Lecture Slides for Modules 1 and 2
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Lecture Slides for Modules 1 and 2

on

  • 1,071 views

 

Statistics

Views

Total Views
1,071
Views on SlideShare
1,068
Embed Views
3

Actions

Likes
1
Downloads
64
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Ask the audience whether they are familiar with some or all of the above cases. Are there any common factors between these clients? C-suite participation Acquisitive companies All companies represented on the slide have been subject to fraud. REFER TO DESCRIPTIONS OF FRAUD CASES PROVIDED IN THE INSTRUCTOR MATERIALS. Choose one of the above frauds and ask: Do you know what the fraud involved? What procedures could the auditor have used to find the fraud? Was it the auditor’s responsibility to find the fraud? Or to complete these procedures?
  • Important: Audit teams should understand the Audit Committee’s expectation of PwC with respect to each category in the circle. We should have a clear understanding as to the nature and extent of the external auditor’s consideration of fraud during the course of the audit. SAS 99 addresses only two categories of fraud: Fraudulent financial reporting and Misappropriation of assets Our clients, however, face 5 additional types of financial fraud risk: Revenue & assets obtained by fraud (e.g., over billing customers); Costs & expenses avoided by fraud (e.g., tax fraud); Expenditures and liabilities for an improper purpose (e.g., bribery); Financial misconduct by a member senior management or the Board (e.g., insider trading); and Management disclosure fraud (e.g. misrepresenting market share). Audit committees should be aware that the financial statement audit extends to only the two fraud discussed in SAS 99.
  • Important: Audit teams should understand the Audit Committee’s expectation of PwC with respect to each category in the circle. We should have a clear understanding as to the nature and extent of the external auditor’s consideration of fraud during the course of the audit. SAS 99 addresses only two categories of fraud: Fraudulent financial reporting and Misappropriation of assets Our clients, however, face 5 additional types of financial fraud risk: Revenue & assets obtained by fraud (e.g., over billing customers); Costs & expenses avoided by fraud (e.g., tax fraud); Expenditures and liabilities for an improper purpose (e.g., bribery); Financial misconduct by a member senior management or the Board (e.g., insider trading); and Management disclosure fraud (e.g. misrepresenting market share). Audit committees should be aware that the financial statement audit extends to only the two fraud discussed in SAS 99.
  • Companies subject to Sarbanes-Oxley must now have and implement “antifraud programs and controls”, which the independent auditor must evaluate annually during the audit of internal controls . Although most of these companies already have components of an antifraud program, e.g., codes of ethics and conduct, companies may need to enhance their programs to address the new requirements and to avoid an auditor’s finding of a “significant deficiency” or “material weakness” in the audit of internal controls. Private companies also need to be familiar with fraud management, particularly if their strategy contemplates a public debt offering, IPO or sale to a public company. Apart from mitigating legal and regulatory risk, fraud management provides significant cost savings opportunities, which directly impact the bottom line. For example, the Association of Certified Fraud Examiners estimates that the average U.S. company loses the equivalent of 6% of revenues to fraud. The PwC Whitepaper at p.31 contains a quick reference guide of key actions that most companies will need to consider.    
  • Companies subject to Sarbanes-Oxley must now have and implement “antifraud programs and controls”, which the independent auditor must evaluate annually during the audit of internal controls . Although most of these companies already have components of an antifraud program, e.g., codes of ethics and conduct, companies may need to enhance their programs to address the new requirements and to avoid an auditor’s finding of a “significant deficiency” or “material weakness” in the audit of internal controls. Private companies also need to be familiar with fraud management, particularly if their strategy contemplates a public debt offering, IPO or sale to a public company. Apart from mitigating legal and regulatory risk, fraud management provides significant cost savings opportunities, which directly impact the bottom line. For example, the Association of Certified Fraud Examiners estimates that the average U.S. company loses the equivalent of 6% of revenues to fraud. The PwC Whitepaper at p.31 contains a quick reference guide of key actions that most companies will need to consider.    
  • Appendix B of the whitepaper, pp 27 – 30, provides an overview of applicable legislation, regulation and professional standards. .  
  • Management is required to base its assessment of the effectiveness of the company's internal control over financial reporting on a suitable, recognized control framework established by a body of experts that followed due-process procedures to develop the framework. In the United States, the Committee of Sponsoring Organizations ("COSO") of the Treadway Commission has published Internal Control – Integrated Framework (known as the "COSO Report"). The COSO Report has emerged as the framework that management and auditors use to evaluate internal controls. Antifraud programs and controls include all 5 components of COSO, although special emphasis is placed on t he control environment, the tone set at the top of an organization that influences the control consciousness of its people.  
  • Control environment factors include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility, and organizes and develops its people; and the attention and direction provided by the audit committee and board of directors. The control environment has a pervasive influence on the way business activities are structured, objectives established and risks assessed. It also influences risk assessment, control activities, information and communication systems, and monitoring activities. The control environment is not static; it is influenced by the entity's history and culture and in turn influences the control consciousness of its people in performing their day-to-day activities. Since 90% of the frauds occur in the C-Suite, the establishment of strong antifraud programs and controls is an essential component of a healthy control environment. The whitepaper at pp. 4 – 13 provides the details regarding design and operating effectiveness of the antifraud program elements of the control environment.
  • While many companies implicitly consider fraud risk, an effective antifraud program requires explicit assessment of fraud risk. Fraud risk assessment expands upon traditional risk assessment. Fraud risk assessment is scheme and scenario based rather than control objectives based. The assessment considers the various ways that fraud and misconduct can occur by and against the company. Fraud risk assessment also considers potential schemes to circumvent existing control activities, which then leads to additional compensating control activities. To be effective, management should perform fraud risk assessments on a comprehensive basis rather than in an informal or haphazard manner. The COSO framework instructs that risk assessments should also occur when special circumstances arise, such as a changed operating environments, new products and markets, and corporate restructurings. Management should include fraud risk in these assessments. Management must also assess fraud risk at the company-wide, business unit, and significant account levels. The nature and extent of management’s risk assessment activities should be commensurate with the size of the entity and complexity of its operations (e.g., the risk assessment process is likely to be less formal and less structured in smaller, centralized entities). Note: See White paper at pp. 13 –15 for additional information
  • Once the fraud risk assessment has taken place, the entity should identify the processes, controls, and other procedures that are needed to mitigate the identified risks. In the context of an antifraud management program, control activities are those actions taken by management to identify, prevent, and mitigate fraudulent financial reporting or misuse of organizations assets. Antifraud control activities should occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, segregation of duties, reviews of operating performance and security of assets. Management should evaluate whether appropriate internal controls have been implemented in any areas management has identified as posing a higher risk of fraudulent activity (e.g., revenue recognition, non-standard journal entries, etc.), as well as controls over the entity’s financial reporting process and the potential for management override. Because of the importance of information technology in supporting operations and the processing of transactions, management also needs to implement and maintain appropriate controls, whether automated or manual, over computer-generated information. The environment in which an entity operates affects the fraud risks to which it is exposed and may present unique external reporting requirements, or special legal or regulatory requirements.
  • Please look in your learning log and open the file named: TEMPLATE I – Incentives Inventory. Down the left hand column you will see the organizational structure with key functions and/or personnel. Across the top you will see the components of the fraud triangle. While the triangle includes three points of focus, we have broken incentives and pressure into two categories for clarity purposes. We have also included an additional column to document any potential fraud schemes which that particular person could be involved in. Let’s spend a minute talking about who in the organization we should be addressing the fraud triangle with. At the entity level , there will likely be overriding fraud risk factors such as: Analyst expectations, competitive factors, etc. It is also necessary to address these items for each key individual at the entity level. The fraud risk factors should also be addressed for each significant business unit . The environment that each significant unit works in could be very different from the others. For example, if the West division is meeting its budgets due to true growth, they may not feel any pressure to commit fraud, however, for struggling units, the pressure is higher. Understanding these differences will assist you in focusing your risk assessment process. It is also important to address the fraud risk factors for significant functions within each business unit. The incentives, pressure and attitude of the purchasing function will likely be much different that the sales function, and it is not always the sales function that is subject to fraud. In summary, the audit team must assess risk from the top to the bottom of the entity. As will be discussed further, this document should be a living breathing document throughout the audit process and should be revisited at various stages throughout the audit.
  • Another tool. Include with other tools? Consider moving above discussions.
  • Another tool. Include with other tools? Consider moving above discussions.
  • Effective communications and information regarding a company’s antifraud programs and policies are critical to ensuring their success. As a first step, it is imperative that antifraud policies and programs capture all relevant information and spell out each employee’s responsibilities in relation to the program. In addition, a company must ensure that all key components of its antifraud program are properly and effectively communicated to employees in a form and time frame that allows them to carry out their responsibilities in an effective manner.   In order to be effective, communication regarding the company’s antifraud policies and procedures must flow down, up and across an organization. All personnel must receive a clear message that the company is serious in its commitment to preventing fraud. In addition, each employee must fully understand all relevant aspects of the company’s antifraud program and his or her role and responsibilities. See whitepaper at pp. 16 – 17 for a discussion of what is required of information technology, training and knowledge management.
  • A company’s antifraud controls, programs and policies must be monitored - a process that assesses the quality of the system’s performance over time. This is typically accomplished through ongoing monitoring activities, separate periodic evaluations or a combination of the two. The frequency of separate evaluations or audits necessary for management to have reasonable assurance about the effectiveness of its antifraud controls is a matter of management’s judgment. In making that determination, consideration should be given to the following: the nature and degree of changes occurring and their associated risks, the competence and experience of the individuals implementing the controls, as well as the results of ongoing monitoring.   See whitepaper at pp. 18 – 20 for additional information regarding monitoring and auditing.  
  • DC&P What underlying systems support the accounting/finance function and what is the level of integration among these systems? What level of business information is available via existing systems and how is this information reported ? (consolidated, segment, product, etc.) Is there a formal closing schedule that is adhered to by all locations? Do resource levels and/or skill-sets pose a problem? Are management and financial reports generated via accounting systems or manually? Consistency of management information versus external financial statement presentations? Does the company have skilled resources to meet SEC and other external reporting requirements?

Lecture Slides for Modules 1 and 2 Presentation Transcript

  • 1. Fraud 101 Financial Fraud MGT 506-1
  • 2. Course Overview
  • 3. Fraud Quiz How many public companies over the last five years had to restate their financial statements due to material accounting irregularities? A business school study showed what percentage of CEO participation in SEC enforcement actions involving fraud? What percentage of SEC enforcement actions involving fraud were perpetrated by senior management? Historically, what percentage of CFOs report that the CEO has pressured them to misrepresent accounting? 1,000 56% 70% 90%
  • 4. Fraud Quiz (2)
    • According to government and private studies, how much does the average company lose – in terms of percentage of revenue – to fraud and abuse?
    • Illustration: Manufacturing Company A has $100 million revenues earns $30 million per year. Comparable companies sell at 4x EBITDA
    • 1. What is 6% of Company A’s revenues?
    • What is the potential uplift if all fraud could be eliminated?
    • What is the potential percentage increase in earnings?
    • What is the potential uplift in enterprise value?
  • 5. So, What Is Fraud?
    • Black’s Law Dictionary
    • Intentional perversion of truth
      • False representation of a matter of fact
      • Whether by words or conduct
      • False, misleading, concealment of that which should have been disclosed
    • For the purpose of inducing another
    • In reliance upon perversion of truth
    • To part with some valuable thing belonging to him or to surrender a legal right
  • 6. So, What Is Fraud?
    • Black’s Law Dictionary:
    • “ An intentional perversion of truth for the purpose of inducing another in reliance upon it to part with some valuable thing belonging to him or to surrender a legal right; a false representation of a matter of fact, whether by words or by conduct, by false or misleading allegations, or by concealment of that which should have been disclosed, which deceives and is intended to deceive another so that he shall act upon it to his legal injury.”
  • 7. Perspectives On Fraud: Prosecutors, Regulators & Lawyers
    • By the Corporation
    • Corporation as “victimizer”
    • Corporation benefits:
      • Financially
      • Other
    • Corporation subject to potential civil and/or criminal liability
    • Against the Corporation
    • Corporation as victim
    • Corporate risks:
      • Financial
      • Legal, and
      • Reputation
    • Potential civil recovery by Corporation
  • 8. Perspectives On Fraud: Bad Fraud & Good Fraud
    • “ Bad” Fraud
    • Acquirer Overpays
    • Earnings management
      • False revenue recognition schemes
      • Costs and expenses schemes
      • Understatement of liabilities
    • Illegal conduct
      • Liability for past conduct
      • Impact upon future earnings
    • “ Good” Fraud
    • Acquirer Underpays
    • Misconduct that if discovered, reduces costs and increases earnings
  • 9. Perspective On Fraud: Post-Sarbanes
  • 10. Perspective On Fraud: Post-Sarbanes
    • Legal & Regulatory Risk:
    • U.S., state and foreign law
    • Sarbanes-Oxley
    • Final SEC Rules
    • FCPA et. al.
    • SAS 99
    • Financial Risk:
    • U.S. Dept of Commerce/ACFE: Average U.S. company loses equivalent of 6% of revenues to fraud
    • 6% of Revenue = ?
    • Cost savings opportunities and potential – despite statistical exaggeration
    • Reputation Risk:
    • Management
    • Audit Committee
    • Audit
      • Internal Audit
      • External Audit
  • 11. Roles, Responsibilities, Stakeholders
    • Management
    • C-Suite
    • Business Leaders
    • General Counsel, Ethics & Compliance
    • The Board/Audit Committee
    • Oversight of prevention/mitigation
    • Supervision of special investigations
    • Government
    • Congress
    • SEC
    • PCAOB
    • Other Regulators
    • Federal and State Prosecutors
    • Auditors
    • External Auditor – “Integrated Audit”
    • Internal Audit
    • External Audit
  • 12. Fraudulent Financial Reporting a/k/a “Earnings Management”, a/k/a “Cooking The Books”
    • Improper Revenue Recognition
    • Overstatement of Assets
    • Understatement of Liabilities
    • Management Disclosure & Analysis Fraud
  • 13. Common Revenue Recognition Schemes
    • Premature Revenue Recognition
      • Side agreements
      • Liberal return of product
      • Channel Stuffing
    • Fictitious Revenue Recognition
      • Fictitious sales
      • Round tripping
    • Construction Related Schemes
    • Sham related party transactions
  • 14. Common Overstatement Asset Schemes
    • Cash Balance Schemes
    • Inventory Schemes
      • Inflating quantity
      • Inflating value
    • Accounts Receivable Schemes
      • Creating fictitious receivables
      • Artificially inflating value of receivables
    • Investment Schemes
      • Fictitious investments
      • Overstating value of investments
  • 15. Common Understatement of Liability Schemes
    • Improper Capitalization of Expenses
      • Software development
      • Research and development
      • Start Up Costs
    • Improper Expensing of Capitalized Costs
    • Off Balance Sheet Entity Schemes
    • Overstatement of Liability Reserves (“Cookie Jar” Reserves)
  • 16. Common Misappropriation of Assets Schemes
    • Cash
      • Theft of cash receipts
      • Unrecorded/understated sales or receivables
      • Lapping
    • Fraudulent Disbursements
    • Payroll
    • Inventory
    • Fixed Assets
  • 17. Expenditures For An Improper Purpose
    • Payments to Government Officials
      • Domestic payments
      • Political Campaign Violations
      • FCPA bribery payments
      • FCPA “books and records” violations
    • Commercial Bribery
  • 18. Assets/Revenue Obtained By Fraud
    • Fraud Against Employees/Joint Venture Partners
    • Fraud Against Suppliers
    • Fraud Against Customers
      • Government
      • Commercial parties
      • Consumers
    • Sample Schemes
      • Antitrust
      • Defective pricing
      • Shipment of damaged goods
  • 19. Expenses Avoided By Fraud
    • Tax Crimes
      • Failure to Pay
      • False Statements
      • Evasion
    • Fraud Against Suppliers & Customers
    • Improper Labor Practices
    • Environmental, Health & Safety Violations
    • Money Laundering
  • 20. Senior Management Fraud
    • Use of Corporate Assets to Commit Illegal Conduct
    • Insider Trading
    • Unauthorized Compensation
    • Failure to Pay Taxes
    • Travel Expense Fraud or Abuse
    • Receipt of Free or Below Market Goods and Services From Vendors, Suppliers, Etc.
    • Related Party Transactions
    • Conflicts of Interest
    • CV and Academic Deception
  • 21. The Legal Landscape: Reactive to Proactive
    • 1970’s & Before: Standard Reactive Approach
      • Federal: Mail & Wire Fraud, SEC Fraud
      • State: General Business Fraud Statutes
      • Inchoate Crimes: Conspiracy/Aiding & Abetting
      • Corporate Criminal Liability
      • Beginning of Corporation As Cop: CTRs
    • 1980’s – 1990s: Shift Toward Proactive
      • Organized Crime Techniques Applied to Economic Crime
      • More Specialized Criminal Legislation
        • RICO
        • Money Laundering Statute
      • Corporate As Cop Continues: SARs
  • 22. The 21 st Century Landscape
    • Civil and Criminal Legislation
      • FCPA
      • Patriot Act
      • Sarbanes-Oxley Act of 2002
    • Rules & Regulations
      • SEC Final Rules for Implementation of Sarbanes-Oxley
      • SEC Audit Committee Rules
      • U.S. Sentencing Guidelines
      • SEC Accounting Bulleting (SAB) 99
    • Professional Standards
      • COSO I
      • Statement of Auditing Standards (SAS) 99
      • Public Company Accounting Oversight Board Standards For Integrated Audit
      • Institute for Internal Auditors (IIA) Standards
      • ABA Rules for Professional Responsibility
  • 23. 2004 Hot Topic: Prevention and Timely Detection
      • What Are The Elements of An Effective Antifraud Program?
  • 24. 2004 Hot Topic: Prevention and Timely Detection
    • Final SEC Rules Require “Antifraud Programs & Controls”
    • Independent Auditor Evaluates and Tests on Annual Basis
    • Also Relevant to Private Company, Particularly If Organization
      • Aspires to Best Practices
      • Anticipates Public Debt Offering, IPO or Sale to Public Company
  • 25. Snapshot of New Rules & Standards
    • Migration From Federal Sentencing Guidelines to COSO
      • FSG: Define 7 Criteria of Effective “Compliance” Program
      • COSO: Define Effective “Controls”
    • Final SEC Rules
      • Management’s Assessment of Internal Controls Must Consider Fraud Prevention and Detection Controls
    • SAS 99
      • Requires Fraud Auditing If Antifraud Controls Do Not Adequately Mitigate Fraud Risk
    • Proposed PCAOB Standard
      • Evaluation/ Testing of Design and Operating Effectiveness of Antifraud Programs and Controls ( ¶24)
      • Mandatory Significant Deficiency If Internal Audit or Risk Assessment Is Inadequate, of If Senior Management Engages in Fraud of “Any Magnitude” ( ¶126)
  • 26. Applying The COSO Framework
    • Control Environment
      • Code of conduct/ethics
      • Ethics hotline
      • Hiring and promotion
      • Audit committee oversight
      • Investigative process
      • Remediation
    • Fraud Risk Assessment
      • Systematic process
      • Level within organization
      • Likelihood and significance
    • Control Activities
      • Linking controls to identified fraud risks
    • Information/Communication
      • Information systems & technology
      • Knowledge management
      • Training
    • Monitoring
      • Ongoing monitoring by management
      • Separate “after the fact” evaluations by internal audit
  • 27. Special Emphasis Is Placed On The Control Environment
    • Codes of Conduct / Ethics
      • Must Meet Requirements of Final SEC Rules
      • Should Apply to All Accounting and Financial Oversight Personnel
      • Must Be Communicated Effectively
    • Whistleblower Hotlines
      • Must Meet Requirements of Final SEC Rules
      • Audit Committee Oversight and Independent of Management
    • Hiring and Promotion Procedures
      • Background Investigations for Persons of Trust
      • Also Consider Process for Agents, Vendors, Etc.
    • Audit Committee Oversight
      • Passive Not Adequate
      • Active Discussion of Fraud
    • Investigation / Remediation
      • Standard Investigative Process
      • Adequate Remediation to Prevent Recurrence
  • 28. Companies Must Now Specifically And Explicitly Assess Fraud Risk
    • Systematic Rather Than Haphazard or Informal
    • “ Scheme and Scenario” Approach
    • Address
      • Financial reporting
      • Misappropriation of assets
      • Expenditures and liabilities for improper purposes
      • Fraudulently obtained revenues and assets, and costs and expenses avoided by fraud
      • Fraud by senior management
    • Extend to Business Unit and Significant Account Levels
    • Likelihood: Identify Fraud Risks That Are “More Than Remote”
    • Significance: Identify Fraud Risks That Are “More Than Inconsequential in Amount”
    • Consider Risks of Management Override
  • 29. Linking Control Activities To Fraud Risk Assessment
    • Management Should Identify Processes, Controls, and Other Procedures That Are Needed to Mitigate Identified Risks
    • Should Occur Throughout Organization, at All Levels and in All Functions
    • Very Broad, e.g., Approvals, Authorizations, Verifications, Reconciliations, Segregation of Duties, Reviews of Operating Performance, Background Investigations, Physical Security
  • 30. Sample Tools: Incentives Inventory BUSINESS PROCESS - REVENUE Controller of BU A Opportunity to Commit VP of Sales President of BU A BUSINESS UNIT A CFO In-house counsel CEO Audit committee Board ENTITY LEVEL Potential Scheme Attitudes/ Rationalization Pressure Incentives
  • 31. Sample Tools: Opportunities Inventory
    • Payroll cycle
    Management Unit B
    • Inventory cycle
    • Investments cycle
    • Purchasing cycle
    • Revenue cycle
    • Treasury cycle
    Management Unit A Senior management Board Financial Misconduct By Senior Mgmt Revenue and Assets Obtained By Fraud Expenditure & Liabilities for an Improper purpose Misappropriation of Assets Financial Statement Fraud
  • 32. Sample Tools: Fraud Risk Matrix Preventive Control Activity Likelihood (Remote, More Than Remote, Reasonably Possible, Probable) Detective Control Activity Significance (Inconsequential, More Than Inconsequential, Material) Description of Fraud Risk (from Incentives and Opportunities Inventories)
  • 33. Information and Communication
    • Information Systems & Technology Controls
      • Technology enabled fraud , e.g., holding books open
      • Prevention and detection of unauthorized access
      • Inappropriate modification of computer programs
      • System override
      • Ability to investigate computer misuse
    • Knowledge Management
      • Identified fraud risks
      • Strengths and weaknesses of antifraud control activities
      • Suspicions and allegations about fraud; and
      • Remediation efforts.
    • Training
      • Frequency
      • Scope and sufficiency
  • 34. Fraud Monitoring and Auditing
    • Management: On-going, Day to Day Monitoring
      • Embedded into normal operating activities
      • Includes regular management and supervisory activities
      • Should leverage available information technology
    • Internal Audit: Separate, After-the-Fact Evaluation
      • Scope and frequency contingent upon risk and effectiveness of ongoing monitoring
      • Must address fraud risk in planning and executing internal audit cycle
      • IA must include knowledgeable and experienced fraud professionals
      • Fraud auditing is different than forensic investigation
  • 35. Fraud Auditing Is Different From Fraud Investigation Determine area of operations at risk Determine schemes to which you are most vulnerable Identify potential fraud schemes Identify units/processes where schemes most likely to occur Identify red flags and indicators associated with schemes Determination by Area Build audit steps to search for indicators: Analytics, External and Internal Interviews, Tests of Details, Computer Assisted Auditing Techniques Determination by Scheme Conduct further inquiry if red flag is detected or suspected
  • 36. Next Week: Improper Revenue Recognition
    • Team Assignments:
    • Team A– Xerox
    • Team B– Lernout & Hauspie
    • Team C– Dynergy
    • Team D –Qwest Communications
    • Team E – Royal Ahold
    • Components:
    • Describe Fraud Scheme & Resolution With Illustration.
    • How Was It Detected?
    • What Went Wrong, e.g.No Controls / Circumvention / Override?
    • How Can This Type of Scheme Be Prevented or Timely Detected?