Fraud Risks

  • November 2019
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Fraud Risks as PDF for free.

More details

  • Words: 8,903
  • Pages: 51
Fraud (973) 822822-2220

Overview Objectives of this program

To introduce participants to internal control guidance relating to fraud. Program/Course Level: Overview Program Content: • The CPA’s responsibility regarding fraud 1) General duties CPAs have with regard to fraud 2) Duties imposed by:

i. Sarbanes-Oxley Act ii. SAS 99: the new auditing standard with respect to fraud iii. Private Securities Litigation Reform Act (1995) Advance Preparation: None Type of Delivery: Live and Group-Internet-Based Amount of Recommended CPE Credits: 3 - Auditing

1

1

Fraud: The Issues Fraud: The CPA’s Responsibility Employee Motives for Committing Fraud Employee Fraud Prevention of Financial Statement Fraud

2

Fraud: The Issues Fraud: The CPA’s Responsibility Employee Motives for Committing Fraud Employee Fraud Prevention of Financial Statement Fraud

3

2

Fraud: The Issues I. Fraud: The Issues A. Fraud’s impact must be addressed by all CPAs: 1. Public confidence must be restored 2. CPAs are perfectly positioned to help address the issues of fraud 3. Fraud has destroyed large and small companies

4

Fraud: The Issues 4.

Fraud: The Associated Cost: In the Association of Certified Fraud Examiners release of its second Report to the Nation on Occupational Fraud and Abuse, the following findings were noted: a. Occupational fraud and abuse causes six percent of business revenue to be lost each year. b. Losses have been approximated at $600 billion or $4,500 per employee each year. c. Over half of the frauds resulted in losses of at least $100,000 and about one in six resulted in losses in excess of $1 million.

5

3

Fraud: The Issues d. Fraud scheme typically lasted 18 months. e. The most frequent method for detecting occupational fraud was a tip from a co-worker, customer, vendor, or anonymous source. The second most frequent method of detection was by “dumb luck.” f. The most common “villain” (93%) was a first-time offender. Only seven percent of the “villains” had prior fraud-related convictions. g. Small businesses are the most likely targets. The typical fraud of a small business caused over $125,000 in losses. The typical fraud of the public companies costs nearly $100,000.

6

Fraud: The Issues

B. The ways fraud is committed: Three categories of occupational fraud and abuse: a. Misappropriations of assets b. Fraudulent financial statements c. Corruption Discussed in detail later

7

4

Fraud: The Issues Fraud: The CPA’ CPA’s Responsibility Employee Motives for Committing Fraud Employee Fraud Prevention of Financial Statement Fraud

8

Fraud: The CPA’s Responsibility II. Fraud: The CPA’s Responsibility

A. Introduction The general duties with regard to fraud mandated by the Sarbanes-Oxley act, the new Statement on Auditing Standards (SAS) No. 99, and the Private Securities Litigation Reform Act. B. Management within a company a. Officers and directors: General responsibilities

a. Duty of care: Officers and directors occupy a fiduciary relationship with the corporation. Directors and officers are required to act in good faith and with due care. Legally, they are required to exercise “that degree of care usually expected of a reasonably prudent and diligent person under similar circumstances.”

9

5

Fraud: The CPA’s Responsibility b. Duty of loyalty: Directors and officers must act in the best interest of the corporation and should refrain from selfdealing. Examples: Breach of the Duty of Loyalty: 1. Knowingly and willingly misstating the business results of the company. 2. Approving related party transactions that benefit friends or relatives at the expense of the company. 3. Padding personal expense report. 4. Accepting kickbacks or bribes.

10

Fraud: The CPA’s Responsibility 2.

Sarbanes-Oxley Act Duties a. Officers and Directors: The Chief Executive Officer and Chief Financial Officer of public companies must personally certify annual and quarterly SEC filings (Section 302 of the Act requires) b. Corporate Responsibility for Financial Reports 1) SEC report being filed has been reviewed 2) Report does not contain any untrue statements or omit any material facts necessary to make the statements made not misleading 3) Financial statements fairly present, in all material respects, the financial position, results of operations and cash flows

11

6

Fraud: The CPA’s Responsibility c. Public Company Audit Committees The audit committee is responsible for overseeing the appointment, compensation and work done by the audit firm. Each audit committee member shall be a member of the issuer’s board of directors and shall be independent. The member can only receive compensation from the issuer for his or her position on the board of directors and cannot accept any other compensation from the issuer or be affiliated with the issuer. The SEC can exempt persons from these requirements.

12

Fraud: The CPA’s Responsibility a. The Audit Committee shall establish procedures for: 1) Treatment of complaints received by the issuer regarding accounting, internal accounting controls and auditing matters; and 2) Confidential, anonymous submission by the issuer’s employees concerning questionable accounting procedures. b. Authority and funding Audit committees must be sufficiently funded and have authority to hire independent advisers.

13

7

Fraud: The CPA’s Responsibility d.

Corporate Responsibility (Sarbanes-Oxley Act)

Sec. 301

·

Corporate Responsibility Title 3, Sections 301-308 Adds a new provision to the Securities Exchange Act of 1934 relating to Audit Committee Standards: Makes the Audit Committee responsible for the appointment, compensation and oversight of the work of any registered public accounting form employed by the issuer Requires members of the Audit Committee be on the Board of Directors and otherwise independent Requires Audit Committees to establish procedures for the receipt, retention and treatment of complaints received concerning accounting, internal accounting controls or auditing matters as well as the anonymous submission by employees concerning questionable accounting or auditing matters

14

Fraud: The CPA’s Responsibility

Sec. 302 •

Corporate Responsibility Title 3, Sections 301-308 Requires the CEO and CFO to certify with respect to each annual or quarterly report of the issuer, that: The signing officer has reviewed the report, and The report fairly presents, in all material respects, the operations and financial condition

Sec. 304 •

CEOs and CFOs must reimburse their companies for any bonuses, incentive-based or equity-based compensation, and any profits realized from the sale of securities of the issuer during the one-year period following an accounting restatement due to material non-compliance

15

8

Fraud: The CPA’s Responsibility Corporate Responsibility Title 3, Sections 301-308

Sec. 306

Sec. 307

Prohibits insider trades during pension fund blackout periods when at least 50% of beneficiaries are prohibited from trading. Blackout periods require 30 days’ prior notice. Profits from such insider trades share insure to and be recoverable by the issuer, regardless of any intention on the part of such insider Requires the SEC to issue rules setting minimum standards of professional conduct for attorneys appearing and practicing before the SEC, including: Requiring attorneys to report evidence of a material violation of securities law or breach of fiduciary duty or similar violation by the issuer to the general counsel or CEO of the issuer, If the general counsel or officer does not appropriately respond to the evidence, requiring the attorney to report the evidence to the Audit Committee or to another committee of the Board comprised solely of directors not employed by the issuer, or to the Board of Directors 16

Fraud: The CPA’s Responsibility a.

Corporate Responsibility for Financial Reports Companies filing Forms 10-K and 10-Q reports must have the CEOs, CFOs, or similar person certify in each report that: i. The report is true, does not contain material deficiencies and fairly represents the issuer’s financial position based on the officer’s knowledge; ii. The signing officer is responsible for establishing internal controls, has designed the controls to ensure that material information is made known to the officer, and has evaluated the controls within 90 days of the report;

17

9

Fraud: The CPA’s Responsibility iii. The signing officer has disclosed to the issuer’s auditors and the audit committee all significant deficiencies in internal control design that might adversely affect the issuer’s ability to process financial data and also any fraud (whether or not material) involving management or other employees with a significant role in the issuer’s internal controls; and iv. The signing officer has indicated any significant changes in internal controls that could affect internal controls after the date of the evaluation. The SOA imposes criminal fines of up to $1 million and up to 10 years’ imprisonment for knowingly making a certification that does not comply and fines of up to $5 million and imprisonment of up to 20 years for willfully certifying a report that does not comply.

18

Fraud: The CPA’s Responsibility 2.

Prohibition Against Improper Influence on Audits No director or officer shall fraudulently influence or mislead any independent public auditor for purpose of making the financial statements materially misleading. This rule is enforceable only by the SEC.

3.

Forfeiture of Bonuses and Profits If an issuer must restate financial papers because of misconduct, the CEO and CFO must reimburse the issuer for any bonus or incentive based compensation received and turn over any profit made from the sale of the issuer’s securities during a one year period following the filing. The SEC may exempt officers from this rule.

19

10

Fraud: The CPA’s Responsibility 4. 5.

Officer and Director Bars The SEC may prohibit any person from acting as an officer or director of an issuer if the SEC finds such person unfit to serve. Prohibition Against Insider Trades During Pension Blackout Periods Directors, officers and insiders may not purchase or sell the issuer’s securities during a blackout period if the securities were acquired in connection with their services for the issuer. A blackout period is one where employees were prohibited from trading securities in an issuer sponsored retirement plan. a. Remedies Any profits resulting from violations of this section are recoverable by the issuer. Any shareholder can file suit to recover the profit if the issuer fails to take action against the officer or director.

20

AICPA Code of Professional Conduct (continued) 6.

7.

New section 1513 of Title 18 of the U.S. Code: Creates criminal liability for anyone who knowingly, with the intent to retaliate, takes any harmful action against a person for providing truthful information relating to the commission or possible commission of any federal offense. New section 1514A of Title 18 of the U.S. Code: Creates civil liability for companies that retaliate against whistleblowers. This particular section only applies to employees of publicly traded companies. It makes it unlawful to fire, demote, suspend, threaten, harass, or in any other manner discriminate against an employee for providing information or aiding in an investigation of securities fraud. However, in order to trigger these protections, the employee must report the suspected misconduct to a federal regulatory or law enforcement agency; an member of Congress or a committee of Congress; or a supervisor.

21

11

Fraud: The CPA’s Responsibility 8. Civil and criminal penalties for noncompliance a) It increases the jail term for existing crimes such as mail fraud and wire fraud from five to twenty years. b) It also makes it a crime to destroy documents and requires auditors of public companies to keep work papers for at least five years. c) The Act also authorizes the SEC to freeze questioned assets during an investigation and allows courts to order the disgorgement of any bonuses received by a CEO or CFO resulting from the company having to restate its financial due to misconduct.

22

Fraud: The CPA’s Responsibility e.

Independent Auditor: Sarbanes-Oxley Act Auditors must timely report the following directly to the audit committee: a.

All critical accounting policies and practices used;

b.

Alternative GAAP methods that were discussed with management, the ramifications of the use of those alternative treatments, and the treatment preferred by the auditors; and

c.

Any other material written communications between the auditors and management.

23

12

Polling Question #1 In your opinion, has the initiatives of SOX, Section 404, added value to financial reporting and been financially (cost) worth the effort:

A. B. C. D.

Added Value

Worth the Effort

Yes Yes No No

Yes No Yes No

23a

Fraud: The CPA’s Responsibility f.

Independent Auditor: SAS 99 The certified public accountant has the responsibility “to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud.” 1. Characteristics of Fraud Fraud is a combination of incentives, pressure, opportunity, attitude and rationalization. Auditors must have an understanding of the principle characteristics of fraud. 2. Consider how fraud is committed: The engagement team is required to consider the various ways the client could commit material fraud. The relevant factors are: a. Nature of the business b. Management c. Internal controls d. Ethical values.

24

13

Fraud: The CPA’s Responsibility 3.

Assessing the risk of material fraud requires the following. Auditors must interview management and other appropriate personnel of the company to assess the organization’s risk of material misstatements due to fraud. a.

When performing or planning analytical procedures, consider unusual or unexpected relationships that have been identified

b.

Consider whether fraud risk factors are present.

c.

With respect to fraud risks and countermeasures, make inquiry of the audit committee .

4.

Identify risks that may result in misstatements due to fraud. Assess the significance, likelihood, and pervasiveness of the risk of fraud.

5.

Assess fraud risks of the entity’s programs and controls. The auditor should evaluate programs and controls designed to address fraud risks. Factors such as control mechanisms over management overrides and education, prevention, and deterrence programs for employees should be considered.

25

Fraud: The CPA’s Responsibility 6.

Plan testing based upon the fraud risk assessment. Once the auditor has assessed the risk of material misstatement due to fraud, he or she will determine the nature, extent and timing of the audit procedures.

7.

Assess audit test results. The auditor will evaluate the test results looking for such things as:. a.

Discrepancies in accounting records,

b.

Conflicting missing evidential matter,

c.

Problematic or unusual relationships between the client and the auditor.

8.

Communication with the Audit Committee. The auditor must notify the client, even when the suspected fraud is not material to the financial statements. If the suspected fraud is material, or involves senior management, the auditor must report the incident directly to the audit committee.

9.

Auditor Documentation: Required. The auditor must document the various steps taken in assessing the entity’s risk of material misstatement due to fraud.

26

14

Polling Question #2 In your opinion, what should be the CPA/Auditor’s level of responsibility regarding fraud: A. CPA/Auditor should be responsible for detecting all material fraud B.

CPA/Auditor should be responsible for detecting all fraud

C.

CPA/Auditor should be responsible for designing an audit program that should reasonably detect fraud

D. CPA/Auditor should only be responsible for fraud that comes to his/her attention

26a

Fraud: The CPA’s Responsibility 1.

Understand and Document •

Obtain an understanding of internal control. As part of planning, the auditor is required to perform procedures to understand the design of controls and whether they have been placed in operation. –

A control that has been placed in operation is being used.



The auditor is not required to evaluate the operating effectiveness of controls during planning. The auditor may, however, choose to perform some tests of controls while obtaining an understanding of internal control if it is more efficient to do so. The auditor may obtain some evidence about the operating effectiveness of the controls if procedures performed to obtain an understanding of internal control also provide sufficient evidence to serve as tests of control.



Document this understanding using flowcharts, questionnaires, narratives, and/or decision tables. 27

15

Fraud: The CPA’s Responsibility

2.

Control Risk Assessment (Tests of Controls) Assess control risk and document this assessment. Any assessment of control risk at less than the maximum must be based on evidence provided by tests of controls.

28

Fraud: The CPA’s Responsibility

3.

Perform Tests of Control

Perform additional tests of controls if a further reduction in the assessed level of control risk is desired. Such additional testing is generally performed only if: a. Sufficient evidence is likely to be available, and b. It would be efficient. The auditor evaluates whether the effort required to perform additional tests of controls is justified by the expected reduction in substantive testing.

29

16

Fraud: The CPA’s Responsibility

4.

Assess Results Reassess control risk and document this assessment.

30

Fraud: The CPA’s Responsibility

5.

Substantive Testing

The auditor reviews and modifies (if necessary) the planned level of substantive testing to be performed.

31

17

Fraud: The CPA’s Responsibility INTERNAL CONTROL RISK ASSESSMENT OBTAIN AN UNDERSTANDING OF INTERNAL CONTROL SUFFICIENT TO PLAN THE AUDIT

U

(a) (b) (c)

Design of policies and procedures Placed in operation? Document the understanding

ASSESS CONTROL RISK AT MAXIMUM?

C

No

Consider relevancy and adequacy of controls, and whether testing controls would be efficient.

Less Than Maximum

Yes

Maximum Level

ASSESS CONTROL RISK (a) Use tests of controls to evaluate operating effectiveness (b) Document this assessment

P A

CONSIDER A FURTHER REDUCTION IN THE ASSESSED LEVEL OF CONTROL RISK (a) (b)

No

Can a lower risk level be supported? Cost/benefit from additional tests of controls?

Yes PERFORM ADDITIONAL TESTS OF CONTROLS (a) Reassess control risk (b) Document assessment

S

DESIGN SUBSTANTIVE TESTS

PLAN EXTENSIVE SUBSTANTIVE TESTS DESIGN SUBSTANTIVE TESTS

AT A REDUCED LEVEL

32

Fraud: The CPA’s Responsibility REVIEW: UNDERSTANDING INTERNAL CONTROL AND ASSESSING CONTROL RISK

U

C

1. Understand internal control

1. Understand the operation of the five components of internal control. 2. Understand the design of the relevant internal control policies and procedures. 3. Determine whether the policies and procedures have been placed in operation. 4. Document the understanding of internal control in order to plan the audit.

2. Control risk assessment

1. Consider the types of potential misstatements that could occur in the financial statements. 2. Identify the policies and procedures that are relevant to specific management assertions. 3. Determine the appropriate strategy for auditing each significant assertion.

3. Perform tests of controls*

1. Evaluate the effectiveness of the design and operation of the policies and procedures. 2. Identify any significant deficiencies in internal control. 3. Can a new risk level be supported based upon additional tests of controls?

P

Will evidence be available to support the new risk level? Will the cost of additional tests of controls be more than offset by a reduction in substantive testing?

A

4. Assess results (based on tests of controls)

1. Consider a reduction (or increase) in the assessed level of control risk based on the results of the tests of controls. 2. Document conclusions. Document the basis for the conclusion that the assessed level of control risk is less than the maximum level. Document the conclusion that control risk is assessed at maximum level. (The basis for the conclusion need not be documented.)

S

5. Substantive testing

Determine the nature, extent and timing of substantive tests based on the assessed level of control risk and the resulting acceptable level of detection risk.

33

18

Fraud: The CPA’s Responsibility G.

Independent Auditor: Private Securities Litigation Reform Act: a.

The Private Securities Litigation Reform act (PSLRA), passed in 1995,requires additional responsibilities for independent auditors of public companies. It provides that the audit of the financial statements of a public company must include the following:

a) Procedures designed to provide reasonable assurance of detecting illegal acts that would have a direct and material effect on the determination of financial statement amounts; “Illegal Act” Defined: The term illegal act is defined to mean any act or omission “that violates any law, rule, or regulation having the force of law.”

b) Procedures designed to identify related party transactions that are material to the financial statements or otherwise require disclosure c) An evaluation of whether there is substantial doubt about the ability of the issuer to continue as a going concern during the next fiscal year.

34

Fraud: The CPA’s Responsibility 2.

Auditor steps if an illegal act is detected a) Determining that an illegal act has occurred: 1) Address the possible effect of the illegal act on the financial statements 2) Notify the appropriate level of management immediately, and verify that the audit committee is adequately informed b) Auditor must determine (regarding company management) 1) Has senior management taken “timely and appropriate remedial actions” and 2) Does the failure to take corrective action is “reasonably expected to warrant departure from a standard report of the auditor, or consider resignation from the audit engagement.”

35

19

Polling Question #3 In your opinion, in regards to SOX, Section 404, the CPA/Auditor should: A. Express an audit opinion on internal control B. Express an audit opinion on management’s assertion regarding internal control C. Provide assurance regarding the effectiveness of internal control D. Should only be responsible for assessing internal control in order to perform the audit of the financial statement

35a

Fraud: The Issues Fraud: The CPA’s Responsibility Employee Motives for Committing Fraud Employee Fraud Prevention of Financial Statement Fraud

36

20

Employee Motives for Committing Fraud III. Employee Motives for Committing Fraud A. Fraud: Three required elements: The accepted reason for why “good people” commit fraud is the following: a. Pressures/Incentives b. Opportunity c. Rationalizations/Attitudes

37

Employee Motives for Committing Fraud B.

Pressures/Incentives Pressure is caused by a financial need. The financial problem can be personal (excessive personal debt) or professional (their employment or business is in jeopardy).

Examples of pressures that can lead to fraud: • Inability to pay one’s bills • Requirement of meeting earnings to sustain investor confidence • Drug or gambling addiction • Status symbols (big house, nice car) • Required to meet productivity targets 1.

Financial problems and their root in “status”: All involve some sort of embarrassment, shame, or disgrace. They threaten the violator’s status as a person who is respected by others.

38

21

Employee Motives for Committing Fraud C. Opportunity “Perceived” opportunity creates the means by which the fraud can be committed. The violator not only has to be able to steal assets, they need to be able to do so and believe that they will not be caught or the fraud itself will not be detected.

39

Employee Motives for Committing Fraud D. Rationalizations/Attitudes

The majority of violators are first-time offenders with no criminal past. They do not consider themselves as criminals or thieves. 1. Common rationalizations include the following: a)

They were only borrowing the asset

b) They were entitled to the asset c)

They had to steal to provide for their family

d) They are underpaid/ employer had cheated them e)

Their employer is dishonest to others and deserved it

40

22

Employee Motives for Committing Fraud E. The Fraud Model does not always apply: It does not apply to the “predatory employee” – the violator who takes a job with the sole intent of stealing from the company. Frauds are not isolated events. They typically start as small thefts or misstatement and they eventually increase in size and frequency. As the violator repeats the fraud, it becomes easier to rationalize until not justification is required. F. The Fraud Elements Lesson All three factors must be present for fraud to occur. When one of the three elements is missing, fraud will not usually occur. Status (not greed) is the single most typical motivator for occupational fraud.

41

Employee Motives for Committing Fraud G.The fraud (elements) consideration: 1. The opportunity: The threat of punishment is a non-factor with a violator because they never expect to get caught 2. The rationalization: They do not view their actions as conduct that is or should be punishable 3. The pressures/incentives: The biggest threat to them is that their fraud will be uncovered. Detection will result in shame. Any punishment that follows is only a secondary consideration.

42

23

Employee Motives for Committing Fraud H. Deterrence program elements: An effective deterrence program will directly target the three elements of fraud. To be effective, the company should: 1.

Identify and reduce pressures that might push employees into committing fraud crimes

2.

Identify and reduce perceived opportunities to commit fraud

3.

Educate and communicate in order to dispel rationalizations for committing fraud

43

Fraud: The Issues Fraud: The CPA’s Responsibility Employee Motives for Committing Fraud Employee Fraud Prevention of Financial Statement Fraud

44

24

Employee Fraud

IV. Employee Fraud Key Point

Employee fraud can be listed into three major categories: • Financial statement fraud • Asset misappropriations • Corruption.

45

Employee Fraud A. Financial statement fraud defined:

Financial statement fraud is the deliberate misrepresentation of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements to deceive financial statement users. 1. Typical Method Financial statement fraud will involve: a. b.

2.

Overstating assets, revenues and profits Understating liabilities, expenses and losses.

Atypical method: The overall objective of the misrepresentation may occasionally require the opposite action (e.g., concealing over-budget results in a good year in order to have “cushions” for the next year that is expected to be more competitive).

46

25

Employee Fraud B. The impact of financial statement fraud: Financial statement fraud will have a devastating effect on the reputation and the financial condition of the company and employees. The stock market valuation impact of the financial statement fraud will result in the company’s stock value falling dramatically overnight, losing billions of dollars for shareholders.

47

Employee Fraud C.

The CPA: Impact of Financial Statement Fraud Consequences include: 1. 2. 3. 4. 5. 6. 7. 8. 9.

The shame of being escorted into court by police, in view of family and friends Sentenced to prison A felony conviction Newspaper and television coverage seen by friends, family and neighbors Loss of personal income Loss of CPA license Large legal fees Expulsion from the AICPA and state societies of CPAs Social outcast

48

26

Employee Fraud D.

E.

The Financial Statement Fraud Culprits There are three main groups who commit financial statement fraud. 1. Organized criminals 2. Mid- and lower-level employees 3. Senior management Motive for Committing Financial Statement Fraud 1. Desire to conceal business results. 2. Attempt to maintain their status/control. 3. Sustain income/wealth from company sources (salary, bonus, stock, and stock options)

49

Employee Fraud 4.

Meet or exceed the expectations of stock market analysts regarding earnings or revenue growth

5.

Loan covenants compliance

6.

Increase opportunity for asset-based loans

7.

Criteria for granting/extending loans required by lender

8.

Criteria set by the parent company

9.

Employee performance criteria

10. Merit performance-related compensation 11. In anticipation of a merger, acquisition or sale of personal stockholding, improve the stock price

50

27

Employee Fraud 12. Demonstrate growth to support a planned stock or bond offering or sale of the business 13. Shift “surplus” earnings to the next year when current period budgets have been achieved and there is no incentive for additional performance, managers may direct additional earnings into the next year to ensure they meet new goals 14. Take all write-offs in one “big slam” thus future earnings should be consistently higher 15. Reduce market expectations, so future growth will be rewarded 16. Avoid volatile results, maintain consistency 17. Reduce the value of a small/family company during a divorce 18. If management is planning a buyout, reduce the value of a corporate unit

51

Employee Fraud F. Methods of Financial Statement Fraud

The three methods of fraudulent financial statements are: 1. Accounting system: Tricks The violator uses the accounting system to generate the results they want. For example: a. Manipulate the calculation of: (1) Depreciation (2) Bad debt expense (3) Obsolete inventory b. Vendor invoices can be recorded at the wrong time (typically, later) to avoid recognizing the expense and liability c. Sales might be recorded prematurely to accelerate income d. Transactions in the accounting system are real, however, the dollar amounts are intentionally incorrect 52

28

Employee Fraud 2. Accounting system: Lies The violator submits false and fictitious data and transactions into the accounting system to manipulate results in a manner greater than can be achieved by simply “tricking” the accounting system. Examples are: a. Fictitious sales may be recorded to real or fake customers b. Inventory and receivables amounts may be created, with documents later being forged to support the “lies” c. Journal entries might be hidden or miscoded in an attempt to conceal the fraud d. Transactions can be concealed through use of intercompany accounts e. Transactions in the system have no basis in fact or are improperly recorded

Key Point No documentary trail to support certain transactions or balances will be located unless the violator prepares forged or altered documents to help support this fraud. 53

Employee Fraud 3. Accounting system: Beyond the system The violator produces whatever financial statements they desire by using a personal computer. Key Point To catch this type of fraud, trace the financial statements back to the trial balance and related general ledger from the accounting system. There should be no documentary trail to support transactions or balances reported in the financial statements unless the fraudsters prepare forged or altered documents to help support this fraud.

54

29

Employee Fraud G.Financial Statement Fraud: Statistics

According to the 1999 COSO study of approximately 200 financial statement frauds from 1987 to 1997, the most common fraud schemes were as follows: 1.

2.

3. 4.

Revenue Fraud a. 50% involved manipulation of revenue recognition b. 26% involved fictitious revenues c. 24% involved premature revenue recognition Asset Fraud a. 50% involved overstatement of assets b. 37% involved overstatement of existing assets c. 12% involved fictitious or unowned assets d. 6% involved improperly capitalized costs Liability and Expense Fraud a. 18% involved understatement of liabilities/expenses Disclosure Fraud a. 8% involved inappropriate disclosure

55

Polling Question #4 In your opinion, by whom should the audit of “management’s assessment of internal control” be performed: A. The same firm that performs the audit of the financial statements B. A different firm then the one that performs the audit of the financial statements C. The company should be able to select any CPA firm they want

55a

30

Employee Fraud H. Financial Statement Fraud: Methods The five types of financial statement fraud are: • • • • • 1.

Fictitious Revenues Timing Differences Improper Asset Valuations Concealed Liabilities and Expenses Improper Disclosures

Fictitious Revenues Fictitious sales typically involve fake or non-existent customers, however it could involve actual customers.

56

Employee Fraud

Key Point In December 1999, the Securities and Exchange Commission issued Staff Accounting Bulletin No. 101, Revenue Recognition in Financial Statements (SAB 101) which gives additional guidance on revenue recognition and to cease some inappropriate practices that had been noted. SAB 101 indicates that revenue generally is realized or realizable and earned when all of the following criteria are met: Persuasive evidence of an arrangement exists; Delivery has occurred or services have been rendered; The seller’s price to the buyer is fixed or determinable; and Collectibility is reasonably assured.

57

31

Employee Fraud a. Indirect Methods: Fictitious Sales These methods do not attempt to overstate gross sales, instead, they understand those accounts which reduce gross sales to arrive at net sales. For example, by understating discounts, returns and allowances, it will artificially overstate net sales. There are two basic methods: •

Failure to record mark down discounts on merchandise when the sale is made



Failure to record returns as a reduction from gross sales

58

Employee Fraud b. Warning Signs, indicating the possibility of fictitious revenues • Excessive growth or unusually high profitability, when compared to other companies in the same industry • Repeatedly reporting negative cash flows from operations while reporting earnings and earnings growth. • Large transactions with related parties or special purpose entities not in the ordinary course of business • Significant, unusual, or highly complex transactions, typically those close to period end that pose difficult “substance over form” issues • Unusual increase in the number of days sales in receivables • A large volume of sales to companies whose ownership is not known

59

32

Employee Fraud 2. Timing Differences Financial statement fraud often involves timing differences, such as, the recording of revenue and/or expenses in improper periods. This is done to move revenues or expenses from one period and the next, thereby increasing or decreasing earnings. a. Premature Revenue recognition Revenue should be recognized when the four criteria set out in Staff Accounting Bulletin No. 101 have been satisfied: • Persuasive evidence of an arrangement exists; • Delivery has occurred or services have been rendered; • The seller’s price to the buyer is fixed or determinable; and • Collectibility is reasonably assured 60

Employee Fraud 1.

Persuasive evidence of an arrangement must exist: a. The documentation for the arrangement must contain all the final terms and conditions between the parties and conform to customary business practices. 1) Incorporation by reference of other signed agreements is acceptable 2) Signed general purpose agreement followed by complying purchase orders is acceptable 3) Bifurcation of one contract into two contracts – presents issues 4) All terms and conditions of the arrangement must be finalized b. All the documentation must be signed by both parties prior to any revenue recognition a) Without the customer’s signature – the agreement is not an enforceable claim on the customer, even if the software has been delivered b) Without seller’s signature – the agreement is only an offer by seller to license and/or sell the product or service c. Risks and rewards of ownership pass d. No right of return e. Not a consignment, demonstration, etc.

61

33

Employee Fraud 2. Delivery has occurred or services have been rendered: a.

b.

Physical delivery occurs upon the transfer of a disk or tape containing the software, accompanied by documentation, to customer – not to an intermediary site or a fulfillment house 1)

“F.O.B. Shipping Point” or “F.O.B. Destination” – needs to be specific in the contract

2)

Example – software shipped on September 30 – F.O.B. Destination

3)

Does the customer have software testing and acceptance rights?

Electronic Delivery occurs when the customer takes possession of the software via a download or is provided with access to the software via a code (“key”) 1)

Examples: Software buyouts: network-wide base generic software pools; list of GA features

62

Employee Fraud c.

d.

e.

Multiple copies of the same software: an obligation to delivery additional software copies, physically or electronically, does not impact revenue recognition. Software duplication is considered incidental to meeting the delivery criteria 1) Revenue can be recognized upon physical or electronic delivery of the first copy 2) Should accrue the cost of duplicating the software Multiple licenses of the same software: the price in the contract is on a per-license basis and the value of the contract is a function of the number of licenses purchased by the customer 1) Revenue is recognized when each separately-licensed software copy is delivered If there is an undelivered element (hardware or software) that is essential to the functionality of the delivered software element, delivery has not occurred for purposes of revenue recognition.

63

34

Employee Fraud f.

g.

h.

Terms and conditions presumed substantive

1)

Acceptance

2)

Installation or other services

Substantial completion

1)

Only inconsequential or perfunctory actions

2)

Failure to complete would not result in a refund or rejection of delivered products/services

3)

No undelivered elements essential to functionality

Multiple element arrangement (MEA): a contract to provide more than one software product (the “element”), software product and services, or software product with customer support (PCS)

1)

Software arrangements with one element



Recognize revenue when all the revenue recognition criteria discussed previously have been met

2)

Software arrangements with multiple elements



Must allocate the contract price to each element based on vendorspecific objective evidence (VSOE) of fair value Recognize the allocated revenue when all the revenue recognition criteria have been met, on an element-by-element basis



64

Employee Fraud i.

Allocation of contract price to multiple elements

1) Vendor-specific objective evidence (VSOE) is limited to either of: • The price charged when the element is sold separately to other customers – must be supportable by invoices and auditable • If the software is not yet sold separately, VSOE is the price established by management having the requisite authority 2) Separately stated prices in the contract does not meet the VSOE requirement 3) List prices do not meet the VSOE requirement

65

35

Employee Fraud j. Vendor-specific objective evidence of fair value

1)

If VSOE does exist for all the elements, or



All the elements are delivered (exceptions are PCS and unspecified additional software products),



VSOE does exist for all the undelivered elements (SOP 98-9: Residential Method)

2)

VSOE criteria was intentionally made very narrow, past “front-loading” abuses within the software industry



Future deliverables cause valuation issues



Invoice price (that will not change)

66

Employee Fraud 3. The seller’s price to the buyer is fixed or determinable: a. Price is stated, not subject to change, and payable in accordance with normal terms. b. Any extended payment terms in a software arrangement may indicate that the price is not fixed or determinable 1) Normal payment terms are net 30 days 2) Need to determine the reason – does that reason jeopardize revenue recognition? c. If payment extends for more than twelve months after delivery, the entire price should be presumed not to be fixed or determinable d. If payments are a function of the number of units copies or the expected number of users, the price is not fixed or determinable at the outset of the arrangement e. Rationale: the longer the payment terms the greater the risk of price concessions due to the technological obsolescence of the delivered software or the introduction of new and improved software f. Revenue Recognition: if it is determined that the contract price is not fixed or determinable, revenue is recognized as non-refundable, contractual payments become due

67

36

Employee Fraud 4. Collectibility is not reasonably assured:

a. Customer financing arrangements need to be reviewed closely 1) Credit issue or competitive issue b. A past practice of providing concessions to the customer is difficult to overcome 1) History of concessions (to possibly encourage payment) 2) Concession is defined broadly c. Customer acceptance clauses need to be evaluated in detail 1) Linking payment terms to acceptance may crate uncertainty about collectibility upon delivery of the software d. Returns must be reasonably estimable e. Collection is contingent upon some future events, e.g., resale of the product, receipt of additional funding, or litigation f. The customer does not have the ability to pay, e.g., it is financially troubled, it has purchased far more than it can afford, or it is a shell company with minimal assets

68

Employee Fraud 2. Timing Differences (continued)

b. Long-term Contracts Managers can “play with” the percentage of completion and the estimated costs to complete a construction project, hence, the company will recognize revenues prematurely and cover-up contract cost overruns. c. Channel Stuffing/Trade Loading The sale of an unusually large volume of a product to customers who are encouraged to over purchase through the use of large discounts or extended financing terms.

69

37

Employee Fraud Key Point The negative consequence is that by “robbing” from the next period’s sales, it is more difficult to achieve sales goals in the following period, this leads to increasingly aggressive levels of channel stuffing and ultimately a restatement. Issues include: Unrecorded side agreements that grant a right of return, effectively making the sales into consignment sales Greater risk of returns for certain products if they cannot be sold before their shelf life expires. d. Postponing the proper recording of expenses The timely recording of expenses is often violated due to excessive pressures to meet goals and budget projections

70

Employee Fraud e. Warning Signs of Possible Timing Difference Fraud • Excessive growth or unusual high profitability, when compared to other companies in the same industry • Repeated reporting negative cash flows from operations while reporting earnings • Significant, unusual, or highly complex transaction, especially near the end of the period end that pose difficult “substance over form” questions • Unusual spike in gross margin or margin in excess of industry standards • Unusual increase in the number of days sales in receivables • Unusual decrease in the number of days purchases in accounts payable

71

38

Polling Question #5 Have you (and/or the business you worked for) ever been involved in an issue regarding revenue recognition? A. B. C. D.

Yes – multiple times. Yes – once or twice. No – not that I am aware of. Don’t know

71a

Employee Fraud 3. Failure to properly value assets Applying the “lower of cost or market value” rule, where an asset’s cost exceeds its current market value (example: obsolete technology), it must be written down to lower market value. Key Point It is often necessary to use estimates in accounting. For example, estimates are used in determining the residual value and the useful life of a depreciable asset, the uncollectible portion of accounts receivable or the excess or obsolete portion of inventory. Whenever estimates are used, there is an additional opportunity for fraud by manipulating those estimates.

72

39

Employee Fraud 3.

Improper Asset Valuation (continued) a.



Inventory Valuation Inventory must be valued at cost except when the cost is higher than the current market value, inventory should be written down to its current value which is lower. Method of Manipulation

a. b. c. d. e. f. g. h. i. j.

Physical inventory counts can be manipulated Unit costs used to price out inventory can be manipulated Failure to reduce inventory for costs of goods sold Programmed fraudulent computer reports that incorrectly added up values A co-conspirator represents they are to be holding inventory for the company “Bill and hold” items that have been recorded as sales are included in the physical inventory count Goods held by the company on consignment Pallets of inventory with empty centers Moving inventory overnight between locations being observed by auditors Insert phony count sheets or changing quantities on the sheets during the inventory 73

Employee Fraud 3. Improper Asset Valuation (continued) b. Accounts Receivable The two most common fraud methods involving accounts receivable are fictitious receivables and failure to write off accounts receivable as bad debts. 1) Fictitious Accounts Receivable The entry for a fictitious accounts receivable is to debit accounts receivable credit sale. These schemes occur most often at the end of the accounting period, because accounts receivable should be paid in cash within a reasonable time after period end. DR: Accounts Rec. CR: Sales

$XXX $XXX

74

40

Employee Fraud •

Auditor Issue: Confirmation Fictitious accounts receivable will attempt to conceal by providing false confirmation of balances to auditors. The mailing address provided for the fake customers is either a mailbox under violators control, a home address, or the business address of a coconspirator. Such fraud schemes can be detected by reviewing business credit reports, public records, or even the telephone book, to identify significant customers.



Understating the “Allowance for Doubtful accounts” Companies in need of more profits and income will omit the recognition of such losses because of the negative impact on the income statement.

75

Employee Fraud c.

d.

Business Consolidations Violators may attempt to misappropriate the purchase price. Violators may create excessive reserves for various expenses at the time of acquisition, planning to utilize those “cookie jars” into earnings at a future date. Fixed Assets Fixed assets can be fictitiously created by a variety of schemes. They are subject to misstatement through many different fraudulent methods: 1) Recording Fictitious Assets The false reporting of assets affects the asset balance on a business balance sheet. The most common fictitious asset schemes are: • Fictitious documents being created • Equipment is leased, not owned, and the asset is capitalized 2) Fixed Asset Valuation Issues Fixed assets should be reported at cost (NBV). Financial statement frauds have involved the recording of fixed assets at the higher market values instead of the lower acquisition costs, or at even higher inflated values with fake valuations to documentation.

76

41

Employee Fraud 3)

Fixed Asset Understatement (to secure capital expenditure approval) Funding may be based on asset amounts. An understatement can be done directly or through improper depreciation.

4)

Capitalization Policy Violations Interest and finance charges incurred in the purchase should be excluded from the cost of a purchased asset.

5)

Misclassifying Assets Due to budget requirement, and many other reasons, assets are misclassified into general ledger accounts which are improper. The manipulation affects financial ratios and conceals non-compliance with loan covenants or other borrowing requirements.

77

Employee Fraud 6)

Warning Signs of Possible Fixed Asset Fraud: Recurring negative cash flows from operations while reporting earnings and earnings growth Significant declines in customer demand and increasing business failures in either the industry or overall economy Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate Nonfinancial management’s excessive participation in or preoccupation with the selection of accounting principles or the determination of significant estimates

78

42

Employee Fraud Unusual spike in gross margin or margin in excess of industry standards Unusual increase in the number of days sales in receivables Unusual increase in the number of days purchased in inventory Allowances for bad debts, excess and obsolete inventory, that are decreasing in percentage terms or are out of line with industry standards Unusual change in the ratios between fixed assets and depreciation Adding to assets while the industry is reducing capital expenditures

79

Employee Fraud 4. Understating Liabilities and Expenses Pre-tax income will increase when an expense or liability not recorded. This is less difficult to commit than falsifying sales transactions. Missing transactions are harder for auditors to detect than improperly recorded ones because there is no audit trail.

Key Point There are three common schemes for understating liabilities and expenses: A. Liability/Expense Omissions B. Capitalized Expenses C. Failure to Disclose Warranty Costs and Liabilities.

80

43

Employee Fraud a. Liability/Expense Omissions Under this method of understating liabilities/expenses the violator fails to record them. Debit memos can be created for chargebacks to vendors, for claim permitted rebates or allowances or simply to create additional income.

Key Point Wrong-doers often plan to make up for their omitted liabilities with expectations of other income sources such as profits from future price increases. Because they are easy to conceal, understated liabilities are often the most difficult to uncover. A detailed review of all post-financialstatement-date transactions can aid in the discovery of omitted liabilities. Further, the auditor should carefully review the client’s files, a physical search may uncover concealed invoices and unposted liabilities.

81

Employee Fraud V O U C H Testing for Existence Testing for Support

ouch

Financial Statements Trial Balance General Ledger Subsidiary Ledger Books of Original Entry Source of Documents Execution of Event Transaction Approved

race T R A C E Testing for Completeness Testing for Coverage 82

44

Employee Fraud b. Capitalized Expenses Capitalizing expenses will result in an increase to income and assets since capitalized items are depreciated over a period of years rather than expensed in the current period.

83

Employee Fraud 1) Capital expenditures may be expensed The privately owned business may want to minimize its net income due to tax issues, or to increase earnings in future periods. c. Returns and Allowances and Warranties A certain percentage of products sold will, be returned. In warranty liability fraud, the liability is either omitted or substantially understated. d. Warning Signs of Possible Liability & Expense Fraud

1) Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth 2) Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate

84

45

Employee Fraud 3. Nonfinancial management’s excessive participation in or preoccupation with the selection of accounting principles or the determination of significant estimates 4. Unusual spike in gross margin or margin in excess of industry standards 5. Allowances for sales returns, warranty claims that are decreasing in percentage terms or are out of line with industry standards 6. Unusual decrease in the number of days purchases in accounts payable 7. Reducing accounts payable reduction while the industry is delaying payments to vendors

85

Employee Fraud 5. Improper Disclosures Improper disclosures associated with financial statement fraud will typically involve the following: Liability Omissions, Subsequent Events, Management Fraud, Related-Party Transactions, and Accounting Changes.

a. Liability Omissions Omissions include the failure to disclose loan covenants or contingent liabilities. These agreements usually contain various types of covenants including certain financial ratio limits and restrictions. b. Subsequent Events Violators ill fail to disclose court judgments and regulatory decisions that adversely effect the reported values of assets, that indicate unrecorded liabilities, or that negatively reflect upon management. c. Management Fraud Management has the responsibility to disclose to the shareholders significant fraud committed by officers, executives, and others in positions of trust. Failure to disclose such information from auditors would involve lying to auditors, an illegal act in itself. d. Related-Party Transactions There is nothing inherently wrong with related-party transactions, however they must be fully disclosed.

86

46

Employee Fraud e.

f.

Accounting Changes Violators will fail to restate financial statements or disclose the cumulative effect of a change in accounting principle made, simply to improve earnings. They will fail to disclose significant changes in estimates such as: 1) Depreciable assets’ useful lives and estimated salvage values 2) Estimates of warranty 3) Change the reporting entity. Warning Signs of Possible Disclosure Fraud 1) Domination of management by a single person or small group (in a nonowner-managed business) without compensating controls 2) Ineffective board of directors or audit committee oversight over the financial reporting process and internal control 3) Ineffective communication, implementation, support, or enforcement of the entity’s values or ethical standards by management or the communication of inappropriate values or ethical standards 4) Rapid growth or unusual profitability, especially compared to that of other companies in the same industry 5) Significant, unusual, or highly complex transactions, especially those close to period end that pose difficult “substance over form” questions

87

Employee Fraud 6) 7) 8) 9)

10) 11)

Significant related-party transactions not in the ordinary course of business or with related entities not audited or audited by another firm Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions for which there appears to be no clear business justification Overtly complex organizational structure involving unusual legal entities or managerial lines of authority Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or board members alleging fraud or violations of laws and regulations Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality Formal or informal restrictions on the auditor that inappropriately limit access to people or information or the ability to communicate effectively with the board of directors or audit committee

88

47

Fraud: The Issues Fraud: The CPA’s Responsibility Employee Motives for Committing Fraud Employee Fraud Prevention of Financial Statement Fraud

89

Prevention of Financial Statement Fraud

V.Preventing Financial Statement Fraud

The 1999 COSO study indicated that either the CEO or the CFO was involved in 83% of the financial statement frauds studied. Individuals with high level management positions can use their authority to override most internal controls, so those controls can be of limited value in preventing financial statement fraud. A CPA’s approach to reducing financial statement fraud is: i. Reduce pressures ii. Reduce the opportunity iii. Reduce rationalization

90

48

Polling Question #6 In your opinion, should SOX have adopted the COSO-Internal Control/Integrated Framework: A. B. C. D.

Yes, this framework is the “best practices” standard Yes, however, there should be modifications made No, this standard is too high No, there are better standards internationally that should be considered

90a

Prevention of Financial Statement Fraud A. Reduce pressures 1. Directors and officers should “set the tone” 2.

Avoid setting unreasonable financial targets

3.

Avoid applying excessive pressure on employees to achieve goals

4.

Adjust goals when market conditions change

5.

Establish fair compensation systems

6.

Discourage excessive external expectations of future corporate performance

7.

Remove operational obstacles blocking effective performance

91

49

Prevention of Financial Statement Fraud B. Reduce the opportunity 1. Maintain strong internal controls 2. Monitor the business transactions and interpersonal relationships of suppliers, buyers, purchasing agents, sales representatives, and others 3. Establish a physical security system to secure company assets, 4. Maintain segregation of duties 5. 6. 7.

Human resources should have accurate personnel records including background checks on new employees Establish strong supervision within groups to enforce accounting procedures Establish clear and uniform accounting procedures with no exception clauses

92

Prevention of Financial Statement Fraud C. Reduce rationalization 1. Promote good values and integrity within the organization 2. Clearly define prohibited behavior with respect to accounting and financial statement fraud 3. Provide regular training to all employees 4. Establish confidential reporting systems to communicate problems 5. Senior executives must communicate to employees that integrity is a priority 6. 7.

Management practices and sets an example by promoting honesty in the accounting area The consequences of violating the rules and the punishment of violators should be communicated clearly

93

50

Polling Question: •

Which is your preference? A. Questions. B. Comments. C. Just give me my CPE Certificate!

94

51

Related Documents

Fraud Risks
November 2019 5
Risks
December 2019 24
Fraud
December 2019 51
Trademarks Risks
June 2020 1
Trademarks Risks
June 2020 8
Risks Everyday.docx
June 2020 0