Kenneth G. DixonSchool of Accounting
LEARNING FROM WORLDCOM: IMPLICATIONS FOR FRAUD DETECTION THROUGH CONTINUOUS ASSURANCE
J. Randel Kuhn, Jr.
University of Central Florida
Steve G. Sutton
University of Central Florida
University of Melbourne
Kenneth G. DixonSchool of Accounting
Purpose of the Study
• To examine the key methods of fraud utilized by the management at WorldCom and to demonstrate how the use of established principles of analytic monitoring could be used to detect fraud executed through normal operating transactions.
• To demonstrate integration procedures for the prescribed monitoring in an SAP-based enterprise systems environment similar to WorldCom’s.
• To highlight the intractable monitoring problem presented by the myriad of loosely connected legacy systems feeding into WorldCom’s consolidated SAP system.
Kenneth G. DixonSchool of Accounting
Contribution to Continuous Audit Research
• Provides detailed understanding of how continuous assurance techniques explored in the research literature can be applied to effectively identify fraud in a known fraud situation.
• Moves the literature on continuous audit modules forward by addressing the complexities of implementation within a standardized enterprise software environment.
• Addresses the realities and risks associated with large numbers of disparate legacy systems.
Kenneth G. DixonSchool of Accounting
• Categorize operating expenses as capital expenditures.
• Reclassify acquired MCI assets as goodwill.
• Include future company expenses as write-downs of acquired assets.
• Manipulate the bad debt reserve calculations.
Fraud Strategies at WorldCom
Kenneth G. DixonSchool of Accounting
Continuous Assurance Framework
• Traditional attestation framework provides only a snapshot of the financial reporting system, thus inhibiting timely decision-making and limiting audit scope.
• Continuous auditing addresses these faults by immediately identifying irregularities, increasing audit coverage, and functioning remotely.
Kenneth G. DixonSchool of Accounting
Continuous Assurance Framework
• Early work by Groomer and Murthy (1989) and Vasarhelyi and Halper (1991) laid the foundation for continuous auditing research.
• The three phases of continuous auditing are:1. Measurement – key management reports (e.g. financials)2. Monitoring – comparison to metrics and error notification 3. Analysis – auditor review of alarms and investigation
• Nature of auditing transforms from substantive-based test of details approach to auditing by exception.
Kenneth G. DixonSchool of Accounting
Framework
Internal Information
Corporate IT structure incorporating,legacy, ERPs, middleware, and Web
Monitoring IT Structure
Corporate Strategic andTactical Metrics
Internal and ExternalMonitoring Metrics
MonitoringAnalytics and
Exception Reporting
Alarms
External Information
To Other Stakeholders
Audit Exceptions
To Operations
Scorecard
Obtained from Vasarhelyi working paper, Rutgers University.
Kenneth G. DixonSchool of Accounting
System Architecture
• The integrated platforms and automated business processes of ERP applications enable effective use of continuous auditing procedures.
• WorldCom utilized an SAP R/3 enterprise system to process business transactions and produce consolidated financial statements.
Kenneth G. DixonSchool of Accounting
System Architecture
• Two continuous auditing system architecture models exist in research literature:1. Monitoring and Control Layer (MCL)
2. Embedded Audit Module (EAM)
• MCL uses an independent server controlled by the auditor that receives scheduled data interfaces from the client’s enterprise system (i.e. near real-time) and is analyzed against a set of rules.
Kenneth G. DixonSchool of Accounting
System Architecture
• EAM functionality/logic is embedded into the client’s system and operates real-time.
• MCL represents the least intrusive, most efficient, and more independent alternative; especially in a resource-constrained SAP environment.
• Data extraction for MCL can occur via either BAPI with RFC or direct extraction from table data (e.g. GLPCT/GLPCA).
Kenneth G. DixonSchool of Accounting
Continuous Audit Data Flow (MCL)
CA Analyzer(with rule-set)
RelationalDatabase
Extractor
ExceptionReport Auditor
Continuous Extraction via RFC
Alerts
Data Testing
SAP R/3(GLPCA/GLPCT)
Kenneth G. DixonSchool of Accounting
CA Analyzer Rule-Set #1
Fraud:
Categorize operating expenses as capital expenditures.
Detection Measure:Compare ratios of Operating Expenses to Sales Revenue andCapital Expenditures to Sales Revenue to industry averages.
Analytic Metric:
IF OpEx to Sales ratio is > 2% below .93 AND CapEx to Sales ratiois > 5% above .15, THEN create alert.
Note: WorldCom’s 12/31/01 OpEx/Sales and CapEx/Sales ratios were .90 and .22exceeding the threshold by $946m and $585m, respectively.
Kenneth G. DixonSchool of Accounting
CA Analyzer Rule-Set #2
Fraud:
Reclassify acquired MCI assets as goodwill.
Detection Measure:Identify significant changes to asset and goodwill accounts.
Analytic Metric:
IF Property, Plant, and Equipment and Goodwill account balancesincrease or decrease by > .01% from the last extraction, THENcreate alert.
Note: WorldCom Goodwill balance as of 12/31/01 was $50.5b. A .01% change wouldhave been $5.05m. Actual account balance change for the year was $3.9b.
Kenneth G. DixonSchool of Accounting
CA Analyzer Rule-Set #3
Fraud:
Include future company expenses as write-downs of acquired assets.
Detection Measure:Compare operating profit (i.e. revenue – operating expenses) toindustry trend.
Analytic Metric:
Graph the monthly statistic of (revenue – operating expenses) forthe past 12 months. IF the slope of the trend (x=exp, y=rev) is positive,THEN create alert.
Note: During the fraudulent years, the telecommunication industry experienced rising operatingcosts in relation to revenue (i.e. consistent negative slope).
Kenneth G. DixonSchool of Accounting
CA Analyzer Rule-Set #4
Fraud:
Manipulate the bad debt reserve calculations.
Detection Measure:Compare estimates of bad debt allowance to historical averages.
Analytic Metric:
IF the change in the ratio of Bad Debt Allowance to Accounts Receivable is > 1% below last month’s figure, THEN create alert.
Note: A 1% decrease in estimate for WorldCom in 2001 would have resulted in arevenue increase of $23m. WorldCom actually reduced the estimate by 1.4% from prioryear saving $87m in bad debt expense.
Kenneth G. DixonSchool of Accounting
Continuous Audit Data Flow (MCL)
CA Analyzer(with rule-set)
RelationalDatabase
Extractor
ExceptionReport Auditor
Continuous Extraction via RFC
Alerts
Data Testing
SAP R/3(GLPCA/GLPCT)
Kenneth G. DixonSchool of Accounting
Legacy System Complexities
• Disparate systems built on various technological foundations complicate the design, use, and maintenance of continuous auditing applications.
• Auditing the consolidated financial system provides only limited assurance.
• The nature of the data collection for the billing process at WorldCom illustrates the complexity.
Kenneth G. DixonSchool of Accounting
Telephone Switches Traffic SystemsLegacy
Billing Systems
SAP R/3(Revenue & A/R)
Billing #1
Billing #2
Billing #30
WorldCom Billing Process
Kenneth G. DixonSchool of Accounting
Importance of the Study
• Demonstrates how a reasonable and practical implementation of continuous assurance would have detected a major fraud.
• Emphasizes practicality of implementation in an enterprise systems environment.
• Recognizes the inherent complexities of continued use of legacy systems and the related risk in any financial audit.
Kenneth G. DixonSchool of Accounting
Implications for Future Research
• Continuous audit is possible, but what are the challenges facing a comprehensive implementation? Cost? Consumption of system resources? Scalability? Maintainability of comparison data/trends?
Kenneth G. DixonSchool of Accounting
Implications for Future Research
• What are the organizational and human issues involved? Perceptions of trust? Gaming behavior? Human interpretation and use of data? Information processing biases? Information overload?
Top Related