Forensic and Investigative Accounting

Chapter 4 Detecting Fraud in Financial Reporting

2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085 1 800 248 3248 www.CCHGroup.com

Court-Appointed Trustee
Forensic accountants are being used by the court appointed trustees (Irving Picard and Securities Investor Protection Corporation) to reconstruct the books of Bernard L. Madoff Investment Securities (BLMIS). According to Picard, there were paper records, microfilm, and microfiche. But there was nothing that was electronic. Every customer statement was fiction, so the first task is to reconstruct the books and records of BLMIS. One of the early projects was to digitize the records so they are easier to compare, including customer statements, incoming letters, faxes, and bank records. The forensic accountant will use records from third parties and customers. Every customer account must be reconstructed from the ground up. Stephen Harbeck, President of Securities Investor Protection Corporation, stated that the forensic accountants are working as quickly as possible to catalog all the farreaching aspects of the Madoff scheme and to recover money for investors to the extent possible by law. The cost of the Ponzi scheme may be as high as $65 billion.
Source: WebCPA staff, Forensic Accountants Reconstruct Madoff Books, May 15, 2009. http://www.webcpa.com/news/Forensic-Accountants-Reconstruct-Madoff-Books-50484-1.html
Chapter 4 Forensic and Investigative Accounting 2

PCAOB Guidance: Smaller Public Companies

1. 2. 3. 4. 5. 6. 7. 8.

Scaling the Audit for Smaller, Less Complex Companies. Evaluating Entity-Level Controls. Assessing the Risk of Management Override and Evaluating Mitigating Actions. Evaluating Segregation of Duties and Alternative Controls. Auditing Information Technology Controls in a Less Complex IT Environment. Considering Financial Reporting Competencies and Their Effect on Internal Control. Obtaining Sufficient Competent Evidence When the Company Has Less Formal Documentation. Auditing Smaller, Less Complex Companies with Pervasive Control Deficiencies.
Forensic and Investigative Accounting 3

Chapter 4

Entity-Level Controls

Controls related to the control environment. Controls over management override; the company's risk assessment process. Centralized processing and controls, including shared service environments. Controls to monitor results of operations. Controls to monitor other controls, including activities of the audit committee and self-assessment programs. Controls over the period-end financial reporting process. Policies that address significant business control and risk management practices.

Source: PCAOB, October 17, 2007, pp. 12.

Chapter 4 Forensic and Investigative Accounting 4

Definition of Fraud
Four major legal elements of fraud would be: A false representation or willful omission regarding a material fact. The fraudster knew the representation was false. The target relied on this misappropriation. The victim suffered damages or incurred a loss.
Chapter 4 Forensic and Investigative Accounting 5

Audit Procedures
Audit evidence is gathered in two fieldwork stages: 1. Internal control testing phase. 2. Account balance testing phase.

Chapter 4

Forensic and Investigative Accounting

Definitions
Materiality is the measure of whether something is significant enough to change an investors investment decision. Control risk is risk that a material error in the balance or transaction class will not be prevented or detected.

Chapter 4

Forensic and Investigative Accounting

Definitions
Inherent risk is risk that an account or transactions contain material misstatements before the effects of the controls. Detection risk is risk that audit procedures will not turn up material error when it exists.

Chapter 4

Forensic and Investigative Accounting

External Auditors and Fraud Detection

Although auditors have previously had the responsibility to detect material misstatement caused by fraud, SAS No. 82 details more precisely what is required to fulfill those responsibilities.
(continued on next slide)

Chapter 4

Forensic and Investigative Accounting

External Auditors and Fraud Detection

Now, auditors must specifically assess and respond to the risk of material misstatement due to fraud and must assess that risk from the perspective of the broad categories in the SAS. External auditors have to satisfy new documentation and communication requirements. SAS No. 82 superseded by SAS No. 99.
Chapter 4 Forensic and Investigative Accounting 10

Fraudulent financial reporting may occur by the following:

Manipulation, falsification, or alteration of accounting records, or supporting documents from which financial statements are prepared. Misrepresentation in or intentional omission from the financial statements of events, transactions, or other significant information. Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.

Source: SAS No. 99, Consideration of Fraud in a Financial Statement Audit, New York: AICPA
Chapter 4 Forensic and Investigative Accounting 11

SAS No. 99 Ways to Overcome the Risk of Management Override of Controls

Examining journal entries and other adjustments. Reviewing accounting estimates for bias, including a retrospective review of significant management estimates. Evaluating the business rationale for significant unusual transactions.

Chapter 4

Forensic and Investigative Accounting

12

How Management Overrides Controls (SAS No. 99)

Recording fictitious journal entries (especially near end of quarter or year). Intentionally biasing assumptions and judgments used to estimate accounts (e.g., pension plan assumptions or bad debt allowances). Altering records and terms related to important and unusual transactions.
Forensic and Investigative Accounting 13

Chapter 4

Think Like A Crook

Know your enemy as you know yourself, and you can fight a hundred battles with no danger of defeat. Chinese Proverb. Military leaders study past battles. Football and basketball teams study game films of their opponents. Chess players try to anticipate the moves of their opponent.

Examples: If contracts above $40,000 are normally audited each year, check the contracts between $30,000-$40,000.

FAs must learn the tricks of the trade as well as the trade.

Chapter 4

Forensic and Investigative Accounting

14

SAS No. 99 Recommendations

Brainstorming Increased emphasis on professional skepticism. Discussions with management. Unpredictable audit tests. Responding to management override of controls.

Chapter 4

Forensic and Investigative Accounting

15

SAS No. 99: Skepticism

An auditor is instructed to conduct an audit with a questioning mind that recognizes the possibility that a material misstatement due to fraud could be present, regardless of any past experience with the entity and regardless of the auditors belief about managements honesty and integrity. FAs motto should be Trust no one; question everything; verify.

Chapter 4 Forensic and Investigative Accounting 16

Public Company Accounting Oversight Board (PCAOB)

The Sarbanes-Oxley Act of 2002 created a new, five-member oversight group called the PCAOB. The PCAOB is empowered to set accounting standards that establish auditing, quality control, and ethical standards for accountants.

(continued on next slide)

Chapter 4

Forensic and Investigative Accounting

17

Public Company Accounting Oversight Board (PCAOB)

The PCAOB is also empowered to adopt or amend standards issued or recommended by private accounting industry groups or to adopt its own standards independent of such private industry standards or recommendations.

Chapter 4

Forensic and Investigative Accounting

18

Walkthroughs

According to the PCAOB, in a walkthrough, an auditor traces company transactions and events both those that are routine and recurring and those that are unusual from origination, through the companys accounting and information systems and financial report preparation processes, to their being reported in the companys financial statements.

Source: PCAOB Briefing Paper, Proposed Auditing Standards, October 7, 2003.

Chapter 4

Forensic and Investigative Accounting

19

Internal Auditors and Fraud Detection

The Institute of Internal Auditors Due Professional Care Standard (Section 280) assigns the internal auditor the task of assisting in the control of fraud by examining and evaluating the adequacy and effectiveness of the internal control system.
(continued on next slide)

Chapter 4

Forensic and Investigative Accounting

20

Internal Auditors and Fraud Detection

However, Section 280 says that management has the primary responsibility for the deterrence of fraud, and management is responsible for establishing and maintaining the control systems. In general, internal auditors are more concerned with employee fraud than with management and other external fraud.
Chapter 4 Forensic and Investigative Accounting 21

When Fraud Is Discovered

1.

2.

Notify management or the board when the incidence of significant fraud has been established to a reasonable certainty. If the results of a fraud investigation indicate that previously undiscovered fraud materially adversely affected previous financial statements, for one or more years, the internal auditor should inform appropriate management and the audit committee of the board of directors of the discovery.
(continued on next slide)
Chapter 4 Forensic and Investigative Accounting 22

When Fraud Is Discovered

3.

4.

A written report should include all findings, conclusions, recommendations, and corrective actions taken. A draft of the written report should be submitted to legal counsel for review, especially where the internal auditor chooses to invoke client privilege.

Chapter 4

Forensic and Investigative Accounting

23

Audit Committee
The audit committee is the subcommittee of an organizations board of directors charged with overseeing the organizations financial reporting and internal control processes. The audit committees biggest responsibility is monitoring the component parts of the audit process.

Chapter 4

Forensic and Investigative Accounting

24

Managements Role
The Sarbanes-Oxley Act of 2002 mandates that CEOs and CFOs certify in periodic reports containing financial statements filed with the SEC the appropriateness of financial statements and disclosures.

Chapter 4

Forensic and Investigative Accounting

25

Board of Directors Role

Oversee the integrity, quality, transparency, and reliability of the financial reporting process. Oversee the adequacy and effectiveness of the internal control structure in preventing, detecting, and correcting material misstatements in the financial statements. Oversee the effectiveness, efficacy, and objectivity of audit functions.

Chapter 4 Forensic and Investigative Accounting 26

Enter the Forensic Accountant

Forensic accountants may be brought in to: Investigate the minute any irregularities surface. Measure risk factors and create policy that brings the forensic accountant in when certain scores are attained. Check in randomly as a matter of routine.

Chapter 4

Forensic and Investigative Accounting

27

Audit Tests
The Panel on Audit Effectiveness recommended that surprise or unpredictable elements should be incorporated into audit tests, including: Recounts of inventory and unannounced visits to locations. Interviews of financial and nonfinancial client personnel in different locations.
(continued on next slide)

Chapter 4

Forensic and Investigative Accounting

28

Auditing Hints

SAS No. 99 does not require auditors to make inquiries of others, as opposed to management. Auditors must talk to and interview others below management level. If asked, employees may be willing to report suspicious activities. Use independent sources for evaluating management (e.g., financial analysts). Surf the internet. Auditors need to follow the performance history of managers and directors. If a company has an anonymous reporting system, obtain information about the incidents reported and consider them when assessing fraud risk. (continued on next slide)
Chapter 4 Forensic and Investigative Accounting 29

Auditing Hints

Be sure to perform analytical procedures, and the work should be reviewed by senior members of the audit team.

Auditors should select sample items below their normal testing scope (e.g., HealthSouth). Fraud procedures should be more than checklists. Audits should focus on finding and detecting fraud. Ask for and review all top drawer entries. Ask for and review all side agreements. Look for hockey stick patterns.
Chapter 4 Forensic and Investigative Accounting 30

Audit Tests
Requests for written confirmations from client employees regarding matters about which they have made representations to the auditors. Tests of accounts not normally performed annually. Tests of accounts traditionally or frequently deemed low risk.

Chapter 4

Forensic and Investigative Accounting

31

Financial Statement Fraud Categories and Red Flags

Overstated revenues. Management estimates. Pro formas can mislead. Earnings problems: masking reduced cash flow. Earnings before interest, tax, depreciation, and amortization (EBITDA). Excessive debt. Inventory problems.
Forensic and Investigative Accounting 32

Chapter 4

Cooking-the-Books Often Collaborative Effort

For restatements between January 1, 1997 to June 30, 2002, 45% were accused of securities fraud and subject to shareholder suits. Average of 7 individuals were implicated, including CEOs CFOs COOs General counsel Directors Internal/external auditors

Source: Robert Tillman and Michael Indergaard, Control Overrides in Financial Statement Fraud.
Chapter 4 Forensic and Investigative Accounting 33

WorldCom Fraud Massive

At least 40 people knew about the fraud. They were afraid to talk. Scott Sullivan handed out $10,000 checks to 7 involved individuals. Altered key documents and denied Andersen access to the database where most of the sensitive numbers were stored. Andersen did not complain about denied access. Company officials decided what tax rates they wanted and then used the reserves to arrive at the tax rates.

Source: Rebecca Blumenstein and Susan Pullian, WorldCom Fraud Was Widespread, Wall Street J., June 10, 2003, p. 3.
Chapter 4 Forensic and Investigative Accounting 34

Financial Statement Fraud Categories and Red Flags

CPA problems. Sales and expenses problems. Big bath. Balance sheet account problems. Pension plan problems. Reserve estimates (cookie jar accounting). Personal piggy bank. Barter deals.

Chapter 4 Forensic and Investigative Accounting 35

HealthSouth

From 1999 to 2001, HealthSouths net income increased nearly 500 percent, but revenue grew only five percent. On March 19, 2003, the SEC said that HealthSouth faked at least $1.4 billion in profit since 1999. Professional fees associated with the reconstruction of HealthSouths financial records and restatement of 2001 and 2002 consolidated financial statements totaled over $270 million.
Forensic and Investigative Accounting 36

Chapter 4

Financial Fraud Detection Tools

Interviewing the executives. Analytics. Percentage analysis: Horizontal analysis. Vertical analysis. Ratio analysis.

Chapter 4

Forensic and Investigative Accounting

37

Financial Fraud Detection Tools

Using checklists to help detect fraud: SAS checklist. Attitudes/Rationalizations checklist. Audit test activities checklist. Miscellaneous fraud indicator checklist.

Chapter 4

Forensic and Investigative Accounting

38

Behavioral Approaches

Some fraud schemes cannot be effectively detected using data-driven approaches. Instead, behavioral considerations may help an auditor find fraud. Employee attitudes, feelings, values, norms, interaction with peers, and general satisfaction should all be considered when looking for fraud.

Chapter 4

Forensic and Investigative Accounting

39

Federal Sentencing Guidelines

Federal Sentencing Guidelines were adopted in 1984 to emphasize fairness, consistency, punishment, incapacitation, and deterrence in sentencing. This mandatory sentencing regime was in place until the Supreme Court in 20041 and 20052 converted the guidelines to advisory status, stating that these guidelines violated the Sixth Amendment. District court judges are now required only to consider guideline ranges. Under the sentencing guidelines the base offense level is determined for a specific offense.3 For example, the basic offense level for larceny, embezzlement, and other forms of theft is 6 where the loss is $5,000 or less. However, if the loss is more than $2.5 million, add 18 to the 6. Other adjustments are made for victim, role, obstruction of justice, multiple counts, and defendants criminal history. Negative adjustments can be made for accepting responsibility.4

(continued on next slide)

Chapter 4

Forensic and Investigative Accounting

40

Federal Sentencing Guidelines

If an individual has an offense level of 16 and falls into the first criminal history category, the guideline sentence is 21 to 27 months. If, however, the criminal history category is 5, the guideline prison sentence is 41-51 months. A Department of Justice Fact Sheet dated March 15, 2006 said that as a result of the Booker decision, the fairness, consistency, predictability, and accountability that were the hallmarks of the mandatory guidelines are in serious jeopardy as a result of a decline in compliance with the guidelines. Within one year the number of sentences imposed within the guidelines has dropped 62.2 percent.5
1 U.S.
2

v. Blakely, 542 U.S. 296 (2004). U.S. v. Booker, 543 U.S. 220 (2005). 3 U.S. Sentencing Commission, Guideline Manual, 3E1.1 (November 2008), p.16. 4 Ibid., p. 395. 5 Department of Justice, Fact Sheet: The Impact of United States v. Booker on Federal Sentencing, March 15, 2006.
Chapter 4 Forensic and Investigative Accounting 41

Effective Ethics and Compliance Program

If a company has an effective ethics and compliance program (i.e., internal audit department), 3 offense points are deducted from the total score. So if the total score is 29 before the reduction of 3 points, the fine would be $ 8.1 million; whereas a score of 26 results in a fine of only $ 3.7 million.

Chapter 4

Forensic and Investigative Accounting

42

Accounts Payable Fraud Red Flags

1.

Duplicate payments (2% of total purchases) $80 million times 2% = $1.6 million loss.
Extract only the numerical digits of an invoice number and match on only the numbers portion of the invoice. Try identifying the dates that are similar such as dates that are less than 14 days. Try matching on the absolute value of the amount.

2. 3. 4. 5.
6.

Rounded-amount invoices. Invoices just below approval amounts. Abnormal invoice volume activity (two invoices one month and 60 the next). Vendors with sequential invoice numbers. LC 0002, LC 0003, LC 0004 Above average payments per vendor.

C. Warner and B. G. Dubinsky, Uncovering Accounts Payable Fraud, Fraud Magazine, July/ August 2006, pp. 29-51.

Chapter 4

Forensic and Investigative Accounting

43