to take money or other property from an employer. It consists of three phases: (1) the fraudulent act, (2) the conversion of the money or property to the fraudster's use and (3) the cover-up.

Embezzlement --- employees' or nonemployees' wrongfully taking money or property entrusted to their care, custody, and control, often accompanied by false accounting entries and other forms of lying and cover-up.

Larceny --- simple theft of an employers property that is not entrusted to an employee's care, custody or control.

1-15

Red Flags: Employee Fraudo Missing Documents. o Alterations on Documents.o Photocopied Documents.o Second Endorsements on

Checks.o Unusual Endorsements.o Old Outstanding Checks.o Unexplained Adjustments to

Accounts Receivable and Inventory Balances.

o Unusual Patterns in Deposits in Transit.

o General Ledgers do not Balance.

o Cash Shortages and Overages.o Excessive Voids and Credit

Memos.o Customer Complaints.o Common Names or Addresses

for Refunds.o Increased Past Due Receivables.o Inventory Shortages.o Increased Scrap.o Duplicate Payments.o Employees Cannot be Found.o Dormant Accounts that have

Become Active.

Cash Misappropriation Schemes

Larceny--- stealing cash after it has been recorded on the books

Skimming--- stealing cash before it is recorded on the books

Fraudulent Disbursements Billing-- set up false vendors and pay for fictitious

goods Payroll-- add fictitious employees to payroll Expense Reimbursement-- submit overstated

reimbursement requests Check Tampering-- alter check, e.g. change payee

or amount

Fraudulent Financial Reporting

Intentional Manipulation of Financial Statements Manipulation, falsification, or alteration of accounting

records or supporting documents Misrepresentation or omission of events, transactions, or

significant information Intentional misapplication of accounting principles

Most common types are Overstate assets and understate expenses Overstate revenues and assets Understate liabilities

Patterns of Financial Reporting Frauds

Complex Revenue Recognition Schemes

Incorrect Billings to the Government

Holding the Books Open

Accelerated Revenue Recognition

Capitalizing Expenses

1-19

Financial Statement Frauds

Revenue/Accounts Receivable Frauds (Global Crossing, Quest, ZZZZ Best)

Inventory/Cost of Goods Sold Frauds (PharMor)

Understating Liability/Expense Frauds (Enron)

Overstating Asset Frauds (WorldCom)

Overall Misrepresentation (Bre-X Minerals)

1-20

Transaction Accounts Involved Fraud Schemes

1. Estimate all uncollectible accounts receivable

Bad debt expense, allowance for doubtful accounts

1. Understate allowance for doubtful accounts, thus overstating receivables

2. Sell goods and/or services to customers

Accounts receivable, revenues (e.g. sales revenue)

2. Record fictitious sales (related parties, sham sales, sales with conditions, consignment sales, etc.)3. Recognize revenues too early (improper cutoff, percentage of completion, etc.)4. Overstate real sales (alter contracts, inflate amounts, etc.)

3. Accept returned goods from customers

Sales returns, accounts receivable

5. Not record returned goods from customers6. Record returned goods after the end of the period

4. Write off receivables as uncollectible

Allowance for doubtful accounts, accounts receivable

7. Not write off uncollectible receivables8. Write off uncollectible receivables in a later period

5. Collect cash after discount period

Cash, accounts receivable

9. Record bank transfers as cash received from customers10. Manipulate cash received from related parties

6. Collect cash within discount period

Cash, sales discounts, accounts receivable

11. Not recognize discounts given to customers

To Do Revenue-Related Transactions and Frauds

1-21

Transaction Accounts Involved Fraud Schemes

1. Purchase inventory Inventory, accounts payable 1. Under-record purchase2. Record purchases too late3. Not record purchases

2. Return merchandise to supplier

Accounts payable, inventory 4. Overstate returns5. Record returns in an earlier period (cutoff problem)

3. Pay vendor within discount period

Accounts payable, inventory, cash

6. Overstate discounts7. Not reduce inventory cost

4. Pay vendor without discount Accounts payable, cash Considered in another chapter

5. Inventory is sold; cost of goods sold is recognized

Cost of goods sold, inventory 8. Record at too low an amount9. Not record cost of goods sold nor reduce inventory

6. Inventory becomes obsolete Loss on write-down of inventory, inventory

10. Not write off or write down obsolete inventory

7. Inventory quantities are estimated

Inventory shrinkage, inventory 11. Over-estimate inventory (use incorrect ratios, etc.)

8. Inventory quantities are counted

Inventory shrinkage, inventory 12. Over-count inventory (double counting, etc.)

9. Inventory cost is determined Inventory, cost of goods sold 13. Incorrect costs are used14. Incorrect extensions are made15. Record fictitious inventory

To Do Inventory/Cost of Goods Sold Frauds

1-22

Understating Liability Frauds

Not recording accounts payable Not recording accrued liabilities Recording unearned revenues as earned Not recording warranty or service liabilities Not recording loans or keep liabilities off the

books Not recording contingent liabilities

1-23

Asset Overstatement Frauds

Overstatement of current assets (e.g. marketable securities)

Overstating pension assets Capitalizing as assets amounts that should be

expensed Failing to record depreciation/amortization

expense Overstating assets through mergers and

acquisitions Overstating inventory and receivables

1-24

Disclosure Frauds

1. Overall misrepresentations about the nature of the company or its products, usually made through news reports, interviews, annual reports, and elsewhere

2. Misrepresentations in the management discussions and other non-financial statement sections of annual reports, 10-Ks, 10-Qs, and other reports

3. Misrepresentations in the footnotes to the financial statements

1-25

Concealing Asset Misappropriations

False Debits

To expenses (most common) Expenses are not tangible (can’t be inventoried)

Expense accounts closed to zero at end of year

To assets Commonly debit accounts receivable

Debit to asset easier to detect

Stays on books

1-26

Concealing Asset Misappropriations

Omitted CreditsConcealment technique for cash skimming

Pocket cash, no credit to sales

Out-of-Balance ConditionsAsset removed from business (debit)

No corresponding credit

Person hopes nobody notices

1-27

Concealing Asset Misappropriations

Forced Balances Variation of out-of-balance technique

Instead of a false entry to cover loss, person simply adds wrong, carry false totals

Used by persons with access to the books

Lessons Learned From Fraud Cases

Need to look at economic assumptions underlying growth

Need to assess risk factors and when the risk of fraud is high, demand and gather stronger evidence

Computer errors should be viewed as a risk factor

Dominant clients can be a problem

Need to know what motivates management

Not assume all people are honest

When fraud risk indicators are discovered, they must be thoroughly investigated

1-29

Reasons Auditors Fail to Detect Fraud Not their JobNot their Job Audits too PredictableAudits too Predictable Auditors are not AuthenticatorsAuditors are not Authenticators Auditors Not TrainedAuditors Not Trained Limited or No ExperienceLimited or No Experience Over Reliance on Client Representations.Over Reliance on Client Representations. Lack of awareness or failure to recognize that Lack of awareness or failure to recognize that

an observed condition may indicate a material an observed condition may indicate a material fraud.fraud.

Personal Relationships with Clients.Personal Relationships with Clients.

Fraud Triangle

Incentives/PressuresIncentives/Pressures

OpportunitiesOpportunities Attitudes/RationalizationAttitudes/Rationalization

1-31

Fraud Elements

Motivation Opportunity

RationalizationHigh

Risk

Source: W.Hillison, D. Sinason, and C. Pacini, “The Role of the Internal Auditor in Implementing SAS 82,” Corporate Controller, July/August 1998, page 20.

6-31

1-32

Motive

Some kind of pressure a person experiences and believes unshareable with friends and confidants Actual or perceived need for money (Economic motive)

“Habitual criminal” who steals for the sake of stealing (Psychotic motive)

Committing fraud for personal prestige (Egocentric motive)

Cause is morally superior, justified in making others victims (Ideological motive)

6-32

Fraud Triangle Needs/Situational ‘Red Flags”

High Personal Debts

Lives Beyond Means

Excessive Investment Speculation

Excessive Gambling

Substance Abuse

Extra-marital Affairs

Job Frustration

Resentment of Superiors

Corporate Expectations for Performance

Fraud Triangle Opportunity “Red Flags”

Inadequate Internal Controls

Too “cozy” with suppliers

Annual vacations or sick days not taken

Weak management or excessive turnover

Ineffective or no internal audit unit

No rotation of job duties among employees

Procedures not well understood/ always in a “crisis mode”

Fraud Triangle More Opportunity “Red Flags”

Poor physical safeguards over cash, investments, inventory, or fixed assets

Large amounts of cash on hand or processed

Inventory that is small, high-value, or high in demand

Easily convertible assets (e.g. computer chips)

Fixed asset characteristics such as small size, marketability, or lack of ownership identification

1-36

RationalizationPeople do things that are contrary to their personal beliefs – outside their normal

behavior – they provide an argument to make the action seem like it is in line with their moral and ethical beliefs.

I need it more than the other person.

I’m borrowing the money and will pay it back

Everybody does it

The company is big and will never miss it

Nobody will get hurt

I am underpaid, so this is due compensation

I need to maintain a lifestyle and image.

SAS 99, "Fraud Detection in a Financial Statement Audit"

Requires auditors to search for risk factors related to fraud

If risk factors are present, auditor needs to modify audit to Actively search for fraud Require more substantive audit evidence In some cases, assign forensic (fraud) auditors to the

engagement

Emphasizes Professional Skepticism

1-38

Considering the Risk of Fraud (SAS 99) Staff discussion

Obtain information needed to identify risks

Identify and assess risks

Respond to risk assessment

Evaluate audit evidence

Communicate and document

Step 1: Audit Team Brainstorming

Designed to:

Allow experienced auditors to educate less experienced auditors

Set the proper level of professional skepticism for the audit

Topics covered: How fraud can be perpetrated and concealed

Presume fraud in revenue recognition

Incentives, opportunities, and rationalization for fraud

Industry conditions

Operating characteristics and financial stability

1-40

Step 2: Obtain Information to Identify Risks

Inquiries Management Audit Committee Internal Auditors Others

Planning Analytical Procedures Net income to cash flows (total accruals to total assets) Days sales in receivables Gross margin Asset quality index (non current assets- p,p&e to total

assets) Sales growth index

3-40

1-41

Step 3a: Identify Risk Factors Related to Fraudulent Financial Reporting

Management’s Characteristics and Influence

Industry Conditions

Operating Characteristics and Financial Stability

1-42

Management’s Characteristics and Influence

Motivation to engage in fraudulent reporting A failure to display an appropriate attitude

about internal control and financial reporting. Nonfinancial management excessive

participation in selection of accounting principles or determination of estimates

High turnover of senior management Strained relationship with auditor Known history of violations

1-43

Risk Factors: Industry Conditions

Company profits lag the industry.

New requirements are passed that could impair stability or profitability

The company’s market is saturated due to fierce competition

The company’s industry is declining The company’s industry is changing rapidly.

3-43

1-44

Risk Factors: Operating Characteristics

A weak internal control environment prevails. The company is not able to generate sufficient cash flows to

ensure that it is a going concern. There is pressure to obtain capital. The company operates in a tax haven jurisdiction. The company has many difficult accounting measurement and

presentation issues. The company has significant transactions or balances that are

difficult to audit. The company has significant and unusual related-party

transactions. Company accounting personnel are lax or inexperienced in

their duties.

3-44

1-45

Step 3b: Assess Fraud Risks

Type

Significance

Likelihood

Pervasiveness

Assess Controls and Programs

1-46

Required Risk Assessments

Presume that improper revenue recognition is a fraud risk.

Identify risks of management override of controls Examine journal entries and other

adjustments. Review accounting estimates for biases. Evaluate business rationale for significant

unusual transactions.

Analytical Indicators of Fraud RiskKey analytical factors the auditor should develop include:

Large revenue increase at the end of the period Sales increasing faster than industry sales which don't seem

justified Unusually large increase in gross margin Large number of sales returns after year-end Increase in number of day's sales in receivables Increase in number of day's sales in inventory Significant increase in debt/equity ratio Cash flow or liquidity problems Significant changes in non-financial performance measures

Relate Internal Control and Fraud Risk

Internal control weaknesses are a strong indicator of fraud riskThe auditor should examine a variety of control areas including:

Corporate governance

Management control and influence

Audit committee

Corporate culture

Internal auditing

Monitoring controls

Whistle blowing

Codes of ethics

Related party transactions

1-49

Step 4: Respond to Assessed Risks

Effect on audit. Assignment of Personnel Choice of Accounting Principles Predictability of Auditing Procedures Examination of Journal Entries and other

Adjustments Retrospective Review of Prior Year Accounting

Estimates Extended procedures

1-50

Extended Procedures

Count the petty cash twice in one day.

Investigate suppliers/vendors. Investigate customers. Examine endorsements on

canceled checks. Add up the accounts receivable

summary. Audit general journal entries. Match payroll to life and

medical insurance deductions. Match payroll to social security

numbers.

Match payroll with addresses. Retrieve customer checks. Use marked coins and currency. Measure deposit lag time. Examine documents. Inquire, ask questions. Covert surveillance. Horizontal and vertical analysis. Net worth analysis. Expenditure analysis.

1-51

Step 5: Evaluate Audit Evidence

Discrepancies in the accounting records. Conflicting or missing evidential matter. Problematic or unusual relationships between

the auditor and management. Results from substantive of final review stage

analytical procedures. Vague, implausible or inconsistent responses to

inquiries.

Responding to Misstatements that May be the Result of Fraud

When fraud is suspected,When fraud is suspected,the auditor gathersthe auditor gathersadditional informationadditional informationto determine whetherto determine whetherfraud actually exists.fraud actually exists.

1-53

Step 6:Communicate Fraud Matters

SAS 99—Evidence Fraud May Exist ---Appropriate Level of Management

Sarbanes Oxley --- Significant Deficiencies to Board of Directors

1-54

Step 7: Audit Documentation of Fraud

DiscussionDiscussion

Specific risksSpecific risks

ProceduresProcedures

ReasonsReasons

ResultsResults Other conditionsOther conditions

Nature of CommunicationsNature of Communications

Forensic AccountingForensic accounting is an extension of auditing, but with a number

of differences:

Detailed investigation where fraud has been identified or is suspected

Focuses on identifying perpetrators and getting a confession Builds support for legal action against the perpetrator May provide litigation support such as expert testimony Extensive use of interviews 100% examination of fraud-related documents Reconstruction of account balances Broader scope than auditing