Overview of Auditing for Fraud

1

• Overview of Auditing for Fraud
• "It takes 20 years to build a reputation and five
  minutes to ruin it. If you think about that,
  you'll do things differently."
• 
  Warren
  Buffet
• -
  
  

2
An Abundance of Frauds
3
Why Fraud is a Costly Business Problem

• Fraud Robs Income

• Fraud Losses Reduce Net Income for
• If Profit Margin is 10, Revenues Must Increase
  by 10 Times the Losses to Recover the Affect on
  Net Income
• Losses. 100 Million
• Revenue.1 Billion

4
Fraud Cost.Two Examples

• General Motors
• 436 Million Fraud
• Profit Margin 10
• 4.36 Billion in Revenues Needed
• At 20,000 per Car, 218,000 Cars

• Bank
• 100 Million Fraud
• Profit Margin 10
• 1 Billion in Revenues Needed
• At 100 per year per Checking Account,
• 10 Million New Accounts

5
General Profile of White Collar Criminals

• Older (30 years)
• 75 Male, 25 Female
• Stable Financial Position
• Above Average Education
• Less Likely to Have a Criminal Record
• Good Psychological Health
• Position of Trust
• Detailed Knowledge of Accounting Systems
• and its Weaknesses

6
Second COSO Report

• Major Characteristics of Companies Having
  Perpetrated Fraud
• Smaller companies - under 200 million in
  revenues
• Board of directors dominated by management
• Audit committees non-existent or inactive
• Overstated revenues and corresponding assets
• Most revenue frauds involved premature
  recognition or fictitious revenues
• No internal audit department
• Perpetrated over relatively long-terms (average
  period 2 years)
• Companies were in loss situations or near
  break-even prior to the fraud
• CEO and /or CFO involved in 83 of the cases

7
Fraud Auditor Responsibilities

• "The detection of material fraud is a
  reasonable expectation of users of audited
  financial statements. Society needs and expects
  assurance that financial information has not been
  materially misstated because of fraud. Unless an
  independent audit can provide this assurance, it
  has little if any value to society
• Public Companies
  Accounting Oversight Board

8
Overview of Auditors and Other Professionals
Responsibilities

• External Auditors (CPAs)
• SAS 99 Consideration of Fraud in a Financial
  Statement Audit
• Design audit to provide reasonable assurance of
  detecting fraud that could have a material effect
  on the financial statements.
• Perform fraud-related procedures
• SAS 54 Illegal Acts --- Focused primarily
  is on direct-effect illegal acts
• SAS 114 The Auditors Communication with
  Those Charged with Governance
• Other Professionals Responsibilities
• Internal Auditors (CIAs)
• Internal auditors support management's efforts to
  establish a culture that embraces ethics,
  honesty, and integrity. They assist management
  with the evaluation of internal controls used to
  detect or mitigate fraud, evaluate the
  organization's assessment of fraud risk, and are
  involved in any fraud investigations.
• Governmental Auditors
• Focus on laws and regulations (compliance),
  design audit to detect abuse and illegal acts,
  report to the appropriate authority
• Certified Fraud Examiners (CFEs)
• Assignments begin with predication (probable
  cause)

3-8
9
Errors and Illegal Acts

• Errors --- unintentional misstatements or
  omissions of amounts or disclosures in financial
  statements
• Direct-Effect Illegal Acts --- violations of
  laws or government regulations by the company or
  its management or employees that produce direct
  and material effects on dollar amounts in
  financial statements.
• Far Removed Illegal Acts --- violations of laws
  and regulations that are far removed from
  financial statement effects (for example,
  violations relating to insider securities
  trading, occupational health and safety, food and
  drug administration, environmental protection,
  and equal employment opportunity).

10
Auditor Responsibility for Detecting Errors,
Frauds, and Illegal Acts
11
Defining Fraud

• Four Elements
• Material False Statement
• Knowledge the Statement was False
• Reliance on the Statement by Victim
• Damages

12
Categories of Fraud

• Defalcations
• Fraudulent Financial Reporting

13
Defalcation

• Employee takes assets from the organization for
  personal gain
• ACFE Classification
• Corruption
• Asset Misappropriation
• Note Defalcation may create misleading
  financial statements if stolen assets are
  reported on the statements

14
Definitions Related to Employee Fraud

• White Collar Crime --- fraud perpetrated by
  people who work in offices and steal with a
  pencil or a computer terminal in contrast to
  violent street crime.
• Employee Fraud --- use of fraudulent means to
  take money or other property from an employer. It
  consists of three phases (1) the fraudulent
  act, (2) the conversion of the money or property
  to the fraudster's use and (3) the cover-up.
• Embezzlement --- employees' or nonemployees'
  wrongfully taking money or property entrusted to
  their care, custody, and control, often
  accompanied by false accounting entries and other
  forms of lying and cover-up.
• Larceny --- simple theft of an employers property
  that is not entrusted to an employee's care,
  custody or control.

15
Red Flags Employee Fraud

• Missing Documents.
• Alterations on Documents.
• Photocopied Documents.
• Second Endorsements on Checks.
• Unusual Endorsements.
• Old Outstanding Checks.
• Unexplained Adjustments to Accounts Receivable
  and Inventory Balances.
• Unusual Patterns in Deposits in Transit.
• General Ledgers do not Balance.

• Cash Shortages and Overages.
• Excessive Voids and Credit Memos.
• Customer Complaints.
• Common Names or Addresses for Refunds.
• Increased Past Due Receivables.
• Inventory Shortages.
• Increased Scrap.
• Duplicate Payments.
• Employees Cannot be Found.
• Dormant Accounts that have Become Active.

16
Cash Misappropriation Schemes

• Larceny--- stealing cash after it has been
  recorded on the books
• Skimming--- stealing cash before it is recorded
  on the books
• Fraudulent Disbursements
• Billing-- set up false vendors and pay for
  fictitious goods
• Payroll-- add fictitious employees to payroll
• Expense Reimbursement-- submit overstated
  reimbursement requests
• Check Tampering-- alter check, e.g. change payee
  or amount

17
Fraudulent Financial Reporting

• Intentional Manipulation of Financial Statements
• Manipulation, falsification, or alteration of
  accounting records or supporting documents
• Misrepresentation or omission of events,
  transactions, or significant information
• Intentional misapplication of accounting
  principles
• Most common types are
• Overstate assets and understate expenses
• Overstate revenues and assets
• Understate liabilities

18
Patterns of Financial Reporting Frauds

• Complex Revenue Recognition Schemes
• Incorrect Billings to the Government
• Holding the Books Open
• Accelerated Revenue Recognition
• Capitalizing Expenses

19
Financial Statement Frauds

• Revenue/Accounts Receivable Frauds (Global
  Crossing, Quest, ZZZZ Best)
• Inventory/Cost of Goods Sold Frauds (PharMor)
• Understating Liability/Expense Frauds (Enron)
• Overstating Asset Frauds (WorldCom)
• Overall Misrepresentation (Bre-X Minerals)

20
To Do Revenue-Related Transactions and Frauds
21
To Do Inventory/Cost of Goods Sold Frauds
22
Understating Liability Frauds

• Not recording accounts payable
• Not recording accrued liabilities
• Recording unearned revenues as earned
• Not recording warranty or service liabilities
• Not recording loans or keep liabilities off the
  books
• Not recording contingent liabilities

23
Asset Overstatement Frauds

• Overstatement of current assets (e.g. marketable
  securities)
• Overstating pension assets
• Capitalizing as assets amounts that should be
  expensed
• Failing to record depreciation/amortization
  expense
• Overstating assets through mergers and
  acquisitions
• Overstating inventory and receivables

24
Disclosure Frauds

1. Overall misrepresentations about the nature of
   the company or its products, usually made through
   news reports, interviews, annual reports, and
   elsewhere
2. Misrepresentations in the management discussions
   and other non-financial statement sections of
   annual reports, 10-Ks, 10-Qs, and other reports
3. Misrepresentations in the footnotes to the
   financial statements

25
Concealing Asset Misappropriations

• False Debits
• To expenses (most common)
• Expenses are not tangible (cant be
  inventoried)
• Expense accounts closed to zero at end of year
• To assets
• Commonly debit accounts receivable
• Debit to asset easier to detect
• Stays on books

26
Concealing Asset Misappropriations

• Omitted Credits
• Concealment technique for cash skimming
• Pocket cash, no credit to sales
• Out-of-Balance Conditions
• Asset removed from business (debit)
• No corresponding credit
• Person hopes nobody notices

27
Concealing Asset Misappropriations

• Forced Balances
• Variation of out-of-balance technique
• Instead of a false entry to cover loss, person
  simply adds wrong, carry false totals
• Used by persons with access to the books

28
Lessons Learned From Fraud Cases

• Need to look at economic assumptions underlying
  growth
• Need to assess risk factors and when the risk of
  fraud is high, demand and gather stronger
  evidence
• Computer errors should be viewed as a risk factor
• Dominant clients can be a problem
• Need to know what motivates management
• Not assume all people are honest
• When fraud risk indicators are discovered, they
  must be thoroughly investigated

29
Reasons Auditors Fail to Detect Fraud

• Not their Job
• Audits too Predictable
• Auditors are not Authenticators
• Auditors Not Trained
• Limited or No Experience
• Over Reliance on Client Representations.
• Lack of awareness or failure to recognize that an
  observed condition may indicate a material fraud.
• Personal Relationships with Clients.

30
Fraud Triangle
Incentives/Pressures
Opportunities
Attitudes/Rationalization
31
Fraud Elements
Source W.Hillison, D. Sinason, and C. Pacini,
The Role of the Internal Auditor in Implementing
SAS 82, Corporate Controller, July/August 1998,
page 20.
6-31
32
Motive

• Some kind of pressure a person experiences and
  believes unshareable with friends and confidants
• Actual or perceived need for money (Economic
  motive)
• Habitual criminal who steals for the sake of
  stealing (Psychotic motive)
• Committing fraud for personal prestige
  (Egocentric motive)
• Cause is morally superior, justified in making
  others victims (Ideological motive)

6-32
33
Fraud Triangle Needs/Situational Red Flags

• High Personal Debts
• Lives Beyond Means
• Excessive Investment Speculation
• Excessive Gambling
• Substance Abuse
• Extra-marital Affairs
• Job Frustration
• Resentment of Superiors
• Corporate Expectations for Performance

34
Fraud Triangle Opportunity Red Flags

• Inadequate Internal Controls
• Too cozy with suppliers
• Annual vacations or sick days not taken
• Weak management or excessive turnover
• Ineffective or no internal audit unit
• No rotation of job duties among employees
• Procedures not well understood/ always in a
  crisis mode

35
Fraud Triangle More Opportunity Red Flags

• Poor physical safeguards over cash, investments,
  inventory, or fixed assets
• Large amounts of cash on hand or processed
• Inventory that is small, high-value, or high in
  demand
• Easily convertible assets (e.g. computer chips)
• Fixed asset characteristics such as small size,
  marketability, or lack of ownership
  identification

36
Rationalization

• People do things that are contrary to their
  personal beliefs outside their normal behavior
  they provide an argument to make the action
  seem like it is in line with their moral and
  ethical beliefs.
• I need it more than the other person.
• Im borrowing the money and will pay it back
• Everybody does it
• The company is big and will never miss it
• Nobody will get hurt
• I am underpaid, so this is due compensation
• I need to maintain a lifestyle and image.

37
SAS 99, "Fraud Detection in a Financial
Statement Audit"

• Requires auditors to search for risk factors
  related to fraud
• If risk factors are present, auditor needs to
  modify audit to
• Actively search for fraud
• Require more substantive audit evidence
• In some cases, assign forensic (fraud) auditors
  to the engagement
• Emphasizes Professional Skepticism

38
Considering the Risk of Fraud (SAS 99)
Staff discussion
Obtain information needed to identify risks
Identify and assess risks
Respond to risk assessment
Evaluate audit evidence
Communicate and document
39
Step 1 Audit Team Brainstorming

• Designed to
• Allow experienced auditors to educate less
  experienced auditors
• Set the proper level of professional skepticism
  for the audit
• Topics covered
• How fraud can be perpetrated and concealed
• Presume fraud in revenue recognition
• Incentives, opportunities, and rationalization
  for fraud
• Industry conditions
• Operating characteristics and financial stability

40
Step 2 Obtain Information to Identify Risks

• Inquiries
• Management
• Audit Committee
• Internal Auditors
• Others
• Planning Analytical Procedures
• Net income to cash flows (total accruals to total
  assets)
• Days sales in receivables
• Gross margin
• Asset quality index (non current assets- p,pe to
  total assets)
• Sales growth index

3-40
41
Step 3a Identify Risk Factors Related to
Fraudulent Financial Reporting

• Managements Characteristics and
• Influence
• Industry Conditions
• Operating Characteristics and Financial Stability

42
Managements Characteristics and Influence

• Motivation to engage in fraudulent reporting
• A failure to display an appropriate attitude
  about internal control and financial reporting.
• Nonfinancial management excessive participation
  in selection of accounting principles or
  determination of estimates
• High turnover of senior management
• Strained relationship with auditor
• Known history of violations

43
Risk Factors Industry Conditions

• Company profits lag the industry.
• New requirements are passed that could impair
  stability or profitability
• The companys market is saturated due to fierce
  competition
• The companys industry is declining
• The companys industry is changing rapidly.

3-43
44
Risk Factors Operating Characteristics

• A weak internal control environment prevails.
• The company is not able to generate sufficient
  cash flows to ensure that it is a going concern.
• There is pressure to obtain capital.
• The company operates in a tax haven jurisdiction.
• The company has many difficult accounting
  measurement and presentation issues.
• The company has significant transactions or
  balances that are difficult to audit.
• The company has significant and unusual
  related-party transactions.
• Company accounting personnel are lax or
  inexperienced in their duties.

3-44
45
Step 3b Assess Fraud Risks

• Type
• Significance
• Likelihood
• Pervasiveness
• Assess Controls and Programs

46
Required Risk Assessments

• Presume that improper revenue recognition is a
  fraud risk.
• Identify risks of management override of controls
• Examine journal entries and other adjustments.
• Review accounting estimates for biases.
• Evaluate business rationale for significant
  unusual transactions.

47
Analytical Indicators of Fraud Risk

• Key analytical factors the auditor should develop
  include
• Large revenue increase at the end of the period
• Sales increasing faster than industry sales which
  don't seem justified
• Unusually large increase in gross margin
• Large number of sales returns after year-end
• Increase in number of day's sales in receivables
• Increase in number of day's sales in inventory
• Significant increase in debt/equity ratio
• Cash flow or liquidity problems
• Significant changes in non-financial performance
  measures

48
Relate Internal Control and Fraud Risk

• Internal control weaknesses are a strong
  indicator of fraud risk
• The auditor should examine a variety of control
  areas including
• Corporate governance
• Management control and influence
• Audit committee
• Corporate culture
• Internal auditing
• Monitoring controls
• Whistle blowing
• Codes of ethics

49
Step 4 Respond to Assessed Risks

• Effect on audit.
• Assignment of Personnel
• Choice of Accounting Principles
• Predictability of Auditing Procedures
• Examination of Journal Entries and other
  Adjustments
• Retrospective Review of Prior Year Accounting
  Estimates
• Extended procedures

50
Extended Procedures

• Count the petty cash twice in one day.
• Investigate suppliers/vendors.
• Investigate customers.
• Examine endorsements on canceled checks.
• Add up the accounts receivable summary.
• Audit general journal entries.
• Match payroll to life and medical insurance
  deductions.
• Match payroll to social security numbers.

• Match payroll with addresses.
• Retrieve customer checks.
• Use marked coins and currency.
• Measure deposit lag time.
• Examine documents.
• Inquire, ask questions.
• Covert surveillance.
• Horizontal and vertical analysis.
• Net worth analysis.
• Expenditure analysis.

51
Step 5 Evaluate Audit Evidence

• Discrepancies in the accounting records.
• Conflicting or missing evidential matter.
• Problematic or unusual relationships between the
  auditor and management.
• Results from substantive of final review stage
  analytical procedures.
• Vague, implausible or inconsistent responses to
  inquiries.

52
Responding to Misstatements that May be the
Result of Fraud
When fraud is suspected, the auditor
gathers additional information to determine
whether fraud actually exists.
53
Step 6Communicate Fraud Matters

• SAS 99Evidence Fraud May Exist ---Appropriate
  Level of Management
• Sarbanes Oxley --- Significant Deficiencies to
  Board of Directors

54
Step 7 Audit Documentation of Fraud
Nature of Communications
Discussion
Procedures
Other conditions
Results
Specific risks
Reasons
55
Forensic Accounting

• Forensic accounting is an extension of auditing,
  but with a number of differences
• Detailed investigation where fraud has been
  identified or is suspected
• Focuses on identifying perpetrators and getting a
  confession
• Builds support for legal action against the
  perpetrator
• May provide litigation support such as expert
  testimony
• Extensive use of interviews
• 100 examination of fraud-related documents
• Reconstruction of account balances
• Broader scope than auditing