8
Fraud Detection: Red Flags and Targeted Risk Assessment

The Fraud Prompt—Simple and Effective

In a paper titled, “Improving Experienced Auditors’ Detection of Deception in CEO Narratives” (published in the Journal of Accounting Research), researchers, Mark Peecher and Jessen L. Hobson, found that experienced auditors’ judgments about deception are less accurate for companies later linked to fraud, regulator investigation, or class-action litigation, unless they are first instructed to look for signs of guilt in the CEO’s voice. According to a University of Illinois press release, “most people have trouble figuring out when someone is deceiving them,” said Peecher, the Deloitte Professor of Accountancy and associate dean of faculty at the College of Business. “The good news here is that very experienced auditors, who are hired because they’re supposed to be watchdogs for society, actually have the capacity to discern when upper management is being deceptive.”1

Further the article noted:

The researchers compiled 124 judgments from 31 very experienced auditors from multiple accounting firms. Each participant provided deception judgments for four publicly traded companies, using excerpted CEO responses to analyst questions during quarterly conference calls. Software randomly drew excerpts from a population of five fraud and five non fraud companies, with the expectation that participating auditors would spot fraud accurately 50 percent of the time by chance alone. For each company, auditors also received background information and financial statements.

While reviewing CEO answers to analyst questions, auditors decided whether they thought the financial results being discussed were fraudulent. Peecher and Hobson found that accuracy levels for spotting fraud improved from 43 percent to 70 percent when veteran auditors were given instructions to look for signs of “negative affect” during CEO narratives from conference calls.

If you make it easier for auditors by saying ‘One of the symptoms of fraud is cognitive dissonance, so keep that in mind as you listen to this real-world recording of an earnings call with an executive and when you assess if there’s deception,’ that’s where they’re able to perform substantially better than chance at predicting fraud,” Peecher said. “And that’s encouraging and something that audit firms may want to take a look at when they try to assess fraud risk of potential and current clients.

In this chapter and the following modules, we examine various tools and techniques for fraud detection and risk assessment. Those modules, along with the learning objectives include:

  • Module 1 briefly introduces the interface between corporate governance and fraud. The objective of this module is for the reader to be able to describe the elements of corporate governance and its role in antifraud efforts, particularly with regard to targeted risk assessment (TRA).
  • Module 2 reviews the framework for detecting fraud and anomalous activities. The goal in this module is for readers to identify and apply fraud detection tools in case scenarios.
  • Module 3 takes a close examination of targeted risk assessment. The objective is for readers to be able to apply TRA knowledge to company-specific characteristics.
  • Module 4 takes a look at TRA in a digital environment. Information and transactions have become increasingly electronic. As such, it’s important that TRA embrace best practices in the context of the digital world in which business operates. The goal here is for the reader to be able to apply targeted risk assessment skills in case scenarios where much of the information is captured in electronic format.

Module 1: Corporate Governance and Fraud

Satyam Fraud: A Failure in Corporate Governance

In January 2009, nearly a decade after a wave of financial reporting frauds in the United States, Ramalingam Raju, the chairman of an Indian IT outsourcing company, Satyam Computer Services (SAY), with more than 50,000 employees, sent a letter to the Company’s Board of Directors and the Securities & Exchange Board of India. In this letter, Raju addressed the following:

  • He acknowledged his culpability in hiding information that he had inflated the amount of Satyam’s cash on the balance sheet by nearly $1 billion
  • Satyam incurred a liability of $253 million on funds arranged by him personally
  • Satyam’s September 2008 quarterly revenues were overstated by 76% and profits by 97%
  • He apologized for his inability to close what began as a “marginal gap between operating profits and the one reflected in the books of accounts” but it grew unmanageable.

In the text of Raju’s letter, he asked, “When riding a tiger, how does one get off without getting eaten?” According to SCRIBD.com, Satyam was a “failure of corporate governance.” As a result, the Indian government replaced all of the Satyam Board members.

The Fraud Risk Universe

According to Jonathan Marks, CPA, CFE, CFF, in addition to establishing an ethical environment, corporate governance players, including board members and management must take the lead in establishing, implementing, and maintaining a formal fraud risk management program.

In his Blog, BoardandFraud.com, Marks identifies the fraud risk universe in Figure 8-1:

Illustration of the fraud risk universe

FIGURE 8-1 The fraud risk universe

In the following section, the authors examine the critical role of the corporate governance stakeholders.

Management’s Responsibility

Management’s primary responsibility is to ensure that the organization meets its strategic, operational, and performance objectives. To accomplish this, the leadership must develop and implement strategies and procedures to manage the company’s long-term economic stewardship rather than acting simply as agents of the owners—the shareholders—and responsible merely to maximize shareholder wealth.

Inherently, such responsibilities require that management establish some methodology for measuring performance and communicating the results of their efforts. Furthermore, management must protect the organization’s assets, the various resources controlled by the organization to meets its objectives. Statement on Auditing Standards (SAS) No. 1 states, “Management is responsible for adopting sound accounting policies and for establishing and maintaining internal control that will, among other things, initiate, authorize, record, process, and report transactions (as well as events and conditions) consistent with management’s assertions embodied in the financial statements.”2 More specifically, these latter obligations require management to design and implement a system of internal controls, processes, and procedures necessary to safeguard the resources of the entity and ensure relevant and reliable financial reporting. In many cases, the company falls under the purview of various regulatory and taxing authorities that also require compliance with their informational and reporting needs.

Overall, management must design, implement, and maintain internal controls and financial reporting processes to produce timely financial and nonfinancial information that reflects the underlying economics of the business. Accounting information and reporting must comply with generally accepted accounting principles as well as other necessary regulatory requirements. Because management is responsible for the fair presentation of the financial statements and to safeguard the assets of the business, they must also mitigate fraud within the organization by preventing, deterring, and detecting asset misappropriation, corruption, and fraudulent financial statements. Consistent with those objectives, management should design, maintain, and monitor a system of internal controls over assets, financial information, and the financial reporting process. Management is also responsible for providing information to the independent auditors so that they may complete the work necessary to render an opinion on the financial statements.

The Risk of Management Override and Collusion

Depending on the individuals involved, internal controls cannot prevent management override or collusive behavior by, and among, senior management. Because prevention through segregation of duties, approvals, and authorizations is not possible in a collusive environment, the principal internal control procedures will be centered on detection. The fear of detection may serve as a deterrent, but that does not eliminate the concern that traditionally designed internal controls are ineffective when management override or collusion is present. Thus, internal and external auditors, fraud examiners, and forensic accounting professionals must design procedures to detect such activity. Because management is in a unique position to override internal controls and collude with other top managers or outside third parties, auditors and antifraud professionals must design specific procedures to determine whether the internal control system could potentially be circumvented by a senior manager through override, or by a group of managers through collusion.

Generally, three procedures are effective in identifying breakdowns in internal controls due to override and collusion.

First, journal entries recorded in the books and records, as well as other adjustments to financial information, should be examined for proper backup documentation. The auditor should obtain an understanding of the internal control processes regarding journal entries and other adjustments (such as consolidating entries that may appear only on an Excel spreadsheet) and determine whether the journal entries carry the proper authority, approvals, documentation, and sign-offs as required by organizational policies and procedures. Further, auditors should discuss journal entries with employees who are not senior managers and inquire about inappropriate or unusual activity regarding journal entries. Often, when intentionally inappropriate journal entries are recorded, they are approved by the individual who directed and authorized it. Auditors should consider examining the timing of journal entry activity, looking for journal entries that are recorded at odd hours, such as late at night and on weekends or holidays when such journal entries may not be expected. Also, they should consider investigating journal entries that are typically used to perpetrate fraud schemes, such as reductions in liabilities and increases in revenues, or reductions in period costs and increases in capital assets, especially those made near year-end. SAS No. 99 requires testing of journal entries and other adjustments, and further details additional procedures the auditor should consider.

Second, significant accounting estimates need to be reviewed. Fraudulent financial reporting can be accomplished through manipulation of estimates that require judgment. Fabricated estimates can also be a source of concealment of other fraudulent activities. In some ways, accounting estimates may be a more effective source of fraud concealment than journal entries that involve professional judgment to determine the reasonableness of account balances. In many instances, underlying assumptions are not documented carefully or are documented with falsified or fictitious documents; these practices allow year-to-year modifications that could go unnoticed. SAS No. 99 requires auditors to consider the potential for bias when testing estimates. Included in the testing procedure should be a review of prior years’ amounts to see if the methodology or underlying assumptions have changed, and if so, a determination of the business rationale for the change in approach is in order.

Third, unusual “one-time” transactions should be scrutinized to ensure that they have an appropriate underlying business rationale. Understanding the business rationale is a requirement under SAS No. 99, and is done to ensure that the financial statements are not subject to manipulation through the use of one-time, fraudulent transactions. The auditor has the responsibility to ensure that the accounting treatment is appropriate and that the transaction is properly supported, documented, and disclosed in the financial statements. Other procedures that may help to identify breakdowns in internal controls include analytical reviews in which anomalies are identified. One example is when gross margin is stable or increasing at a time when it should be decreasing, such as in a competitive environment or during an economic downturn.

As noted by Bishop et al., “many parties have pointed to the difficulty of preventing collusive fraud, as well as the large losses caused by collusion. However, relatively little is known about how collusive fraud differs from solo-offender fraud.”3 Recently, researchers have started to examine the profile of collusion and management override. First, Free and Murphy investigated cooffending and the nature of the fraud team.4 The authors interviewed 37 convicted collusive (referred to as cooffending in research literature) fraudsters and conclude that the reasons cooffenders instigate and commit frauds vary, based on two primary considerations: the nature of the relationship among the cooffenders and the nature of how the participants benefit from the fraud.

In contrast to interviews used by Free and Murphy and Bishop et al.5,6 conducted an analysis of the ACFE’s dataset of fraud cases developed through surveys and made available to academic researchers by the Institute for Fraud Prevention. This work compares solo fraud with that of collusive fraudsters and focuses on the collusive fraud leader. The authors find a number of key differences between collusive fraud and solo fraud.

  • Leaders of collusive fraud tend to be younger, male, and less likely to have college degrees than solo offenders.
  • Collusive fraud leaders are less likely to exhibit personal behavior issues, such as addiction problems or excessive control issues in comparison to solo offenders
  • However, collusive fraud leaders are more likely to exhibit unusually close associations with vendors or customers and to have a wheeler-dealer attitude.
  • Collusive frauds are more likely to involve financial statement fraud (where arguably the organization is a significant beneficiary of the act), have larger dollar losses, and are of shorter duration. The corollary to this finding is that collusive frauds may be more difficult to conceal and maintain, causing the fraud to be revealed; it’s also possible that the shorter duration is a function of the larger dollar losses being harder to conceal.
  • Collusive frauds are more likely to be discovered by tip or complaint, internal audit, law enforcement, or by accident than solo fraud, highlighting the need for hotlines and other anonymous reporting mechanisms.

As stated by Bishop et al.,7 the results highlight the importance of considering a potential fraudster’s ability to build a fraud team to commit large, intense frauds.8 The profile of the collusive team leader—younger male, close ties to customers or vendors, and wheeler-dealer attitude—contrasts with the typical notion of the white-collar criminal as older and possibly facing personal problems, such as addiction, or demonstrating control issues. Given the high cost of collusive fraud, we encourage forensic accountants, auditors, and managers to pay close attention to the profile of the collusive fraud leader and to respond accordingly when this profile is present. DiGabriele finds general agreement among academics, auditors, and forensic accountants that “forensic accounting has a place in the audit process,” and the present study’s findings reflect insights that should be useful to both forensic accountants and financial statement auditors as they seek to detect fraud.9 Further, managers can consider the profile of the collusive fraud leader as they determine the deployment of antifraud resources in their organizations.

Turning to management override, SAS No. 99/113, AU 316.08 state that “Management has a unique ability to perpetrate fraud because it frequently is in a position to directly or indirectly manipulate accounting records and present fraudulent financial information … By its nature, management override of controls can occur in unpredictable ways.” Consistent with this notion, the 2016 ACFE Report to the Nations found that override of existing controls is the second most frequently observed internal control weakness that contributed to fraud; the lack of internal controls was the only weakness more frequently cited by the ACFE’s survey respondents.

In recently completed research, Bishop et al.10 compared ACFE management override fraud cases to cases involving a lack of internal controls, focusing on the nature of the principal perpetrator, fraud incident, and organizational setting. The authors found a number of key attributes that differ between management override frauds and those involving a lack of control.

  • Perpetrators of management override are more likely to be older, senior-level, educated males, with shorter tenure at the organization.
  • Perpetrators of management override are more likely to engage in corruption or financial statement fraud, but are less likely to commit material fraud (i.e., >1% of organization revenues).
  • Management override is more common outside of the United States.
  • Perhaps most striking is that the strength of the organization’s antifraud environment (i.e., an internal audit function, an independent audit of the financial statements, an antifraud policy, and a code of conduct) is positively related to the likelihood of management override fraud. Thus, it appears that motivated fraudsters circumvent the antifraud environment by overriding the organization’s internal controls.
  • Overall, Bishop et al.11 state that the “lack of controls” fraud setting is markedly different from the management override setting in important ways, suggesting a need for different remedies across the two settings.

The Role of the External Auditor

The perception of the public—particularly with regard to asset misappropriation, corruption, and misstated financial statements—is that independent auditors are responsible for fraud detection. However, an auditor’s responsibility, according to generally accepted auditing standards (GAAS), is to provide reasonable assurance that the financial statements are free from material misstatement whether caused by error or fraud. Auditors do not examine 100% of the recorded transactions; instead, they rely on a sample portion to determine the probability that the transactions were recorded properly. Further, auditors also rely on high-level analytical procedures, as well as interviews, inquiries, external confirmations, inspections, physical inventories, and other audit procedures, to determine whether the financial statements are free from material misstatement. The difference between the public’s perception of the role of the auditor and the role that audit professionals actually serve has led to an “expectations gap.”

Management is responsible for the financial reporting process and its output: financial statements, disclosures, and related notes. Consequently, many might question what role the auditor plays. The auditor’s role is to attest to the fairness of management’s presentation of the financial information as well as the assertions inherent in the financial statements. When auditors have completed their work, they report their findings in an audit report. Auditors have several choices concerning the types of opinions that they may render. First, auditors may conclude that the financial statements present fairly, in all material respects, the financial position—balance sheet (assets, liabilities, and stockholders equity), results of operations/income statement (income and expenses), and cash flows. This opinion is referred to as an unqualified opinion. The auditor may also publish a modified, unqualified opinion. This report is referred to as the “unqualified opinion with explanatory paragraph or modified wording.” This type of opinion is issued when auditors feel that it is necessary to provide additional information that they believe needs to be understood by the financial statement users. Some examples of when an auditor may provide explanatory information include when substantial doubt exists about an entity’s ability to continue as a going concern and when generally accepted accounting principles have not been consistently applied. Other opinions that an auditor may issue include a qualified opinion, when the auditor believes that some material aspects of the financial information are not presented fairly; a disclaimer, when they cannot issue an opinion because of limitations on the scope of their work or when there is a lack of audit evidence that would provide a reasonable basis on which the auditors may draw conclusions; and an adverse opinion, when the auditor has concluded that the financial statements are essentially misleading.

SAS No. 99/SAS No. 113

Fraud, primarily financial statement fraud, has been a significant concern of the auditing profession, the Public Company Accounting Oversight Board (PCAOB), and the Securities Exchange Commission (SEC). The scandals of the late 1990s and the early 2000s, such as Enron, Adelphia, WorldCom, and Tyco, have increased the pressure on auditors to detect fraudulent financial reporting. The accounting profession responded in 2002 with Statement on Auditing Standard (SAS) No. 99: Consideration of Fraud in a Financial Statement Audit that was supplemented by SAS No. 113 in 2006. The primary points of emphasis include enhanced professional skepticism, preaudit fraud brainstorming, interviews with management concerning the risk and existence of fraud, and how to design audit tests to address the risk of management override of internal controls.

SAS Nos. 99 and 113 emphasize that a material misstatement of financial information can result from fraud or error; intent will be the determining factor. Intent can be discerned by looking for evidence of concealment such as missing documents, altered documents, nonreconcilable items, misinformation obtained during management inquiries, and other indicators of concealment. Fraud—an intentional misstatement—can be achieved by (1) manipulation, falsification, or alteration of the underlying accounting data, records, and documentation; (2) misrepresentation or omission of events, transactions, or other significant information in the financial statements and/or related notes; or (3) intentional misapplication of accounting principles that guide the amounts, classification, presentation, or disclosure of financial information. Auditors need to be concerned about management override and also about the possibility of collusion, because both attributes are often observed as part of financial statement fraud. The auditing standard recognizes the fraud triangle and its elements of pressure, opportunity, and rationalization.

From there, SAS Nos. 99 and 113 can be summarized as involving eight steps in considering the risk of fraud:

  1. Staff discussion—Auditors must brainstorm with the entire audit team at the beginning of the engagement to consider how and where financial statement fraud might occur.
  2. Obtain information needed to identify risk—Auditors must conduct inquiries of management, the audit committee, internal auditors, and others, as well as consider the results of analytical procedures, fraud risk factors, and other information.
  3. Identify risks—Based on the information and ideas gathered in steps 1 and 2, auditors must determine the type of fraud risks that exist, the significance of that risk (the magnitude), the likelihood of risk occurrence, and the pervasiveness of the risk (what accounts and balances could be affected).
  4. Assess identified risks and potential schemes after considering internal controls—Auditors must utilize their understanding of the internal control system, evaluate whether programs and controls address the identified risks from step 3, and reassess fraud risks taking into account this evaluation.
  5. Respond to the results of the risk assessment—As the risk of fraud increases, auditors should consider using a fraud specialist on the engagement, determine the appropriate application of accounting policies, and employ less predictable audit procedures, as well as increasing the amount of required audit evidence by modifying the nature, timing, and extent of those procedures. Further, on all audits, the auditor should consider the possibility of management override of controls and examine nonstandard and standard journal entries, accounting estimates, and unusual significant transactions.
  6. Evaluate the audit evidence—Throughout the audit, auditors must reassess the risk of fraud, evaluate analytical procedures performed, and respond to any identified misstatements.
  7. Communicate about fraud—Auditors are required to report (1) all fraud to an appropriate level of management, (2) all management fraud to the audit committee, and (3) all material fraud to management and the audit committee. If reportable conditions (i.e., significant deficiencies and/or material weaknesses) exist concerning the system of internal controls, those issues should be communicated to the audit committee.
  8. The auditor should document the procedures undertaken in steps 1 through 7.
    1. Staff discussion
    2. Information used to identify the risk of fraud
    3. Any fraud risks identified
    4. The risks assessed after considering programs and controls
    5. Results of assessment of fraud risk
    6. Evaluation of audit evidence
    7. Communication requirements

Materiality

In the context of an audit, the auditor invokes a materiality threshold. FASB 2 defines materiality as the “magnitude of an omission or misstatement of accounting information that, in light of the surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement.”12 Thus, the auditor must apply judgment related to materiality, and that judgment has an impact on the information presented in the financial statements.

Materiality is a relative concept. A misstated amount that would be immaterial to a large company such as General Electric could be large enough to wipe out the net worth of most small companies. An amount material to a small company would likely be ignored at a larger company, other than obtaining an understanding of the nature of the misstatement. Some of the key financial statement attributes used by auditors to determine materiality, include net income before taxes, revenues, gross profit, and assets. Further, the types of accounts (e.g., revenue, expense, asset, liability, and stockholder’s equity) can have an impact on the auditor’s judgment, as well as the dollar impact on a particular financial statement line item.

When establishing materiality, auditors also consider profitability trends over time, situations where companies are experiencing a loss, financial performance that places the company in proximity of violating loan covenants or regulatory requirements, and financial performance that is relatively close to management compensation appraisal and bonus hurdles. For example, if an auditee’s financial performance is such that management qualifies, but just barely, for annual bonuses and other short-term compensation, auditors are more likely to reduce their materiality threshold.

Similarly, company financial performance that just barely meets analysts’ expectations may give rise to changes in materiality levels for audit purposes. Further, auditors rely not only on financial assessments but also consider various qualitative factors, such as whether they have discovered fraud in prior audits or there are allegations of illegal acts or fraud.

Generally, illegal acts have no materiality threshold and require that auditors pay close attention to their nature and corresponding consequences to the company. For example, any violation of the Foreign Corrupt Practices Act (FCPA) may expose the client company to fines and penalties that may be material. The FCPA has far-reaching implications for a company because it’s not just management that can get a company into trouble. An FCPA violation may also cover employees at any level or in any position in the organization, as well as agents, consultants, distributors, related parties, and other third parties associated with the company. Also, there could be significant legal exposure in the foreign country where a bribe has occurred because the country could revoke licenses and, therefore, the ability of the company to operate within their jurisdiction. This may require the auditor to assure that there is adequate disclosure as to possible material outcomes.

The materiality amount—once established—is not set in stone for the duration of the audit engagement. Auditors may become aware of new facts or circumstances that may cause them to reassess and adjust materiality. After a preliminary judgment about materiality has been made, auditors will then allocate that amount to various balance sheets and income statement account balances. The process of allocation determines tolerable risk of material misstatement for that account balance. SAS No. 111 limits the tolerable misstatement for any particular account balance to less than 100% of total materiality.

Earnings Management and Fraud

“Earnings management” involves deliberate actions by management to meet specific earnings objectives, generally for private gain.13 An example of such an objective might be to enhance reported earnings to meet analysts’ expectations. Earnings management may also involve building reserves during “good times” so that those reserves can be reversed during more difficult financial times. Some companies may even take a one-time “bath” to capture as much negative financial impact in one year to protect future earnings. Income smoothing is a specific type of earnings management whereby revenues or expenses are shifted between periods to minimize naturally occurring year-to-year fluctuations in net income. By enhancing the predictability of the organization’s earnings stream, management believes that they can achieve higher market prices for the company’s stock.

Auditors have many challenges with regard to earnings management. First, auditors have a materiality threshold, and as long as a transaction or group of transactions do not cross the materiality threshold, generally, most earnings management would be judged immaterial (at least when considered within the context of the year under evaluation), and thus would not have a significant impact on the judgment of users of the financial statements.

Second, accounting principles and policies were designed to provide some degree of choice. Management is given this flexibility to avoid a one-size-fits-all mentality for financial reporting and to ensure that the financial statements reasonably reflect the underlying economics and performance of the business. Nevertheless, management can use this latitude to manage earnings, and as long as the choices are considered “GAAP-compliant,” the auditor has little basis for recourse. Similarly, accounting procedures often require the development of underlying estimates to support the numbers in the financial statements.

There is no perfect advice for auditors and forensic accountants in this regard, except that management may find itself on a slippery slope—an earnings management in one period may lead to fraud in the next. Any sign of deliberate efforts to manage earnings should be considered a red flag, and those performing the work should use their heightened sense of professional skepticism to be aware of other choices made by management, signs of management override (by carefully examining journal entries, estimates, and unusual transactions), and signs of collusion among the executive ranks. Managing earnings can be fraud, whether or not material. The primary issue is whether the independent auditor or forensic accountant has clear and convincing evidence that demonstrates that earnings have, in fact, been managed.

Boards of Directors and Audit Committees

The board of directors and/or an audit committee, if one exists, has a primary responsibility to oversee management and direct the internal audit and the external auditor with regard to the organization’s internal controls over financial reporting and the company’s internal control processes. One of the central duties of the audit committee with regard to fraud and fraudulent financial reporting is to carefully assure—with the assistance of the organization’s internal audit structure—that management has adequately assessed the risk of internal control override or collusion among top-level managers and executives that may lead to asset misappropriation, corruption, or fraudulent financial statements.

The audit committee is an integral internal control mechanism with regard to management override and high-level management collusion. It is only by carrying out their responsibilities in concert with the internal and external auditors that management override and collusion can be detected and deterrence levels set high enough so that management’s likelihood of attempting either override or collusion is sufficiently reduced. Audit committees can signal their interest is this area by paying particular attention to the “tone at the top,” “mood in the middle,” “buzz at the bottom,” antifraud programs, and ethics training, as well as by instituting a zero-tolerance policy toward fraud.

Diligence by the audit committee with regard to their fraud-related duties serves as a significant deterrent to senior-level management fraud. An open line of communication between the audit committee, internal auditors, external auditors, C-suite management, and other levels of management sends a powerful signal about their interest and diligence in fulfilling their responsibilities concerning fraud. Audit committees also need to take steps to proactively investigate whistleblower tips and protect whistleblowers from retaliation by members of management.

Most audit committees have the authority to investigate any matters within the scope of their responsibility, including internal control deficiencies, concerns about the financial reporting process, suspected corruption, and alleged illegal acts. Audit committees generally have the right to retain legal counsel, investigators, forensic accountants, nonauditor accountants, and other professional advisors, as necessary, to carry out their duties. Fraud awareness and fraud risk assessment training are critical elements at the audit committee and board levels that aid audit committees in carrying out their antifraud responsibilities.

Internal Auditors

Properly organized, structured, and supervised, the internal audit group is in a unique position to detect and deter fraud. Their primary deterrent effect is related to the increased perception that fraud perpetrators will be detected. The main deterrent for fraud continues to be the fear of getting caught and the consequences that go along with it. An effective and empowered internal audit group can serve as a significant deterrent.

Whether internal audit can be effective with regard to financial statement fraud is somewhat determined by the role internal auditors play in an organization and to whom they report. Traditionally, internal auditors have supported both operations and the financial-reporting processes. Related to operations, internal auditors evaluate segment, product line, and division profitability, look for ways to improve internal productivity, and seek solutions to a myriad of other operational problems. In such roles, auditors often report directly to senior management with authority over a particular operation. Such reporting authority allows the internal auditor to be a mechanism for operational change.

On the other hand, in the financial reporting process, including the evaluation of internal controls, such a reporting structure reduces the ability of the internal auditors to offer criticism or make recommendations due to the established reporting lines. Thus, for internal auditors to be objective and unbiased in assessing the financial reporting process and evaluating the design and implementation of internal controls, they need to have a direct reporting line to the organization’s audit committee. In fact, internal auditors are no longer allowed to complete any work for the external auditor unless their reporting structure is such that they report to the audit committee. In such circumstances, internal audit has the authority and independence necessary to carry out their assigned duties. The NYSE requires that all listed companies have an audit committee, and that the internal audit function report directly to them. NASDAQ also has a similar requirement.

The Institute of Internal Auditors (IIA) has few standards on fraud and those are vague concerning the specific responsibilities that internal auditors may have. Statement on Internal Auditing Standards (SIAS) No. 3 indicates that internal auditors have responsibility for fraud deterrence and should examine and evaluate the adequacy and effectiveness of the system of internal controls, commensurate with the extent of potential exposure or risk in the various segments of the organization’s operations. During the detection phase of their work, internal auditors should identify conditions, red flags, and other symptoms that may be indicative of fraud. In addition, internal auditors need to be cognizant of the opportunities to perpetrate fraud, such as a lack of internal controls or the failure to observe them.

Upon discovering fraud, internal auditors have an obligation to notify management or the board of directors when the incidence of significant fraud has been established to a reasonable degree of certainty. If the results of a fraud investigation indicate that previously undiscovered fraud materially and adversely affected previous financial statements for one or more periods, the internal auditor should inform management and the audit committee of the board of directors. A written report should include all findings, conclusions, recommendations, and corrective actions taken. Finally, a draft of the written report should be submitted to legal counsel for review, especially where the internal auditor chooses to invoke client privilege. On November 12, 2007, the IIA in conjunction with the AICPA and the ACFE issued an exposure draft titled “Managing the Business Risk of Fraud: A Practical Guide.” The guide recommends ways in which organizational stakeholders—boards, managers, internal auditors—can fight fraud within their entities.

Module 2: Fraud Detection

A major difference between auditors and fraud examiners is that most auditors merely match documents to numbers to see whether support exists and is adequate. Fraud examiners and forensic accountants who detect fraud go beyond ascertaining the mere existence of documents. They determine whether the documents are real or fraudulent, whether the expenditures make sense and whether all aspects of the documentation are in order.14

Social Media as a Tool for Fraud Detection

Matti et al.15 suggest that detecting financial fraud is a daunting challenge for banks and credit card companies due to massive amount of transaction data and a wide diversity of user behaviors. In their research note, the authors explore the benefits of social media crowdsourcing, in particular, the tweets, retweets and comments from the Twitter online social network for effectively detecting financial fraud events. The goal of their work is to develop a real-time system to explore social media crowdsourcing to detect financial fraud events. The system has four modules:

  1. Data collection from tweets that use predetermined keywords such as fraud and bankruptcy.
  2. Using data mining from unstructured texts—the module extracts name, residence location, and age.
  3. The system then correlates the text data to a database of financial transaction databases of a large credit card company.
  4. In the final stage, a report is generated that summarizes the findings and suggests actions, such as recommended additional validation steps—i.e., closing the credit card account to prevent further losses and manual investigations.

While the article ends by indicating that the authors are working to validate and improve the accuracy of financial fraud detection of their system, the author’s findings suggest that big data analysis using text sources, such as social media, shows promise for improving fraud detection efforts.16

Fraud detection is challenging to say the least. At a minimum, the perpetrator has attempted to conceal the activity (the act) from those around him or her. Further, financial statement fraud is often perpetrated through management override and collusion, which makes it even harder to detect. In most cases, asset misappropriation, corruption, and financial statement fraud last about twenty-four months from inception to conclusion. At some level, this observation reflects the nature of the average fraud and the average fraudster. Fraud perpetrators tend to be people who rarely ever stop.

In short, it may be difficult to be dishonest the first time; but once the fraudster crosses that line, he or she may never stop until caught. In addition, fraud perpetrators almost never save their stolen goods. This creates a necessity to continue perpetrating the fraud. Furthermore, fraudsters tend to get greedier and sloppier over time. Often, it is the sheer size of the fraud that ultimately takes the fraudster’s proverbial “house of cards” down.

By the very title of this topic, “fraud detection,” a fraud has already been perpetrated and is possibly ongoing. Thus, the internal control environment has either been ineffective or circumvented, possibly through collusion or management override. The important issue to note is that no matter how a fraud is perpetrated, the internal control fabric of the organization has been compromised, either because a necessary control does not exist, or a properly designed control has not been implemented effectively. Effective fraud detection is an attempt to identify the fraud as early as possible, in contrast to the optimal situation in which the fraud is prevented or deterred.

The key to detecting fraud is to know where to look and how to proceed. A targeted approach is necessary to improve the probability of discovering that a fraud has occurred or is occurring at the earliest possible moment. This makes sense since the average audit generates a large number of red flags, where the vast majority are explainable and not of concern. Anomalies are part of the day-to-day operations of most organizations and are often observed by auditors. As such, anomalous transactions and activities generate red flags in the underlying financial records and possibly the financial statements if the amount rises to the level of materiality. Sorting through the pool of red flags efficiently and effectively is the key to fraud detection.

The starting point for the antifraud professional or forensic accountant is an attitude of professional skepticism. Although outlined in auditing standards related to the traditional audit, such an approach applies to fraud and forensic accounting engagements as well. SAS Nos. 99 and 113 suggest that auditors approach audit engagements with an enhanced sense of professional skepticism.

Generally, enhanced skepticism has three defining elements. First, it includes recognition that fraud may be present. Second, professional skepticism is exemplified by a professionals’ attitude, an attitude that includes a questioning mind and a critical assessment of evidence. Thus, auditors need to be alert for red flags and other symptoms of fraud and “pull on all loose threads” to see if fraud may, in fact, be ongoing within an organization. Third, professional skepticism asks professionals to make a commitment to persuasive evidence to determine whether or not fraud is present. Professionals are expected to “go that extra mile” using evidence-based decision-making.

In addition, fraud detection techniques require that fraud and forensic accounting professionals pay particular attention to the possibility of concealment because concealment suggests deception. Concealment could entail: falsified, counterfeit, or altered documents; inappropriate general ledger activity; unauthorized journal entries (possibly without documentation and backup) or reconciling items that do not have backup and supporting documentation or the backup and support is fraudulent; or tax returns that do not reconcile to the GAAP-based books and records.

Notwithstanding the above, there are two major approaches to fraud detection. The first is to detect fraud through the identification of red flags, anomalies that ultimately point to problems underlying the foundations upon which transactions have been recorded or a financial statement has been based. The second is to detect fraud through a targeted risk assessment. Both of these approaches are interrelated and both rely on a thorough understanding of the types of schemes (fraud schemes and financial crimes) that might be perpetrated.

In fact, throughout the major scheme-based chapters of this text, not only are the schemes outlined, but also the red flags are presented. Further, the steps necessary to prevent and detect the schemes are also identified. All of this information is necessary to give antifraud professionals and forensic accountants the knowledge, skills, and abilities necessary to successfully detect fraud early in the process. Because red flags are so prevalent, and many times represent “false positives,” it is only a targeted approach that considers the risk of fraud, likely fraud schemes, and the expected symptoms that will prove to be successful for antifraud professionals.

Fraud detection is the first sign or symptom that a fraud has occurred. It is the process of discovering the presence or existence of fraud. Fraud detection can be accomplished through the use of well-designed internal controls, supervision, and monitoring, as well as the active search for evidence of potential fraud (fraud auditing and related follow-through). However, the results of fraud detection are only symptoms and are not conclusive proof of fraud. Furthermore, the first signs of fraud often do not meet the threshold necessary for predication (the totality of circumstances that would lead a reasonable, professionally trained, and prudent individual to believe a fraud has occurred or is occurring).

Thus, more work needs to be done to ensure that other explanations—non-nefarious explanations, such as human error—are not at the root of this particular symptom. With fraud detection, we continue to examine until the antifraud professional believes that the predication threshold has been met or that no fraud has occurred. Fraud detection may include proactive fraud auditing, results of data interrogation based on predetermined parameters, or it may be a reaction to an anomaly found by the internal control system that requires additional explanation. In short, initial fraud detection steps are the first of several steps toward concluding that predication has been met but are far from providing the evidence that will be needed to convince a jury that an actual fraud has occurred. That said, it is important to use a targeted approach when attempting to detect fraud to minimize the effort associated with false (fraud detection) positives.

Understanding the Business

The first step to detecting fraud is to build an understanding of the organization and the environment in which it operates. As a starting point, the performance of the overall economy and its effect on the industry and organization should be undertaken. Is the economy growing, stagnant, or shrinking, and what effect, if any, does the economy have on the particular industry and organization? For example, during the recession of the early 1980s, the overall economy had little noticeable effect on the fast-growing technology industry because the productivity gains being realized outweighed any problems in the underlying economy. In fact, those productivity gains necessitated faster investment in technology to avoid being left behind in a difficult economic climate.

With this in mind, an assessment of the industry should be completed. The overall performance of the industry can be a key indicator of expectations of the organization. If the organization under study is not following the trends posted in the industry, an explanation of why this is occurring needs to be developed. Within any economy and in any industry, there are always high-flyers and overachievers and there are also the laggards and underachievers. Some organization has to be first, and another has to be last. At the same time, there must be good business reasons for exemplary or inferior performance in an industry. Developing an understanding of the industry and how the organization under study compares is part of the fraud risk assessment that serves as a necessary basis for detecting fraud.

Similar to the overall industry, most organizations have one or two key competitors, similar organizations that compete in the same markets, for the same customers with comparable products and services. A comparison of those competitors to the organization under study serves as a basis for looking for environments where fraud may be occurring. This analysis considers geographic and other demographics. For example, the first decade in the 2000s was particularly difficult for Midwestern states such as Ohio and Michigan. Such a difficult climate may serve as the basis for a company to cook its books. At the same time, it may also serve as the backdrop for an employee or group of employees to commit fraud to maintain their lifestyles.

Finally, an evaluation of trends within an organization is required. Trends over time and across several different metrics including revenues, gross profits, and operating expenses, as well as assets, liabilities, and stockholders’ equity are important points. The analysis of these trends needs to be both horizontal across time and vertical within a particular year.

Each of these techniques may be applied to an organization as a whole, and also to specific units, divisions, and product lines within the organization. In fact, if an antifraud professional suspects an employee payroll scheme in a particular warehouse, the symptoms and the actual fraud scheme may only come to light through comparison of this warehouse’s operations to that of others in the same organization.

The purpose of this preliminary work is to develop a backdrop for evaluating the possibility of fraud. For example, consider the case in which a company claimed to be “put out of business by the actions of another.” The actions of the other company had supposedly started in July, two years prior, and carried on for approximately eighteen months.

This claim suggested at least two expectations: (1) the performance of the failed company should have deteriorated over the eighteen-month period and (2) the failed company should have appeared reasonably healthy prior to July of two years prior. The first expectation held—the company’s performance, in fact, deteriorated over the eighteen-month period, starting in July. The second expectation did not—the failed company was in terrible financial condition at the beginning of the eighteen-month period. This necessitated additional work to understand how the company came to be in such a poor financial condition eighteen months prior to the alleged act, and how this precarious starting point may have contributed to the failure.

The Internal Control Environment

To develop an effective approach to fraud detection, the second step is to develop an understanding of the control environment—the environment as opposed to the controls themselves. The control environment consists of the policies, procedures, actions, and other activities that reflect the overall attitudes and actions of the board of directors, the audit committee, and senior management concerning internal controls. Some of the attributes that should be considered include17:

  1. Commitment to integrity, ethics, and core values
  2. Commitment to competence
  3. An independent board of directors and audit committee that participates in the internal control process and oversees the process
  4. Management’s attitudes, philosophy, and operating style concerning important internal controls and operational issues (“tone at the top”)
  5. Organizational structure, including lines of responsibility and authority, particularly as it relates to the control environment and operational expectations
  6. Communications about the importance of control-related matters, ethics, antifraud awareness and commitment, organizational and operating plans, employee job descriptions, and related policies
  7. Human resource policies and practices

The antifraud professional or forensic accountant is hoping to see a clear and unwavering commitment to a culture of honesty, openness, and assistance. Optimally, the company is

  • hiring honest employees
  • training them in all aspects of their duties and responsibilities
  • delivering fraud awareness in organization orientation and ongoing communications
  • providing fraud risk assessment methodology to appropriate personnel.

The company should also create a positive work environment with open door policies and a commitment to employee success. The company should have an up-to-date code of ethics or code of conduct that employees review and sign regularly to clarify expectations concerning honesty and other important attributes for employee and organization success.

To deal with perceived pressure, employee assistance programs offer personnel a place to go during difficult times. The company should not only expect its employees to be aware of its commitment to honest and ethical behavior, but it should also communicate its expectations to vendors, suppliers, customers, contractors, and others who do business with the organization. These communications, along with tip hotlines, create an environment in which whistleblowers feel free to call concerning matters of questionable behavior.

While the control environment is about openness and expectations, it also assumes that employees will be monitored, and fraud perpetrators will be caught and suffer appropriate consequences. Those consequences should be meted out regardless of the pressure or rationale behind such behavior. The primary goal of a good internal control environment is to minimize the opportunity to commit fraud, given sensible cost-benefit constraints.

While the above discussion suggests that the key to successful fraud prevention, deterrence, and detection is a solid control environment, missing or inadequate elements in an internal control system may increase the risk for fraud to occur. While it is impossible to prevent all frauds, a good control environment can mitigate the opportunities for fraud.

The Use of Red Flags to Detect Fraud

Red flags—symptoms of fraud—often go unnoticed or are not vigorously pursued. As noted in the Preecher and Hobson research discussed earlier in the chapter, even trained auditors benefit from a prompt to raise their awareness of the possibility of fraud. This is not surprising given the number of red flags observed and the fact that most are not indicators of fraud but are a function of the dynamic environment in which organizations operate. Nevertheless, red flags need examination until the evidence suggests that the anomaly is innocuous.

The red flags that can lead to a formal fraud investigation come from many sources and include tips and complaints, behavioral red flags, analytical anomalies, accounting anomalies, and internal control irregularities and weaknesses. Each of these, when observed, needs to be evaluated with additional evidence to make a determination concerning fraud. Some of the questions that need to be answered include:

  • Does the anomaly have supporting documentation?
  • Does the documentation appear to be falsified, altered, or fictitious?
  • Does the transaction and its reflection in the financial statements make sense?
  • Does the transaction make sense in light of the company’s operations, goals, and objectives?
  • Does the totality of this and similar transactions make sense analytically when evaluated in comparison to the economy, the industry, key competitors, and other related accounting numbers within the organization?
  • Does the transaction have proper approval and the proper authority levels?
  • Does anything else about the transaction or its nature make it appear suspicious?

Asking follow-up questions and resolving those questions with backup evidence is one of the keys to professional skepticism and a key to successfully uncovering fraudulent activity, whether asset misappropriation, corruption, or financial statement fraud.

Tips and Complaints

The 2016 ACFE Report to the Nations survey results suggested that while “tips” are the most common detection methods, the fraud discovery method varied substantially between small organizations (i.e., those with fewer than 100 employees) and larger organizations. The starkest variation occurred with tips; small and larger organizations detected fraud via tip in 29.6% and 43.5% of cases, respectively. A flip observation occurred with regard to internal audit where the detection method was 12% for cases at small organizations, but 18.6% at larger organizations. Over time, when combined, tips and accidental discovery typically account for greater than 50% of all frauds detected. This supports the contention that organizations have an opportunity to improve efforts to actively seek out fraud acts and perpetrators. It also suggests that, like-it-or-not, employees, managers, co-workers, and colleagues outside the company—those closest to the day-to-day operations—are in the best position to detect and report fraud.

This also reinforces why the control environment is so critical to fraud detection. Without an obvious commitment to fraud detection, prevention, deterrence, and remediation, some frauds are likely to go unreported and undetected. These frauds would be far more costly than if they were discovered and resolved earlier in the process.

These findings are logical. If fraud occurs, and the control environment and specific prevention controls fail, employees, co-workers, managers, and others who interact with the fraudster daily, weekly, or monthly, are more likely to observe suspicious behavior. If they don’t report it, we are left with other fraud detection methods that are more time-consuming, often less timely, and sometimes more invasive, to discover the fraud. It should be noted that many times tips and complaints are false. At least one highly recognizable organization was noted as closing down their fraud hotline because most calls were bogus and the tips were often made for purely vindictive reasons—to try to get an innocent person in trouble.

Another concern is that employees, who suspect someone of doing something wrong or observe suspicious activity, may not report it for fear of getting someone in trouble. Knowing for certain is almost an impossible standard, and in some cases, the suspicious employee is fearful of being labeled a tattletale. The person may even be afraid of retaliation by the suspected perpetrator. For these reasons, some employees, who know of wrongdoing, do not come forward. The main lesson for companies is to make reporting suspected fraud easy and anonymous.

The whistleblower needs to be able to feel safe and secure while providing the organization with the needed information. One alternative is to leave a tip on a fraud hotline. This approach is much more likely to be successful if an employee feels that the overall environment is one in which a report of fraud and unethical behavior will be acted upon. The employee should always feel that going to a supervisor or manager is an option, but sometimes hotlines are a better alternative. The key to successful tip hotlines is to ensure that the tipster provides sufficient detail so that the situation can be examined. In this regard, some hotlines are often managed by third parties who have the expertise to collect enough facts to initiate an examination. This helps employees feel secure in their anonymity and allows the third party, through an interview-style inquiry, to ensure that all the necessary details have been gathered.

Behavioral Red Flags

Behavioral anomalies are exhibited in lifestyles and unusual behaviors. As suggested by the fraud triangle, many people who commit fraud do so, initially, as a result of pressure. Beyond pressure, they then evaluate the perceived opportunity for success, followed by a necessity to rationalize their actions. For many, pressure comes in the form of money or greed. They live a lifestyle beyond what their resources could obtain or achieve through legal methods, or have found themselves in a precarious financial condition due to previously living beyond their means.

Lifestyle symptoms can be observed as expensive cars, homes, boats, jewelry, clothing, and other material possessions an employee could not, or should not, be able to afford. As noted above, few perpetrators save what they steal; most spend their ill-gotten gains almost immediately. This psychological observation makes sense: those who can delay the gratification associated with their purchases need not steal because they can wait. Assuming that managers, employees, and coworkers pay attention, lifestyle red flags are relatively easy to spot. Just as easily, fraudsters often have a quick explanation: a recent inheritance, winning the lottery, a promotion by a spouse, and so forth. Once identified, these explanations are easily examined for accuracy, veracity, and completeness.

A second nonaccounting red flag revolves around unusual behaviors. Fear of getting caught and the ramifications associated with that fear cause anxiety and the person tends to act differently. The underlying cause may be guilt or fear, but either way, stress is created. That stress then causes changes in the person’s behavior. Such changes may include insomnia, alcohol abuse, drug abuse, irritability, paranoia, inability to relax, inability to look people in the eye, signs of embarrassment, defensiveness, argumentativeness, belligerence, confession to a trusted confidant, attributing failure to others (scapegoats), excessive smoking or starting smoking, and other anxiety-based symptoms.18 These symptoms are similar to those associated with when a person or loved one suffers from a health or job-related crisis. Unless the person is willing to talk, it can be difficult to discover a fraud from these clues alone. Still, when combined with other financially based red flags, this can be one more piece of evidence to track down what is going on and who might be associated with the fraudulent activity.

Analytical Anomalies

Analytical anomalies are transaction or financial statement relationships that do not make sense. For example, one may notice transactions that are too small or too large when compared to normal activity; it’s often about patterns and breaks in patterns. Some analytical anomalies include:

  • Unusual items
  • Missing items
  • Larger or smaller than usual items
  • No pattern when you would expect one
  • A break in a pattern that is unexpected
  • Round, even transaction amounts
  • Cash transactions instead of transactions by check
  • Large consistent transactions
  • Unusual timing of transactions
  • Unexpected transaction recipients or beneficiaries
  • Unexplained cash shortages
  • Unexplained inventory shortages
  • Deviations from specifications
  • Increased scrap
  • Excessive purchases
  • Too many debit or credit memos
  • Significant unexpected changes in account balances
  • Excessive late charges
  • Unreasonable expenses
  • Unusual expense reimbursements

Anomalies may also include strange relationships. Some examples include

Revenues increasing But inventory decreasing
But accounts receivable decreasing
But accounts receivable increasing at a greater percentage
But decreasing cash flows from operations
Inventory increasing But accounts payable decreasing
But decreasing warehouse costs
Increased volume But increased cost per unit
But decreased scrap19

Analytical anomalies are common in many organizations, including those in which fraud is not present. Nevertheless, these preliminary symptoms of fraud should not be ignored and should be diligently pursued until fraud is discovered or a conclusion of no fraud is warranted based on the totality of the evidence.

Accounting Anomalies

Accounting anomalies are unusual activities that seem to violate normal expectations for the accounting system. For example, a fraud examiner may notice transactions being recorded in odd ways or at odd times during the day or month. In some cases, a transaction may be recorded by a person not expected to record such a transaction. For instance, the Chief Financial Officer may be logged as posting routine journal entries to Property, Plant, and Equipment accounts on a Sunday evening when these transactions are normally recorded by a clerical employee during regular business hours.

In some cases, irregularities in documentation may be observed. Some of these include:

  • Missing documents
  • Old items being carried on bank and other account reconciliations from one period to the next period
  • Excessive voids or credit memos
  • Common names, addresses, or phone numbers of payees or customers
  • Names, addresses, or phone numbers that are the same as those of employees
  • Increases in past due accounts receivables
  • Excessive write-offs of accounts receivables
  • Increases in the number and amount of reconciling items
  • Alterations on documents
  • Duplicate payments
  • Second endorsements on checks
  • Breaks in check, invoice, purchase order, and other document number sequences
  • Questionable handwriting
  • Photocopied documents20

Irregular or undocumented journal entries are another accounting anomaly that may be observed. Also, unusual entries that reduce a liability while simultaneously increasing a revenue account are red flags that should be investigated. Journal entries may be a method fraudsters use to effect management override; unusual or problematic journal entries should be closely scrutinized. This includes journal entries with little, incomplete, or missing backup. Journal entries of concern are those created by members of senior management, journal entries recorded by a person who does not have the required authority, or entries for which requisite approvals are missing. The following are some basic journal entry techniques for “cooking the books.”

  • Journal Entry Example 1— Consider the following set of journal entries to record fraudulent revenues:
    Fixed Asset $350,000
    Cash $350,000

    This journal entry, although completely bogus, appears to be a normal acquisition of property, plant, and equipment.

    Accounts Receivable $350,000
    Sales $350,000

    The second journal entry, also bogus, looks like a normal sales transaction on credit.

    Cash $350,000
    Accounts Receivable $350,000

    This third bogus journal entry looks like a normal cash collection of accounts receivable.

    Because all three journal entries are completely fictitious, let’s see what’s left:

    Fixed Asset        $350,000  Cash          $350,000Accounts Receivable    $350,000  Sales          $350,000Cash          $350,000  Accounts Receivable    $350,000

    The bottom line here is that through a series of seemingly reasonable, yet bogus, journal entries, fictitious sales have been recorded through the fictitious acquisition of property, plant, and equipment. The problem is that sales are not normally recorded through journal entry, unless it is a typical month-end accrual entry. Further, none of the journal entries would have proper documentation or backup or would require fictitious support. In addition, the bogus journal entries are likely to be recorded by someone who normally does not post journal entries to the general ledger.

  • Journal Entry Example 2— Consider the following timing difference:Year 1—A contract is awarded
    Cash  $500,000
    Sales $500,000

    In year 1, a company is paid $500,000 for work completed on a contract near year end. The journal entry to record the sale is consistent with generally accepted accounting principles; however, also in year 1, the company incurred expenses of $350,000 to fulfill the contract. Those expenses were paid in cash (via check) in year 2, and no accrual was recorded in year 1.

    Year 2—Recognize expenses related to Year 1 contract
    Operating Expense $350,000
    Cash $350,000
    Year 2—Awarded new contract 
    Cash  $750,000
    Sales $750,000

    In year 2, the year 1 expenses are recorded. In addition, the company obtains and completes a new contract in year 2 but does not accrue any of the $450,000 of related expenses. The overall result of these three transactions is that year 1 income has been overstated by $350,000 and year 2 income has been understated by the same amount. Further, year 2 income has been overstated by the failure to accrue year 2 expenses of $450,000. Thus, the net effect on year 2 is an overstatement of income in the amount of $100,000. In this case, all of the transactions have proper documentation, but the expense transactions have been recorded in the wrong period, resulting in overstated income in years 1 and 2.

  • Journal Entry Example 3— Consider the following concealed liabilities and operating expenses:
    Year 1—The proper accounting is to accrue normal period-end expenses
    Operating Expense $500,000
    Accounts Payable $500,000
    Year 1—However, no journal entry was made to accrue year 1 expenses

    The net effect here is an overstatement of year 1 income of $500,000 and an understatement of income in year 2 by the same amount.

  • Journal Entry Example 4— Finally, consider the following attempt to treat operating expenses as capitalized property, plant, and equipment:
    Year 1—The proper accounting is to accrue period-end expenses
    Operating Expense $500,000
    Accounts Payable $500,000
    Year 1—Instead of accruing the amount to expense, the amount was capitalized as a fixed asset
     Fixed Assets $500,000
      Accounts Payable $500,000

    The net effect in Example 4 is an overstatement of year 1 income of $500,000, and an understatement of income in future years as the fixed asset is depreciated.

In years gone by, it was possible for the general ledger not to balance, meaning that debits did not equal credits, and assets did not equal liabilities plus stockholders equity. In this day and age, most computerized accounting packages prevent one-sided and unbalanced journal entries from being recorded; however, professional skepticism requires the fraud examiner to test this assumption for veracity. Further, unbalanced entries are a real possibility in manual accounting systems and those maintained in spreadsheet software, such as Excel. In electronic accounting software packages, it is far more likely that the general ledger subsidiary ledgers and other supporting documentation do not agree with, or reconcile to, the total reflected on the general ledger (and in the financial statements).

This is because many assume that most of a company’s information systems (e.g., distribution, store operations, purchasing, inventory management, marketing, etc.) feed directly into the general ledger and other aspects of the accounting system, but that is often not the case. It is common that payroll systems, marketing systems, inventory records, and accounts receivable details are independent of the main accounting system. As such, it is important to examine the underlying supporting details to ensure that the amounts agree with, or reconcile to, the general ledger totals. In addition, tests of the details need to be performed. This may include observation of physical inventory counts; confirmations with banks, customers, suppliers, and vendors; and other methods to verify that the supporting detailed records are accurate and supported. Third-party independent verification is the best evidence unless persons in the third-party company are colluding with individuals in the organization under review.

Internal Control Irregularities and Weaknesses

The internal controls necessary to safeguard assets and maintain the integrity of the financial reporting processes are beyond the scope of this text. Most companies of reasonable size often have several accounting information modules (possibly, independent systems), including the following:

  • Sales and accounts receivable collections
  • Personnel and payroll
  • Procurement (acquisition), accounts payable, and disbursements
  • Inventory, warehousing, and distribution
  • Capital acquisition, maintenance, retention (including depreciation), and disposition
  • Cash accounting and control

Additional controls are also required for prepaid assets; intellectual property; the acquisition, maintenance, and payment of short-term and long-term debt obligations; as well as others. Each of these processes, from the inception of any transaction through transaction completion, and its proper reflection in the audited financial statements, has many steps. Each step has controls in place to ensure that the transaction (underlying activity) exists, is complete (detailed supporting documentation), accurate (properly valued), classified properly, recorded in the proper period, and posted and summarized properly in the financial statements (these are otherwise known as management’s assertions concerning the attributes of amounts presented in the financial statements).

These controls not only safeguard the assets and facilitate accurate financial reporting but are also integral to running an effective and efficient operation. They ensure that (1) customers receive high-quality goods and services and (2) vendors, suppliers, and employees are paid accurately and on time. The Sarbanes-Oxley Act of 2002, particularly section 404, puts considerable emphasis on the system of internal controls. Management is responsible for the system of internal controls, including their design, implementation, and maintenance. Auditors must test management’s assertions concerning the existence and operational effectiveness of that system of internal controls.

The normal internal control environment is expected to have several control activities, including:

  1. Adequate separation of duties
  2. Proper authorization of transactions and activities
  3. Adequate documents and records
  4. Physical control over assets and records
  5. Independent checks on performance

While these characteristics are commonly presented in auditing texts and the auditing literature, from a fraud perspective, internal controls have at least three different objectives. The first line of defense related to internal controls is to prevent fraud. Fraud prevention refers to creating and maintaining an environment in which fraudulent activities are improbable or reduced to an acceptable level of risk of fraud and/or illegal activity.

Along a similar vein, fraud deterrence involves creating an environment in which fraud is less likely to occur (e.g., by encouraging whistle blowing through hotlines). Fraud deterrence creates an environment in which organizational stakeholders are discouraged from committing fraud. This is usually accomplished through a variety of efforts associated with internal controls and ethics programs that create a workplace of integrity, as well as by encouraging employees to report potential wrongdoing and promoting any actions that increase the perceived likelihood that an act of fraud will be detected and reported. Fraud deterrence can also be achieved through the use of continuous monitoring and auditing software tools. It is enhanced when potential perpetrators recognize that they will be punished when caught.

Fraud detection is the process of discovering the presence or existence of fraud. Most often, this can be accomplished through the use of well-designed internal controls, supervision, monitoring, and the active search for evidence of potential fraud (e.g., fraud auditing).

Some internal controls are meant to prevent fraud, and this aspect is often the main focus that accountants place on internal controls. Nevertheless, the second goal of internal controls—fraud deterrence—creates the perception of detection, whether real or perceived, and is critical, given that the number of controls required to prevent every type of fraud would cost far more than the potential benefits achieved.

Finally, internal controls also need to be focused on fraud detection. This is the central goal of internal control area five—independent checks on performance. These independent checks, even if on a periodic or somewhat random basis, are designed, not to prevent fraud, but to deter and detect fraud. Therefore, the fraud audit professional needs to consider and document those controls related to the prevention of fraud, and also those controls that increase the “perception of detection” and thus act as deterrents. Because independent checks are often periodic or random, it is precisely those checks that may not be operational, even though they have been designed and documented.

Let’s consider the example of the fraudster who cooked the accounts receivables, not to steal the money for himself, but to keep his job. Because this individual wanted to keep his job within the organization, he “adjusted” the accounts receivables using credit memos in advance of meetings with the CEO, sales manager, and controller to enhance the perception of his effectiveness in the collection of those receivables. After the meeting, he restored the accounts receivable amounts by reversing the credit memos with debit memos. Eventually, he hoped to find the time to make collection calls and get the customers to pay their accounts. The pattern of his fraud was clear and distinct in the credit and debit memo records.

The shortcoming in the company’s internal control structure was not in the design—all accounts receivable debit and credit memos required supervisory approval—but rather in the implementation. Case evidence showed that legitimate credit memos had been written up for management approval and had the appropriate sign-offs; however, the weekly credit meeting “adjustments” were not approved or signed-off. The internal control procedure that was intended to act as an independent check was properly designed. The controller or CFO was supposed to review the accounts receivable system to ensure that all debit and credit memos were approved. Although this was part of the internal controls design for 3 1/2 years, the procedure had not been operationalized. This lack of independent check cost the company approximately $1 million in accounts receivable write-offs. The moral of the story: Fraud examiners need to pay as much attention to the implementation of internal controls that act as independent checks as they do to the design of those controls to prevent fraud.

Fraud examiners must document the system of internal controls to the level of detail necessary to complete their work. Assuming that the fraud examiner is using a targeted, red flag, scheme-oriented approach or a targeted, risk assessment, scheme-oriented approach, the documentation of the system of internal controls in and around the area of investigation is an integral step in fraud detection. The fraud examiner is looking for weaknesses in the design, or deficiencies in the implementation, of the internal control system. Further, the antifraud professional will also need to be aware of the possibilities of management override and/or collusion. Internal controls cannot prevent management override or collusion, but a properly designed system of internal controls with independent checks includes detection controls that alert the proper individuals when anomalous situations occur.

Some typical internal control weaknesses include:

  • Lack of segregation of duties
  • Lack of physical safeguards
  • Lack of independent checks
  • Lack of proper authorization
  • Lack of proper documentation and other records
  • Override of existing internal controls by an individual, management, or through collusion
  • Inadequate accounting system
  • Inadequate employee education (expectations)
  • Reactive fraud detection approach
  • Inadequate surprise audits
  • Inadequate whistleblower opportunities and protection21

The Power of Nonfinancial Numbers

Fraud examiners need to use not only data generated from the financial accounting systems but also data from surrounding operational systems. The Internal Revenue Service’s Fuels Excise Specialists will tell you that they spend as much time auditing the inventory, chemical processing, and distribution data as they do investigating the data generated from the subject organization’s accounting system because fuels involve precise chemistry.

Thus, the managers working with the fuels cannot afford to have their nonaccounting systems corrupted with fraudulent data because of the effect on the quality of the product and the impact on end users (i.e., customers). The power of using nonfinancial data to corroborate financial information cannot be understated. Nonfinancial numerical performance data (numbers) may also prove valuable and include:

  • Laundromat electricity usage
  • Laundromat cycle time
  • Gas produced
  • Tons of minerals mined (raw and processed)
  • Beer purchase quantities
  • Employee time records
  • Delivery records
  • Attorney hours charged
  • Travel (number of trips and average cost per trip)

The foundation behind the use of nonfinancial numerical information is that the world revolves around quantities and prices. By breaking down the sum totals for a series of accounting transactions into prices and quantities, a fraud examiner now has two additional pieces of data to evaluate. First, he or she can analyze the quantity. Does the total quantity make sense? How does it compare to other periods, divisions, nonfinancial system’s data, and so forth? How does it compare to prior periods? How does it compare to budgets or other data that serve as reasonable expectations? How does it compare to total capacity for the company under study? Similarly, the price per unit can be examined for reasonableness. Does the average price per unit make sense? How does the price compare to the average market price for the period and to other companies in the industry? How does the price compare to prior periods? How does the average price compare to published price lists for the company under study?

The nonaccounting systems information and nonfinancial numerical data are then used to correlate with, or reconcile to, the numbers represented in financial statements, and tax returns. Generally, any data generated outside of the financial accounting system will serve as a starting point for analysis and reconciliation. This does not mean that nonaccounting and nonfinancial numerical data are never tainted, but if it is also impacted by the fraud, then the number of perpetrators involved expands to include persons beyond accounting. The theory is that, in general, the nonaccounting and nonfinancial data are generally not corrupted because companies always want to maximize operational performance. As such, operational managers need accurate and timely data to manage their portion of the business. If nonaccounting and nonfinancial numerical data cannot be reconciled to the related data in the financial systems, or the data are not correlated, additional examination is warranted.

Using Red Flags as a Basis for Further Investigation

It is impossible to provide a complete list of all the red flags that may be observed when trying to detect fraud. Each fraud will have some unique attributes, and thus the related red flags will also be somewhat unique. Therefore, when considering red flags, it is important to think about the red flag in the context of the circumstances.

  • Why does the transaction or transactions seem important?
  • What causes this transaction or series of transactions to seem unusual or irregular?
  • How does this red flag track into the company’s control environment?
  • Does the red flag fit a known fraud scheme, given the organization, its industry, its competition, and the current business environment?

It is critical to use evidence-based decision making to draw a conclusion that fraud is likely, or that this anomaly has another reasonable explanation. It is important to use evidence to see if you can develop other reasons for the suspicious activity.

In relation to observed red flags, the fraud examiner should consider possible motivations of specific individuals who might be involved. Each of the following should be documented:

The Elements of Fraud:

  • Are cash or other assets missing (i.e., has a fraud act or financial crime possibly been committed)?
  • Are the financial statements materially misstated?
  • What are the concealment possibilities?
  • What are the conversion possibilities and have any conversion symptoms (e.g., lifestyle anomalies) been observed?

The Fraud Triangle:

  • Which individuals have opportunity?
    • What are the key internal controls in this area?
    • Are key internal controls deficient or have they been violated?
  • Have any individuals demonstrated signs of pressure?
  • What potential rationalizations might be offered and is there any evidence of rationalization by particular individuals?

M.I.C.E.

  • What might motivate the fraudster: money, ideology, coercion, or ego/entitlement?

Other Considerations:

  • What are the most promising investigative techniques?
  • What methods and approaches will most likely result in a successful investigation?
  • Have any other related symptoms been observed?
  • How do the red flags observed in one area relate to red flags observed elsewhere?

Module 3: Targeted Fraud Risk Assessment

While interviewing for information gathering purposes is examined in a separate chapter, interviewing is also a critical tool in the risk assessment process. In a 2007, Journal of Accountancy article, Dr. Joseph Wells and John Gill, J.D., CFE and ACFE Vice President—Education, suggest 15 questions to obtain a preliminary sense of an organizations vulnerability to fraud as follows:

  1. Do one or two key employees appear to dominate the company?
  2. Do any key employees appear to have a close association with vendors?
  3. Do any key employees have outside business interests that might conflict with their job duties?
  4. Does the organization conduct preemployment background checks to identify previous dishonest or unethical behavior?
  5. Does the organization educate employees about the importance of ethics and antifraud programs?
  6. Does the organization provide an anonymous way to report suspected violations of the ethics and antifraud policies?22
  7. Is job or assignment rotation mandatory for employees who handle cash receipts and accounting duties?
  8. Has the company established positive pay controls with its bank by supplying the bank with a daily list of checks issued and authorized for payment?
  9. Are refunds, voids, and discounts evaluated on a routine basis to identify patterns of activity among employees, departments, shifts, or merchandise?
  10. Are purchasing and receiving functions separate from invoice processing, accounts payable, and general ledger functions?
  11. Is the employee payroll list periodically reviewed for duplicate or missing Social Security numbers?
  12. Are there policies and procedures addressing the identification, classification, and handling of proprietary information?
  13. Do employees who have access to proprietary information sign nondisclosure agreements?
  14. Is there a company policy that addresses the receipt of gifts, discounts, and services offered by a supplier or customer?
  15. Are the organization’s financial goals and objectives realistic?

While these questions are not stated explicitly below, data collected during interviews are an integral part of developing a risk assessment using a targeted approach.

Targeted fraud risk assessment starts with a foundation of solid knowledge, skills, and abilities in the areas of fraud detection and investigation. Further, the antifraud professional or forensic accountant must have a thorough knowledge of the various types of schemes used to perpetrate asset misappropriation, financial statement fraud, corruption activities, and financial crimes, such as money laundering. They should be able to answer some basic questions, such as:

  • How is the scheme perpetrated?
  • Where would I likely find the fraud or where might evidence of it be located?
  • What attributes are involved in the act? How would the act be concealed?
  • What symptoms (red flags) would be generated if the scheme were perpetrated? How might the scheme be detected?
  • What controls need to be in place to prevent this particular scheme?
  • What controls might deter a fraudster from perpetrating this type of scheme? What controls would lead to detection of this scheme?
  • Are those controls in place?
  • Which employees, third parties, or managers are likely to be involved, and could it be collusive?

By understanding the attributes of different fraud schemes, the fraud examiner is armed with a foundation upon which he or she can develop a targeted fraud risk assessment. When evaluating an organization, its industry, its key competition, its management structure, and its control environment for certain schemes, some will be more likely to show up than others. As noted in the red flag discussion, a typical audit of a large company may generate hundreds of red flags. What should an auditor do to address them? Using a targeted fraud risk assessment approach, some red flags (symptoms of fraud) are much more significant than others and, as such, should be given more attention.

Likewise, clusters of red flags become valuable in the sense that where there is smoke, there is (usually) fire; therefore, where there is a lot of smoke, the likelihood of fire increases dramatically. Similarly, if there is a cluster of red flags, it increases the likelihood of a particular scheme’s existence.

Also integral to the targeted fraud risk assessment methodology are a few overarching questions:

  • What is the likelihood of fraud occurring in this organization without consideration of controls?
  • What types of frauds would likely occur in this organization?
  • What types of frauds are likely to occur without consideration of the controls? What types of frauds might be successful?
  • How large could the fraud be?
  • Would the fraud be large enough to generate the financial impact that allows the fraudster to achieve his or her goals?
  • By what process could the fraud be perpetrated without consideration of controls? How strong is the antifraud control environment?
  • How well do the control systems appear to be working in the areas where the fraud would be perpetrated (including prevention, deterrence, and detection controls)?

Table 8-1 lists examples of recent fraud schemes. The fraud examiner categorizes schemes in three ways:

  • Category 1—Wrongdoing perpetrated by an insider acting alone with the principal benefit to the individual (examples include simple, one-person, garden-variety embezzlement schemes)
  • Category 2—Wrongdoing perpetrated by more than one individual acting collusively (possibly with individuals outside the company) with the principal benefit to the individual perpetrators or the organization (examples include sophisticated asset misappropriation, corruption, and/or financial statement fraud)
  • Category 3—Wrongdoing perpetrated by an outside third party against the organization with the principal benefit to the third party (examples include the sales of inferior goods that do not meet contract specifications)

TABLE 8-1 Examples of Recent Fraud Schemes

  • Vendor Allowance Manipulations
  • Improper Bill and Holds
  • Roundtrip Transactions
  • “Refreshed” Receivables
  • “Off-Site” or Fake Inventory
  • Undocumented Rights of Return
  • Adjustments to Estimations
  • Quid-Pro-Quo Arrangements
  • Phony Shipping Documentation
  • Moving Inventory Between Locations
  • Related Parties That “Create” Transactions
  • Splitting of Multiple-Element Deals
  • Unjustified Consolidation Entries
  • Adding Back O/S Checks to Cash
  • Improper Asset Valuations
  • Holding Periods Open
  • Phony “Investment Deals”
  • Subscriber Count/Circulation Frauds
  • Provider Reimbursements
  • I/C Manipulations Affecting Other Accts
  • Bribery, Corruption, and Kickbacks
  • Agreements to “Sell Through” Product
  • Money Laundering
  • Contributions
  • Fraudulent Audit Confirmations
  • Early Rebates
  • Off-Balance Sheet Liabilities
  • Improper Capitalization of Expenses

Thus, the fraud examiner has a specific assessment of which accounts are most susceptible to manipulation, the likelihood of manipulation (remote, reasonably possible, or probable), and the magnitude of the likely scheme (inconsequential, more than inconsequential, or material), paying particular attention to accounts with high inherent risk (e.g., reserves, allowances, permanent impairments, etc.) and high control risk accounts. For example, in the area of revenues some of the preliminary questions might include the following:

  • How would a person(s) perpetrate an over- or understatement of revenues?
  • Who would be involved
  • Would it be collusive between customers and sales and marketing?
  • Which accounts would be affected?
  • When would the scheme be perpetrated?
  • Which quarter of the year is most at risk?
  • Which financial statement assertions are at risk?

Targeted fraud risk assessment is consistent with the PCAOB’s Auditing Standards Nos. 5 (AS5) and 12 (AS12) and requires a top-down approach. First, the fraud examiner assesses fraud risk factors such as industry, competition, historical performance, management philosophy, and possible pressure concerns, as well as geographic considerations. Then, the fraud examiner determines the fraud risks: which accounts would likely be utilized (revenue, expenses, liabilities, assets)? And further, which schemes could be used to perpetrate a fraud, including those who might be involved in the scheme?

The targeted fraud risk assessment approach assumes that there should be a direct relationship between the level of risk associated with a material weakness in a company’s controls and the amount of attention devoted to that area during an audit. Further, an account can be significant, based on the assessment of the risk that the account could contain misstatements that individually, or when aggregated with others, could have a material impact on the financial statements.

An overview of the fraud risk assessment process includes the following components:

  • Evaluate the fraud risk factors
    • Identify, understand, and evaluate the company’s operating environment, cultural tone, location, and existing pressures.
    • Identify which accounts might be used to perpetrate the frauds.
    • Identify relevant business processes, process owners, and related financial statement accounts.
    • Identify fraud risks for nonsignificant entities.
  • Identify possible fraud schemes and scenarios
    • Brainstorm.
    • Identify how fraud may occur in each process by location.
    • Identify the parties who have the ability to commit a potential fraud.
  • Prioritize individual fraud risks
    • Evaluate the likelihood, without consideration of controls, that each of the identified frauds could occur and the potential significance (in dollars) associated with the fraud risk.
    • Label the schemes by type of risk.
    • Identify the pervasiveness of the risk.
  • Evaluate mitigating controls for those fraud schemes that are reasonably possible or probable and are more than inconsequential, or are material
    • Determine the level of mitigation to prevent, detect, and deter fraud.
    • Investigate the characteristics of potential fraud manifestations within each process identified.
    • Quantify and remediate fraud risk.

The following ten-step approach implements the targeted fraud risk assessment:

  1. Step 1. Identify, understand, and evaluate the company’s operating environment and the pressures that exist.
  2. Step 2. Identify the business processes and consider differences in those processes in foreign operations, as well as between subsidiaries and decentralized divisions.
  3. Step 3. Identify the “process owner” for each of the identified significant processes.
  4. Step 4. Review past fraud experience within the company for the process being evaluated.
  5. Step 5. Identify how fraud may occur in each process and at each location using fraud brainstorming techniques.
  6. Step 6. Identify the parties who have the ability to commit the potential fraud.
  7. Step 7. Evaluate the likelihood that each of the identified frauds could occur and be significant as well as the persuasiveness of the potential fraud without consideration of controls.
  8. Step 8. Consider the likely methodology to commit and conceal the fraud to determine the level of mitigation to prevent, detect, and deter the fraud. The result is a determination of the existence of “Residual Fraud Risk.”
  9. Step 9. Investigate the characteristics of potential fraud manifestations within each process identified in which “Residual Fraud Risk” exists.
  10. Step 10. Remediate fraud risk schemes by designing control activities to mitigate the unmitigated fraud scheme risk.

Step 1 evaluates the economic, operating, and competitive environment, as well as the overall control environment. Step 2 includes the identification of key business processes including sales, accounts receivable collections, personnel, payroll, procurement (acquisition), accounts payable, cash disbursements, inventory, warehousing, distribution, capital asset acquisition (including maintenance and depreciation), cash accounting and control, licensing, intellectual property, investing, information and technology, marketing, and research and development. Step 2 also requires the fraud examiner to consider differences in the processes identified between local and foreign operations, as well as among subsidiaries or decentralized divisions. Some of the considerations include legal requirements across the various jurisdictions, cultural differences, staffing (expertise, experience, training, duration with the organization, etc.), processes for the approval of independent agents and contractors, the competency of management and supervisors, and the function of the operation within the organization.

To complete Step 3, the fraud examiner must identify the “process owner” for each of the identified processes within each major jurisdiction and/or operation. The process owner may be a senior level executive, subsidiary president, regional president, vice president, manager, or supervisor. The process owner is that individual who has the day-to-day authority and ability to alter standard operating procedures (management override) to accomplish the goals and objectives of the organization. Of course, being in a position to override normal operating procedures also places that person in a position in which he or she can alter those same procedures for personal benefit.

Step 4 requires an assessment of the organization’s history with respect to fraud, as well as experiences at lower levels of the organization and by process, geographic locale, and within specific jurisdictions. The fraud examiner needs to ask the following questions:

  • What types of fraud have occurred in the past?
  • Where (geographically and in which accounts) did the fraud occur?
  • Where within the organizational structure did the fraud occur?
  • Who committed the fraud?
  • How was the fraud perpetrated?
  • How could the fraud have been prevented?
  • How could the fraud have been detected earlier?
  • What may have deterred the commission of the fraud?

Step 5 investigates potential responses to the question, what could go wrong? This step requires process owners and their sub-process owners, in conjunction with the fraud examiner, to identify how fraud may occur in the respective process at each location using brainstorming techniques. The brainstorming process should focus on fraud risk factors by process, locale, and jurisdiction. Also, consideration should be given to fraud risks and fraud schemes that could be perpetrated and would be likely (probable) and significant (of large financial magnitude). Participants in the brainstorming process should identify control activities that would mitigate the identified fraud schemes, but only after the schemes have been identified and their likelihood and significance have been determined.

Only those schemes that are significant and likely should be evaluated to determine whether they are mitigated by control activities. Fraud risk assessment, after considering mitigating controls to prevent, deter, and detect fraud, leaves a remainder: residual fraud risk. Residual fraud risk includes those fraud schemes that are not adequately mitigated by control activities and, as such, requires a fraud audit response. In that context, management override and collusion are only subject to fraud detection; in general, they cannot be prevented. Thus, the risk of management override and collusion are always residual fraud risks and require a specific audit response, if detection control activities do not exist.

In Step 6, the identified parties who have the ability to commit the potential fraud need to be examined more closely. At this point, the fraud examiner needs to consider the elements of the fraud triangle: pressure, opportunity, and rationalization. Further, the fraud examiner needs to specifically consider the three categories of fraud discussed above. Individuals who are in a position to commit asset misappropriation, corruption, and financial statement fraud may include process owners, employees, agents (particularly in foreign countries), independent contractors, competitors, customers, vendors, and licensees.

During Step 7, process owners and the fraud examiner use the following descriptions to evaluate the likelihood that each of the identified frauds could occur: remote, reasonably possible, and probable. For each potential fraud, the following questions should be considered:

  • What is the likelihood that this fraud will occur and be significant?
  • How could this fraud manifest itself and where (which account and which process)?
  • What would the fraud look like and where would it be found?
  • What is the likelihood that the fraud will be perpetrated by an individual, as compared to two or more individuals acting collusively?

Management should address those fraud risks that have more than a remote likelihood of having more than an inconsequential effect on the company’s financial statements. The auditor should evaluate all controls specifically intended to address the risks of fraud that have at least a reasonably possible likelihood of having a material effect on the company’s financial statements. The fraud examiner needs to make an assessment based on the scope of the engagement.

Step 8 requires the determination of the level of mitigation to prevent, detect, and deter each fraud scheme deemed significant and likely.

  • Are entity level controls in place and operational?
  • How effectively is the antifraud message communicated throughout the organization?
  • Are there effective fraud awareness training programs?
  • Does the organization complete an effective fraud risk assessment?
  • Does the organization have effective ethics training and programs?
  • What ethics and core values seem to exist within the organization?
  • Do employees embrace the ethics and core values?
  • Does the organization have an effective “fraud hotline” and a reliable whistleblower protection policy?
  • Are allegations of fraud and wrongdoing investigated completely and in a timely fashion?
  • What control activities are in place?
  • What information systems are in place and does communication happen as designed and in a timely fashion?
  • What monitoring activities are in place?
  • What effective remediation and fraud investigation processes and procedures are designed and operational?

Note that these areas are consistent with COSO’s five elements of internal controls: control environment, risk assessment, control activities, information and communication, and monitoring.

Step 9 requires the fraud examiner to investigate the characteristics of potential fraud manifestations within each process identified in which “residual fraud risk” exists:

  • Design procedures to look for the fraud
  • Consider data mining techniques
  • Look for the fraud

In Step 10, the fraud examiner needs to reassess and quantify fraud risk given the findings from Steps 1–9. The fraud examiner needs to evaluate the results of the investigation and extrapolate each fraud manifestation over the entire population of possibilities, because the frauds that have been detected may be just the tip of the iceberg.

Table 8-2 includes two examples of targeted fraud risk assessment in actions: revenue “round-trip” transactions and revenue “bill and hold” schemes.

TABLE 8-2 Targeted Fraud Risk Assessment in Action

Fraud Risk Revenue—“Roundtrip”
Transactions—Inflating revenues
Revenue—Bill and Holds
Step 1. Identify, understand, and evaluate the company’s operating environment and pressures that may exist.
Operating Environment The economy has been relatively weak with virtually no growth. The industry has been soft and generally follows the overall economy. The organization’s primary competitors have reflected generally poor performance in the prior eight quarters of reported earnings. Despite the recent weak performance, the industry is considered healthy, and the balance sheets of most competing organizations do not suggest a high risk of bankruptcy.
Possible Pressures Despite some negative financial press concerning operational issues, particularly with regard to the organization’s ability to tap into the Chinese market, the stock market has evaluated this company as positioned to outperform in the next four quarters. Most of the organizations’ main competitors have been evaluated as below average expected performance.
Step 2. Identify the business processes
Process Sales and Collection Cycle Sales, Inventory, and Collection Cycle
Jurisdictions and Level of Control The company sells product in the United States and China. Each jurisdiction has a regional vice president that reports to the Chief Operating Officer (COO). The COO reports to the CEO. The regional vice presidents have operational autonomy with respect to day-to-day operations (decentralized). The COO and CEO mainly concentrate on strategies for growth over the next two to five years. Operations in both the United States and China have regional accounting controllers. The organization has a corporate controller and a Chief Financial Officer (CFO).
Step 3. Identify the “process owner” for each of the identified significant processes
Process Owner Regional Vice Presidents
Process Subowner Regional Director of Sales and Marketing
Related Accounting Areas Sales audit, inventory control, accounts receivables
Journal Entry Control and Authority Journal entries are initiated at the regional level. The corporate controller must approve the journal entry. The CFO has the ultimate approval, responsibility, and authority
Step 4. Review past fraud experience within the company for the process being evaluated
Past Fraud Experience None noted None noted
Step 5. Identify how fraud may occur in each process at each location using fraud brainstorming techniques (Note: the risk of management override is evaluated separately and is not considered in this targeted fraud risk assessment)
Cause of Fraud Recording transactions that occur between two or more companies for which there is no business purpose or economic benefit to the companies involved in order to inflate revenues When products have been booked as a sale but delivery and transfer of ownership has not occurred as of the date the sale recorded. The customer is not ready, willing, or able to accept delivery of the product at the time the sale is recorded. The customer may or may not have requested a bill and hold arrangement
Step 6. Identify the parties who have the ability to commit the potential fraud
May Involve CEO, COO, regional vice president, and sales personnel. May or may not involve accounting personnel. CEO, COO, CFO, regional vice president, other executives, customer, credit manager, sales personnel, inventory manager/personnel. Most likely must involve accounting personnel.
Step 7. Evaluate the likelihood that each of the identified frauds could occur and be significant as well as the persuasiveness of the potential fraud, without consideration of controls
Significance More than inconsequential, particularly in the Chinese operating environment because of a recent history of product defects. Inconsequential due to the fact that demand currently outstrips supply.
Likelihood Probable in China; reasonably possible in the United States Remote in both China and the United States
Pervasiveness Risk is related to revenue, sales returns and allowances, and A/R accounts Risk is related to revenue, sales returns and allowances, and A/R accounts
Step 8. Consider the likely methodology to commit and conceal the fraud to determine the level of mitigation so as to prevent, detect, and deter the fraud. The result is a determination of the existence of “Residual Fraud Risk.”
Mitigating Control Activities
  • Regular review of all sales contracts, with a focus on unusual terms and conditions for return policies, and a comparison to actual practice
  • Regular review of all sales returns for irregular returns patterns and inventory patterns
  • Regular review of A/R aging
  • Segregation of duties (sales and credit/order entry functions)
  • System of authorization and approval of transactions for sales, sales returns, and A/R write-offs
  • Where appropriate, standardization of sales terms
  • Existence of sales personnel confirmation/verification with customer for completeness and accuracy of recording of sales terms or conditions
  • Checks to assure transfer of ownership (title, insurance, equipment installation, etc.)
  • Regular review of all sales contracts, with a focus on unusual terms and conditions, and a comparison to actual practice
  • Regular performance of physical inventory counts
  • Regular review of A/R aging
  • Segregation of duties (sales and credit/order entry functions)
  • System of authorization and approval of transactions for sales, sales returns, and A/R write-offs
  • Where appropriate, standardization of sales terms
  • Existence of sales personnel confirmation/verification with customer for completeness and accuracy of recording of sales terms or conditions
Mitigating Control Environment
  • Regular ethics training/policies/adherence
  • Published code of ethics/conduct with provisions related to fraud and ethical behavior
  • Formal hiring and promotion standards
  • Tone at the top, including proper attitudes toward controls and corporate communication
  • Reporting and advice systems (hotlines for employees and separate hotlines for customers and vendors)
  • Regular measurement of achievement of ethics/compliance and fraud prevention goals
  • Investigation of suspected wrongdoing
Determine Level of “Residual Fraud Risk” The residual fraud risk was evaluated as potentially material. This is considered a collusive fraud and thus prevention controls would be expected to have minimal impact. Since the likelihood, significance, and pervasiveness were considered high, additional audit work was performed. Due to the likelihood, significance, and pervasiveness being evaluated as low, combined with the mitigating controls and environment, the residual fraud risk was considered minimal.
Step 9. Determine the appropriate audit response and investigate the characteristics of potential fraud manifestations within each process identified, where “Residual Fraud Risk” exists
Additional Audit/Investigational Procedures In response to the high residual fraud risk, internal audit confirmed in writing directly with customers the amounts, dates, and shipping terms for all sales transactions, as well as the current A/R balance and items such as the payment due date, the details of any right of returns, unrecorded terms and conditions, and any outside agreements not contained in the original written agreements. No exceptions were noted during these expanded procedures. None required, and the normal audit procedures in the area of revenues, inventories, and A/R did not reveal any changes to the above assessment.
Step 10. Remediate fraud risk schemes by designing control activities to mitigate the unmitigated fraud scheme risk
Remediation Recommending that internal audit regularly confirm with customers, not only account balances and transactions but also payment due date, the details of any right of returns, unrecorded terms and conditions, and any outside agreements not contained in the original written agreements None required

Module 4: Targeted Fraud Risk Assessment in a Digital Environment23

Ben Dickson in an article titled, “3 Ways Artificial Intelligence is Changing the Finance Industry,” states that that machine learning algorithms, software that self-improves as it is fed more and more data, is at the heart of the Artificial Intelligence (AI) revolution. The author finds that in the area of finance, AI is influencing fraud detection, banking chatbots, and algorithmic trading. With regard to fraud detection, as e-commerce has risen in popularity, so has online fraud. At one end of the antifraud spectrum is aggressively declining suspected transactions; yet, the author highlights the findings of Javelin Strategy whose research suggests that as much as $118 billion is lost by retailers due to legitimate transactions that were wrongly rejected. In one example of AI’s fraud detection efforts, Dickson highlights efforts by Mastercard to move away from declines based on companywide, predefined rules, toward a system that considers historical shopping and spending habits of individual cardholders, to develop a behavioral baseline against which the systems compares each new transaction. As such, rather than evaluating each transaction against company or industry “one-size-fits-all” norms to identify anomalies, each cardholder’s transactions are uniquely evaluated based on the characteristics of the cardholder. With billions of transactions each year, Mastercard has lots of historical data from which the AI system can learn. While AI is still in its infancy as a technological tool for fraud detection, and faces numerous challenges including legal, ethical, economic and social, preliminary work suggests that AI has potential to contribute to antifraud efforts.24

We have all heard horror stories by fraud examiners of computer tests that result in the identification of hundreds, thousands, and possibly even millions of anomalous transactions that require further review. At these times, fraud examiners and investigators feel like throwing up their hands in frustration due to the sheer volume of exceptions. The main problem is that a targeted approach for the assessment of red flags or a targeted fraud risk assessment was not made in advance. As such, the digital assessment was also not targeted.

Prevention and Deterrence in a Digital Environment

In an electronic environment that captures a huge amount of transactions annually, many transactions and data relationship anomalies appear to be a potential fraud or error. To utilize the computer environment effectively, the targeted fraud risk assessment process must be completed. This process will yield the highest probability of frauds that might manifest themselves and have a large enough magnitude to make a significant impact. Red flags and anomalous relationships require evidence to determine whether a fraud is ongoing, has occurred, or is not, and never happened. It is only by using a laser or rifle-shot approach that digital tools and techniques can be effective in preventing, deterring, and detecting fraud.

Early in the millennium, an acronym related to fraud and forensic accounting in a digital environment was created—CAATTs, computer-aided auditing tools and techniques. CAATTs are used for data extraction and analysis. Recently, the terminology has morphed to use terms such as big data and data analytics. No matter the moniker, auditors, and other antifraud and forensic professionals often make use of these massive datasets for testing the information systems control environment, as well as performing detail tests of transactions, totals and subtotals. Information systems and related technology, including the financial accounting system, are integral to an organization’s success; they provide timely and essential information to facilitate achieving strategic objectives. These systems provide the information necessary to execute strategy and to achieve operational goals and objectives.

Because information is a key to the successful operation and execution of strategy for any organization, information systems technology is central to many organizational transactions, beginning at a transaction’s inception. If we use an electronic purchase order for inventory, as an example, this transaction flows through the information system to digitally capture the receipt of the merchandise at a warehouse facility, payment via the cash disbursement system, and tracking through the inventory and merchandising systems. Some of these systems are part of, or modules within, the accounting information systems, while others are periphery or separate and distinct information systems outside the normal accounting systems. In either case, this information is integral to producing fairly stated financial statements and strong systems of internal control.

Digital Evidence

A major challenge for the fraudster is to conceal their nefarious activities, given that so much information is captured electronically and is available to monitor their activities during and after the perpetration of a fraud act. Electronic storage is relatively inexpensive, and information systems store and manage this data. This means that the fraudster risks detection during the fraud act and as long as the data are stored. Stored data can be used to trace transactions, document approvals, and exceptions, as well as provide evidence of system override. This stored data can also be used with data mining software such as Access, ACL, or IDEA, SAS, and other statistical and analytical packages, which allow a large amount of data to be evaluated quickly for symptoms of fraud, and provide evidence of the fraud act or concealment of the fraud.

Detection and Investigation in a Digital Environment

The importance of information systems as a mechanism for fraud prevention, deterrence, and detection cannot be overstated. The value of these information systems to generate red flags for further investigation, to reconstruct actual data flow, and to provide a strong evidence trail is also of considerable value to the fraud and forensic specialist. That said, the most challenging issue regarding fraud detection is the potential for an overwhelming number of fraud symptoms (i.e., red flags). Once preliminary symptoms are observed and documented and the predication threshold has been met, the information systems serve as an important tool in the examination process.

Additional discussion of fraud and forensic tools and techniques in a digital environment is presented in a separate chapter. The key to successful fraud detection and investigation using digital tools and techniques requires a targeted approach. The fraud examiner or investigator must have a sense of what could go wrong, what did go wrong, and how it might manifest itself in the information systems. This requires an understanding of the schemes, the industry, the organization, its IT control environments, its history of fraud, and other items outlined in the previously listed steps to develop a targeted risk assessment. With this foundation, the antifraud professional has a place to begin the fraud examination or financial forensic engagement.

We have eight types of assignments for instructors to choose from:

  1. Critical Thinking
  2. Review Questions
  3. Multiple Choice Questions
  4. Fraud Casebook
  5. Brief Cases
  6. Major Case Investigation (MCI)
  7. IDEA Exercises
  8. Tableau Exercises

CRITICAL THINKING

  1. CT-1 The magical elevator. There is a man who lives on the top floor of a very tall building. Every day he gets the elevator down to the ground floor to leave the building to go to work. Upon returning from work though, he can only travel half way up in the elevator and has to walk the rest of the way unless it is raining! Why?
  2. CT-2 How would you prefer to die? CT-2How would you prefer to die? A murderer is condemned to death. He has to choose between three rooms. The first is full of raging fires, the second is full of assassins with loaded guns, and the third is full of lions that haven’t eaten in 3 years. Which room is safest for him?

REVIEW QUESTIONS

  1. What are the primary responsibilities of management?
  2. Generally, how is the problem of management override and collusion addressed?
  3. What is the “expectations gap”?
  4. What is the role of the external auditor in the financial reporting process?
  5. How is materiality determined?
  6. Is earnings management considered fraud?
  7. What are some red flags that may indicate that fraud is occurring?
  8. What is meant by behavioral red flags?
  9. What are the similarities and differences between analytical and accounting anomalies?
  10. What are the main components of the fraud risk assessment process?

MULTIPLE CHOICE QUESTIONS

  1. Which of the following statements best describes corporate governance with respect to fraud?
    1. Auditors are primarily responsible for the detection of fraud, the Board of Directors for the deterrence of fraud and management for the prevention of fraud.
    2. An auditor is primarily responsible for the detection, prevention, and deterrence of fraud acts at the organization under audit.
    3. The corporate governance fabric includes management, internal and external auditors but excludes the Board of Directors because executive management reports to the Board.
    4. Management is primarily responsible for adopting sound accounting policies and ensuring the fair presentation of financial performance, results of operations and the financial condition of the company.
  2. Which of the following is not a reason that the prevention and detection of fraud resulting from management override and collusion presents a significant challenge for the antifraud community?
    1. Internal controls are generally designed to prevent a single fraudster acting alone.
    2. Internal controls are best at assisting in the detection of fraud acts arising from collusion and management override.
    3. The Board of Directors maintains little direct supervisory oversight of executive operational actions and decisions.
    4. Collusive and executive perpetrators tend to be better prepared to deal with oversight mechanisms such as internal and external auditors.
  3. Which of the following is not an inherent part of Statement on Auditing Standards, No. 99/113?
    1. Greater scrutiny of the chief executive and chief financial officers personal financial condition
    2. Enhanced professional skepticism
    3. Emphasis on pre-audit discussions such as brainstorming
    4. Emphasis on interviews with key personnel throughout the organization, including supervisors, managers, and executives
  4. Select the statement that is most accurate with regard to materiality.
    1. Materiality does not create discretionary choices for managers, executives, and auditors.
    2. Earnings management is not sufficiently material to constitute fraud.
    3. Materiality is based on a percentage of net sales.
    4. Materiality includes both quantitative and qualitative factors.
  5. According to the ACFE 2016 Report to the Nations, which of the following is the most frequent source of initial fraud detection?
    1. A call to the police
    2. Tips
    3. Accidental discovery
    4. The combined discovery of fraud by internal and external auditors
  6. Which of the following is not considered a red flag (indicator) of fraud?
    1. Accounting anomalies
    2. Analytical inconsistencies
    3. Nonfinancial numbers
    4. Behavioral anomalies
  7. Which of the following statements is most accurate with regard to red flags for fraud?
    1. Red flags are compelling indicators that fraud has occurred.
    2. The investigation and resolution of red flags is the final step in the audit process.
    3. Financial performance deviations from budgeted numbers should always be a cause for alarm and suggest the need for a fraud investigation.
    4. Most red flags are explainable anomalies and are not, after subsequent investigation, indicators of fraud.
  8. Which of the following is not considered a reason for the incorporation of nonfinancial numbers in fraud detection efforts?
    1. Nonfinancial numbers have little use in fraud detection because it is financial numbers that have been manipulated.
    2. Management wants operations to run smoothly and many operational decisions are dependent on the accuracy and integrity of nonfinancial information.
    3. Nonfinancial numbers are often generated outside the accounting and reporting system and thus may not be subject to the same types of manipulations found with fraudulent accounting numbers.
    4. Nonfinancial data should be correlated with or reconciled to, financial data.
  9. Which of the following is not a step in the targeted fraud risk assessment process?
    1. Identify the parties who have the ability to commit the potential fraud.
    2. Place the parties who most likely committed the potential fraud under arrest to illicit a confession.
    3. Identify, understand, and evaluate the company’s operating environment and the pressures that exist.
    4. Review past fraud experience within the company for the process being evaluated.
  10. Considering the targeted fraud risk assessment process, which of the following is most accurate?
    1. The targeted fraud risk assessment process is centered on the likelihood (probability) and magnitude (dollar value) that fraud will occur.
    2. The targeted fraud risk assessment process is centered on the likelihood (probability) and magnitude (dollar value) that fraud has occurred.
    3. The targeted fraud risk assessment process is centered on the likelihood (probability) and magnitude (dollar value) that fraud has not occurred.
    4. The targeted fraud risk assessment process is centered on the likelihood (probability) and magnitude (dollar value) that fraud may occur.

FRAUD CASEBOOK

The Satyam Scandal

Read the following articles or other related articles regarding the Satyam case and then answer the questions below:

Sources:

Kahn, Jeremy, New York Times, “Founder of Indian Company Interrogated,” January 11, 2009.

Raju, B. Ramalinga, “Text of Ramalinga Raju’s Letter to Satyam Board.” Msn.com, January 7, 2009.

Cunningham, Lawrence (blogger), “Satyam Fraud’s Systemic Regulatory Implications, January 8, 2009

Short Answer Questions

1. In January 2009, approximately how many employees did Satyam Computer Services employ?

2. What is the primary business of Satyam Computer Services Ltd?

3. When the fraud was revealed who took control of the company?

4. How much money did the Raju’s earn from sales of Satyam stock in the eight years preceding the fraud revelation?

5. How many board members did Ramalinga Raju implicate in the fraud?

6. What was the cash balance sheet amount and how much cash actually existed in the Satyam’s bank accounts?

Discussion Questions

1. Opinion: Do you believe that fraud in the United States is more or less prevalent than fraud in countries outside the United States? Why?

2 In the case of Satyam, the company reported almost $1 billion in cash balances, yet close to $900 million was missing. Two questions:

2. How would a fraudster conceal missing cash, especially amounts of this magnitude?

3. How would an audit not catch missing cash amounts of this magnitude?

BRIEF CASES

1 Red Flags. Assume that Aardvark and Zebra compete in the same four-digit SIC code industry and offer comparable products and services. The following table contains their reported financial performance and condition for the last two years, calculated ratios and key nonfinancial metrics. Assume that industry ratios were derived from a reputable source. Further, assume that nonfinancial metrics were derived from reliable public and internal sources. Identification of Red Flags

Identification of Red Flags
Aardvark Company Zebra, Inc.
Balance Sheet Year 1 Year 2 Analysis Year 1 Year 2 Analysis
Assets—Cash 375 720 92% 375 720 92%
Assets—Accounts Receivable 375 795 112% 375 495 32%
Assets—Long-term 750 1350 80% 750 1,350 80%
Assets 1,500 2,865 91% 1,500 2,565 71%
Liabilities—Current 600 1125 88% 600 1125 88%
Liabilities—Long-term 300 562.5 88% 300 562.5 88%
Liabilities 900 1,687.5 88% 900 1,687.5 88%
Stockholders Equity 600 1,177.5 96% 600 877.5 46%
Liabilities and Stockholders Equity 1,500 2,865 91% 1,500 2565 71%
Income Statement
Revenues 1,800 3,600 100% 1,800 3,300 83%
Costs of Good Sold 750 1,387.5 85% 750 1,387.5 85%
Gross Profit 1,050 2,212.5 111% 1,050 1,912.5 82%
Operating Expenses 900 1,635 82% 900 1,635 82%
Operating Income 150 577.5 285% 150 277.5 85%
Analysis of Statement of Cash Flows
Operating Income 150 577.5 285% 150 277.5 85%
Depreciation * Operating Cash 37.5 −232.5 −720% 37.5 67.5 80%
Operating Cash Flows 187.5 345 84% 187.5 345 84%
Aardvark Company Zebra, Inc.
Ratios Year 1 Year 2 Industry Year 1 Year 2 Industry
Current Ratio 0.63 0.64 1.15 0.63 0.64 1.15
Debt-to-Assets Ratio 0.600 0.589 0.625 0.600 0.658 0.625
Return on Assets 10% 20% 10% 10% 11% 10%
Gross Margin 58% 61% 58% 58% 58% 58%
Operating Cash Flow/Income 125% 60% 125% 125% 124% 125%
DuPont Expression Ratios
Risk—Assets-to-Equity 2.50 2.43 2.75 2.50 2.92 2.75
Revenue Generation—Asset Turn 1.20 1.26 1.25 1.20 1.29 1.25
Profits—Profit Margin 8% 16% 8% 8% 8% 8%
Return on Equity 25% 49% 27% 25% 32% 27%
Aardvark Company Zebra, Inc.
Analysis of Nonfinancial Metrics Year 1 Year 2 Analysis Year 1 Year 2 Analysis
Retail Square footage 85,500 157,500 84% 85,500 157,500 84%
# Employees 1710 3112.5 82% 1710 3112.5 82%
# Store locations 142.5 255 79% 142.5 255 79%

1. Use the Aardvark and Zebra data provided to complete the following assignments:

  1. Describe any symptoms of fraud
  2. Draw a conclusion about fraud predication and recommend next steps.

2. Targeted Risk Assessment. Consider the following scenario.

Leonard, LLC’s operates in the US northeast and is headquartered in Pittsburgh, PA. The company’s main competitor is Malcolm, LLC. The overall economy is exiting a mild recession, and the industry is considered by the financial press and analysts to be reasonably healthy.

Related to Leonard, LLC, stock market participants have projected that Leonard will outperform the industry and key competitors during the upcoming fiscal year. At the same time, industry trade journals and the financial press have hinted at operational issues and Leonard, LLC has met analysts’ expectations for the past 1.5 years.

The company has three operational processes that interface manually with the accounting records: Revenue and accounts receivable, operating expenses and accounts payable, personnel and payroll. In addition, in the latest fiscal year, Leonard opened foreign operations in China, created five subsidiaries and located two divisions in Alaska and Hawaii.

The CEO is heavily involved in revenue activities, revenue accounting and financial reporting. The accounts receivable clerk is shy, has one year of experience, and is responsible for collections and financial reporting of revenues and A/R. During past three audits, based on elevated risk concerns, the auditor has completed extra uncompensated work. Preliminary engagement brainstorming identified concerns regarding:

  • Potential fictitious credit applications with fabricated information.
  • Sales to nonexistent customers based on vertical, horizontal, ratio, cash flow, and NFM analyses.
  • Two top 10 customers are defined as related parties.

All revenues are accounts receivable-based, and revenue is the single largest line item in the financial statements. Accounting reconciliations are manually completed at year-end in preparation for the audit and release of the audited financial statements. In the past, auditors have been troubled by missing records, lack of support for transactions, and the CEO’s involvement with final adjustments to the financial statements.

Assignment:

  1. Use the data described above for Leonard LLC and a description of chief competitor Malcolm LLC’s corresponding risk to complete a targeted fraud risk assessment for fictitious revenue using the matrix provided with Wiley student online student material.
  2. In the final box, similar to Malcolm, LLC, draw a conclusion about the risk of fictitious revenue.

MAJOR CASE INVESTIGATION

The following is the “inventory” of items received to continue the examination at Johnson Real Estate. The goal is to focus on the missing deposits: who, what, when, where, and how.

  • Memorandum to Case File:
  • Chris Peters Interview Synopsis
  • Kemba Fiorina Interview Synopsis

These items will be provided by the course instructor.

Assignment:

Continuing to focus on evidence associated with the act, concealment and conversion, use the evidentiary material to continue the investigation. In addition, as the examiner also start to think of terms of who, what (did the person(s) do), when (during what period?), where (physical place, location in books and records), and how (perpetrated, hidden and did the perpetrator benefit).

IDEA EXERCISES: ASSIGNMENT 8

ideaCase background: See Chapter 1.

Question: Does Fairmont have any contactor personnel whose have terminated but are being paid through payroll after termination (e.g., ghost employees)?

Student task: Students should (a) present a listing of any payroll disbursements for Theresa Angelina after January 4, 2019, and (b) discuss the finding and recommend investigative next steps.

Student Material for step-by-step screenshots for completing the assignment are available from your instructor.

TABLEAU EXERCISES: ASSIGNMENT 8

tableauCase tableau background: See Chapter 1.

The forensic audit has revealed a possible “ghost” employee, Theresa Angelina, who was terminated on January 4, 2019.

Question: Can you present a graphic that presents the payroll disbursement amounts by date for the contact employee who has been terminated but has been paid after termination (i.e., ghost employees)?

Student task: Students should (a) present a graphic that presents the payroll disbursement amounts by date for the Theresa Angelina who has been terminated but has been paid after January 4, 2019 (i.e., ghost employees) and (b) discuss the finding and recommend investigative next steps.

Student Material for step-by-step screenshots for completing the assignment are available from your instructor.

Endnotes

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.116.228