Fraud 101 Fraud 101 Financial Fraud MGT 506-1
Oct 20, 2014
Fraud 101 Fraud 101
Financial Fraud
MGT 506-1
2
Course Overview
3
Fraud Quiz
How many public companies over the last five years had to restate their financial statements due to material accounting irregularities?
A business school study showed what percentage of CEO participation in SEC enforcement actions involving fraud?
What percentage of SEC enforcement actions involving fraud were perpetrated by senior management?
Historically, what percentage of CFOs report that the CEO has pressured them to misrepresent accounting?
1,000
56%
70%
90%
4
Fraud Quiz (2)
According to government and private studies, how much does the average company lose – in terms of percentage of revenue – to fraud and abuse?
Illustration: Manufacturing Company A has $100 million revenues earns $30 million per year. Comparable companies sell at 4x EBITDA
1. What is 6% of Company A’s revenues?
2. What is the potential uplift if all fraud could be eliminated?
3. What is the potential percentage increase in earnings?
4. What is the potential uplift in enterprise value?
5
So, What Is Fraud?
Black’s Law Dictionary
Intentional perversion of truth
• False representation of a matter of fact
• Whether by words or conduct
• False, misleading, concealment of that which should have been disclosed
For the purpose of inducing another
In reliance upon perversion of truth
To part with some valuable thing belonging to him or to surrender a legal right
6
So, What Is Fraud?
Black’s Law Dictionary:
“An intentional perversion of truth for the purpose of inducing another in reliance upon it to part with some valuable thing belonging to him or to surrender a legal right; a false representation of a matter of fact, whether by words or by conduct, by false or misleading allegations, or by concealment of that which should have been disclosed, which deceives and is intended to deceive another so that he shall act upon it to his legal injury.”
7
Perspectives On Fraud: Prosecutors, Regulators & Lawyers
By the Corporation
Corporation as “victimizer”
Corporation benefits:
• Financially
• Other
Corporation subject to potential civil and/or criminal liability
Against the Corporation
Corporation as victim
Corporate risks:
• Financial
• Legal, and
• Reputation
Potential civil recovery by Corporation
8
Perspectives On Fraud: Bad Fraud & Good Fraud
“Bad” Fraud
Acquirer Overpays
Earnings management
• False revenue recognition schemes
• Costs and expenses schemes
• Understatement of liabilities
Illegal conduct
• Liability for past conduct
• Impact upon future earnings
“Good” Fraud
Acquirer Underpays
Misconduct that if discovered, reduces costs and increases earnings
9
Perspective On Fraud:Post-Sarbanes
10
Perspective On Fraud:Post-Sarbanes
Legal & Regulatory Risk:
• U.S., state and foreign law
• Sarbanes-Oxley
• Final SEC Rules
• FCPA et. al.
• SAS 99
Legal & Regulatory Risk:
• U.S., state and foreign law
• Sarbanes-Oxley
• Final SEC Rules
• FCPA et. al.
• SAS 99
Financial Risk:
• U.S. Dept of Commerce/ACFE: Average U.S. company loses equivalent of 6% of revenues to fraud
• 6% of Revenue = ?
• Cost savings opportunities and potential – despite statistical exaggeration
Financial Risk:
• U.S. Dept of Commerce/ACFE: Average U.S. company loses equivalent of 6% of revenues to fraud
• 6% of Revenue = ?
• Cost savings opportunities and potential – despite statistical exaggeration
Reputation Risk:
• Management
• Audit Committee
• Audit
• Internal Audit
• External Audit
Reputation Risk:
• Management
• Audit Committee
• Audit
• Internal Audit
• External Audit
11
Roles, Responsibilities, Stakeholders
Management
• C-Suite
• Business Leaders
• General Counsel, Ethics & Compliance
Management
• C-Suite
• Business Leaders
• General Counsel, Ethics & Compliance
The Board/Audit Committee
• Oversight of prevention/mitigation
• Supervision of special investigations
The Board/Audit Committee
• Oversight of prevention/mitigation
• Supervision of special investigations
Government
• Congress
• SEC
• PCAOB
• Other Regulators
• Federal and State Prosecutors
Government
• Congress
• SEC
• PCAOB
• Other Regulators
• Federal and State Prosecutors
Auditors
• External Auditor – “Integrated Audit”
• Internal Audit
• External Audit
Auditors
• External Auditor – “Integrated Audit”
• Internal Audit
• External Audit
12
Fraudulent Financial Reporting a/k/a “Earnings Management”, a/k/a “Cooking The Books”
Improper Revenue Recognition
Overstatement of Assets
Understatement of Liabilities
Management Disclosure & Analysis Fraud
13
Common Revenue Recognition Schemes
Premature Revenue Recognition
• Side agreements
• Liberal return of product
• Channel Stuffing
Fictitious Revenue Recognition
• Fictitious sales
• Round tripping
Construction Related Schemes
Sham related party transactions
14
Common Overstatement Asset Schemes
Cash Balance Schemes
Inventory Schemes
• Inflating quantity
• Inflating value
Accounts Receivable Schemes
• Creating fictitious receivables
• Artificially inflating value of receivables
Investment Schemes
• Fictitious investments
• Overstating value of investments
15
Common Understatement of Liability Schemes
Improper Capitalization of Expenses
• Software development
• Research and development
• Start Up Costs
Improper Expensing of Capitalized Costs
Off Balance Sheet Entity Schemes
Overstatement of Liability Reserves (“Cookie Jar” Reserves)
16
Common Misappropriation of Assets Schemes
Cash
• Theft of cash receipts
• Unrecorded/understated sales or receivables
• Lapping
Fraudulent Disbursements
Payroll
Inventory
Fixed Assets
17
Expenditures For An Improper Purpose
Payments to Government Officials
• Domestic payments
• Political Campaign Violations
• FCPA bribery payments
• FCPA “books and records” violations
Commercial Bribery
18
Assets/Revenue Obtained By Fraud
Fraud Against Employees/Joint Venture Partners
Fraud Against Suppliers
Fraud Against Customers
• Government
• Commercial parties
• Consumers
Sample Schemes
• Antitrust
• Defective pricing
• Shipment of damaged goods
19
Expenses Avoided By Fraud
Tax Crimes
• Failure to Pay
• False Statements
• Evasion Fraud Against Suppliers & Customers Improper Labor Practices Environmental, Health & Safety Violations Money Laundering
20
Senior Management Fraud
Use of Corporate Assets to Commit Illegal Conduct
Insider Trading
Unauthorized Compensation
Failure to Pay Taxes
Travel Expense Fraud or Abuse
Receipt of Free or Below Market Goods and Services From Vendors, Suppliers, Etc.
Related Party Transactions
Conflicts of Interest
CV and Academic Deception
21
The Legal Landscape: Reactive to Proactive
1970’s & Before: Standard Reactive Approach
• Federal: Mail & Wire Fraud, SEC Fraud
• State: General Business Fraud Statutes
• Inchoate Crimes: Conspiracy/Aiding & Abetting
• Corporate Criminal Liability
• Beginning of Corporation As Cop: CTRs
1980’s – 1990s: Shift Toward Proactive
• Organized Crime Techniques Applied to Economic Crime
• More Specialized Criminal Legislation
– RICO
– Money Laundering Statute
• Corporate As Cop Continues: SARs
22
The 21st Century Landscape
Civil and Criminal Legislation• FCPA• Patriot Act• Sarbanes-Oxley Act of 2002
Rules & Regulations• SEC Final Rules for Implementation of Sarbanes-Oxley• SEC Audit Committee Rules• U.S. Sentencing Guidelines• SEC Accounting Bulleting (SAB) 99
Professional Standards• COSO I• Statement of Auditing Standards (SAS) 99• Public Company Accounting Oversight Board Standards For
Integrated Audit• Institute for Internal Auditors (IIA) Standards• ABA Rules for Professional Responsibility
23
2004 Hot Topic: Prevention and Timely Detection
What Are The Elements of An Effective Antifraud Program?
24
2004 Hot Topic: Prevention and Timely Detection
Final SEC Rules Require “Antifraud Programs & Controls”
Independent Auditor Evaluates and Tests on Annual Basis
Also Relevant to Private Company, Particularly If Organization
• Aspires to Best Practices
• Anticipates Public Debt Offering, IPO or Sale to Public Company
25
Snapshot of New Rules & Standards
Migration From Federal Sentencing Guidelines to COSO
• FSG: Define 7 Criteria of Effective “Compliance” Program
• COSO: Define Effective “Controls” Final SEC Rules
• Management’s Assessment of Internal Controls Must Consider Fraud Prevention and Detection Controls
SAS 99
• Requires Fraud Auditing If Antifraud Controls Do Not Adequately Mitigate Fraud Risk
Proposed PCAOB Standard
• Evaluation/ Testing of Design and Operating Effectiveness of Antifraud Programs and Controls (¶24)
• Mandatory Significant Deficiency If Internal Audit or Risk Assessment Is Inadequate, of If Senior Management Engages in Fraud of “Any Magnitude” (¶126)
26
Applying The COSO Framework
Control Environment
• Code of conduct/ethics
• Ethics hotline
• Hiring and promotion
• Audit committee oversight
• Investigative process
• Remediation
Fraud Risk Assessment
• Systematic process
• Level within organization
• Likelihood and significance
Control Activities
• Linking controls to identified fraud risks
Information/Communication
• Information systems & technology
• Knowledge management
• Training Monitoring
• Ongoing monitoring by management
• Separate “after the fact” evaluations by internal audit
27
Special Emphasis Is Placed On The Control Environment
Codes of Conduct / Ethics
• Must Meet Requirements of Final SEC Rules
• Should Apply to All Accounting and Financial Oversight Personnel
• Must Be Communicated Effectively
Whistleblower Hotlines
• Must Meet Requirements of Final SEC Rules
• Audit Committee Oversight and Independent of Management
Hiring and Promotion Procedures
• Background Investigations for Persons of Trust
• Also Consider Process for Agents, Vendors, Etc.
Audit Committee Oversight
• Passive Not Adequate
• Active Discussion of Fraud
Investigation / Remediation
• Standard Investigative Process
• Adequate Remediation to Prevent Recurrence
28
Companies Must Now Specifically And Explicitly Assess Fraud Risk
Systematic Rather Than Haphazard or Informal “Scheme and Scenario” Approach Address
• Financial reporting• Misappropriation of assets• Expenditures and liabilities for improper purposes• Fraudulently obtained revenues and assets, and costs and
expenses avoided by fraud• Fraud by senior management
Extend to Business Unit and Significant Account Levels Likelihood: Identify Fraud Risks That Are “More Than Remote” Significance: Identify Fraud Risks That Are “More Than
Inconsequential in Amount” Consider Risks of Management Override
29
Linking Control Activities To Fraud Risk Assessment
Management Should Identify Processes, Controls, and Other Procedures That Are Needed to Mitigate Identified Risks
Should Occur Throughout Organization, at All Levels and in All Functions
Very Broad, e.g., Approvals, Authorizations, Verifications, Reconciliations, Segregation of Duties, Reviews of Operating Performance, Background Investigations, Physical Security
30
Sample Tools: Incentives Inventory
Incentives PressureAttitudes/
Rationalization
Opportunity to Commit
Potential Scheme
ENTITY LEVEL
Board
Audit committee
CEO
In-house counsel
CFO
BUSINESS UNIT A
President of BU A
Controller of BU A
BUSINESS PROCESS - REVENUE
VP of Sales
31
Sample Tools: Opportunities Inventory
Financial Statement
Fraud
Misappropriation of Assets
Expenditure & Liabilities for an Improper
purpose
Revenue and Assets Obtained
By Fraud
Financial Misconduct By Senior Mgmt
Board
Senior management
Management Unit A
Treasury cycle
Revenue cycle
Purchasing cycle
Investments cycle
Inventory cycle
Payroll cycle
Management Unit B
32
Sample Tools: Fraud Risk Matrix
Description of Fraud Risk
(from Incentives and Opportunities
Inventories)
Likelihood
(Remote, More Than Remote, Reasonably Possible, Probable)
Significance
(Inconsequential, More Than
Inconsequential, Material)
Preventive Control Activity
Detective Control Activity
33
Information and Communication
Information Systems & Technology Controls
• Technology enabled fraud , e.g., holding books open
• Prevention and detection of unauthorized access
• Inappropriate modification of computer programs
• System override
• Ability to investigate computer misuse Knowledge Management
• Identified fraud risks
• Strengths and weaknesses of antifraud control activities
• Suspicions and allegations about fraud; and
• Remediation efforts. Training
• Frequency
• Scope and sufficiency
34
Fraud Monitoring and Auditing
Management: On-going, Day to Day Monitoring
• Embedded into normal operating activities
• Includes regular management and supervisory activities
• Should leverage available information technology
Internal Audit: Separate, After-the-Fact Evaluation
• Scope and frequency contingent upon risk and effectiveness of ongoing monitoring
• Must address fraud risk in planning and executing internal audit cycle
• IA must include knowledgeable and experienced fraud professionals
• Fraud auditing is different than forensic investigation
35
Fraud Auditing Is Different From Fraud Investigation
Determine area of operations at risk
Determine schemes to which you are most
vulnerable
Identify potential fraud schemes
Identify units/processes where schemes most
likely to occur
Identify red flags and indicators associated with schemes
Determination by Area
Build audit steps to search for indicators: Analytics, External and InternalInterviews, Tests of Details, Computer Assisted Auditing Techniques
Determination by Scheme
Conduct further inquiry if red flag is detected or suspected
36
Next Week: Improper Revenue Recognition
Team Assignments: Team A– Xerox Team B– Lernout & Hauspie Team C– Dynergy Team D –Qwest Communications Team E – Royal Ahold
Components: Describe Fraud Scheme & Resolution With Illustration. How Was It Detected? What Went Wrong, e.g.No Controls / Circumvention / Override? How Can This Type of Scheme Be Prevented or Timely
Detected?