Академический Документы
Профессиональный Документы
Культура Документы
Internal fraud: This refers to frauds which happen within the company and are in control of the company. There are three main categories of internal fraud that affect organizations. These are summarized in the following diagram:
Inability to pay ones bills Drug or gambling addition Need to meet earnings to sustain investor confidence Need to meet productivity targets at work Desire for status symbols such as bigger house, nicer car, etc.
3. Attitude/Rationalization Those involved in a fraud may be able to rationalize a fraudulent act as being consistent with their personal code of ethics. Some individuals possess an attitude, character, or set of ethical values that allows them to knowingly and intentionally commit a dishonest act. Many fraudsters view themselves as ordinary people, not criminals, so it becomes easier to justify their acts. In committing fraud, employees will seek to justify their actions by using rationalizations such as, I didnt get that raise I was promised, or I work harder than anyone else, or They have so much money theyll never notice. Rationalizations are difficult to combat because each individual is likely to have unique reasons or justifications for their fraudulent actions. ACFE identifies these common rationalizations:
I was only borrowing the money. I was entitled to the money. I had to steal to provide for my family.
Page 2
I was underpaid; my employer cheated me. My employer is dishonest to others and deserved to be fleeced.
Page 3
event or transaction in current period. Companies modify their estimates to boost their earnings. Common areas where Cookie jar reserve is created are: Estimating sales returns and allowances. Estimating bad debt write-offs. Estimating inventory write-downs. Estimating warranty costs. Estimating pension expenses. Estimating percentage of completion for long term projects.
Big bath technique: companies in order to remain competitive substantially restructure or eliminate operations or subsidiaries. The loss from implementing this change is reported as non-recurring charge against income. This is used in belief that if a bad news has to be reported, it is better to report all at once and get rid of it. Common Big bath techniques are: Operations restructuring. Troubled debt restructuring. Asset impairment and write down. Operations disposals. Big bet on future technique: This technique includes: Writing off in process research and development costs for the company acquired. Integrating the earnings of company acquired into corporate consolidated earnings. Flushing the investment portfolio: GAAP requires that these investments be classified into one of two portfolio categories, each with a different accounting treatment: 1. Trading securities. Any changes in the market value of these securities during a fiscal period, or actual gains or losses from sales, are reported in operating income. 2. Available-for-sale securities. Any change in market value during a fiscal period is reported in other comprehensive income components at the bottom of the income statement, not in operating income. When these securities are sold, however, any gain or loss is reported in operating income. This offers an opportunity for earnings management through the following techniques:
Timing sales of securities that have gained value. Timing sales of securities that have lost value.
Change of holding intent Write-down of impaired securities. Page 4
Throw out a problem child technique: Exchange the stock in an equity method subsidiary. Spin off the subsidiary. Create a special-purpose entity (SPE) for financial assets. Sell the subsidiary.
Change in accounting practices: Improved expense recognition rule. Improved revenue recognition rules. Volunteering for a new accounting standard.
Selecting the write-off method. Change to non-operating use. Estimating salvage value. Selecting the write-off period.
Sale and lease back and asset exchange techniques. These techniques impair the accuracy, reliability, and transparency of financial reports and can lead to dysfunctional decision making. The external auditors and the audit committee of the board of directors are responsible for ensuring that internal controls exist to support strong governance systems that prevent these financial abuses from occurring.
fictitious sales improper expense recognition incorrect asset valuation hidden liabilities and unsuitable disclosures
Effectively spotting these fraudulent disclosures involves keeping an open eye for the most common financial statement fraud red flags:
Accounting anomalies, such as growing revenues without a corresponding growth in cash flows. Sales are much easier to manipulate than cash flow but the two should move more or less in tandem over time. Consistent sales growth while established competitors are experiencing periods of weak performance. Note that this may be due to efficient business operations rather than fraudulent activity. A rapid and unexplainable rise in the number of day's sales in receivables in addition to growing inventories. This suggests obsolete goods for which the firm records fictitious future sales. A significant surge in the company's performance within the final reporting period of fiscal year. The company may be under immense pressure to meet analysts' expectations. The company maintains consistent gross profit margins while its industry is facing pricing pressure. This can potentially indicate failure to recognize expenses or aggressive revenue recognition. A large buildup of fixed assets. An unexpected accumulation of fixed assets can flag the usage of operating expense capitalization, rather than expense recognition. Depreciation methods and estimates of assets' useful life that do not correspond to the overall industry. An overstated life of an asset will decrease the annual depreciation expense. A weak system of internal control. Strong corporate governance and internal controls processes minimize the likelihood that financial statement fraud will go unnoticed. Outsized frequency of complex related-party or third-party transactions, many of which do not add tangible value (can be used to conceal debt off the balance sheet).
Page 6
The firm is on the brink of breaching their debt covenants. To avoid technical default, management may be forced to fraudulently adjust its leverage ratios. The auditor was replaced, resulting in a missed accounting period. Auditor replacement can signal a dysfunctional relationship while missed accounting period provides extra time to "fix" financials. A disproportionate amount of managements' compensation is derived from bonuses based on short term targets. This provides incentive to commit fraud. Something just feels off about the corporation's business model, financial statements or operations
An anti-fraud strategy
An effective anti-fraud strategy has four main components: Prevention Detection Deterrence
Response. The following diagram summarizes these components and the context within which an antifraud strategy sits:
Fraud prevention There are two main elements to fraud prevention: 1. A sound ethical culture. 2. Sound internal control systems.
In order to establish a sound ethical culture an organization must have: 1. A mission statement that refers to quality or ethics and defines how the organization wants to be regarded externally. 2. Clear policy statements on business ethics and anti-fraud, with explanations about acceptable behavior in risk-prone circumstances. 3. Management which is seen to be committed through its actions. 4. Fraud risk training and awareness for all employees and key business partners. 5. A process of reminders about ethical and fraud policies, for example, an annual letter and/or declarations. 6. Periodic assessment of fraud risk. 7. A route through which suspected fraud can be reported. 8. An aggressive audit process which concentrates on fraud risk areas. Sound internal control systems An internal control system comprises all those policies and procedures that collectively support an organizations operation. Internal controls typically deal with approval and authorization processes, access restrictions, transaction controls, account reconciliations and physical security. These procedures often include the division of responsibilities, and checks and balances to reduce risk. The number and type of internal controls that an organization can introduce depends on its nature and size. Although fraud is prevalent across organizations of all sizes, sectors and locations, research shows that certain business models have greater levels of fraud risk than others. The control environment should be adjusted to fit with the degree of risk exposure. Where possible, internal controls should address warning signs and alerts to minimise fraud.
Page 8
Fraud detection It will never be possible to eliminate all fraud. No system is completely fraud proof because many fraudsters can bypass the control systems put in place to stop them. However, if an organization pays greater attention to the most common indicators, this can provide early warning that something is wrong and increase the likelihood of discovering the fraudster. Fraud indicators fall into two categories: 1. Warning signs 2. Fraud alerts Warning signs Warning signs have been described as organizational indicators of fraud risk. Some examples are given below, categorized under the headings of business risk, financial risk, environmental risk and IT and data risk. Business risk Business risk can be indicated by the absence of an anti-fraud policy and culture, together with lack of staff management supervision. Bonus schemes linked to ambitious targets or directly to financial results can point to risky behavior. Unusual staff behavior patterns, for example, employees who do not take their annual leave allocation or who are unwilling to share duties, can also indicate business risk. Other warning signs include: Inadequate recruitment processes and no screening Lack of job segregation No independent checking of key transactions Inadequate access controls to physical assets and IT security systems Poor internal control documentation Large cash transactions.
Financial risk Significant pressures on management to obtain additional finance can indicate a financial risk. Other signs include the extensive use of tax havens without clear business justification, along with complex transactions or financial products.
Page 9
Environmental risk This can occur when new accounting or other regulatory requirements are introduced. Highly competitive market conditions and decreasing profitability levels can also lead to environmental risk, as can significant changes in customer demand. IT and data risk Unauthorized access to systems gives rise to IT and data risk, as do rapid changes in information technology. Users sharing or displaying passwords is also highly risky. Fraud alerts Fraud alerts have been described as specific events, or red flags, which may indicate fraud. Some examples of fraud red flags are: Discrepancy between earnings and lifestyle Photocopied documents in place of originals Missing approvals or authorization signatures Extensive use of suspense accounts Inappropriate or unusual journal entries Above average number of failed login attempts.
Fraud detection tools and techniques Available tools and techniques for identifying possible fraudulent activity include: Ongoing risk assessment Trend analysis Data matching Exception reporting Internal audit Reporting mechanisms.
Fraud response An organizations approach to dealing with fraud should be clearly described in its fraud policy and fraud response plan. The plan is intended to provide procedures which allow for evidence gathering and collation. In summary, a fraud response plan should include information under the following headings:
Page 10
Purpose of the fraud response plan Corporate policy Definition of fraud Roles and responsibilities The response The investigation Organizations objectives with respect to dealing with fraud Follow up action.
The fraud response plan should reiterate the organizations commitment to high legal, ethical and moral standards in all its activities, and its approach to dealing with those who fail to meet those standards. Organizations should be clear about how to enforce the rules or controls which are in place to counter fraud risks. They must also ensure that employees know how to report suspicious behavior. Reasonable steps for responding to detected or suspected instances of fraud include: Clear reporting mechanisms A thorough investigation Disciplining of the individuals responsible (internal, civil and/or criminal) Recovery of stolen funds or property Modification of the anti-fraud strategy to prevent similar behavior in future.
There are lessons to be learned from every identified fraud incident. The organizations willingness to learn from experience is as important as any other response. Organizations should examine the circumstances and conditions which allowed the fraud to occur, with a view to improving systems and procedures so that similar frauds do not occur in future. Fraud deterrence It is clear from the diagram above that the various elements of an effective anti-fraud strategy are closely interlinked. Each plays a significant role in combating fraud, with fraud deterrence at the centre. Fraud detection acts as a deterrent by sending a message to likely fraudsters that the organization is actively fighting fraud and that procedures are in place to identify any illegal activity. The possibility of being caught will often persuade a potential perpetrator not to commit a fraud. There should also be complementary detection to counter the fact that the prevention controls may be insufficient in some cases.
Page 11
It is also important to have a consistent and comprehensive response to suspected and detected fraud incidents. This sends a message that fraud is taken seriously and that action will be taken against perpetrators. Each case that is detected and investigated should reinforce this deterrent and act as a form of fraud prevention.
Page 12