ReCh  Management CentreForensic Auditing &Accounting
ContentsThe international business environment..........................................................6     Introduction...
Changes in Behaviour “Red Flags” .........................................................26    Red Flags in Cash/Accounts...
Components of Fraud Rationalisation .....................................................58      Controls and the deterren...
Initial Enquiries.........................................................................................82      Managers...
The international business environmentIntroduction         Chris McKittrick - Forensic Accountinghttp://www.youtube.com/wa...
• Which is believed,          • And acted upon by the victim,          • To the victim’s damage.          Fraud, like othe...
While, the most recent comprehensive study, the third report of the Fraud Advisory Panel,put the annual economic cost at £...
In summary, tackling fraud effectively fits in to our wider economic, social and internationalagenda.Mechanisms for dealin...
The SFO has not always had a fair press, so let me state unequivocally: the record of theSFO is impressive and it has more...
Another key component of the team is the forensic computer and IT experts, who          decipher, explore, and recover com...
Execution PhaseThe fraud risk assessment process does not end with the development of the auditprogram. During the executi...
The role of effective financial reporting          Oversight Systems Corporate Fraud Survey Finds          Sarbanes-Oxley ...
and reimbursement schemes (29 percent), bribery/economic extortion (25 percent) andinventory and non-cash asset misuse (20...
• Jeffrey K. Skilling, Enron – 95 percent          • Kenneth L. Lay, Enron – 96 percent          • Richard Scrushy, Health...
realize that such efforts are more than just good business practice, as they have alwaysbeen, but also are matters that ca...
The GCs role in this oversight function can be a comprehensive one, starting withreviewing the reporting process and asses...
Once an anti-fraud policy is implemented, the next logical challenge is enforcement of the          policy in the case of ...
order to detect key problems that could lead to certain activities, the implementation of          audit procedures more t...
Inevitably there came a time when investors did not receive the money to which they believed they were            entitled...
Customer Fraud: A customer pays with stolen cheques or credit cards. A more         sophisticated fraudster may make and p...
•“I really need this money and I’ll put it back when I get my pay cheque”         •“I’d rather have the company on my back...
responsibility for follow-up investigation of a red flag should be placed in the hands of a         measured and responsib...
During the course of my internal audit review I found that many expenses had been debited to ‘expense   dump’ accounts. Fo...
    Refusal to take vacation or sick leave       Lack of segregation of duties in the vulnerable areaManagement Red Flag...
    Let your secretary, accounting tech, audit/budget tech, records tech,         administrative assistant do everything....
   Unauthorized bank accounts       Sudden activity in a dormant banking accounts       Taxpayer complaints that they a...
    Vendors without physical addresses        Vendor addresses matching employee addresses        Excess inventory and ...
“My husband/wife just got a great promotion.”“I have a few little investments that have been doing really, REALLY well.”“G...
• Gambling debts• Illicit affairs• High life styleObviously not everyone who faces undue pressure commits fraud, but the h...
known as “applicable accounting rules”. One of these partnership deals was to distributeBlockbuster videos by broadband co...
The potential for corporate and company liability stemming from employee misuse of Corporate IT and   at the very least, a...
The theft of assets takes many forms, from employees simply walking away with laptopsand other valuable and moveable asset...
Courtesy of JESSE’S CAFÉ AMÉRICAIN   More like international crime families sending out enticing emails trying to lure and...
Most indications of employee fraud fall into one of six categories: (1) accountinganomalies, (2) internal control symptoms...
1. Exception reports identified fraudulent transactions that had no apparent businesspurpose, that involved unusually larg...
Fraud occurs when pressure, opportunity, and rationalization come together. Most peoplehave pressures. Everyone rationaliz...
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Forensic auditingandaccounting jun_2012
Upcoming SlideShare
Loading in...5
×

Forensic auditingandaccounting jun_2012

3,228

Published on

Forensic auditing and accounting

Published in: Economy & Finance, Business
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,228
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
194
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

Forensic auditingandaccounting jun_2012

  1. 1. ReCh Management CentreForensic Auditing &Accounting
  2. 2. ContentsThe international business environment..........................................................6 Introduction ................................................................................................6 http://www.youtube.com/watch?v=ZUiSGe2LCfk .....................................6 http://www.youtube.com/watch?v=DipTXplOQhg.....................................6 What is Fraud ............................................................................................6 Key issues which drove the frauds of the 21st Century .............................7 Bad Cellular .............................................................................................11 The organisational planning framework ..................................................11 The role of effective financial reporting ....................................................13 The role of chief legal officer or general council ......................................15 The role of effective financial auditor .......................................................18 The role of prudent financial investors.....................................................19Overview of “Creative Accounting” Techniques and the Red-Flags of Fraud20 Facts about Fraud ...................................................................................20 The Fraud Triangle ..................................................................................21 The Red Flags for Fraud .........................................................................21 Factors Contributing to Fraud ..................................................................22 How is Fraud Discovered? ......................................................................22 What is a Red Flag? ................................................................................22 Why are Red Flags important?................................................................22 The Importance of Red Flags for Fraud ..................................................22 The Types of Red Flags for Fraud ..........................................................23 General Red Flags ..................................................................................23 Opportunity Red Flags.............................................................................23 Employee Red Flags ...............................................................................24 Management Red Flags ..........................................................................25 2
  3. 3. Changes in Behaviour “Red Flags” .........................................................26 Red Flags in Cash/Accounts Receivable ................................................26 Red Flags in Payroll.................................................................................27 Red Flags in Purchasing/Inventory .........................................................27 Lifestyle Fraud .........................................................................................28 Common Types of Fraud ........................................................................30 Fraud perpetrated for the benefit of shareholders...................................30 Fraud perpetrated through the development of false Financial Statements 31 Fraud perpetrated through the misuse of corporate resources...............31 Fraud perpetrated through third party intervention ..................................32 Fraud perpetrated through false revenue recognition .............................32 Fraud perpetrated through the use of acquisitions..................................32 Fraud perpetrated through derivatives -reason unknown .......................33 Fraud perpetrated through the absence of proper accounting records ..34 Fraud perpetrated through override of existing controls and for the benefit of the individual 38 Other Fraud Danger Signals ...................................................................41 Next Steps ...............................................................................................41 Evaluating Red Flags ..............................................................................42 Reporting Fraud.......................................................................................46 Conclusion ...............................................................................................46Internal Accounting and Operational Controls and Fraud .............................47 Nature and theory of Internal control structure ........................................47 Internal Controls ......................................................................................49 Limitations of Internal Controls ................................................................51 Balancing risk and Internal Controls........................................................51 Internal Operational Controls...................................................................51 Internal Accounting controls ....................................................................55 3
  4. 4. Components of Fraud Rationalisation .....................................................58 Controls and the deterrence of fraud.......................................................58 Controls and the detection of fraud .........................................................58Controls and the investigation of fraud ..........................................................59 The back economy – awareness and profiles.........................................61 Money laundering component and the proceeds of crime ......................63 Money laundering ....................................................................................63 Governance and Business Risk overview...............................................64 Fraud Theory ...........................................................................................64 Limitations of traditional audit techniques................................................66 Strategic Fraud Prevention Plan .............................................................68Audits..............................................................................................................70 Role of public perception v practical reality .............................................70 Reactive and proactive forensic audits....................................................75 Auditing and forensic auditing compared and contrasted .......................75 Forensic Computer Investigation.............................................................77 Financial statement fraud ........................................................................77 Fraud Schemes .......................................................................................78 Fraud Characteristics ..............................................................................78 Financial Statement Fraud Harm ............................................................78 Corporate Governance mitigating fraud ..................................................79 Earnings Manipulations and Management..............................................80Investigations and Expert Witness Testimony ..............................................80 Introduction ..............................................................................................80 Purpose of the Fraud Response Plan .....................................................80 Action following detection – Stage 1........................................................81 Action following detection – Stage 2........................................................81 4
  5. 5. Initial Enquiries.........................................................................................82 Managers duty of care .............................................................................82 The Fraud Interview.................................................................................82 Use and protection of evidence ...............................................................84 Appointment of a case manager .............................................................84 Police Involvement ..................................................................................85 Company Fraud Register ........................................................................85 Fraud Response Plan review ..................................................................85 Practical fraud case management case tips ...........................................86 Dealing with lawyers and handling court situations in SFO Trials...........87 Conclusion - Time for a standard for corporate governance...................91Case Study .....................................................................................................92Differences in control procedures in a manual and a computer environment93Internal Accounting and Operational Controls in functional areas................93 Sales Controls .........................................................................................93 Purchase Controls ...................................................................................94 Bank Controls ..........................................................................................94Appendix – Definitions & Resources .............................................................95 Resources ...............................................................................................95 Definitions Related to Fraud ....................................................................95 5
  6. 6. The international business environmentIntroduction Chris McKittrick - Forensic Accountinghttp://www.youtube.com/watch?v=ZUiSGe2LCfk What is Forensic Accounting? Brief History of Forensic Accountinghttp://www.youtube.com/watch?v=DipTXplOQhgWhat is Fraud Occupational Fraud is defined as: “The use of one’s occupation for personal enrichment, through the deliberate misuse or misapplication of the employing organisation’s resources or assets.” Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. ISA240 , The international accounting standard on Auditing, defines fraud as: “ An International act by one or more individuals among management, those charged with corporate governance, employees or third parties, involving the use of deception to obtain unjust or illegal advantage”, while it defines errors: “ An unintentional misstatement in the financial statements including the omission of an amount of disclosure”. The five elements of fraud are: • A representation about a material fact, which is false, • And made intentionally, knowingly, or recklessly, 6
  7. 7. • Which is believed, • And acted upon by the victim, • To the victim’s damage. Fraud, like other crime, can best be explained by three factors: 1) A supply of motivated offenders; 2) The availability of suitable targets; 3) The absence of capable guardians or a control system to “mind the store.” There are four elements that must be present for a person or employee to commit fraud: • Opportunity • Low chance of getting caught • Rationalization in the fraudsters mind, and • Justification that results from the rationalization.Key issues which drove the frauds of the 21st Century Why didn’t you see it? There was fraud and you missed it. Conducting a “should of” after a fraud happens may show that red flags were present. If you had only recognized the warning signs, then that loss may not have occurred or been substantially reduced. Based on a recent survey by the Association of Certified Fraud Examiners (ACFE), occupational fraud substantially increases organizational costs. It is a myth that fraud is a big scheme that should have been uncovered sooner and easy to detect. Fraud starts small and just gets bigger and bigger, until something becomes noticeably different or unusual. According to a report from BDO Stoy Hayward companies’ trusted internal management and the people they do business with every day are behind hundreds of millions of pounds worth of losses every year. Management are robbing you bind says Simon Bevan. The combination of spiralling debts and desperate employees spells real danger for business warns Bevan. Fraud damages the economy. It is not victimless, but it is indiscriminate, hitting both rich and poor. Fraud is not just about share support operations: it has an impact on individuals and on the economy as a whole. Fraud involves no violence, and leaves no tangible visible scars, but it can be devastating in its effects. It is said that 16 people committed suicide as a result of losses incurred over the Barlow Clowes fraud. It is undoubtedly costly. The Head of the City of London Fraud Squad recently looked at the historical picture and discovered that the economic cost of fraud to the UK economy was ~in 1985 was estimated at £1 Billion ~by 1994 had reached £4 Billion 7
  8. 8. While, the most recent comprehensive study, the third report of the Fraud Advisory Panel,put the annual economic cost at £14 billion per year; and the authors believed that eventhis was an underestimate. This equates to some £230 per head of populationThere is also a strong likelihood that a significant amount of commercial fraud is neverreported by companies for fear of gaining a bad reputation. Anecdotally, I have learnedthat at least one major insurance company "routinely" receives claims against fraudinsurance policies exceeding £50million, but that these are never reported to the police orelsewhere.I believe that we must be seen to tackle fraud effectively, for economic, social,international and moral reasons.Economic justification for eliminating FraudI have already mentioned cost, both to individuals and the economy as a whole. There isalso another economic aspect. Fraud corrodes confidence: it has a negative economiceffect. It undermines confidence and the standing of our financial services industry and ourglobal reputation as a place where clean business can be done. If investors loseconfidence in our ability to police our markets, they may take their business elsewhere.The fact is that a successful economy requires a healthy and well-regulated marketplaceto retain and increase investment. Tackling fraud effectively is important for the reputationof UK markets.Social justification for eliminating FraudThere is a social dimension as well. Social equality requires that we bear down on whitecollar crime as effectively as on benefit fraud. Since 1997, the number of Benefits Agencyinvestigations resulting in successful prosecutions or cautions and penalties as analternative to prosecution has risen from 11,700 to 26,958, and over a similar period thelevel of fraud and error in Income Support and Job Seekers’ Allowance has reduced by£180million, or roughly 18%. This work is now undertaken by Job Centre Plus. We need tomatch this approach in white collar crime. Tackling fraud effectively demonstrates aneven-handed approach to justice: dealing with white collar criminals as well as thoseresponsible for the bulk of crime.International justification for eliminating FraudAnd there is an international aspect. Government wants developing countries to prosperand free themselves from fraud and corruption – but our own house has to be in order orwe have no legitimacy to tell others to sort themselves out as a condition of aid.We are determined to play our part in the worldwide effort to tackle international terrorismand drug trafficking. Fraud, money laundering and the use of the proceeds of crime tofinance further crime are inextricably linked.Moral justification for eliminating FraudFinally, there is an issue about the distribution of the resources of the state – where publicmoney is siphoned off through fraud; that means less money to go to the pensioner,disabled person or low-income family who really need it. 8
  9. 9. In summary, tackling fraud effectively fits in to our wider economic, social and internationalagenda.Mechanisms for dealing with FraudIn this country we have developed a sophisticated set of mechanisms for regulating themarkets and tackling City and company fraud. Principal among these, in the regulatedsector, is the Financial Services Authority with a wide range of powers of investigation,and an impressively creative series of sanctions available to it, ranging from withdrawal ofauthorisation through to fine, public censure, injunctions, restitution, prohibition orders andbanning orders. The DTI, in its policing of the company sector, has available to it thenuclear weapon of applying for the winding up of a company, and the ability to bringdisqualification proceedings. The revenue departments are able to exact harsh financialpenalties for revenue fraud.No-one should doubt the effectiveness of these sanctions, or the impact on individuals.The disqualification proceedings in Barings were heavily fought at a cost of hundreds ofthousands of pounds. In the City, the loss of one’s reputation, and the inability to securesimilar employment, are devastating consequences of being caught out.But I do believe that there is a range of cases where these sanctions are not bythemselves sufficient, and the public rightly expects: 1. That wrong-doing is marked by a conviction in the criminal courts; 2. A penalty of the kind that might be applied to any other individual guilty of criminal behaviour. In some cases, prison will be appropriate. The courts are fully conscious of the devastating blow of conviction and imprisonment for a professional man. But where individuals abuse their privilege and trusted position in order to carry out a fraud, relying in fact upon their previously impeccable character to mask their wrong-doing, prison will often be appropriate. Equally, courts have chosen to mark the fact that certain frauds, such as insurance frauds, deserve imprisonment because they are difficult to discover and involve detailed and carefully planned dishonesty, and that therefore a sentence of imprisonment is required as a deterrent. The courts also draw a distinction between cases of honest businesses falling into difficulties, causing a director or controller to resort in desperation to fraud, with a situation in which a scheme was from the start a fraudulent enterprise and substantial sums of money and property were obtained. In such circumstances, quite severe sentences are passed.So there are cases where it is clear from the start that a response by a criminalinvestigation and prosecution agency is required.As some of you will know the SFO was established in 1988 as a result of arecommendation in the Roskill report for the creation of a unified fraud investigations andprosecution agency which would be responsible for serious and complex fraud casesThe Criminal Justice Act 1987 created the SFO. The distinctive feature was that powers ofinvestigation and prosecution were given to the Director of the SFO. 9
  10. 10. The SFO has not always had a fair press, so let me state unequivocally: the record of theSFO is impressive and it has more than proved its worth.In its 14 years of operation, the SFO has prosecuted more than 237 cases involving 516defendants. 366 (71%) were convicted. In the period under Rosalind Wright, 69 caseshave been prosecuted involving 134 defendants. 115 (86%) were convicted. There are norecidivists in SFO cases: convicted defendants do not reoffend. It is well known that SFOprosecutions have a deterrent effect. Yet the SFO is delivering these lengthy and highlycomplex cases on small resources – an average of 2½ staff per case.Why is the work of the SFO important?The money involved in these cases is in excess of £2.5 billionA successful SFO deters fraud as well as prosecutes it and helps to maintain confidencein the probity of business and financial services in the UK.Other countries model themselves on the SFO approach.There are a number of features of SFO work that are distinctiveMulti-disciplinary investigations:Police Officers seconded on a case related basisSFO accountancy/financial investigation team’s role is crucial. They analyse financialinformation, including statutory accounts, management accounts, and cash flows. Theyalso manage outside accountants, supervise searches of offices and homes and mostimportant of all trace the money. The team involves former fraud squad officers, andothers who have gained special financial expertise in their former occupations, but let mesay a special word about forensic accountants.In the SFO, forensic accountants play a vital role in supporting investigations bothinternally and as external appointees. They provide a perspective that other investigatorsdo not have and are often chosen for their specific experience of the sector which is beinginvestigated (i.e. insurance on Independent). Forensic accountants also bring not justnumeracy but an inquiring minds (not just what happened but why). They enable the SFOto focus investigations on issues that are important to a successful investigation ratherthan issues which appear curious to an outsider.Often it is the thoroughness of the work undertaken by forensic accountants which tips thebalance in cases. It is now rare for their work to be challenged because of the painstakingand methodical approach that they take. Yet they are often the most compelling ofwitnesses because they are able to distil the facts down to their lowest sensible level and,when aided by suitable graphics, are able to show the "whole" picture in clear and simpleterms. They are often used in this respect to tie the case together by showing themovement of money and documents which makes sense of the other factual evidencewhich shows why people do what they are doing.The SFO uses a considerable number of forensic accountants and many external firms atany one time. This experience aids both them and the SFO. They get excellent experienceand an appreciation of the criminal process and the SFO gets a cadre of persons whounderstand what it wants when it does get involved in cases. 10
  11. 11. Another key component of the team is the forensic computer and IT experts, who decipher, explore, and recover computer material Finally, of course there are the lawyers: the SFO case controller (Lawyer) responsible for the direction of the investigation and then throughout the prosecution, supported by assistant case controllers and investigation lawyers And Counsel appointed to prosecute in the Crown Court who is generally involved early in the life of the caseBad Cellular It turns out it was all just a case of cellular static: The Arthur Anderson partner was on his cell phone when he said "Ship the Enron documents to the Feds." But his secretary heard "Rip the Enron documents to shreds." The rest is history - how clear is YOUR cellular?!The organisational planning framework Planning Stage Early in the initial planning stages of the audit, the auditor should identify and assess any fraud risks factors that could be associated with the specific organization, its environment, its employees, and type of audit. Auditors should also become familiar with and assess the fraud risk factors generally applicable to all audits and upper management. Next, the auditor designs an audit program that reflects the risk assessment by developing steps to address any risk factors identified as being material or significant to the audit scope, subject matter, or objectives. The team should discuss among themselves and with the supervisor how and where the audited organization might be susceptible to fraud. Additional Planning steps Prior to beginning the field work phase, either at the entrance conference or another time, the auditor should identify the appropriate management officials and ask them what fraud or other criminal activity they are aware of within their organization. The auditor could also inquire as to what fraud risks the organization’s management has identified and what actions they have taken. Instead of discussing the fraud risks for each audit separately, the auditor could choose to discuss these issues with the organization’s management during the audit organization’s annual planning process. 11
  12. 12. Execution PhaseThe fraud risk assessment process does not end with the development of the auditprogram. During the execution phase, the auditor should remain alert to potential fraudindicators. Auditors may also decide that, depending on the audit scope, they shouldmake inquiries of other personnel at the audited organization. These inquiries couldinclude what fraud risks could exist and whether the employee has any knowledge orsuspicions of fraud. An auditor should not ask every employee or manager thesequestions; however, based on information or a response to another question from anemployee or manager, the auditor could decide that such follow-up questions areappropriate. When an auditor finds fraud indicators during the audit, they should addressthe indicators by performing additional audit steps or expanding transaction testing. Theauditor should revise the audit program accordingly, document the fraud indicators found,and the additional work performed to address them.Discussions on potential fraudWhen an auditor identifies indications of potential fraud, the auditor should discuss theindicators and possibilities of the occurrence of fraud with their supervisor. Auditors mayalso consult with other auditors, supervisors, or managers who have more experience orknowledge relating to the identified potential fraud scheme or indicators. Additionally,auditors may discuss their concerns and findings with investigators, agency counsel, andother agency staff responsible for fraud prevention or detection programs or activities.Any advice received should be documented in the audit project documentation. Prior todiscussing with or notifying a DoD or other Federal government official, except for thosementioned above, of a potential fraud, the auditor should confirm with the appropriateinvestigative organization that doing so will not compromise an investigation. An auditorshould never discuss potential fraud related to a contractor’s activities with contractorpersonnel unless they have obtained approval to do so from the lead criminal investigativeorganization. A best practice would be to obtain written approval from a manager withinthe lead criminal investigative organization versus verbally from the investigator.DocumentationAuditors should document the entire process in the audit project documentation files, toinclude: the fraud risk assessment process, any fraud risks factors originally identified, how the fraud risk factors were reflected in the audit program, any fraud risk factors or potential indicators identified during the audit, how the audit program was expanded to address the risk factors, any discussions with other parties on whether to make a referral; and any fraud referral steps considered or taken.Auditors should continuously maintain a high level of fraud awareness and appropriatelyassess fraud risk during the planning and execution of the audit in order to uncoverpotential fraudulent acts and protect the Governments interests. 12
  13. 13. The role of effective financial reporting Oversight Systems Corporate Fraud Survey Finds Sarbanes-Oxley Effective in Identifying Financial Statement Fraud Released on = November 1, 2005, 12:07 pm The survey results (available as a free download at www.oversightsystems.com/survey) indicate that 65 percent of respondents feel SOX has been “somewhat effective” or “very effective” in identifying incidences of financial-statement fraud. Only 19 percent of those surveyed found SOX to be ineffective or serve to prevent fraud identification. “This report is full of positive news but foreshadows a real need for continued vigilance among executives toward intuitional fraud,” said Patrick Taylor, CEO of Oversight Systems. “SOX legislation and the intense focus on corporate scandals have helped battle this type of white-collar crime, but professionals seem to be worried that the C-suite might quickly lose interest in policing corporate fraud.” Although respondents agree that SOX serves to identify fraudulent activity, they do not feel the recent cultural change among U.S. business leaders toward institutional integrity and fraud prevention in the wake of account scandals will stick. Only 17 percent feel there will be a shift among business leaders to institutional integrity and fraud prevention for the foreseeable future. The remainder of respondents possess a more stark outlook, reporting that interest in such actions will fade in the next five years (39 percent); that vigilance has already begun to fade (32 percent); or that there has been no change among business leaders (12 percent). “The pendulum of corporate culture and attitudes toward integrity swings back and forth,” said Dana Hermanson, Dinos Eminent Scholar Chair of Private Enterprise at Kennesaw State University. Hermanson is also an advisor to Oversight Systems and co-author of the COSO-sponsored research report Fraudulent Financial Reporting: 1987-1997. An analysis of U.S. Public Companies. “We could see very little corporate fraud in the next seven or eight years, but then another boom-and-bust economic period could ignite another wave of financial scandals, which would lead to further accounting and governance reforms.” The State of Institutional Fraud While corporate vigilance toward fraud prevention has increased at least temporarily, fraud examiners said fraud is a bigger problem today than in the bubble market of 2000. Two- thirds of respondents (67 percent) said institutional fraud is more prevalent today than five years ago. Only seven percent think fraud is less prevalent, while the remaining 26 percent of respondents feel there has been no change in the amount of fraud. Participants were asked to select the three forms of institutional fraud that present the greatest risk to companies. Respondents identified conflicts of interest (63 percent), fraudulent financial statements (57 percent) and billing schemes (31 percent) as most threatening. Examples of fraud that garnered at least 20 percent support were expense 13
  14. 14. and reimbursement schemes (29 percent), bribery/economic extortion (25 percent) andinventory and non-cash asset misuse (20 percent)“The risk of financial statement fraud is real and not going away,” Hermansonsaid.“However, the perception of increased fraud may stem from Sarbanes-Oxley’seffectiveness in uncovering weaknesses in internal controls and the potential for fraud.SOX compliance gives auditors and executives a better position to evaluate a company’sfinancial reporting system. Instead of only inspecting the outcome, financial reports, SOXforces companies to understand the financial reporting process as well. And like themanufacturing quality movement of the past, SOX pushes companies toward monitoringeach step in the process to drive out errors and weaknesses.”Stopping Institutional FraudWhen asked to identify the measure most effective in preventing or deterrent institutionalfraud, 41 percent of professional fraud examiners identified the need for a strong tone fromthe top of the organization. Visible prosecution was the next most popular responsegarnering 22 percent support, followed by internal controls and technology-enabledmonitoring, each receiving support from 17 percent. Manual quarterly audits andgovernment regulation received only minimal support, earning two and one percent,respectively.However, when asked what single change would result in the greatest reduction ofdomestic institutional fraud, opinions were more mixed. An employer pressing chargesagainst employees who commit fraud garnered the most support with 39 percent. Thetrend of prosecution continued with 32 percent of respondents identifying convictions andhefty sentencing as the next most popular response. Moreover, an additional sevenpercent would like stiffer laws to increase corporate transparency.“Stiff penalties and thorough prosecution send a strong message to employees. First,employees are less likely to go along with rogue executives who orchestrate financialreporting schemes. Second, a company’s prosecution of fraudulent employeesestablishes the corporate attitude that fraud will not be tolerated,” Hermanson said.The Role and Views of Fraud ExaminersSurvey participants report that SOX has altered the role of fraud examiners. Nearly allparticipants (95 percent) explain that their duties have changed with the implementation ofSOX legislation, with 47 percent reporting that fraud examiners play a major role in themanagement of corporate integrity. Additionally, nearly one-third (29 percent) ofrespondents felt their work in fraud detection has become secondary to SOX compliance.In recent years it seems white-collar crime has been a staple of the evening news. Enron,WorldCom and Martha are just a few of the high-profile names with which Americans havebecome all too familiar. When asked, the majority of professional fraud experts felt thesewell-known defendants should have been found guilty of the charges against them. Thepercentage of respondents who thought the following executives are guilty of the chargesagainst them is listed below:• John Rigas, Adelphia Communications – 95 percent 14
  15. 15. • Jeffrey K. Skilling, Enron – 95 percent • Kenneth L. Lay, Enron – 96 percent • Richard Scrushy, HealthSouth – 93 percent • Martha Stewart, Martha Stewart Living Omnimedia – 72 percent • L. Dennis Kozlowski, Tyco International – 96 percent • Bernard J. Ebbers, WorldCom – 97 percent Identity Theft Update Identity theft is one of the more prevalent forms of fraud known by the average American. A February 2005 Federal Trade Commission report states that for the year 2004, the commission received more than 635,000 reports of consumer fraud and identity theft, with identity theft accounting for 246,570 of the complaints (39 percent). The 2005 Oversight Systems Report on Corporate Fraud reveals that 22 percent of respondents think the justice system must get tougher on the identification and prosecution of identity thieves. Additionally, 19 percent believe that the federal government needs to pass national identity-theft-protection legislation and another 19 percent feel regulators and consumers must work together to manage consumer information. Some respondents believe that individuals are the first and most important line of defence. Taking ownership of one’s own personal information was identified by 16 percent of respondents as the best way to reduce identity theft. About the 2005 Oversight Systems Report on Corporate Fraud A total of 208 certified fraud examiners participated in this survey, conducted at the Association of Certified Fraud Examiners’ (ACFE) 16th Annual Fraud Conference and Exhibition. Dedicated to reducing business fraud world-wide, the more than 34,000 members ACFE make up the worlds premier provider of anti-fraud training and education. Survey participants include anti-fraud professionals such as internal auditors, independent auditors, law enforcement officials, investigators and management consultants. This study follows the August release of the 2005 Oversight Systems Financial Executive Report on Risk Management, which found that CEOs are placing a greater emphasis on risk management, although many companies are struggling to implement the necessary changes. Also recently released was the 2005 Oversight Systems Financial Executive Report on Sarbanes-Oxley, which found that nearly half of financial executives feel the biggest issue related to compliance is the need to maintain the morale of the employees responsible for compliance. All these research studies can be downloaded for free by visiting www.oversightsystems.com/survey.The role of chief legal officer or general council Since the Sarbanes-Oxley Act of 2002 (SOA) was signed into law, the halls of executive suites of public companies have seen tremendous activity as CEOs and CFOs address their corporate accountability and financial reporting oversight responsibilities. They now 15
  16. 16. realize that such efforts are more than just good business practice, as they have alwaysbeen, but also are matters that carry severe penalties under the law. Likewise, auditcommittee responsibilities have expanded such that membership has become aninvitation to delve into a companys affairs at an unprecedented level of depth, subject tothe scrutiny of the external auditors as well as investors. This "new era of corporateaccountability and responsibility" means that the checks and balances of the system ofinternal controls are now clearly in the purview of corporate management, including thecompanys chief legal officer or general counsel (GC).This shift has raised the bar for many GCs to a higher level of visibility and accountability.For many companies, internal control over financial reporting, especially the related anti-fraud controls, were previously the responsibility of the controller, middle managementfunctions and various process owners, and subject to review and testing by internal audit.The focus has often been limited to third-party fraud. Now that the game has beenexpanded to fraudulent financial reporting, it requires a referee. Documentationrequirements, particularly policies and procedures regarding the anti-fraud program andthe internal reporting and escalation of internal control deficiencies, could potentially nowfall to the GC to define.In order to meet the challenges of this significant role in corporate governance, GCs needaccess to resources and tools that will enable them to make informed decisions whenestablishing corporate policies and, more importantly, when dealing with situations wherethere has been a breakdown in internal controls and the possibility of fraud exists. Withoutproper anti-fraud controls, incidents of fraud can impact a companys financialperformance, permanently damage its reputation and result in shareholder lawsuits. All ofthese circumstances refocus the company resources away from their primary purpose -the operations of the organization for the benefit of the shareholders.An anti-fraud program and controls are those controls related to the timely prevention,deterrence and detection of fraud. They are the controls that are intended to mitigate therisk of fraudulent actions that could have an impact on financial reporting. Examplesinclude:  Fraudulent financial reporting. Inappropriate earnings management or "cooking the books" - e.g., improper revenue recognition, intentional overstatement of assets, understatement of liabilities, etc.;  Misappropriation of assets. Embezzlement and theft that could materially affect the financial statements;  Expenditures and liabilities incurred for improper or illegal purposes. Bribery and influence payments that can result in reputation loss; and  Fraudulently obtained revenue and assets and/or avoidance of costs and expenses. Scams and tax fraud that can result in reputation loss.In Auditing Standard No. 2, the Public Company Accounting Oversight Board (PCAOB)clarifies that the focus on fraud, from a financial reporting context, is directed to mattersthat could result in a material misstatement of the financial statements. It is within thiscontext that management has the responsibility to prevent, deter and detect fraud. ThePCAOB also takes the position that deficiencies in the anti-fraud program and controls areat least a significant deficiency in internal control over financial reporting. Furthermore,SOA and the revised NYSE and NASDAQ listing requirements, as well as PCAOBAuditing Standard No. 2, place greater responsibility on audit committees to provideoversight with respect to financial reporting and internal control over financial reporting.This oversight extends to reporting, documentation, investigation, enforcement andremediation related to fraud. 16
  17. 17. The GCs role in this oversight function can be a comprehensive one, starting withreviewing the reporting process and assessing the risks and potential damages shouldfraud occur within the company, establishing documentation retention policies, articulatingescalation policies and processes, and determining when and how investigations shouldbe conducted (including when it is appropriate to engage outside counsel and or otherspecialists). In addition, the GC should monitor existing policies and procedures forcompliance and effectiveness, and determine the appropriate enhancements to meet thecompanys anti-fraud control objectives.A key element of any effective anti-fraud program is an anonymous, risk-free means foremployees, customers and vendors to communicate any complaints regarding accountingmatters, improper conduct of company personnel, management override of internalcontrols, or any other matters that represent a potential liability to the company (inaccordance with SOA Section 301). Typically, this is implemented via a "hotline," and theGC plays a central role in managing the recording, evaluating, investigating, resolution andreporting of these complaints. It is critical to maintain a complete record of all actionsrelating to hotline complaints, from initial receipt through factual findings, andrecommendations for corrective actions, if any.A common task for GCs in meeting their anti-fraud responsibilities is to engage outsideauditors, counsel, fraud specialists or other experts to assist in the investigation ofallegations and in the analysis of the results. An investigation may be delegated eitherwithin the company or to outside service providers, subject to any necessary confidentialitymeasures. These activities are consistent with the Amendments to the Federal SentencingGuidelines (the "Guidelines"), effective November 1, 2004.Maintaining a complaint hotline is part of the "effective compliance and ethics program"required under the Guidelines, which calls for the entity to "É promote an organizationalculture that encourages ethical conduct and a commitment to compliance with the law."Similarly, a GC can reasonably expect to have some involvement in other ethics- andcompliance-related activities such as:  formulating, communicating and enforcing the entitys anti-fraud policy;  developing or reviewing the content of anti-fraud training materials that are disseminated throughout the entity;  monitoring and acting upon reported incidents of fraud and ensuring adequate documentation of the entitys actions is maintained; and  periodically reviewing the entitys anti-fraud policies and procedures to assess their effectiveness and to modify them as necessary to provide continued effectiveness.In formulating the entitys anti-fraud policy, the GC can provide input as to how a policycan be effective from the entitys perspective and still comply with various laws andregulations, including privacy, human rights and required disclosures. Ideally, policyshould be developed as the result of discussions among and between the auditcommittee, board of directors and individuals with operational responsibility for discreteoperating units or processes (e.g., purchasing, payroll, human resources, etc.). As policyis developed, it must be "rolled out" to the entire organization in a manner thatcommunicates managements commitment to preventing and detecting fraud and othercriminal behaviour. To this end, a message from the GC (or a personal appearance at ananti-fraud training meeting) is a powerful reinforcement to an entitys employees, drivinghome the notion that the policy is being taken seriously at the highest levels of theorganization. Furthermore, a program of incentives should be considered for compliancewith the policy, and there should be disciplinary measures meted out for violations. 17
  18. 18. Once an anti-fraud policy is implemented, the next logical challenge is enforcement of the policy in the case of detected instances of fraud. This is a complex area, frequently requiring that the GC authorize the initiation of an internal investigation to determine the facts and then decide an appropriate course of action (criminal or civil prosecution, termination, restitution, filing an insurance claim, etc.). Oftentimes, the GC may be ill equipped to manage such a process due to time, budgetary or other resource constraints. At the very least, the GC should consider retaining outside counsel and/or other specialists (fraud examiners, forensic accountants and investigators) to assist in conducting a thorough and independent investigation of the matter. These outside professionals are best suited to assist the entity in fact-finding, analyses and technical activities (e.g., copying computer hard drives, performing massive e-mail searches, reviewing books and records, etc.) that will enable the GC (and outside counsel) to investigate a suspected fraud thoroughly and bring it to a conclusion. As an entity matures, so must its anti-fraud policy. Over time, employees may develop their own procedures for doing things, some of which may defeat the intent of anti-fraud controls. A dynamic policy is therefore one which can be altered in response to changes in the entitys circumstances and still remain effective. Periodically, the entitys management should assess the risk of fraud or criminal activity occurring and whether the existing anti- fraud policy is sufficiently effective to mitigate that risk. Where it is determined to be necessary, existing policies and procedures should be enhanced to address areas of increased risk. As noted above, the GC should review new or proposed policies for compliance with applicable laws. In conclusion, the role of the GC in developing an anti-fraud policy as part of an entitys system of internal controls is both diverse and dynamic. The various professional pronouncements and regulatory and legal requirements to which organizations are now subject require input from a variety of sources, both internal and external. Developing policies, communications and training, and monitoring hotlines as well as conducting investigations may become more a part of a GCs role. As GCs find themselves increasingly involved in these areas, it is important to remember that very few organizations address all of them independently and without outside assistance.The role of effective financial auditor Responsibility for preventing and detecting fraud rests with management entities. Although the auditor is not and cannot be held responsible for preventing fraud and errors, in your work, he can have a positive role in preventing fraud and errors by deterring their occurrence. The auditor should plan and perform the audit with an attitude of professional scepticism, recognizing that condition or events may be found that indicate that fraud or error may exist. Based on the audit risk assessment, auditor should develop programs to audit procedures by which to obtain reasonable assurance that the financial statements in their entirety, all significant errors and fraud have been identified. It is expected that the auditor to implement procedures that will lead to the discovery of errors or fraud without significant impact on the financial statements cannot be held responsible for undetected such irregularities. The auditor should communicate with the management of his client. He should ask the management information concerning any significant fraud or error has been detected in 18
  19. 19. order to detect key problems that could lead to certain activities, the implementation of audit procedures more than usual However the auditor faces the risk inevitable that some significant errors to be detected, even if the audit is planned and done properlyThe role of prudent financial investors $4m investment fraudster sentenced to 4 years Michael Summers has today been sentenced at Bristol Crown Court to four years imprisonment for deceiving clients out of US $4.3 million in a fraudulent high-yield investment scheme. Background Michael John Summers (born 20/06/52)) of Ledbury, Hertfordshire pleaded guilty on 2 February 2006 to thirty three counts of obtaining a money transfer by deception. The charges relate to his masterminding a high yield investment scheme that saw more than eighteen investors in the UK lose millions of dollars. Sentencing was adjourned until after the trial of two individuals who it was alleged had assisted Summers in the deception. They were acquitted earlier this month. Summers was the prime mover in the fraud. He created a bogus scheme which he called Secure Investment Programme Agreements. During the operation of the scheme between 1997 and 2004, investors deposited a total of over £11 million with Summers. They were promised staggering rates of return; 60% in less than a year was not uncommon. Some investors did receive some return on their investment but this was nothing more than money paid into the scheme by later investors. This practice is commonly known as a “Ponzi scheme”. The first victim was an elderly woman who resided in a retirement home in Torquay and had granted power of attorney to the homes owner. The attorney and his accountant met with Summers and agreed to invest £1.745m, with Summers. This sum had until then been securely invested with a reputable financial company. Much of this money he spent on his own lifestyle before legal action initiated by the public trustee on behalf of the elderly investor resulted in an order freezing the account into which the money had been paid. Investors were told that their money was being invested in bank trading programmes dealing with medium term notes. These notes it was claimed could be traded generating very great profits. Investors were told that such programmes were secretive and normally only available to a select few within the financial world. The need for the investors to be discreet meant that they were dissuaded from taking normal prudent financial advice. However none of the money paid by investors was ever used to purchase any form of investment. Some of it went to pay earlier investors, giving the illusion that profits were being made. The remainder went to fund Summers lifestyle. He used part of the money to acquire a collection of vintage Jaguar cars. Following the investment by the elderly woman the principle source of new investors were clients introduced by the two acquitted defendants. Written records were kept of investments and to remind Summers when investors were due part payments of the interest due. Such part payments were an invaluable part of the fraud. Investors who had paid over $100,000 felt reassured when after a few months they received a $20,000 “interest payment”. Indeed some were persuaded to roll over future interest payments into further investments and others invested even more money into the scheme. 19
  20. 20. Inevitably there came a time when investors did not receive the money to which they believed they were entitled. Disgruntled investors were fobbed off with a range of excuses. Blame would be passed to the banks, to the authorities who had frozen the elderly womans money. Even the repercussions of 9/11 were used to explain delay in payments. Proceedings In 2002 Devon and Cornwall Constabulary investigated an unconnected suspected theft at the aforementioned retirement home. This led their enquiries to the crooked scheme promoted by Summers and to its subsequent referral to the Serious Fraud Office. An SFO investigation commenced, with the continued involvement of the police, in August that year. Michael Summers was charged in February 2004, as were two suspected co-conspirators. Summers, the principal conspirator, pleaded guilty on 2 February 2006 to thirty three counts of obtaining a money transfer by deception contrary to section 15A of the Theft Act 1968. Mary Mills and Bruce Mead, the alleged co-conspirators, were tried at Bristol Crown Court on twenty seven counts and were acquitted by jury on 7 April 2006. Summers has been sentenced to four years imprisonment on each of the thirty three counts, each sentence to run concurrently. A confiscation hearing is to take place on a date in August to be agreed. In considering sentence on Summers, HHJ Darwall Smith said that though he had taken into account the pleas of guilty which had saved time and public money he also had in mind the evidence of victims who had mortgaged houses or lost their life savings to invest in Summers scheme and that the persistence and arrogance in continuing to commit further offences whilst on bail was an aggravating factor. The judge commended DC Glen Bird of the Devon and Cornwall Constabulary and Gary Burtonwood of the Serious Fraud Office for “working very hard to bring an exceptionally complex case to court”. Overview of “Creative Accounting” Techniques and the Red-Flags of FraudFacts about Fraud According to the ACFE Report to the Nation on Occupational Fraud and Abuse, U.S. businesses will lose an estimated $652 billion in 2006 due to fraud. The average organization loses 5 percent of revenue to fraud and abuse. In addition, based on the ACFE’s survey of more than 1,100 occupational fraud cases, approximately 24 percent of these cases resulted in losses of $1 million or more. Collusion: This ranges from employees describing goods as damaged so they can benefit, to employees colluding to falsify accounting evidence so that they can deceive external bodies such as auditors, shareholders or banks. 20
  21. 21. Customer Fraud: A customer pays with stolen cheques or credit cards. A more sophisticated fraudster may make and pay for a number of small purchases to build up a credit rating and then place a large order they do not intend to pay for. Phantom Employee: The fraudster fails to notify the payroll department when an employee leaves the firm, or notifies the payroll department of a fictitious employee and then arranges for the salary to be paid into their bank account or that of an accomplice. Supplier Fraud: Most commonly and employee crates a fictitious supplier with a similar name to an existing supplier, and then arranges for the payment of its invoices.The Fraud Triangle The classic model for fraudsters continues to be Other People’s Money: A Study in the Social Psychology of Embezzlement. The Fraud Triangle is a term, which is used to describe and explain the nature of fraud. “I want something I don’t have the money for” While the specific components of each fraud may differ, the fraud triangle may be defined as this: Opportunity is an open door for solving a non-shareable problem in secret by violating a trust. Opportunity is generally provided through weaknesses in the internal controls. Some examples include inadequate or no: •Supervision and review •Separation of duties •Management approval •System controls The opportunity to commit and conceal the fraud is the only element over which the local government has significant control. Pressure may be anything from unrealistic deadlines and performance goals to personal vices such as gambling or drugs.The Red Flags for Fraud Rationalization is a crucial component of most frauds because most people need to reconcile their behaviour with the commonly accepted notions of decency and trust. Some examples include: 21
  22. 22. •“I really need this money and I’ll put it back when I get my pay cheque” •“I’d rather have the company on my back than the IRS” •“I just can’t afford to lose everything – my home, car, everything” Factors Contributing to Fraud Factors contributing to fraud include the following: Poor internal controls Management override of internal controls Collusion between employees Collusion between employees and third parties How is Fraud Discovered? Occupational fraud can be detected through a number of different methods. The ACFE’s 2006 Survey disclosed that 34.2 percent of frauds were detected through tips, 25.4 percent by accident, and 20.2 percent through internal audits. What is a Red Flag? A red flag is a set of circumstances that are unusual in nature or vary from the normal activity. It is a signal that something is out of the ordinary and may need to be investigated further. Remember that red flags do not indicate guilt or innocence but merely provide possible warning signs of fraud. Why are Red Flags important? The American Institute of Certified Public Accountants has issued a Statement on Auditing Standards (SAS) No. 99 - Consideration of Fraud in a Financial Statement Audit - that highlights the importance of fraud detection. This statement requires the auditor to specifically assess the risk of material misstatement due to fraud and it provides auditors with operational guidance on considering fraud when conducting a financial statement audit. SAS 99’s approach is also valuable for other types of audits. Being able to recognize red flags is necessary not only for public accountants but also for any auditor working in the public sector where the potential for fraud to occur existsThe Importance of Red Flags for Fraud Studies of fraud cases consistently show that red flags were present, but were either not recognized or were recognized but not acted upon by anyone. Once a red flag has been noted, someone should take action to investigate the situation and determine if a fraud as been committed. Sometimes an error is just an error. Red flags should lead to some kind of appropriate action, however, sometimes an error is just an error and no fraud has occurred. You need to be able to recognize the difference and remember that 22
  23. 23. responsibility for follow-up investigation of a red flag should be placed in the hands of a measured and responsible person.The Types of Red Flags for Fraud Now that we have discussed what red flags and fraud are, it is time to talk about the types of red flags and fraud that, unfortunately, are common in the workplace today. General Red Flags What are the red flags that are common to most types of fraudulent activity? Red flags that are common to most types of fraudulent activity can be categorized as employee and management red flags. Before we give you examples of employee and management red flags, it is important to understand more about employee and organizational profiles of fraud perpetrators. According to the 2006 ACFE survey of more than 1,100 occupational fraud cases, perpetrators have the following characteristics: Opportunity Red Flags  Nobody counts inventory or checks deviations from specifications, so losses are not known.  People are given authority, but their work is not reviewed.  Too much trust and responsibility placed in one employee - improper separation of duties.  The petty cash box is left unattended.  Laptops and digital cameras are left out in the open in unlocked offices.  Employees that are caught get fired, but aren’t prosecuted.  Supervisors set a bad example by taking supplies home, borrowing equipment for personal use, padding their expense reimbursements, not paying for personal long distance phone calls, not recording leave.  Monthly financial reports are not reviewed by managers.  There is no internal audit function.  There is a perception that it would never be detected.  Lack of detail in the nominal ledger 23
  24. 24. During the course of my internal audit review I found that many expenses had been debited to ‘expense dump’ accounts. For example, Staff bonuses and lunches were being debited to marketing, and were by-passing the PAYE system.Fraud Perpetrator Profile:The majority of occupational fraud cases (41.2 percent) are committed by employees.However, the median loss for fraud committed by managers was $218,000, which isalmost three times greater than the loss resulting from an employee scheme.Approximately 61 percent of the fraud cases were committed by men. The median lossresulting from fraud by males was $250,000, which is more than twice the median lossattributable to women.Most fraud perpetrators (87.9 percent) have never been charged or convicted of a crime.This supports previous research which has found that those who commit occupationalfraud are not career criminals.Nearly 40 percent of all fraud cases are committed by two or more individuals. The medianloss in these cases is $485,000, which is almost five times greater than the median loss infraud cases involving one person.The median loss attributable to fraud by older employees is greater than that of theiryounger counterparts. The median loss by employees over the age of 60 was $713,000.However, for employees 25 or younger, the median loss was $25,000.Organizational Profile:Most costly abuses occur within organizations with less than 100 employees.Government and Not-for-Profit organizations have experienced the lowest median losses.Management ignores irregularities.High turnover with low morale.Staff lacks training.Employee Red Flags  Employee lifestyle changes: expensive cars, jewellery, homes, clothes  Significant personal debt and credit problems  Behavioural changes: these may be an indication of drugs, alcohol, gambling, or just fear of losing the job  High employee turnover, especially in those areas which are more vulnerable to fraud 24
  25. 25.  Refusal to take vacation or sick leave  Lack of segregation of duties in the vulnerable areaManagement Red Flags  Reluctance to provide information to auditors  Managers engage in frequent disputes with auditors  Management decisions are dominated by an individual or small group  Managers display significant disrespect for regulatory bodies  There is a weak internal control environment  Accounting personnel are lax or inexperienced in their duties  Decentralization without adequate monitoring  Excessive number of checking accounts  Frequent changes in banking accounts  Frequent changes in external auditors  Company assets sold under market value  Significant downsizing in a healthy market  Continuous rollover of loans  Excessive number of year end transactions  High employee turnover rate In company, there were frequent changes of senior staff based on claims that they were stealing. It transpired that the MD himself was the perpetrator and when senior staff got too close to the plot they were sacked.  Unexpected overdrafts or declines in cash balances  Refusal by company or division to use serial numbered documents (receipts)  Compensation program that is out of proportion  Any financial transaction that doesn’t make sense - either common or business  Service Contracts result in no product  Photocopied or missing documents 25
  26. 26.  Let your secretary, accounting tech, audit/budget tech, records tech, administrative assistant do everything.  Give away your passwords and approval access codes or store them on the desktop.  Never look at or verify your monthly financial reports.  Criticize and disregard institutional policies and procedures  Management involved in day to day accounting I was asked to do the accounting in a family company that had seemed to loose a lot of money, where one of the owners was responsible for the accounting, and was living a lavish lifestyle in comparison to the other owners and had now been forced out by the other two family members. I found that the reason for his lavish lifestyle was the fact there were two sets of books; He had been invoicing out of two companies, the main one and a ghost company where he alone was collecting the cash.Changes in Behaviour “Red Flags”The following behaviour changes can be “Red Flags” for Embezzlement:  Borrowing money from co-workers  Creditors or collectors appearing at the workplace  Gambling beyond the ability to stand the loss  Excessive drinking or other personal habits  Easily annoyed at reasonable questioning  Providing unreasonable responses to questions  Refusing vacations or promotions for fear of detection  Bragging about significant new purchases  Carrying unusually large sums of money  Rewriting records under the guise of neatness in presentationRed Flags in Cash/Accounts Receivable  Since cash is the asset most often misappropriated, local government officials and auditors should pay close attention to any of these warning signs.  Excessive number of voids, discounts and returns 26
  27. 27.  Unauthorized bank accounts  Sudden activity in a dormant banking accounts  Taxpayer complaints that they are receiving non-payment notices  Discrepancies between bank deposits and posting  Abnormal number of expense items, supplies, or reimbursement to the employee  Presence of employee checks in the petty cash for the employee in charge of petty cash  Excessive or unjustified cash transactions  Large number of write-offs of accounts  Bank accounts not reconciled on a timely basisRed Flags in PayrollRed flags that show up in payroll are generally worthy of looking into. Although payroll isusually an automated function, it is a vulnerable area, especially if collusion is involved.  Inconsistent overtime hours for a cost centre  Overtime charged during a slack period  Overtime charged for employees who normally would not have overtime wages  Budget variations for payroll by cost centre  Employees with duplicate Social Security numbers, names, and addresses  Employees with few or no payroll deductionsRed Flags in Purchasing/Inventory  Increasing number of complaints about products or service  Increase in purchasing inventory but no increase in sales  Abnormal inventory shrinkage  Lack of physical security over assets/inventory  Charges without shipping documents  Payments to vendors who aren’t on an approved vendor list  High volume of purchases from new vendors  Purchases that bypass the normal procedures 27
  28. 28.  Vendors without physical addresses  Vendor addresses matching employee addresses  Excess inventory and inventory that is slow to turnover  Purchasing agents that pick up vendor payments rather than have it mailed  Internal Control Weaknesses – lack of: segregation of duties, physical safeguards, independent checks, proper authorizations, proper documents and records, overriding of existing controls.  Analytical Anomalies – unexplained inventory shortages, Analytical review that Petrol costs did not correlate with the number of vehicles in stock in a car rental company. After further substantive testing, it was revealed that the company was re-cycling petrol bills via false petty cash claims.  Deviations from specifications, increased scrap, excess waste (above industry standards) purchases in excess of needs.  Vendor address same as employee address In a recent assignment I noticed that the gross profit levels were not in line with the budget. After investigating the production records I noticed that production wastage was low whereas the finished goods wastage was circa 10%. Further investigation revealed that stock was sent FOC to companies on the instruction of the MD.  Too many voided transactions and returns,  Unusual cash shortages. Lifestyle FraudLifestyle Fraud is often committed by trusted employees whom management know well,so it is important to be on the look out for employee lifestyle issues that may be “red flags”indicating a fraud risk.• Some embezzlers are secretive. They don’t want to be caught and will “stash” stolenfunds and be extremely careful with their spending. Other “aspiring” embezzlers want touse, enjoy, share, and show off their fraudulently gained money. Explanations of “newfound” wealth may include: 28
  29. 29. “My husband/wife just got a great promotion.”“I have a few little investments that have been doing really, REALLY well.”“Great Aunt Ethel passed away and I was totally surprised – she left us quite a nice littlenest egg.”“I finally decided to get rid of some property that’s been in the family for years.”Fact: In many cases of fraud, perpetrators openly live beyond their means.Lifestyle Problem Fraud deals with addictions. Someone who is dependent on drugs,alcohol, gambling or other addictions typically experience a slow tightening noose offinancial pressures. Desperation fuels monetary needs and, therefore, the need arises to“borrow” funds to ease the financial dilemma. Employees with addiction problems may betough to spot. Many people with addictions can function at fairly high or normal levels ofbehaviour during work hours. Presented are a few patterns to look for:• Absenteeism• Regular ill health or “shaky” appearance• Easily making and breaking promises and commitments• Series of creative “explanations”• High level of self absorption• Inconsistent or illogical behaviour• Forgetfulness or memory loss• Family problems• Evidence of deceit (small or large)Financial Pressures are faced by everyone at some period of time. For a number ofreasons, perhaps beyond their control, employees may find themselves in financiallystressful situations due to a variety of factors. These may include:• Medical bills• Family responsibilities• A spouse losing a job• Divorce• Debt requirements• Maintaining a current lifestyle• College tuition fees 29
  30. 30. • Gambling debts• Illicit affairs• High life styleObviously not everyone who faces undue pressure commits fraud, but the higher thestress level, the more distracted and desperate an employee may become. Fact:Researchers conclude that the most common reason employees commit fraud has to dowith motivation – the more dissatisfied the employee, the more likely he or she will engagein criminal behaviour.Common Types of FraudFraud perpetrated through absence of proper documentation•Pilfering stamps•Stealing of any kind (e.g., cash, petty cash, supplies, equipment, stock, tools, data,records, etc.)•Forgery (not just cheque forgery, e.g. forging department head signatures onpurchase orders)Fraud perpetrated for the benefit of shareholdersEnron was one of the first amongst energy companies to begin trading through theInternet, offering a free service that attracted a vast amount of customers. But while Enronboasted about the value of products that it bought and sold online around $880 billion injust two years, the company remained silent about whether these trading operations wereactually making any money.It is believed that Enron began to use sophisticated accounting techniques to keep itsshare price high, raise investment against its own assets and stock and maintain theimpression of a highly successful company. These techniques are referred to asaggressive earnings management techniques.Enron also set up independent partnerships whereby it could also legally remove lossesfrom its books if it passed these “assets” to these partnerships. Equally, investment moneyflowing into Enron from new partnerships ended up on the books as profits, even though itwas linked to specific ventures that were not yet up and running. It now appears thatEnron used many manipulative accounting practices especially in transactions withSpecial Purpose Entities (SPE) to decrease losses, enlarge profits, and keep debt awayfrom its financial statements in order to enhance its credit rating and protect its credibility inthe market.The main reason behind these practices was to accomplish favourable financial statementresults, not to achieve economic objectives or transfer risk. These partnerships wouldhave been considered legal if reported according to present accounting rules or what is 30
  31. 31. known as “applicable accounting rules”. One of these partnership deals was to distributeBlockbuster videos by broadband connections. The plan fell through, but Enron hadposted $110 million venture capital cash as profit.Fraud perpetrated through the development of false Financial Statements The Fraud Section obtained an FCPA guilty plea from a former executive of an international subsidiary of Willbros Group, Inc., a provider of engineering and other services to the oil and gas industry, who admitted that he arranged for payment of approximately $1.5 million in cash in Nigeria. This payment was part of at least $6 million in corrupt payments promised to Nigerian officials to obtain and retain gas pipeline construction business in Nigeria. The defendant also admitted that he participated in a conspiracy involving the submission of fictitious invoices to fund corrupt payments to Nigerian officials, as well as a conspiracy to pay at least $300,000 to Ecuadoran officials to obtain a gas pipeline rehabilitation project in Ecuador. Three former senior executives of General Re Corporation and a former senior executive of AIG were indicted on conspiracy, securities fraud, and other charges stemming from a scheme to manipulate AIG’s financial statements through, among other things, false statements in reports filed with the SEC. The Fraud Section and the USAO for the Eastern District of Virginia executed an agreement with AIG in which the company accepted responsibility for its actions, resolved its criminal liability, and agreed to pay$25 million in penalties and to cooperate with the continuing criminal investigation After doing a stock check of vehicles, the main Asset I discovered a large discrepancy between the assets values and numbers in the balance sheet and the physical count. Sales invoices were being suppressed to reduce VAT, and money being banked into another company as receipts from insurance claims or elsewhere.Fraud perpetrated through the misuse of corporate resources• Use of the Company’s assets for private use (Tools, rooms, and computers andsoftware)• Rental of facilities Statistics relating to lost productivity due to employee cyber-loafing are well known, but employee misuse of Corporate IT generally, such as sending and receiving personal e-mails and using computer applications for personal purposes, is equally important. 31
  32. 32. The potential for corporate and company liability stemming from employee misuse of Corporate IT and at the very least, adverse publicity, is a serious issue. In one recent example in the Banking sector, one senior executive misused Corporate IT to access web sites relating to services offered in a foreign jurisdiction where such services were legal. The resulting bad publicity was arguably as damaging for the company’s reputation as a direct financial loss such as internal fraud. There are many cases of people installing office software on home PC’s without prior agreement from the Company.http://www.youtube.com/watch?v=WFtcP0wZDUwFraud perpetrated through third party intervention•Increasing vendor invoices through collusion•Billing for services not rendered and collecting the cashFraud perpetrated through false revenue recognitionThese sales frauds may also involve collusion between the salespeople and the customer,or the customer may be another victim. In each of these frauds, however, the ultimatevictim is always the trading entity that employs the manager or the salesperson. Eric Milnes article, "Damned If You Do or Damned If You Dont?" (Credit Management in Australia, December 2005, pages 20-21), provides us with an example of one sales fraud. Erics topic was focused on phoenix operators. However, as an unintended bonus, this article also provides us with an insight on how sales fraud is perpetrated. Erics story shows how credit managers are often encouraged by management and sales managers to open new accounts. However, like Eric, they are not always given all the details of the new trading terms. In Erics situation, the directors of this new business account had operated another business, which was in liquidation, and had left Erics business with a large debt. Subsequently, this new business also went into liquidation and Erics business was left with another debt, to the same directors. In this case, a sales fraud was perpetrated by the national sales manager, and possibly the managing director, against the entity that employed them. They had negotiated a new trading relationship where the complete terms were not openly known to other employees, such as Eric, who had a right to know before the new account was authorized. The motive for their actions was that these managers would have benefited personally from the increased sales from the new account. Eric certainly didnt benefit, but was in fact, penalized by the extra work required to clean up the mess created by others.Fraud perpetrated through the use of acquisitions 32
  33. 33. The theft of assets takes many forms, from employees simply walking away with laptopsand other valuable and moveable assets, to collusion with suppliers to ship “Phantom”goods. The creation of the Fraud Resistant Company® depends heavily on the ability ofthe company to ensure it uses its invested capital for the acquisition of assets that add toshareholder profitability. In this section your will explore:Frauds in Capital Spending – Misrepresenting DCF ModelsLeasing Frauds – The Lease – Buy SyndromeRed Flags of Capital Spending Fraud Collusion with SuppliersManipulation of Depreciation CovenantsThe capitalization of Operating ExpensesAccounting for fictional AssetsSolutionsFixed Asset Management systems as a key defence toolThe Red Flags of Owned-Asset FraudRatio Analysis as a Fraud Detection toolFraud perpetrated through derivatives -reason unknown Kerviel, 31, a junior trader at Frances second biggest bank Société Générale, is in hiding after he cost his employers €4.9bn in the biggest-ever trading fraud by a single person. His staggering scheme of fictitious customer accounts caused five times the damage of rogue trader Nick Leeson who sparked the collapse of Barings bank in 1995. The French bank says family problems and mental fragility led its rogue trader to squander €4.9bn in succession of illegal deals Phil Stockworld (Reporter)Wed Mar172010 JPMorgan, UBS and Deutsche Bank Charged with Derivatives Fraud 33
  34. 34. Courtesy of JESSE’S CAFÉ AMÉRICAIN More like international crime families sending out enticing emails trying to lure and trick the unsuspecting than serious financial institutions. This is banking? Notice that these were operating out of their London units, similar to the AIG derivative scandal that helped to worsen the US financial crisis. The FSA is apparently working hard now to enforce its rules and bring these banks to heel. Contrast that with the SEC in the States which seems reluctant to do anything regarding enforcement, and even when a judge puts them to the task, are able to administer only the mildest of financial chastisement to be passed on to the shareholders. There is speculation that the US government cannot reform these banks because it is deeply involved in financial transactions of a questionable nature with them itself, ranging from enormous individual campaign contributions to market manipulation in various financial instruments in support of government policy which is otherwise failing badly. The opacity of markets and government bodies like the ESF makes this difficult to assess, but the outrageous size of positions amongst some of the banks, together with the occasional slip in the redacted transcripts is the smoke that indicates more heat beneath the surface than we might imagine. The US Treasury Secretary himself is recently implicated in an outrageous accounting fraud perpetrated by Lehman Brothers with the apparent complicit silence of the NY Fed which he was leading at the time. And yet the Congress seems to be able to do little or nothing, it is so controlled by the monied interests. The Senate has the temerity to propose giving Consumer Protection to this very Fed as it is revealed to be complicit in bank fraud of epic proportions, and a track record of fighting and delaying consumer reforms and sensible regulation of OTC derivatives for years. The Republicans are unashamed of their venality, and the Democrats are seemingly leaderless. The banks must be restrained, the financial system reformed, and balance restored to the economy before there can be any sustained recovery.Fraud perpetrated through the absence of proper accounting recordsInternal auditors must train themselves to recognize fraud symptoms and pursue the truth.Fraud is seldom witnessed firsthand. Its a crime that is often shrouded in ambiguity, andits sometimes difficult even to determine whether or not a crime has actually beencommitted. Only the symptoms of fraud, the red flags or indicators, exist to alertmanagement of wrongdoing. Unfortunately, many such fraud symptoms go unnoticed;and, in some cases, signals that are recognized are not vigorously pursued.Internal auditors must learn to recognize employee fraud indicators and discover whetherthe symptoms are the result of actual fraud or if they represent other factors. In situationswhere employee fraud has occurred, internal auditors must be prepared to persist andpursue until a confession or other convincing evidence is obtained.Fraud Indicators 34
  35. 35. Most indications of employee fraud fall into one of six categories: (1) accountinganomalies, (2) internal control symptoms, (3) analytical anomalies, (4) lifestyle symptoms,(5) behavioural symptoms, and (6) tips and complaints.Accounting AnomaliesWhen perpetrators embezzle from their employers, accounting records -- such asdocuments, journal entries, ledgers, or financial statements -- are often altered, forged, ormissing. For example, an employee fraud that involves setting up a dummy companywould involve submission of false invoices from the dummy company to the perpetratorsemployer. The employer would then send other documents, such as cheeks, to thedummy supplier.A fraud that involved an employees overstatement of travel expenses might involvesubmission of some document, perhaps a fictitious hotel bill, to the employer. Theemployer would then give the employee a cheek, another document, for an amount largerthan the employee was entitled to receive.Other employee frauds are concealed through fictitious journal entries. For example, aperpetrator might embezzle cash and attempt to conceal the theft by creating a journalentry increasing an expense. In such a case, there would probably be an invoice from afictitious vendor, or support for the entry would be missing.In some cases, employee frauds are discovered through detective controls in the form ofaccounting exception reports that identify anomalies. For example, banks often usereports that detail large and unusual items and activity, suspected kiting incidents, andstrange activity in employees bank accounts. Common accounting symptoms mightinclude missing documents; stale items on reconciliations; excessive voids or credits;common names or addresses of payees or customers; increased past due accounts;increased reconciling items; alterations on documents; duplicate payments; secondendorsement on checks; document sequences that dont make sense; questionablehandwriting or printing on documents; photocopied documents; unusual items on reports;journal entries without documentary support; unexplained adjustments made toreceivables, payables, revenues, or expenses; journal entries that dont balance; journalentries made by individuals who would not normally make such entries; entries made at ornear the end of accounting periods; ledgers that dont balance; master or control accountbalances that dont equal the sum of the individual customer or vendor balances;significant changes in financial statements; or unusual items on tracking reports.An example of the kinds of accounting symptoms that accompany fraud is provided in thecase study, "The Certificate of Deposit (CD) Fraud." In that case, the following accountingor documentary symptoms were present: 35
  36. 36. 1. Exception reports identified fraudulent transactions that had no apparent businesspurpose, that involved unusually large amounts, and that exhibited unusual, atypical, andotherwise questionable patterns of supervisor overrides. This symptom occurred at least221 times during the fraud.2. Journal vouchers contained only one signature or incorrect information and/or reflectedtransfers between different customers accounts. This symptom occurred at least 22 timesduring the fraud.3. Deposit slips, completed by John, contained missing information, incomplete customernames, or a mismatch between the name of the depositor and the name on the passbookand/or the account name in the banks records. This symptom occurred at least 56 timesduring the fraud.4. Deposits and withdrawals exceeding $1,000 appeared in Johns personal passbookaccount. This symptom occurred at least 90 times during the fraud.5. Withdrawal vouchers completed by John lacked customer names or signatures and/orcontained incomplete or inaccurate information. This symptom occurred at least 35 timesduring the fraud.6. Deposits and withdrawals from the same account were made on the same day or withina short period of time and appeared on exception reports. This symptom occurred at least76 times during the fraud.7. Bank checks reflected transfers between different customers accounts or checks withaltered dates. This symptom occurred at least 11 times during the fraud.8. Withdrawal vouchers and cheeks contained purported customer signatures that, oninspection, were readily distinguishable from the customers signature and were actuallysigned by John. This symptom occurred at least 73 times during the fraud.9. Withdrawal vouchers completed by John showed a different name from the accountname. This symptom occurred at least 54 times during the fraud.Internal Control Symptoms 36
  37. 37. Fraud occurs when pressure, opportunity, and rationalization come together. Most peoplehave pressures. Everyone rationalizes. When internal controls are absent or overridden,everyone also has an opportunity to commit fraud.Internal control is comprised of the control environment, the accounting system, andcontrol procedures. Common control fraud symptoms include a poor control environment,lack of segregation of duties, lack of physical safeguards, lack of independent checks, lackof proper authorizations, lack of proper documents and records, the overriding of existingcontrols, and an inadequate accounting system.Many studies have shown that the most common element of employee frauds is theoverriding of existing internal controls. In "The Proof Operator Fraud" case study, forexample, there were glaring internal control weaknesses, including the following:1. All deposits and transfers of funds were to go through tellers. Yet, proof employeeswere making transfers for bank officers and for themselves directly through proof. Mostpeople in the bank were aware of this practice; but because it was being done at thepresidents request, they didnt think it was wrong.2. All documents were to be accessible to external auditors. Yet Jane kept a lockedcabinet next to her desk, to which only she had the key. A customer whose statement hadbeen altered by Jane complained, but he was told that he would have to wait until Janereturned from vacation because the documentation relating to his account was in Janeslocked cabinet.3. All employees and officers of the bank were required to take an uninterrupted two-weekvacation. At Janes request, management allowed this control to be broken. Based on hermemos, which explained that "proof would get behind if she took a two-week vacation,"Jane was allowed to take her vacation one day at a time. In addition, no one was allowedto perform Janes most sensitive duties while she was away.4. General ledger tickets were supposed to be signed by two people, including oneindividual other than the person who completed the ticket. In order to override this control,Jane had her employees pre-sign ten or 12 general ledger tickets, so she would not haveto "bother" them when they were busy.5. Opening and closing procedures were supposed to be in place to protect the bank, butmany employees had all the keys necessary to enter the bank at will. 37

×