By Mark S. Beasley, Joseph V. Carcello, and Dana R. Hermanson
In Brief
Audit Firm Tools for Advanced Fraud Detection
Detecting financial fraud is difficult, even for the best auditors. To arm auditors with the tools to detect and prevent fraud, a study by the Committee of Sponsoring Organizations (COSO) has identified six key areas:
By understanding this “fraud profile” and addressing the issues with management, auditors can reduce possible exposure to fraudulent financial reporting.
Regulators and professional organizations are focusing squarely on fraudulent financial reporting cases in which corporate management intentionally misstated financial results to mislead investors. By learning from these cases, the profession aims to enhance the performance of audit committees and auditors toward the goal of detecting and preventing fraudulent financial reporting (for a summary of the profession’s efforts, see the Sidebar).
A study released in March 1999 by the Committee of Sponsoring Organizations (COSO) analyzed approximately 200 SEC financial statement fraud actions brought against public companies from 1987 to 1997 in order to better understand the nature of the problem. The study, Fraudulent Financial Reporting 1987–1997: An Analysis of U.S. Public Companies (see The CPA Journal, “COSO Study Released,” June 1999), also discussed its implications for various participants in the financial reporting process, including audit committee members, regulators, and auditors.
Types of Companies and Employees Engaged in Fraud
The COSO study concluded the following:
In light of these conclusions, the following issues must be considered:
Company size. Small-business audit teams must be sensitive to the higher risk of fraud, particularly when internal controls are weak. Heightened professional skepticism during the client acceptance and continuance evaluation process may be warranted.
During the evaluation of internal controls, smaller clients may argue that their size justifies a lack of certain internal controls. The overall control environment and ethical culture are critical where baseline-level internal controls are lacking. Audit engagement teams should challenge management on the existence of an acceptable baseline level of control and, if one is not present, resist complacently accepting management’s cost/benefit justification. Moreover, auditors should encourage senior executives to adopt a can-do attitude toward establishing effective internal controls.
Tone at the top. Audit teams, particularly those that serve smaller clients, must develop a true understanding of the control environment, beginning by focusing explicitly on three common causes of fraudulent financial reporting: motivation, opportunity, and attitude. The client should be effective in monitoring and minimizing the motivation to commit fraud, the opportunities to commit fraud, and the likelihood that an employee could rationalize committing or condoning fraudulent financial reporting.
Auditors need procedures for assessing the personal integrity and ethical guidelines of senior executives and considering how frequently background checks are shared with audit engagement team members other than the engagement partner. Because tough, sensitive questions at times must be directed personally at senior executives, good interviewing skills and respect for maintaining the balance between a positive client relationship and the need for probing questions must be cultivated. Moreover, solid training in the assessment of personality, background, and behavior can reduce the likelihood that auditors will feel intimidated during face-to-face meetings with senior executives. Such training is particularly critical for auditors below the partner ranks.
Audit teams should determine on a case-by-case basis the level of assistance and education new SEC registrants need to ensure that senior management appreciates the nature of public reporting, including the potential personal consequences of violating SEC rules (e.g., lawsuits, fines, bankruptcy, incarceration). In addition, auditors should meet with senior management to discuss specifically and substantively how senior management can establish an environment throughout the organization that emphasizes proper ethical conduct.
Nature of Fraud
In its study, COSO found the following:
In light of these findings, the following issues should be considered:
Interim and end-of-period entries. Many of the frauds occurred right at period end and involved entries recorded outside the normal accounting cycle process. Audit engagement teams should closely scrutinize interim and end-of-period entries where senior management override is easily accomplished.
Large or unusual entries, especially those that involve revenue recognition and asset valuation, warrant close supervision. Many of the frauds were initiated in quarterly financial statements at amounts that were less than quantitative materiality thresholds. During client acceptance and continuance evaluations, audit engagement teams should consider the extent of unusual but quantitatively immaterial adjustments in either quarterly or annual financial statements of prior periods. Such activities could develop into significant frauds as they accumulate in subsequent periods. Audit firms need procedures for ensuring that such information, obtained in the interim review process and the annual audit, is carried forward to the subsequent year’s client continuance and audit planning process. In addition, Staff Accounting Bulletin (SAB) No. 99, Materiality, now specifies that auditors must consider qualitative (in addition to quantitative) aspects of an item when assessing materiality.
Revenue frauds. In some cases, revenue recognition issues were triggered by side agreements issued by the sales staff. These agreements often waived the customer’s obligation to keep the goods or contained other statements undermining the existence of a legitimate sale. Audit engagement teams should modify standard sales and receivables confirmation requests (oral or written) to address potential side agreements modifying the terms of the transaction. Bearing in mind that the sales process often goes beyond the traditional source documents and accounting system procedures, audit engagement teams should meet with client sales staff to assess whether side agreements exist that would preclude revenue recognition.
In addition, auditors should refer to SAB No. 101, Revenue Recognition, for further guidance on the SEC’s general revenue recognition guidelines, revenue recording evidence, delivery and performance issues, sales price issues, and income statement presentation of revenues.
Asset frauds. Many frauds involved improper application of GAAP to asset valuations, particularly for unusual and hard-to-value assets (e.g., mineral rights, donated property). In order to address this issue, auditor training materials and other resources should clarify the proper GAAP treatment for unusual asset valuations, particularly in specialized industries.
Opportunities for Fraud: Ineffective Audit Committee and Board Governance
The COSO study revealed the following:
In light of these revelations, the following issues must be considered:
Audit committee substance. While auditors frequently read audit committee minutes to identify transactions that might impact the audit, they should also evaluate the minutes to assess the quality of the audit committee’s oversight. Likewise, auditors should determine why an audit committee is failing to meet at least quarterly.
Financial expertise. The importance of audit committee financial expertise was stressed by both the New York Stock Exchange/National Association of Securities Dealers Blue Ribbon Committee and the National Association of Corporate Directors Blue
Ribbon Commission on Audit Committees. Given the complexities of financial reporting—particularly for public companies—at least a subset of the audit committee membership should have financial reporting expertise. To deepen its evaluation, an audit team should examine the financial reporting background and training of each audit committee member.
View of the audit committee. On some engagements, the audit team and senior management may view a pending meeting with the audit committee as “one we must get through together.” Audit teams work more frequently with management than with audit committee members. An audit team should neither align itself with management nor view the audit committee as a foe.
Audit committee and board independence. The independence of the audit committee and board is critical. Auditors should search for financial and nonfinancial relationships between the company and “outside” directors serving on the audit committee and should look beyond public sources (e.g., proxies) for evidence of affiliations that could affect outside directors’ objectivity.
Board strength. An audit team should evaluate the overall strength of the board of directors in terms of experience and diligence. Auditors should also evaluate how the strength of the board affects the conduct of the audit.
Opportunities for Fraud: Industry Traits
The study uncovered the following fact:
Forty percent of the fraudulent companies represented four industries: computer hardware, computer software, health care, and financial services.
In light of this discovery, the following issues should be considered:
The games played by senior executives vary by industry. Certain industries—especially cyclic ones—lend themselves to specific opportunities for fraud. For example, revenue fraud is more common in technology companies, while asset fraud predominates in financial services companies. An effective audit engagement team must benchmark data and risk assessments across industry lines.
Much of the information about fraudulent companies is limited to what is publicly available. Accounting firms, leveraging information gathered during audits, possess a unique data source containing rich, qualitative factors undisclosed elsewhere. Whenever possible, an audit firm should build databases within and across industries for use in developing predictive models of fraud. Some firms collaborate with academics to develop such models based on the data in existing firm workpapers.
Incentives for Fraud: Ownership, Financial Condition, and Market Expectations
According to the COSO study, the following were common incentives for fraud:
In light of this information, the following issues should be considered:
Owner and founder. The auditor should bear in mind that pressure on senior executives may be correlated with personal wealth tied to the company’s financial status. Information about senior executives’ personal financial status might help the audit team evaluate the significance of a senior executive’s financial stake in the company.
The founder continues to serve as a member of senior management for many new registrants, and auditors can assess whether management views the company as its personal fiefdom. The audit team should see a red flag when members of senior management describe the company as “their company” without acknowledging shareholders.
Financial condition. An audit team must have systems and procedures for monitoring the financial pressures that senior executives face, particularly when the company’s financial performance is under stress. Engagement teams should monitor and report the financial status of clients experiencing financial strain as part of the annual client retention and acceptance process and throughout the engagement.
Stock market pressure. Even healthy companies experience the strain of financial expectations. Auditors should be trained to assess the emphasis top management and the board place on meeting financial performance targets and should be alert to publicized financial goals or trends that might exert undue influence (e.g., maintaining a string of quarters with profit growth). When auditors identify a potential audit adjustment, they should evaluate the effect it might have on the company’s ability to satisfy trend goals.
Failure to meet analysts’ earnings expectations often results in severe market penalties (e.g., a falling stock price), even when earnings per share (EPS) is off by only a penny or two. Audit teams must be trained to understand the enormous pressure on senior executives to meet earnings expectations. Moreover, auditors should ensure that these expectations are reasonable by gathering information about consensus analyst estimates and determining whether management is communicating effectively with analysts. SAB No. 99 provides guidance on qualitative factors in assessing materiality.
Audit Firms
The COSO study found the following:
In light of these findings, the following issues should be considered:
Skepticism and risk. An audit firm should create a culture that fosters an appropriate level of professional skepticism. That same culture should refrain from allowing other performance measures, such as time budgets, client development strategies, and consulting opportunities, to place undue pressure on audit team members. Performance measures must not counteract professional skepticism. An audit firm’s culture and reward system should encourage and reward—financially and nonfinancially—audit team members that walk away from risky client situations, particularly when client integrity is in question.
Former auditors as clients. Audit teams should be alert to the issues connected with working on client engagements where a former audit team member is now employed by the client in a senior executive position. Training and accountability are essential to ensuring that professional skepticism is maintained when an audit team interacts with former firm personnel. The issue of auditors accepting employment with former clients is addressed in a recent Independence Standards Board statement.
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.