5Ed CCH Forensic Investigative Accounting Ch04

Forensic and Investigative AccountingForensic and Investigative Accounting

© 2011 CCH. All Rights © 2011 CCH. All Rights Reserved.Reserved.

4025 W. Peterson Ave.4025 W. Peterson Ave.

Chicago, IL 60646-6085Chicago, IL 60646-6085

1 800 248 32481 800 248 3248

www.CCHGroup.comwww.CCHGroup.com

Chapter 4

Detecting Fraud in Financial Reporting

Chapter 4 Forensic and Investigative Accounting 2

Court-Appointed TrusteeCourt-Appointed TrusteeForensic accountants are being used by the court – appointed trustees (Irving Picard Forensic accountants are being used by the court – appointed trustees (Irving Picard and Securities Investor Protection Corporation) to reconstruct the books of Bernard L. and Securities Investor Protection Corporation) to reconstruct the books of Bernard L. Madoff Investment Securities (BLMIS). According to Picard, there were paper records, Madoff Investment Securities (BLMIS). According to Picard, there were paper records, microfilm, and microfiche. But there was nothing that was electronic.microfilm, and microfiche. But there was nothing that was electronic. Every customer statement was fiction, so the first task is to reconstruct the books and Every customer statement was fiction, so the first task is to reconstruct the books and records of BLMIS. One of the early projects was to digitize the records so they are records of BLMIS. One of the early projects was to digitize the records so they are easier to compare, including customer statements, incoming letters, faxes, and bank easier to compare, including customer statements, incoming letters, faxes, and bank records. The forensic accountant will use records from third parties and customers. records. The forensic accountant will use records from third parties and customers. Every customer account must be reconstructed from the ground up.Every customer account must be reconstructed from the ground up. Stephen Harbeck, President of Securities Investor Protection Corporation, stated that Stephen Harbeck, President of Securities Investor Protection Corporation, stated that the forensic accountants “are working as quickly as possible to catalog all the far-the forensic accountants “are working as quickly as possible to catalog all the far-reaching aspects of the Madoff scheme and to recover money for investors to the extent reaching aspects of the Madoff scheme and to recover money for investors to the extent possible by law.” The cost of the Ponzi scheme may be as high as $65 billion.possible by law.” The cost of the Ponzi scheme may be as high as $65 billion.

Source: WebCPA staff, Forensic Accountants Reconstruct Madoff Books, May 15, 2009.http://www.webcpa.com/news/Forensic-Accountants-Reconstruct-Madoff-Books-50484-1.html


PCAOB Guidance: Smaller Public CompaniesPCAOB Guidance: Smaller Public Companies1.1. Scaling the Audit for Smaller, Less Complex Companies.Scaling the Audit for Smaller, Less Complex Companies.2.2. Evaluating Entity-Level Controls.Evaluating Entity-Level Controls.3.3. Assessing the Risk of Management Override and Assessing the Risk of Management Override and

Evaluating Mitigating Actions.Evaluating Mitigating Actions.4.4. Evaluating Segregation of Duties and Alternative Evaluating Segregation of Duties and Alternative

Controls.Controls.5.5. Auditing Information Technology Controls in a Less Auditing Information Technology Controls in a Less

Complex IT Environment.Complex IT Environment.6.6. Considering Financial Reporting Competencies and Their Considering Financial Reporting Competencies and Their

Effect on Internal Control.Effect on Internal Control.7.7. Obtaining Sufficient Competent Evidence When the Obtaining Sufficient Competent Evidence When the

Company Has Less Formal Documentation.Company Has Less Formal Documentation.8.8. Auditing Smaller, Less Complex Companies with Auditing Smaller, Less Complex Companies with

Pervasive Control Deficiencies.Pervasive Control Deficiencies.


Entity-Level ControlsEntity-Level Controls

Controls related to the control environment. Controls related to the control environment. Controls over management override; the company's risk Controls over management override; the company's risk

assessment process.assessment process. Centralized processing and controls, including shared service Centralized processing and controls, including shared service

environments.environments. Controls to monitor results of operations.Controls to monitor results of operations. Controls to monitor other controls, including activities of the audit Controls to monitor other controls, including activities of the audit

committee and self-assessment programs.committee and self-assessment programs. Controls over the period-end financial reporting process.Controls over the period-end financial reporting process. Policies that address significant business control and risk Policies that address significant business control and risk

management practices.management practices.

Source: PCAOB, October 17, 2007, pp. 12.


Definition of FraudDefinition of Fraud

Four major legal elements of fraud would be:Four major legal elements of fraud would be: A false representation or willful omission A false representation or willful omission

regarding a material fact.regarding a material fact. The fraudster knew the representation was The fraudster knew the representation was

false.false. The target relied on this misappropriation.The target relied on this misappropriation. The victim suffered damages or incurred a The victim suffered damages or incurred a

loss.loss.


Audit ProceduresAudit Procedures

Audit evidence is gathered in two fieldwork Audit evidence is gathered in two fieldwork stages:stages:

1.1. Internal control testing phase.Internal control testing phase.

2.2. Account balance testing phase.Account balance testing phase.


DefinitionsDefinitions

MaterialityMateriality is the measure of whether is the measure of whether something is significant enough to change an something is significant enough to change an investor’s investment decision.investor’s investment decision.

Control riskControl risk is risk that a material error in the is risk that a material error in the balance or transaction class will not be balance or transaction class will not be prevented or detected.prevented or detected.


DefinitionsDefinitions

Inherent riskInherent risk is risk that an account or is risk that an account or transactions contain material misstatements transactions contain material misstatements before the effects of the controls.before the effects of the controls.

Detection riskDetection risk is risk that audit procedures is risk that audit procedures will not turn up material error when it will not turn up material error when it exists.exists.


External Auditors and Fraud DetectionExternal Auditors and Fraud Detection

Although auditors have previously had the Although auditors have previously had the responsibility to detect material misstatement responsibility to detect material misstatement caused by fraud, SAS No. 82 details more caused by fraud, SAS No. 82 details more precisely what is required to fulfill those precisely what is required to fulfill those responsibilities. responsibilities.

(continued on next slide)(continued on next slide)


External Auditors and Fraud DetectionExternal Auditors and Fraud Detection

Now, auditors must specifically assess and Now, auditors must specifically assess and respond to the risk of material misstatement respond to the risk of material misstatement due to fraud and must assess that risk from the due to fraud and must assess that risk from the perspective of the broad categories in the perspective of the broad categories in the SAS. External auditors have to satisfy new SAS. External auditors have to satisfy new documentation and communication documentation and communication requirements. SAS No. 82 superseded by SAS requirements. SAS No. 82 superseded by SAS No. 99.No. 99.


Fraudulent financial reporting may occur by the Fraudulent financial reporting may occur by the following:following: Manipulation, falsification, or alteration of Manipulation, falsification, or alteration of

accounting records, or supporting documents from accounting records, or supporting documents from which financial statements are prepared.which financial statements are prepared.

Misrepresentation in or intentional omission from the Misrepresentation in or intentional omission from the financial statements of events, transactions, or other financial statements of events, transactions, or other significant information.significant information.

Intentional misapplication of accounting principles Intentional misapplication of accounting principles relating to amounts, classification, manner of relating to amounts, classification, manner of presentation, or disclosure.presentation, or disclosure.

Source: SAS No. 99, “Consideration of Fraud in a Financial Statement Audit,” New York: Source: SAS No. 99, “Consideration of Fraud in a Financial Statement Audit,” New York: AICPAAICPA


SAS No. 99 Ways to Overcome the Risk of SAS No. 99 Ways to Overcome the Risk of Management Override of ControlsManagement Override of Controls

ExaminingExamining journal entries and other journal entries and other adjustments.adjustments.

ReviewingReviewing accounting estimates for bias, accounting estimates for bias, including a retrospective review of significant including a retrospective review of significant management estimates.management estimates.

EvaluatingEvaluating the business rationale for significant the business rationale for significant unusual transactions.unusual transactions.


How Management Overrides Controls How Management Overrides Controls (SAS No. 99)(SAS No. 99)

Recording Recording fictitiousfictitious journal entries journal entries (especially near end of quarter or year).(especially near end of quarter or year).

Intentionally Intentionally biasingbiasing assumptions and assumptions and judgments used to estimate accounts (e.g., judgments used to estimate accounts (e.g., pension plan assumptions or bad debt pension plan assumptions or bad debt allowances).allowances).

AlteringAltering records and terms related to records and terms related to important and unusual transactions.important and unusual transactions.


Think Like A CrookThink Like A Crook Know your enemy as you know yourself, and you can fight a Know your enemy as you know yourself, and you can fight a

hundred battles with no danger of defeat.” Chinese Proverb.hundred battles with no danger of defeat.” Chinese Proverb. Military leaders study past battles.Military leaders study past battles. Football and basketball teams study game films of their Football and basketball teams study game films of their

opponents.opponents. Chess players try to anticipate the moves of their opponent.Chess players try to anticipate the moves of their opponent.

Examples: If contracts above Examples: If contracts above $40,000$40,000 are normally audited each are normally audited each year, check the contracts between year, check the contracts between $30,000-$40,000$30,000-$40,000..

FAs must learn the tricks of the trade as well as the trade. FAs must learn the tricks of the trade as well as the trade.


SAS No. 99 RecommendationsSAS No. 99 Recommendations

BrainstormingBrainstorming Increased emphasis on professional Increased emphasis on professional

skepticism.skepticism. Discussions with management.Discussions with management. Unpredictable audit tests.Unpredictable audit tests. Responding to management override of Responding to management override of

controls.controls.


SAS No. 99: SkepticismSAS No. 99: Skepticism

An auditor is instructed to conduct an audit An auditor is instructed to conduct an audit “with a questioning mind that recognizes “with a questioning mind that recognizes the possibility that a material misstatement the possibility that a material misstatement due to fraud could be present, regardless of due to fraud could be present, regardless of any past experience with the entity and any past experience with the entity and regardless of the auditor’s belief about regardless of the auditor’s belief about management’s honesty and integrity.”management’s honesty and integrity.”

FA’s motto should be “Trust no one; FA’s motto should be “Trust no one; question everything; verify.”question everything; verify.”


Public Company Accounting Public Company Accounting Oversight Board (PCAOB)Oversight Board (PCAOB)

The Sarbanes-Oxley Act of 2002 created a The Sarbanes-Oxley Act of 2002 created a new, five-member oversight group called the new, five-member oversight group called the PCAOB.PCAOB.

The PCAOB is empowered to set accounting The PCAOB is empowered to set accounting standards that establish auditing, quality standards that establish auditing, quality control, and ethical standards for accountants. control, and ethical standards for accountants.



Public Company Accounting Public Company Accounting Oversight Board (PCAOB)Oversight Board (PCAOB)

The PCAOB is also empowered to adopt or The PCAOB is also empowered to adopt or amend standards issued or recommended by amend standards issued or recommended by private accounting industry groups or to private accounting industry groups or to adopt its own standards independent of such adopt its own standards independent of such private industry standards or private industry standards or recommendations.recommendations.


WalkthroughsWalkthroughs

According to the PCAOB, in a walkthrough, According to the PCAOB, in a walkthrough, an an auditorauditor traces “company transactions and events traces “company transactions and events – both those that are routine and recurring and – both those that are routine and recurring and those that are unusual – from origination, those that are unusual – from origination, through the company’s accounting and through the company’s accounting and information systems and financial report information systems and financial report preparation processes, to their being reported in preparation processes, to their being reported in the company’s financial statements.”the company’s financial statements.”

Source: PCAOB Briefing Paper, Proposed Auditing Standards, October 7, 2003.Source: PCAOB Briefing Paper, Proposed Auditing Standards, October 7, 2003.


Internal Auditors and Fraud DetectionInternal Auditors and Fraud Detection

The Institute of Internal Auditors’ Due The Institute of Internal Auditors’ Due Professional Care Standard (Section 280) Professional Care Standard (Section 280) assigns the internal auditor the task of assisting assigns the internal auditor the task of assisting in the control of fraud by examining and in the control of fraud by examining and evaluating the adequacy and effectiveness of the evaluating the adequacy and effectiveness of the internal control system.internal control system.



Internal Auditors and Fraud DetectionInternal Auditors and Fraud Detection

However, Section 280 says that management However, Section 280 says that management has the primary responsibility for the has the primary responsibility for the deterrence of fraud, and management is deterrence of fraud, and management is responsible for establishing and maintaining responsible for establishing and maintaining the control systems. the control systems.

In general, internal auditors are more In general, internal auditors are more concerned with employee fraud than with concerned with employee fraud than with management and other external fraud.management and other external fraud.


When Fraud Is DiscoveredWhen Fraud Is Discovered

1.1. Notify management or the board when the Notify management or the board when the incidence of significant fraud has been incidence of significant fraud has been established to a reasonable certainty.established to a reasonable certainty.

2.2. If the results of a fraud investigation indicate If the results of a fraud investigation indicate that previously undiscovered fraud materially that previously undiscovered fraud materially adversely affected previous financial adversely affected previous financial statements, for one or more years, the internal statements, for one or more years, the internal auditor should inform appropriate management auditor should inform appropriate management and the audit committee of the board of and the audit committee of the board of directors of the discovery.directors of the discovery.



When Fraud Is DiscoveredWhen Fraud Is Discovered

3.3. A written report should include all findings, A written report should include all findings, conclusions, recommendations, and conclusions, recommendations, and corrective actions taken.corrective actions taken.

4.4. A draft of the written report should be A draft of the written report should be submitted to legal counsel for review, submitted to legal counsel for review, especially where the internal auditor chooses especially where the internal auditor chooses to invoke client privilege.to invoke client privilege.


Audit CommitteeAudit Committee

The audit committee is the subcommittee of The audit committee is the subcommittee of an organization’s board of directors charged an organization’s board of directors charged with overseeing the organization’s financial with overseeing the organization’s financial reporting and internal control processes. The reporting and internal control processes. The audit committee’s biggest responsibility is audit committee’s biggest responsibility is monitoring the component parts of the audit monitoring the component parts of the audit process.process.


Management’s RoleManagement’s Role

The Sarbanes-Oxley Act of 2002 mandates The Sarbanes-Oxley Act of 2002 mandates that CEOs and CFOs certify in periodic that CEOs and CFOs certify in periodic reports containing financial statements filed reports containing financial statements filed with the SEC the appropriateness of financial with the SEC the appropriateness of financial statements and disclosures.statements and disclosures.


Board of Directors’ RoleBoard of Directors’ Role

Oversee the integrity, quality, transparency, Oversee the integrity, quality, transparency, and reliability of the financial reporting and reliability of the financial reporting process.process.

Oversee the adequacy and effectiveness of Oversee the adequacy and effectiveness of the internal control structure in preventing, the internal control structure in preventing, detecting, and correcting material detecting, and correcting material misstatements in the financial statements.misstatements in the financial statements.

Oversee the effectiveness, efficacy, and Oversee the effectiveness, efficacy, and objectivity of audit functions.objectivity of audit functions.


Enter the Forensic AccountantEnter the Forensic Accountant

Forensic accountants may be brought in to:Forensic accountants may be brought in to:

– Investigate the minute any irregularities Investigate the minute any irregularities surface.surface.

– Measure risk factors and create policy that Measure risk factors and create policy that brings the forensic accountant in when brings the forensic accountant in when certain scores are attained.certain scores are attained.

– Check in randomly as a matter of routine.Check in randomly as a matter of routine.


Audit TestsAudit Tests

The Panel on Audit Effectiveness recommended The Panel on Audit Effectiveness recommended that surprise or unpredictable elements should be that surprise or unpredictable elements should be incorporated into audit tests, including:incorporated into audit tests, including:

– Recounts of inventory and unannounced visits Recounts of inventory and unannounced visits to locations.to locations.

– Interviews of financial and nonfinancial client Interviews of financial and nonfinancial client personnel in different locations.personnel in different locations.



Auditing HintsAuditing Hints SAS No. 99 does SAS No. 99 does notnot require auditors to make inquiries of require auditors to make inquiries of

“others,” as opposed to management. Auditors must talk to and “others,” as opposed to management. Auditors must talk to and interview others below management level. If asked, employees interview others below management level. If asked, employees may be willing to report suspicious activities.may be willing to report suspicious activities.

Use independent sources for evaluating management (e.g., Use independent sources for evaluating management (e.g., financial analysts). financial analysts). Surf the internetSurf the internet..

Auditors need to follow the performance history of managers and Auditors need to follow the performance history of managers and directors.directors.

If a company has an anonymous reporting system, If a company has an anonymous reporting system, obtain obtain information about the incidents reportedinformation about the incidents reported and consider them and consider them when assessing fraud risk.when assessing fraud risk.



Auditing HintsAuditing Hints

Be sure to perform analytical procedures, and the work should be Be sure to perform analytical procedures, and the work should be reviewed by senior members of the audit team.reviewed by senior members of the audit team.

Auditors should select sample items below their normal testing scope (e.g., HealthSouth).

Fraud procedures should be more than checklists. Audits should focus on finding and detecting fraud.

Ask for and review all “top drawer” entries.

Ask for and review all side agreements.

Look for hockey stick patterns.


Audit TestsAudit Tests

– Requests for written confirmations from Requests for written confirmations from client employees regarding matters about client employees regarding matters about which they have made representations to the which they have made representations to the auditors.auditors.

– Tests of accounts not normally performed Tests of accounts not normally performed annually.annually.

– Tests of accounts traditionally or frequently Tests of accounts traditionally or frequently deemed “low risk.”deemed “low risk.”


Financial Statement Fraud Financial Statement Fraud Categories and Red FlagsCategories and Red Flags

Overstated revenues.Overstated revenues. Management estimates.Management estimates. Pro formas can mislead.Pro formas can mislead. Earnings problems: masking reduced cash flow.Earnings problems: masking reduced cash flow. Earnings before interest, tax, depreciation, and Earnings before interest, tax, depreciation, and

amortization (EBITDA).amortization (EBITDA). Excessive debt.Excessive debt. Inventory problems.Inventory problems.


Cooking-the-Books Often Collaborative EffortCooking-the-Books Often Collaborative Effort

• For restatements between January 1, 1997 to June 30, 2002, For restatements between January 1, 1997 to June 30, 2002, 45%45% were accused of securities fraud and subject to shareholder suits.were accused of securities fraud and subject to shareholder suits.

• Average of Average of 77 individuals were implicated, including individuals were implicated, including

CEOsCEOs

CFOsCFOs

COOsCOOs

General counselGeneral counsel

DirectorsDirectors

Internal/external auditorsInternal/external auditors

Source: Robert Tillman and Michael Indergaard, Control Overrides in Financial Statement Source: Robert Tillman and Michael Indergaard, Control Overrides in Financial Statement Fraud.Fraud.


WorldCom Fraud MassiveWorldCom Fraud Massive

At least At least 4040 people knew about the fraud. people knew about the fraud. They were afraid to talk.They were afraid to talk. Scott Sullivan handed out Scott Sullivan handed out $10,000$10,000 checks to 7 involved checks to 7 involved

individuals.individuals. AlteredAltered key documents and denied Andersen access to the key documents and denied Andersen access to the

database where most of the sensitive numbers were stored.database where most of the sensitive numbers were stored. Andersen did Andersen did notnot complain about denied access. complain about denied access. Company officials decided what tax rates they wanted and Company officials decided what tax rates they wanted and

then used the reserves to arrive at the tax rates.then used the reserves to arrive at the tax rates.

Source: Source: Rebecca Blumenstein and Susan Pullian, “WorldCom Fraud Rebecca Blumenstein and Susan Pullian, “WorldCom Fraud Was Widespread,” Was Widespread,” Wall Street J.Wall Street J., June 10, 2003, p. 3., June 10, 2003, p. 3.


Financial Statement Fraud Financial Statement Fraud Categories and Red FlagsCategories and Red Flags

CPA problems.CPA problems. Sales and expenses problems.Sales and expenses problems. Big bath.Big bath. Balance sheet account problems.Balance sheet account problems. Pension plan problems.Pension plan problems. Reserve estimates (cookie jar accounting).Reserve estimates (cookie jar accounting). Personal piggy bank.Personal piggy bank. Barter deals.Barter deals.


HealthSouthHealthSouth

From 1999 to 2001, HealthSouth’s net income From 1999 to 2001, HealthSouth’s net income increased nearly 500 percent, but revenue grew increased nearly 500 percent, but revenue grew only five percent.only five percent.

On March 19, 2003, the SEC said that On March 19, 2003, the SEC said that HealthSouth faked at least $1.4 billion in profit HealthSouth faked at least $1.4 billion in profit since 1999.since 1999.

Professional fees associated with the Professional fees associated with the reconstruction of HealthSouth’s financial records reconstruction of HealthSouth’s financial records and restatement of 2001 and 2002 consolidated and restatement of 2001 and 2002 consolidated financial statements totaled over $270 million.financial statements totaled over $270 million.


Financial Fraud Detection ToolsFinancial Fraud Detection Tools

Interviewing the executives.Interviewing the executives. Analytics.Analytics. Percentage analysis:Percentage analysis:

– Horizontal analysis.Horizontal analysis.

– Vertical analysis.Vertical analysis.

– Ratio analysis.Ratio analysis.


Financial Fraud Detection ToolsFinancial Fraud Detection Tools

Using checklists to help detect fraud:Using checklists to help detect fraud:

– SAS checklist.SAS checklist.

– Attitudes/Rationalizations checklist.Attitudes/Rationalizations checklist.

– Audit test activities checklist.Audit test activities checklist.

– Miscellaneous fraud indicator checklist.Miscellaneous fraud indicator checklist.


Behavioral ApproachesBehavioral Approaches

Some fraud schemes cannot be effectively Some fraud schemes cannot be effectively detected using data-driven approaches. detected using data-driven approaches. Instead, behavioral considerations may help Instead, behavioral considerations may help an auditor find fraud. Employee attitudes, an auditor find fraud. Employee attitudes, feelings, values, norms, interaction with feelings, values, norms, interaction with peers, and general satisfaction should all be peers, and general satisfaction should all be considered when looking for fraud.considered when looking for fraud.


Federal Sentencing GuidelinesFederal Sentencing Guidelines

Federal Sentencing Guidelines were adopted in 1984 to emphasize fairness, Federal Sentencing Guidelines were adopted in 1984 to emphasize fairness, consistency, punishment, incapacitation, and deterrence in sentencing. This consistency, punishment, incapacitation, and deterrence in sentencing. This mandatory sentencing regime was in place until the Supreme Court in 2004mandatory sentencing regime was in place until the Supreme Court in 200411 and and 2005200522 converted the guidelines to advisory status, stating that these guidelines converted the guidelines to advisory status, stating that these guidelines violated the Sixth Amendment. District court judges are now required only to violated the Sixth Amendment. District court judges are now required only to consider guideline ranges.consider guideline ranges.

Under the sentencing guidelines the base offense level is determined for a specific Under the sentencing guidelines the base offense level is determined for a specific offense.offense.33 For example, the basic offense level for larceny, embezzlement, and For example, the basic offense level for larceny, embezzlement, and other forms of theft is 6 where the loss is $5,000 or less. However, if the loss is other forms of theft is 6 where the loss is $5,000 or less. However, if the loss is more than $2.5 million, add 18 to the 6. Other adjustments are made for victim, more than $2.5 million, add 18 to the 6. Other adjustments are made for victim, role, obstruction of justice, multiple counts, and defendant’s criminal history. role, obstruction of justice, multiple counts, and defendant’s criminal history. Negative adjustments can be made for accepting responsibility.Negative adjustments can be made for accepting responsibility.44



If an individual has an offense level of 16 and falls into the first criminal If an individual has an offense level of 16 and falls into the first criminal history category, the guideline sentence is 21 to 27 months. If, however, the history category, the guideline sentence is 21 to 27 months. If, however, the criminal history category is 5, the guideline prison sentence is 41-51 months.criminal history category is 5, the guideline prison sentence is 41-51 months.

A Department of Justice Fact Sheet dated March 15, 2006 said that as a result of A Department of Justice Fact Sheet dated March 15, 2006 said that as a result of the the BookerBooker decision, the fairness, consistency, predictability, and accountability decision, the fairness, consistency, predictability, and accountability that were the hallmarks of the mandatory guidelines are in serious jeopardy as a that were the hallmarks of the mandatory guidelines are in serious jeopardy as a result of a decline in compliance with the guidelines. Within one year the result of a decline in compliance with the guidelines. Within one year the number of sentences imposed within the guidelines has dropped 62.2 percent.number of sentences imposed within the guidelines has dropped 62.2 percent.55

1 1 U.S. v. BlakelyU.S. v. Blakely, 542 U.S. 296 (2004)., 542 U.S. 296 (2004).22 U.S. v. BookerU.S. v. Booker, 543 U.S. 220 (2005)., 543 U.S. 220 (2005).33 U.S. Sentencing Commission, U.S. Sentencing Commission, Guideline ManualGuideline Manual, §3E1.1 (November 2008), p.16., §3E1.1 (November 2008), p.16.44 Ibid.Ibid., p. 395., p. 395.55 Department of Justice, Fact Sheet: The Impact of Department of Justice, Fact Sheet: The Impact of United States v. BookerUnited States v. Booker on Federal Sentencing, on Federal Sentencing,

March 15, 2006.March 15, 2006.

Federal Sentencing GuidelinesFederal Sentencing Guidelines


Effective Ethics and Compliance Effective Ethics and Compliance ProgramProgram

If a company has an effective ethics and If a company has an effective ethics and compliance program (i.e., internal audit compliance program (i.e., internal audit department), 3 offense points are deducted department), 3 offense points are deducted from the total score. So if the total score is 29 from the total score. So if the total score is 29 before the reduction of 3 points, the fine before the reduction of 3 points, the fine would be $ 8.1 million; whereas a score of 26 would be $ 8.1 million; whereas a score of 26 results in a fine of only $ 3.7 million.results in a fine of only $ 3.7 million.


1.1. Duplicate payments (2% of total purchases) Duplicate payments (2% of total purchases)

$80 million times 2% = $1.6 million loss.$80 million times 2% = $1.6 million loss.– Extract only the numerical digits of an invoice number and match on only the Extract only the numerical digits of an invoice number and match on only the

numbers portion of the invoice.numbers portion of the invoice.

– Try identifying the dates that are similar such as dates that are less than 14 days.Try identifying the dates that are similar such as dates that are less than 14 days.

– Try matching on the absolute value of the amount.Try matching on the absolute value of the amount.

2.2. Rounded-amount invoices.Rounded-amount invoices.

3.3. Invoices just below approval amounts.Invoices just below approval amounts.

4.4. Abnormal invoice volume activity (two invoices one month and 60 the next).Abnormal invoice volume activity (two invoices one month and 60 the next).

5.5. Vendors with sequential invoice numbers. Vendors with sequential invoice numbers.

LC 0002, LC 0003, LC 0004LC 0002, LC 0003, LC 0004

6.6. Above average payments per vendor.Above average payments per vendor.

C. Warner and B. G. Dubinsky, “Uncovering Accounts Payable Fraud,” C. Warner and B. G. Dubinsky, “Uncovering Accounts Payable Fraud,” Fraud MagazineFraud Magazine, , July/ August 2006, pp. 29-51.July/ August 2006, pp. 29-51.

Accounts Payable Fraud Red FlagsAccounts Payable Fraud Red Flags

5Ed CCH Forensic Investigative Accounting Ch04

Documents

alternative controls

control environment

records of blmis

madoff books

bank records

paper records

internal control testing

risk of management override