The Battle Against Fraud: Seeking the Accounting Profession’s Support
An Exclusive CPA Journal Interview with ACFE Founder and Chairman Joseph T. Wells

By Mary-Jo Kranacher

E-mail Story Print Story

The CPA Journal: For those who may be unfamiliar with you and the ACFE, tell us about your professional background and what led to the formation of the association.
Joseph T. Wells: Like many, I did not end up where I started. My grand plan was to be an astronomer. When that didn’t pan out, I graduated with an accounting degree and went to work for the predecessor to PricewaterhouseCoopers. But I was restless in public accounting. In search of adventure, I applied to and was hired as a special agent for the FBI. For nearly a decade, I investigated a wide variety of cases, mostly fraud, ranging from nickel-and-dime con artists to former U.S. Attorney General John Mitchell’s involvement in Watergate. I left the FBI 25 years ago to start an investigative and consulting firm focused on white-collar crime.

A principal lesson that my background in investigating fraud taught me is that it is a very specialized field. In 1988, colleagues and I decided to start an organization to represent individuals who were employed in the profession of detecting, investigating, and preventing fraud. We also worked to develop a certification that recognized specialized knowledge and experience in this area, and we established educational and professional standards. Since that time, the Association of Certified Fraud Examiners has grown to more than 37,000 members in 125 countries.

CPAs and Fraud

CPAJ: Many in the accounting profession use the terms “forensic accounting” and “fraud examination” interchangeably. What is the difference?
Wells: “Forensic accounting” is the application of any accounting technique for courtroom purposes. It can involve fraud, bankruptcy, damages, valuation, or a host of other issues not connected with fraud. “Fraud examination” is the application of specific procedures to resolve allegations of fraud, from inception to disposition. Fraud examiners gather evidence, take statements, prepare reports, testify to findings, and assist in the detection and deterrence of fraud. Although “forensic accounting” is frequently used as a euphemism for fraud examination, the former is a much broader term. Moreover, fraud examinations are commonly conducted by professionals with a nonaccounting background.

CPAJ: You have long been an ardent advocate of antifraud education for accounting students. What do they and other practicing CPAs need to know about fraud to be able to detect it?
Wells: I have been such a passionate advocate for antifraud education because of my personal experience. I learned almost nothing about the topic during my undergraduate education, nor did my public accounting experience assist in this area. But when I actually started investigating cases for the FBI, it became clear that accounting knowledge was just one element. As I’ve said on prior occasions, books and records don’t commit fraud, people do. Knowing what motivates people to engage in illegal conduct is critical to recognizing these offenses. So is a thorough understanding of the laws related to fraud. CPAs who investigate fraud must also know how to gather evidence and interview potential witnesses. And finally, CPAs should be taught the most common fraud schemes so they can recognize the signs when they see them.

Most fraud cases are not complicated. The vast majority—nearly 90%—involve asset misappropriations, usually cash. Although financial statement fraud cases get the lion’s share of publicity because the losses are so large, they are also exceedingly rare, accounting for less than 5% of all fraud. Fraud isn’t rocket science, and although accounting knowledge is helpful, it’s not absolutely necessary to detect fraud except in unique situations.

The ACFE conducted a study in 1996 of 2,608 actual cases of occupational fraud and determined that they could be classified into 11 main categories, what we call “the fraud tree.” It is vital, in my view, that CPAs thoroughly understand these categories. The Uniform CFE Exam includes four sections; the section entitled “Fraudulent Financial Transactions” tests extensively on the application and recognition of the various schemes.

CPAJ: Do you think that AICPA Statement on Auditing Standards (SAS) No. 99, Consideration of Fraud in a Financial Statement Audit, changed the auditor’s responsibility to detect fraud during the course of an audit?
Wells: Even though I helped draft SAS 99, most of us would recognize that it is not a perfect document. Those who are newer to the accounting profession may not realize that SAS 99 is the third fraud standard in 15 years. We keep trying to get it right, and I am sure we’ll continue trying to improve it. One main feature of SAS 99 is a good one: It requires that the audit team, prior to commencing the engagement, “brainstorm” how material fraud could occur within the entity, and design their audit accordingly.

None of the three audit standards—SAS 54, 82, or 99—actually increased the auditor’s responsibility to detect fraud, although the subject is increasingly being covered in auditing literature and pronouncements. The U.S. Supreme Court set the standard for the auditing profession through a landmark decision in 1984, when, in U.S. vs. Arthur Young, it defined the independent CPA as the “public watchdog.”

CPAJ: CPAs, and auditors in particular, have been criticized for not doing enough to prevent and detect fraud. Given the many practical constraints that CPA firms face related to an audit (e.g., time, cost, customer relations, availability of well-trained staff), do you think that this criticism is valid? To what degree do you believe it’s possible for accountants to detect fraud within an organization?
Wells: The risk of fraud varies from organization to organization. Our research shows clearly that the highest risk of fraud lies with the smallest companies, those least likely to be audited. Although an audit has yet to be proven an effective fraud-detection tool, we’ve shown that it has a major deterrent effect. According to the ACFE’s 2006 Report to the Nation on Occupational Fraud and Abuse [available free from www.ACFE.com], nonprofits and government entities generally have a lower risk of reported fraud; the risk is higher in financial and retail industries.

To some extent, I believe that the criticism of our profession is valid. Many CPAs didn’t accept their fraud-related responsibilities willingly, and were dragged into this battle kicking and screaming. It took huge judgments against accounting firms before we started taking fraud seriously. But if we are committed to deterring fraud, let’s begin by ensuring that every accounting student, and every CPA, receives adequate training in this area. We’re still years away from that goal, although we have made significant progress.

I also think that we have lost sight of what the public really wants and expects. Financial reporting has become so complicated that few people, CPAs included, can read a set of financial statements and really understand what they mean. Complexity is the killing field of fraud; the more dense the concepts, the easier it is to mask wrongdoing. Enron was a classic example.

I believe that investors understand and accept that market conditions, the economy, and other influences can cause stock prices to fluctuate. What they will never accept is their hard-earned money being hijacked by crooks masquerading as corporate executives. So my view is that the number-one responsibility of the auditing profession is to ensure that clients are dealing with the investing public in an honest and ethical manner. Unfortunately, although we have many auditing techniques, none of them is effective in measuring integrity.

With respect to the CPA’s responsibilities to detect fraud, in my opinion current audit standards are fundamentally and fatally flawed; we should shift our emphasis to preventing fraud in the first place. Although we can and should do a better job of detecting illegalities, that’s a difficult row to hoe. In the last 30 years, I have personally trained tens of thousands of CPAs. I’ve given them balance sheets and income statements that contain material fraud. And even knowing that the books are cooked, they find it difficult to uncover these problems. That is simply because there are so many methods of concealment, and the clues are not unique to fraud. For example, who is to say whether a large spike in the cost of sales is caused by fraud or by a legitimate increase in expenses? Oftentimes, it is hard to differentiate a red flag from a red herring.

From the point of view of a classically trained accountant, fraud prevention is incorrectly seen as synonymous with internal control. Controls are an important element, but they are hardly a panacea. First, they are designed only to provide reasonable assurance. Second, few controls cannot be overridden or circumvented by those with sufficient motivation or authority. We need to take a more holistic view and invest enough research to determine better predictors of fraud risk. Two organizations that outwardly appear the same may experience very different outcomes. One will experience fraud; the other will not. We don’t really know why, but we need to find out.

For some time, I have advocated a concept that I’ve dubbed The Model Organizational Fraud-Prevention Program. The idea is to develop a complete list of what the perfect organization does to prevent fraud. We already know some of the elements, but certainly not all of them. Once we have the list, then the auditor’s duty would be to audit the model. So rather than opining that the organization is free of material fraud, the auditor would instead opine that the entity is in compliance with the model.

This would accomplish several important objectives. First, it would encourage organizations to concentrate on fraud prevention. Second, it would shift limited audit resources to where they are most cost-effective. Third, it would relieve the auditor from the nearly unlimited liability for fraud detection imposed by current audit standards. And fourth, it would provide investors with the assurance they really seek: that they are dealing with an honest and ethical organization.

The Biger Picture

CPAJ: From the data that the ACFE has gathered or analyzed, is the rate of fraud in our society increasing, decreasing, or remaining stable?
Wells: Regrettably, the actual cost of fraud is unknown and unknowable. It is a concept the criminologists call “the dark figure.” Unlike visible crimes such as robbery, not all frauds are uncovered. Of those uncovered, not all are reported. No agency is tasked with compiling comprehensive data on fraud.

What we can do is take an educated guess. In the ACFE’s 2006 Report to the Nation on Occupational Fraud and Abuse, about 1,200 CFEs estimated that the average organization loses about 5% of its revenues to various forms of fraud. Multiplied by the U.S. gross domestic product, this would amount to total fraud losses of more than $650 billion. Whatever the actual sum, it’s a staggering amount of money. Worldwide, the underground economy probably amounts to trillions of dollars a year.

As to whether fraud is growing, remaining the same, or decreasing, we can only make another educated guess. Statistics indicate that violent crimes, such as robbery, assault, and the like, are committed by young people who are overwhelmingly male. Dips in those crime rates can usually be tied to reductions in the population of young males. That’s the principal reason that your chances of being mugged are the lowest in 30 years. On the other hand, fraud is the crime of choice for the older and more educated. Our society is aging and will continue to do so through about 2050. If for no other reason, we should expect fraud-related offenses to rise for about the next four decades.

CPAJ: Do you think that the Sarbanes-Oxley Act, or any other legislation, can help prevent future Enron-type scandals?
Wells: Sarbanes-Oxley has some good features; parts of it certainly can’t hurt in the fight against fraud. Although many will disagree, legislation was long overdue to separate auditors from consulting work. The emphasis on reporting on internal controls is worthwhile, too. But the law was passed by an angry Congress to appease an even angrier public. Parts of it are clearly overkill. Quadrupling the penalty for mail fraud is likely to have almost no deterrent effect, because the funding to enforce it was not also quadrupled. It’s what I term “feel-good legislation.” The elected officials who voted for Sarbanes-Oxley can feel good that they have made a strong statement.

The problem with a law like Sarbanes-Oxley is that it addresses the symptoms and not the underlying cause. Companies are under enormous pressure to show short-term results in the market. In these days of online trading, investors often don’t care about a company’s earnings potential, long-term strategy, innovations in development, or its plans for the future. That’s sad, but true. Moreover, executive compensation packages frequently border on the obscene. It will probably be a decade before we see the real effects of Sarbanes-Oxley, but I am pessimistic that it will provide a cure for the manipulation of financial statements.

CPAJ: What effect, if any, do you believe that the convictions in the Enron case will have on fraud deterrence?
Wells: Criminologists define two kinds of deterrence: general and specific. The latter involves the effect of punishment on the individual who commits the crime. The notion is that, if you are punished for wrongdoing, you will be less likely to commit it in the future. General deterrence is the message that we supposedly get from seeing someone else punished. Many studies have concluded that general deterrence is much less effective than we would hope. The public has a short memory for those convicted of crimes, and in the long run the lasting effect of these punishments is likely to be minimal.

CPAJ: Many people believe that fraudsters get off with little or no punishment. Does this perception contribute to increased fraudulent activity, and would you support stiffer penalties for white-collar criminals as a deterrent?
Wells: I would not support stiffer penalties. Instead, I would advocate more uniform enforcement. Many may not realize that the United States has some of the harshest criminal sanctions in the industrialized world. For punishment to be effective, it must have three components: certainty, severity, and swiftness. Our criminal justice system can be severe. However, it is not certain or swift. Of the three elements, certainty is the most important. Until and unless we change the existing imbalance, increasing the severity of sanctions is largely futile.

CPAJ: Some in our society contend that the increase in fraud is because people are not as ethical today as they were in the past. Do you agree?
Wells: I’d like to see some valid scientific studies that test that notion, but I am not aware of any. Perhaps a more logical reason for fraudulent behavior is anomie theory, developed by sociologist Robert Merton. It argues that there is a disconnect between what we have and what we want, which then creates discord and pressure to acquire more. We live in a society where television and other media sometimes focus on those with incredible wealth and lavish possessions. That ultimately drives some to justify getting what they believe they deserve by any means.

CPAJ: Does the ACFE’s research show whether codes of conduct and ethics training really make a difference in reducing fraud?
Wells: No, but the topic is worthy of study. The cynic in me finds the idea ludicrous that a potential fraud offender, who is contemplating committing a criminal act that could send him or her to prison, would really be deterred by a company’s ethics policy. But my sense is that most organizations do not provide the proper kind of training in this area regardless. While it is noble to implore employees to “do the right thing,” I believe antifraud training needs to drive home how dishonest conduct hurts the company and everyone in it. Fraud costs jobs, raises, individual dignity, and the organization’s reputation.

Last year, the ACFE, in conjunction with the AICPA, produced a one-hour DVD training program titled “How Fraud Hurts You and Your Organization.” It can be used to educate employees from the mailroom to the boardroom, and it is available for free (except for mailing costs) via the antifraud and corporate responsibility center at www.aicpa.org. I’d highly encourage this training program as a starting point for every organization, large or small.

CPAJ: Beyond what they are currently doing, how can CPAs deter fraud?
Wells: Past what we have already discussed, CPAs need to take a more aggressive stance against fraud. Criminologists can provide a boatload of studies showing that punishment-based deterrence is largely ineffective. That does not mean fraudsters should escape atoning for their crimes—it is absolutely vital in a civilized society. But it does mean that we should not rely on punishment as our first line of defense.

What works is more cops on the beat, so to speak. In crime-ridden neighborhoods, the classic police response is to increase their presence, which increases the perception that illegal activity will be detected. If we translate the same concept to corporate crimes, we need auditors and fraud examiners who are actively looking for those who commit misdeeds, and for their mission to be clearly understood by everyone in the organization. To accomplish this, I’d suggest that auditors, in the normal conduct of their work, ask appropriate personnel three simple questions:

• You understand that part of my job as an auditor is to detect and deter fraud. Do you think that the company has any particular problem in this regard?
• Has anyone in the company asked you to do something that you thought was illegal or unethical?
• In the future, if you become aware of illegal or unethical conduct, will you please contact me?

The vast majority of employees will answer “no” to the first two questions and “yes” to the third. Regardless, the message is clear and unmistakable: Auditors are looking, and they’re not afraid to ask the tough questions. This more aggressive approach is certain to help deter fraud.

Expanding Opportunities

CPAJ: You helped organize the Institute for Fraud Prevention (IFP). What is its mission and its connection to the ACFE?
Wells: The IFP is a nonprofit consortium of about 10 colleges and universities, domestic and international, with a mission to conduct cutting-edge research into the causational factors of a wide variety of frauds. I made the mistake of commenting to my academic colleagues one day that there was no organization dedicated to fraud research. They encouraged me to support such a venture. Shortly thereafter the IFP was formed, and I was selected to oversee it. The funding to date has been provided by the ACFE, the AICPA, Grant Thornton, and the Japanese consulting firm D-Quest. We have intellectual contributors such as the FBI, the GAO, the U.S. Postal Inspection Service, the National White-Collar Crime Center, and the Council of Better Business Bureaus.

In a shameless plug for additional funds, we are seeking other organizations to contribute to this effort. The minimum financial commitment is $120,000, spread over three years, which is tax-deductible. If accepted, that sum will buy selected organizations a seat on the IFP board, which will help shape its research direction. We are not simply soliciting capital; we are also attempting to select the right organizations to serve on the IFP board. Those interested in finding out more can e-mail our executive director, Dr. William K. Black, at blackw@umkc.edu.

CPAJ: What career opportunities exist for CFEs and other antifraud specialists?
Wells: Four main segments employ CFEs. The first is public accounting. Antifraud services are increasing at a rapid rate. All of the Big Four and most of the so-called second-tier firms have fraud or forensic accounting units. Internal auditors and security directors for major corporations employ CFEs to help deter and resolve their own fraud problems. Probably less familiar to CPAs are law-enforcement agencies. The FBI, the GAO, and the U.S. Postal Inspection Service, among others, recognize and actively recruit CFEs, as do insurance companies. And finally, many professionals have found success in hanging out their shingles as antifraud specialists, offering fraud detection and deterrence services to clients.

The Robert Half organization recently released a report describing the CFE as one of the most marketable credentials in the workplace today. Indeed, our latest salary survey indicates that the average CFE makes $25,000 more per year than his or her non-CFE counterpart.

CPAJ: What is your vision for the future of the ACFE?
Wells: My first vision is for the ACFE to continue without me. I am in the autumn of a very rewarding career. But because I founded the ACFE, many people view the association and me as one—we’re not. The ACFE is managed by a dedicated group of people: our board of regents, our staff, committees, and volunteers from more than 100 chapters. I stepped down from active operations nearly four years ago to pursue other interests while my health is still strong enough to enjoy them.

I also envision that the ACFE will continue to grow as a worldwide organization that forges public- and private-sector partnerships and makes further inroads in detecting and deterring fraud. I strongly believe that working together gives us realistic hope that we can make progress in turning the corner in the fight against fraud. Without false modesty, the ACFE has become the world’s largest antifraud organization because of its dedication to the core values of quality, integrity, and service. My vision is that these characteristics will prevail in perpetuity.