Team partners in fraud detection. (team-up of certified public accountant and investigator)by Luizzo, Anthony J.
To identify and deal with the perpetrator of a fraud frequently calls for skills about which CPAs may have neither training nor experience. Enter the professional investigator to team up with the auditor to detect the responsible party and bring him to the law enforcement agency. The authors point out how the CPA and investigator skills to result in efficient and timely detection of fraud, suitable punishment, and system changes to preclude recurrence.
Historically, the responsibility for preventing and detecting fraud is shared among accountants, auditors, investigative professionals, and public law enforcement units. SAS 53, The Auditor's Responsibility to Detect and Report Errors and Irregularities, states, "The auditor should design the audit to provide reasonable assurance of detecting errors and irregularities that are material to the financial statements." Irregularities refer to intentional misstatements or omissions of amounts or disclosures in financial statements. They include fraudulent financial reporting undertaken to render financial statements misleading, sometimes called management fraud, and misappropriation of assets, sometimes called defalcations.
What is the CPA's responsibility for detecting fraud? Because of the inherent deceptive nature of fraud, SAS 53 readily acknowledges that even a properly designed and completed audit may not detect certain fraudulent acts. Since most CPAs are not handwriting specialists, SAS 53 indicates that, "generally accepted auditing standards do not require that an auditor authenticate documents, nor is the auditor trained to do so."
Rightly and justifiably so, the CPA's responsibilities according to SAS 53 in conducting an audit are to "provide reasonable assurance of detecting errors and irregularities that are material to the financial statements."
Where does this leave a multi-billion dollar corporation that just had a fraud of several hundred thousand dollars? While the independent auditors can say that is was not material, management will still have a difficult time explaining losses of this magnitude to shareholders. Since the external auditors focus primarily on material fraud, management's problem then becomes how to address all frauds in the company. A team approach to detecting/preventing fraud may be a solution.
The Team Approach
To understand how the team approach works, it is necessary o understand the functions of each group involved. Once a fraud is discovered, the accountant or auditor will analyze the system in which the fraud was committed. An auditor will particularly focus on the internal controls to determine if there was a breakdown or to determine how the controls were overridden. The auditor will then strive to develop stronger controls to deter future fraud opportunities.
The other members of the team are investigative professionals (security and loss prevention managers, private investigators, criminologists, and security consultants) who concentrate on who committed the fraud by interviewing witnesses and interrogating suspects and on how fraud avoidance policies and systems were circumvented. These specialists routinely conduct security related operational audits (identification checks, package inspections, etc.) to isolate and minimize loss exposures, formulate and present internal training programs to ensure that security management policies are executed, and engineer protective guardian systems (closed circuit television, alarms/fire, and card access) to help in-house security maintain a watchful eye over the safety and security of corporate personnel and assets.
Due to fiscal constraints,law enforcement agencies, save for federal agencies such as the FBI, are often primarily concerned with violent crime and order maintenance issues. Rarely is public law enforcement involved in the nuts and bolts issues of investigating fraud cases. In practice, most fraud cases are developed in-house by accounting, auditing, and loss prevention departments. Once the fraud case is "packaged" by the organization, then public law enforcement and other segments of the criminal justice system step in to bring identified transgressors to justice.
Actually, as much as there is shared responsibility in managing fraud, rarely do these disciplines work shoulder-to-shoulder in solving the fraud puzzle. However, there is a common mission between the accounting/auditing and investigative professions: each seeks to find out what really happened. The CPA seeks to determine and confirm the proper accounting of business transactions and the operational effectiveness of internal control; while the investigator deals with the proper legal behavior of individuals within the corporate environment.
From a disciplinary perspective, CPAs, auditors, and investigators are by nature of their work, accustomed to looking behind the scenes and challenging things that are, or appear to be, irregular, or out of sequence. No one is born with these special traits; they are acquired through formal education, continual training, and especially, on-the-job experience.
The Breadth of the Fraud Problem
Data from the business sector computes the cost of economic crime in 1990 at a conservative $114 billion. Other independent studies estimate that one dollar is lost to internal crime, and that one out of three employee steals.
Consulting firms specializing in fraud auditing cite that 75% of people who commit white collar crime did so at another company. With this degree of recidivism, it is no wonder that 30% of small commercial business failures are due to employee dishonesty.
Why Frauds are Committed
From the accounting and criminology perspectives, experience has shown that many frauds occur because the perpetrator is given the opportunity and believes that he/she will not be apprehend.
Typical of this is the employee who embezzles from his employer and who perceives and rationalizes the theft in a variety of fashions including:
* Offsetting Alleged Inequities. Obtaining monies believed due for inadequate raises, bonuses, and/or overtime;
* Obtaining Revenge "Getting even" for a perceived mistreatment;
* Perceiving the Crime as "Victimless." No one will get hurt; the billion-dollar company will never miss the funds and/or insurance will offset any loss;
* Winning Self-Environment. Acquiring the luxuries to enhance self image and standard of living.
* Thirsting for Psychological Excitement Viewing self as a modern day Robin Hood or Master Thief; and
* Securing Peer Acceptance Desiring to become a part of the sub-culture who depend on each other and protect each other.
Deterring Fraud Requires an Integration of Disciplines
Trying to unmask and expose today's white collar criminal using yesterday's cloak and dagger methods is certain to fail. To look at fraud as Sherlock Holmes might have through this magnifying glass won't do the job today. Detecting and preventing fraud requires specialized expertise which criss-crosses the accounting/auditing and criminology disciplines.
Sherlock would have considered it "elementary" that auditors are an organization's first line of defense against fraud. Instinctively, he would discern that it is by use of internal controls they champion, scrutiny of records they review, and use of analytical techniques they employ, that frauds are unmasked and exposed.
Likewise, he most surely would agree that fraud examiners must have mastery in conducting investigations, evaluating deceptive behavior, designing physical and electronic security systems, and drafting loss prevention audit controls, to maximize internal security.
The Team in Action
For purposes of illustration, assume a director of internal audit has identified an inventory shortage, which after careful consideration cannot be accounted for. The company's Security Department is notified and asked to participate in the investigation--a team approach. Their investigation might approach the matter this way.
How did it happen?
* Was the missing inventory actually received?
* Was inventory received at the proper point?
* Did security personnel countersign invoices?
* Was the inventory recorded as received?
* Is an alarm system in place and operational?
* Is a camera surveillance program in place?
* Are outside vendors restricted in access to receiving, storage and distributing areas?
* Are inventory control seals utilized on outgoing shipments?
* Are internal inventory policies adequate?
* Were integrity tests employed?
When did it happen?
* When was the last physical inventory count?)
* Were any lapses in access noted?
* Can a window of time be pinpointed when the fraud probably occurred?
* Does review of closed circuit surveillance show any suspicious activity?
Who could be responsible?
* Are employees issued ID cards?
* Do key control policies exist and are they monitored?
* Do sign-in sheets note any unauthorized personnel going into critical areas?
* Have all employees with fiduciary responsibility been adequately screened?
* Are passes issued to vendors and visitors to restrict access into critical storage areas?
* Does the company maintaining an updated disgruntled employee file?
* Has local law enforcement been brought into the investigation and requested to use their sources and/or informants?
* Have all individuals with access to the inventory and related records been interviewed?
* Has the risk management department been queried regarding abnormal fluctuations in insurance premiums?
An important benefit in this team work is the swiftness in which preventive measures can be put forward. It should be noted that time can be saved since each department will have been involved from the commencement of the audit. Thus, if the theft of inventory continues, there is a greater chance that the thieves will be apprehended.
Developing a New Breed--The Fraud Auditor
The combining of auditing and investigative disciplines has lead to a new breed of fraud investigator. Integration of the two disciplines can lead to a greater proficiency to prevent and detect fraud.
The seeds of success lie in the ability to research and implement new methodologies to thwart the growing fraud problem. Professionals from both disciplines need a forum to exchange ideas and develop new strategies to accept the challenge of staying one step ahead of today's ingenious fraud privateer. Various professional associations, including some state societies of CPAs, have taken the lead by offering inter- disciplinary programs for their memberships. Representative programs and courses include the following topics.
* Corporate fraud prevention and detection;
* Interviewing techniques;
* Testifying as an expert witness;
* Fraud auditing;
* Packaging fraud investigations; and
* Suspect's rights and the Fifth Amendment.
Returning to our case study, as a result of team efforts a major fraud was uncovered. By increasing surveillance in the inventory area, certain personnel were noted leaving with packages that they had not brought to work. The audit team ascertained that the inventory manger had the ability to write-off obsolete inventory/ This was a basic internal control weakness: the individual with custody of the assets (inventory manager), also had the ability to write-off inventory.
The inventory manger and a few close associates were purloining inventory and writing it off as obsolete or damaged. Once security positively identified individuals removing the inventory manger who was writing off current inventory, the team could then work on the next phase of the project: implementation of new controls.
After the team had gathered sufficient evidence and the case was "court- ready," law enforcement was notified to commence the judicial process. Experience has shown that many companies fail to prosecute for a variety of reasons among which include: the lack of wherewithal to follow through with packaging the fraud case, the unfavorable media attention that accompany these cases, and the related direct and indirect costs involved.
Closing the Barn Door
The final step involves further strengthening the internal controls and developing new procedures and systems that would minimize the likelihood of future criminality. Representative procedures and systems would include:
* Segregating responsibilities of the inventory manger so that he no longer has the ability to write-off inventory;
* Implementing a package inspection program;
* Developing formalized written policies and procedures for the management and disposal of inventory;
* Requiring the Security Department to have a role in the inventory control process; and
* Engineering appropriate security systems to tighten physical security in inventory areas such as closed circuit television, card access, and alarm.
This was just one instance where the Internal Audit and Security Departments worked together. In certain circumstances, a CPA practitioner who has small enterprise client, with no formal internal audit or security department, may be asked to act as the internal audit department. Depending on the magnitude of the fraud problem and the CPA's professional judgement, the practitioner may recommend that a private investigator with fraud/security management experience be retained to perform the same functions as a security department. The practitioner could indicate the expected cost benefit of such a venture and the fulfillment of fiduciary responsibilities to management and shareholder.
Charles H. Calhoun, CPA, CIA, CFE, is a Professor at Long Island University and New York University and is a consultant to businesses in the field of fraud detection and prevention. Mr. Calhoun also fives seminars to state societies, accounting firms, and companies in the areas of fraud auditing, ethics, and international auditing.
Anthony J. Luizzo is President of L.E. Security Consulting Group, Inc. which specializes investigation and background checks, consulting to CPAs, and security systems engineering.
THE CFE PROGRAM
The attention given to white collar crime in the '80s gave rise to the National Association of Certified Fraud Examiners (NACFE). This four year old organization has dedicated itself to reduce the incidence of fraud and white collar crime and assist its members in detection and deterrence.
Anyone meeting the requirements and successfully passing the Certified Fraud Examiner (CFE) Examination is eligible as a CFE. Typical CFEs include fraud public accountants, researchers, and academicians.
The CFE program, administered by the NACFE, entails a number of requirements. To qualify for CFE certification you must:
* Hold a baccalaureate degree from a recognized institution of higher learning;
* Have two years of professional experience in a related field; and
* Succesfully complete the Uniform CFE Examination.
The NACFE allows for those wishing to bypass the exam to petition for certification based on their professional experience. The petitioning candidate must:
* Hold a baccalaureate degree;
* Have the equivalent of 12 or more years experience in a related field;
* Obtain the recommendation of a CFE; and
* Possess actual experience in uncovering, documenting, or investigating fraud matters.
Professional experience, as required by the NACFE, include auditing and accounting, criminology or sociology, with an emphasis on white collar crime, fraud, or white collar crime investigation, loss prevention or internal crime, and academic or research activities in one of the above fields.
The National Association of CFEs is a 6,000 member organization, founded in 1988, which dedicates itself to the certification and service of its CFE members. It is controlled by a board of regents, an independent body, which administers the exam as well as sets the standards for CFE membership.
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.