Assessing Fraud Risks Understanding Cmomn Fraud Shemes

Assessing Fraud Risks: Understanding Common Fraud Schemes

Course # 3044, 8 CPE Credits

Course CPE Information

i

Course CPE Information Course Expiration Date AICPA and NASBA Standards require all Self-Study courses to be completed and the final exam submitted within 1 year from the date of purchase as shown on your invoice. No extensions are allowed under AICPA/NASBA rules. On rare occasion, in response to customer feedback, Western CPE deems it necessary to change one or more of the final exam questions. Thank you for choosing Western CPE for your continuing professional education needs. Field of Study Auditing. Some state boards may count credits under different categories—check with your state board for more information. Course Level Basic. Prerequisites There are no prerequisites. Advanced Preparation None. Course Description Business fraud causes losses of billions of dollars annually. This course takes a dual approach to fraud, explaining how it can be detected as well as prevented. It shows how to identify common fraud schemes and how to proceed in an audit based on the guidance and requirements of SAS No. 99. To make topics easier to understand and apply, author Marshall Romney breaks the material down and includes many helpful examples. Publication/Revision Date This course was last updated February 2009.

Instructional Design

ii

Instructional Design Western CPE Self-Study courses are organized so as to lead you through a learning process using instructional methods that will help you achieve the stated learning objectives. You will be informed of the knowledge, skills, or abilities you will learn within each chapter of the course (clearly defined learning objectives); you will learn the material (course content and instructional methods); your learning will be reinforced (review questions); and your completion of meeting the learning objectives will be measured (final exam questions). These and additional instructional elements are listed and explained below. Please review this information completely to familiarize yourself with all instructional features and to help ensure you will achieve all course learning objectives. Course CPE Information The preceding section, “Course CPE Information,” details important information regarding CPE. If you skipped over that section, please go back and review the information now to ensure you are prepared to complete this course successfully. Table of Contents The table of contents allows you to quickly navigate to specific sections of the course. Outline The outline displays the organizational and instructional hierarchy of the course as well as the detailed contents of each chapter. Chapter Learning Objectives and Content Chapter learning objectives clearly define the knowledge, skills, or abilities you will gain by completing each section of the course. Throughout the course content, you will find various instructional methods to help you achieve the learning objectives, such as examples, case studies, charts, diagrams, and explanations. Please pay special attention to these instructional methods as they will help you achieve the stated learning objectives. Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. Glossary The glossary defines key terms. Please review the definition of any words of which you are not familiar. Index The index allows you to quickly locate key terms or concepts as you progress through the instructional material. Final Exam Final exams measure (1) the extent to which the learning objectives have been met and (2) that you have gained the knowledge, skills, or abilities clearly defined by the learning objectives for each section of the course. Unless otherwise noted, you are required to earn a minimum score of 70% to pass a course. You are allowed up to three attempts to pass the final exam. If you do not pass on your first attempt, please review the learning objectives, instructional materials, and review questions and answers before attempting to retake the final exam to ensure all learning objectives have been successfully completed.

Instructional Design

iii

Evaluation Upon successful completion of your online exam, we ask that you complete an online course evaluation. Your feedback is a vital component in our future course development. Thank you.

Western CPE Self-Study 243 Pegasus Drive

Bozeman, MT 59718 Phone: (800) 243-7395

Fax: (206) 774-1285 E-mail: [email protected]

Web site: www.westerncpe.com Notice: This publication is designed to provide accurate information in regard to the subject matter covered. It is sold with the understanding that neither the author, the publisher, nor any other individual involved in its distribution is engaged in rendering legal, accounting, or other professional advice and assumes no liability in connection with its use. Because regulations, laws, and other professional guidance are constantly changing, a professional should be consulted should you require legal or other expert advice. Information is current at the time of printing.

Table of Contents

iv

Table of Contents

Course CPE Information.............................................................................................................................. i

Instructional Design.................................................................................................................................... ii

Table of Contents....................................................................................................................................... iv

Outline.......................................................................................................................................................viii

Chapter 1: Introduction to Fraud...............................................................................................................1

Learning Objectives...................................................................................................................................1

Who commits fraud and why .....................................................................................................................3 A situational pressure ............................................................................................................................3 A perceived opportunity .........................................................................................................................4 A rationalization .....................................................................................................................................4

Introduction to SAS No. 99........................................................................................................................4 SAS N0. 82 ............................................................................................................................................5 Types of material misstatements ...........................................................................................................8 Fraudulent financial reporting ................................................................................................................8 Misappropriation of assets.....................................................................................................................9

Fraud risk factors.......................................................................................................................................9

Chapter 1 Review Questions...................................................................................................................11

Chapter 1 Review Question Answers and Rationales ............................................................................12

Chapter 2: Fraudulent Financial Reporting Risk Factors .....................................................................14

Learning Objectives.................................................................................................................................14

Pressures/incentives risk factors.............................................................................................................14 Threats to stability or profitability are present......................................................................................14 Pressure to meet expectations ............................................................................................................15 Threats to personal net worth ..............................................................................................................16 Excessive pressure to meet financial targets ......................................................................................16

Opportunity risk factors............................................................................................................................16 The nature of the industry or the entity’s operations ...........................................................................16 Complex or unstable organizational structure .....................................................................................17 Weak internal controls .........................................................................................................................18 Ineffective monitoring of management.................................................................................................19

Attitude/rationalization risk factors...........................................................................................................20



Chapter 3: Misappropriation of Assets Risk Factors ............................................................................25


Pressure/incentive risk factors ................................................................................................................26 Personal financial obligations ..............................................................................................................26 Adverse relationships between the entity and employees...................................................................28

Opportunity risk factors............................................................................................................................29 Susceptibility of assets to misappropriation.........................................................................................29 Internal-control weaknesses ................................................................................................................30

Attitude/rationalization .............................................................................................................................32

Table of Contents

v

Common rationalizations .....................................................................................................................33 Attitude/rationalization risk factors .......................................................................................................33

Other asset-misappropriation risk factors................................................................................................34 Discrepancies in accounting records ...................................................................................................34 Conflicting or missing evidential matter ...............................................................................................35 Problematic or unusual relationships between the auditor and the client ...........................................35



Chapter 4: Audit-Team Discussions, Obtaining Information, and Identifying and Assessing Risks....................................................................................................................................................................40


Discussion among engagement personnel regarding the risks of material misstatement due to fraud .40

Topics to be discussed............................................................................................................................40 The client being audited and its industry .............................................................................................40 Management override of internal controls ...........................................................................................41 Susceptibility of financial statements to fraud......................................................................................41 Professional skepticism .......................................................................................................................41

Obtaining information to identify fraud risks: Making inquiries and other information.............................41

Different groups auditors need to speak with about fraud.......................................................................43 Management ........................................................................................................................................43 Audit committee ...................................................................................................................................44 Internal audit ........................................................................................................................................44 Others in the organization....................................................................................................................44

Obtaining information to identify fraud risks: Analytical procedures .......................................................45

Identifying and assessing risks................................................................................................................48 Identifying risks ....................................................................................................................................48 Assessing the identified risks after evaluating the entity’s programs and controls..............................49



Chapter 5: Assessment Results Response............................................................................................54


Overall responses to identified risks........................................................................................................54 Professional skepticism and audit evidence........................................................................................54 Assignment of personnel and supervision...........................................................................................55 Accounting principles ...........................................................................................................................55 Predictability of auditing procedures....................................................................................................55

Responses: The nature, timing, and extent of audit procedures ............................................................56 The nature of auditing procedures.......................................................................................................56 The timing of substantive tests ............................................................................................................56 The extent procedures are applied ......................................................................................................57

Responses: Misappropriation-of-assets and fraudulent-financial-statement fraud risks ........................57

Inventory fraud and responses to inventory-fraud risk ............................................................................58 Audit procedures when inventory fraud risks are identified .................................................................60

Inventory fraud case study: Phar-Mor .....................................................................................................62


Table of Contents

vi


Chapter 6: Revenue-Recognition Fraud .................................................................................................66


Booking fictitious revenues......................................................................................................................66 False journal entries.............................................................................................................................66 False sales to existing customers........................................................................................................67 False sales to fake customers .............................................................................................................67 Fictitious-revenues case study: Coated Sales, Inc..............................................................................68 Fictitious-revenues case study: ZZZZ Best .........................................................................................69

Cut-off frauds...........................................................................................................................................71 Hold the books open............................................................................................................................71 Close the books early ..........................................................................................................................71 Ship merchandise before the sale is final ............................................................................................72 Record revenue when services are still due........................................................................................72 Recognize revenue before sales contracts are finalized .....................................................................72 Stuff the channel ..................................................................................................................................72

Detecting fictitious revenues and timing differences ...............................................................................73

Timing differences case study: Regina Vacuum Cleaner Co..................................................................74

Bill-and-hold schemes .............................................................................................................................75 SEC enforcement case example .........................................................................................................76 Detecting bill-and-hold frauds ..............................................................................................................77



Chapter 7: Disclosure Failures, Concealed Information, Management Override of Controls, and Management Estimates ............................................................................................................................81


Disclosure failures and concealed liabilities and losses..........................................................................81 Disclosure failures................................................................................................................................81 Audit procedures to detect undisclosed items .....................................................................................82 Fraudulent-disclosures case study: Midland State Bank.....................................................................84 Concealed liabilities and losses...........................................................................................................84

Responses...............................................................................................................................................86 Responses to the risk of management overriding controls..................................................................86 Examining journal entries and other adjustments................................................................................87 Evaluating the business rationale for significant unusual transactions ...............................................88 Management estimates........................................................................................................................88



Chapter 8: Evaluating Audit Tests, Communicating Results, Documenting Audit Work, and Studying Fraud Schemes.........................................................................................................................95

Learning Objectives.................................................................................................................................95 Evaluating audit-test results.................................................................................................................95 Communicating fraud findings and documenting the auditor's consideration of fraud........................98 Documenting the auditor's consideration of fraud ...............................................................................99 To understand fraud, study fraud schemes .......................................................................................100 Avoiding legal liability during audits ...................................................................................................103

Table of Contents

vii

Chapter 8 Review Questions.................................................................................................................105

Chapter 8 Review Question Answers and Rationales ..........................................................................106

Glossary...................................................................................................................................................108

Index.........................................................................................................................................................110

Outline

viii

Outline

1) Chapter 1: Introduction to Fraud a. Who commits fraud and why

i. A situational pressure ii. A perceived opportunity iii. A rationalization

b. Introduction to SAS No. 99 i. SAS No. 82 ii. Types of material misstatements iii. Fraudulent financial reporting iv. Misappropriation of assets

c. Fraud risk factors 2) Chapter 2: Fraudulent Financial Reporting Risk Factors

a. Pressures/incentives risk factors i. Threats to stability or profitability are present ii. Pressure to meet expectations iii. Threats to personal net worth iv. Excessive pressure to meet financial targets

b. Opportunity risk factors i. The nature of the industry or the entity’s operations ii. Complex or unstable organizational structure iii. Weak internal controls iv. Ineffective monitoring of management

c. Attitude/rationalization risk factors 3) Chapter 3: Misappropriation of Assets Risk Factors

a. Pressure/incentive risk factors i. Personal financial obligations ii. Adverse relationships between the entity and employees

b. Opportunity risk factors i. Susceptibility of assets to misappropriation ii. Internal-control weaknesses

c. Attitude/rationalization i. Common rationalizations ii. Attitude/rationalization risk factors

d. Other asset-misappropriation risk factors i. Discrepancies in accounting records ii. Conflicting or missing evidential matter iii. Problematic or unusual relationships between the auditor and the client

4) Chapter 4: Audit-Team Discussions, Obtaining Information, and Identifying and Assessing Risks a. Discussion among engagement personnel regarding the risks of material misstatement

due to fraud b. Topics to be discussed

i. The client being audited and its industry ii. Management override of internal controls iii. Susceptibility of financial statements to fraud iv. Professional skepticism

c. Obtaining information to identify fraud risks: Making inquiries and other information d. Different groups auditors need to speak with about fraud

i. Management ii. Audit committee iii. Internal audit iv. Others in the organization

e. Obtaining information to identify fraud risks: Analytical procedures f. Indentifying and assessing risks

i. Indentifying risks

Outline

ix

ii. Assessing the identified risks after evaluating the entity’s programs and controls 5) Chapter 5: Assessment Results Response

a. Overall responses to identified risks i. Professional skepticism and audit evidence ii. Assignment of personnel and supervision iii. Accounting principles iv. Predictability of auditing procedures

b. Responses: The nature, timing, and extend of audit procedures i. The nature of auditing procedures ii. The timing of substantive tests iii. The extent procedures are applied

c. Responses: Misappropriation-of-assets and fraudulent-financial-statement fraud risks d. Inventory fraud and responses to inventory-fraud risk

i. Audit procedures when inventory fraud risks are identified e. Inventory fraud case study: Phar-Mor

6) Chapter 6: Revenue-Recognition Fraud a. Booking fictitious revenues

i. False journal entries ii. False sales to existing customers iii. False sales to fake customers

b. Cut-off frauds i. Hold the books open ii. Close the books early iii. Ship merchandise before the sale is final iv. Record revenue when services are still due v. Recognize revenue before sales contracts are finalized vi. Stuff the channel

c. Detecting fictitious revenues and timing differences d. Bill-and-hold schemes

i. SEC enforcement case example ii. Detecting bill-and-hold frauds

7) Chapter 7: Disclosure Failures, Concealed Information, Management Override of Controls, and Management Estimates

a. Disclosure failures and concealed liabilities and losses i. Disclosure failures ii. Audit procedures to detect undisclosed items iii. Concealed liabilities and losses

b. Responses i. Responses to the risk of management overriding controls ii. Examining journal entries and other adjustments iii. Evaluating the business rationale for significant unusual transactions iv. Management estimates

8) Chapter 8: Evaluating Audit Tests, Communicating Results, Documenting Audit Work, and Studying Fraud Schemes

a. Evaluating audit-test results b. Communicating fraud findings and documenting the auditor’s consideration of fraud c. Documenting the auditor’s consideration of fraud d. To understand fraud, study fraud schemes e. Avoiding legal liability during audits

Chapter 1: Introduction to Fraud

1

Chapter 1: Introduction to Fraud Learning Objectives After completing this section of the course, you should be able to:

1. Define fraud 2. List the conditions necessary to commit fraud 3. Identify the types of misstatements that occur when fraud is committed 4. List the fraud risk factors 5. Recognize the requirements outlined in SAS No. 99

Fraud is a growing problem in businesses throughout the world. The Association of Certified Fraud Examiners conducted a comprehensive study of 663 cases of fraud and released a Report to the Nation on Occupational Fraud and Abuse. In it they state the following statistics:

• Six percent of revenues in the United States are lost to fraud. • Fraud costs organizations in the United States over $600 billion dollars a year. To put it

on a more personal level, fraud costs employers an average of $4500 per employee per year.

• Men committed more fraud (53.5 percent) than women. • Small businesses, with fewer and less effective internal controls, were more vulnerable to

fraud (average loss of $127,000) than were large businesses (average loss of $97,000). • Over 16 percent of frauds have losses greater than $1 million dollars. • Managers and executives perpetrated 42 percent of the frauds and employees

perpetrated 64 percent. • Eighty-six percent of the frauds involved asset misappropriations and five percent

involved fraudulent financial statements. Fraud is an intentional act of deceit that results in the perpetrator gaining an unfair advantage over another person. It also usually results in an injury to the rights or interests of the other person. Fraud can be perpetrated using things such as presentation of false or misleading information, suppressions of the truth, lies, tricks, cunning, and theft or misappropriation of assets. Fraud perpetrators are often referred to as white-collar criminals to distinguish them from criminals who commit violent crimes. To commit most frauds, a perpetrator must take three different steps: the theft itself; converting the asset to personal use; and concealing the fraud. This is a theft of something of value such as cash, inventory, tools, supplies, equipment, or data. In some cases, there must be an intentional reporting of misleading financial information. The perpetrator converts the assets into a form that can be used personally. This conversion is usually required for all stolen assets except cash.

Χ Stolen checks must be deposited to an account from which the perpetrator can withdraw funds. Information (such as trade secrets or confidential company data) is often sold to someone such as a competitor.

Χ Industry experts estimate computer companies annually lose up to $200 billion in computer chips due to armed robbery and employee theft. In some circles computer chips are better than gold. Their theft is being referred to as the crime of the electronic age. Employees who steal these chips must convert them to cash. A sophisticated black market exists for the chips and they often change hands ten times in three days. When some companies run short of chips they often end up buying their stolen chips back.

Example: The following example illustrates how conversion practices can be carried out.

On the advice of its trusted manager, a brand-name carpet manufacturer approved purchase orders replacing looms described by a subsidiary as


2

deteriorated past reconditioning. But instead of being discarded or sold to a dealer, the used looms, which were in perfectly sound condition, found their way to another building in a town close by, along with skilled workers to man them. In a short time, a new low-priced carpet maker was bidding against the original brand.

The perpetrator must conceal the crime in order to avoid detection and to continue the fraud. Where there are checks and balances in the system, the perpetrator often must "cook the books" to avoid detection. For example, the theft of cash may require the employee to doctor the bank reconciliation or to make false accounting entries to avoid detection. Concealing a fraud often takes more effort and time and leaves behind more evidence than the actual theft does. For example, taking cash takes only a few seconds, but altering records to hide the theft can be more challenging and time consuming. Perpetrators go to a great deal of effort to conceal their frauds. The concealment often involves falsified documents, including ones that are forged. For example:

• Management might conceal fraudulent financial reporting by creating fictitious invoices. • Employees who misappropriate cash might try to conceal their thefts by forging

signatures or creating invalid electronic approvals on disbursement authorizations. These concealment efforts make detecting fraud difficult, because a GAAP audit rarely involves document authentication. Furthermore, auditors are not trained to authenticate documents and are not expected to do so. Collusion among employees, management, and outsiders is another way frauds are concealed. This collusion often causes the auditor to believe that evidence is persuasive when it is, in fact, not persuasive. Some examples of collusion include the following:

• Management and employees can collude to present the auditors with evidence that control activities have been performed effectively when they were, in fact, not performed.

• A company employee may collude with an outsider to send a false confirmation. Even though fraud perpetrators do their best to hide their activities, they usually leave clues or tracks that give them away. Perpetrators are typically vulnerable at these same three specific points: when they commit the fraud, when they conceal it, and when they try and convert the stolen asset to spendable funds or turn the misstatement into personal gain. A typical fraud has a number of important elements or characteristics.

Χ To commit and conceal the fraud, the perpetrator has to gain the trust of the party being defrauded. Perpetrators use false or misleading information to get someone to give them money or take assets that have been entrusted to them. They hide their tracks by falsifying records.

Χ Few frauds are terminated voluntarily. Some fraud schemes are self-perpetrating in that if the perpetrator stops the fraud, he will be discovered. In addition, once perpetrators start a fraud it is very hard for them to stop because they begin to depend on the "extra" income.

Χ Perpetrators spend what they take; they rarely save or invest it. Χ The longer they go undetected, the more confidence perpetrators have in their schemes.

Many get greedy and take ever-larger amounts of money at more frequent intervals. These larger amounts are more prone to be scrutinized carefully and a scheme that might go undetected for some time is uncovered because the amounts taken rise to unacceptable levels.


3

Χ As time passes, many perpetrators grow careless or overconfident and do not take sufficient care to effectively hide their fraud. Those that do usually make a mistake that leads to their apprehension.

Χ In time, the sheer magnitude of the amount of the fraud leads to its detection. Χ The most significant contributing factor in most frauds is the failure to enforce existing

internal controls. Who commits fraud and why Several studies have attempted to produce a profile of the typical fraud perpetrator. Fraud perpetrators seem to fall into one of two groups. The first group is people who, prior to committing the fraud, do not have a criminal record. In other words, they are not "career criminals.” Studies conclude that it is relatively difficult to profile these fraud perpetrators or to predict who will move from being an otherwise honest, upright citizen to becoming a fraud perpetrator. Recently more career criminals have found fraud to be a lucrative occupation. For example, FBI director Louis Freeh has testified before the Senate Special Committee on Aging that cocaine distributors in Florida and California are switching to less risky but equally profitable health-care scams. Their chances for detection are much lower than with trafficking drugs and the profits are staggering. The bureau has some, 1500 cases backlogged and would need to double the size of its 249-agent investigative team to be taken seriously by scam artists who trade in bogus medical cards and phony insurance claims. When a new fraud is discovered, one of the most frequently asked questions is "Why in the world did he or she do it?" The question is asked so frequently because the perpetrator is often a well-respected employee who seemingly has everything to lose and not much to gain by committing the fraud. Research shows that three conditions are usually necessary for fraud to occur: (i) a situational pressure; (ii) a perceived opportunity to commit the fraud; and (iii) a rationalization. A situational pressure A situational pressure is the problem that motivates them to act dishonestly. These pressures can be financial, such as high personal debts; lifestyle, such as gambling or drug addiction; and work-related, such as peer pressures or the fear of losing one’s job. Often the pressure is on the company, not on the individual. For example, an urgent need for working capital or higher earnings may motivate an individual to fraudulently misstate financial statements.

Example: When federal investigators raided an illegal gambling establishment, they found that Roswell Steffen, who earned $11,000 dollars a year, was betting up to $30,000 a day at the racetrack. Investigators at Union Dime Savings Bank discovered he had embezzled and gambled away $1.5 million dollars of their money over a three-year period. Steffen, a compulsive gambler, started out by borrowing $5,000 to place a bet on a "sure thing" that did not pan out. He embezzled ever-increasing amounts trying to win back the original money he had "borrowed." Steffen committed his fraud by transferring money from inactive accounts to his own account. If the owner of an inactive account complained, Steffen, who was the chief teller and had the power to resolve these types of problems, replaced the money by taking it from some other inactive account. After he was caught, he was asked how the fraud could have been prevented. He said the bank could have coupled a two-week vacation period with several weeks of rotation to another job function. That would have made his embezzlement, which required his physical presence at the bank and his constant attention, almost impossible to cover up.

Often people believe these pressures are nonsharable and not solvable in a socially sanctioned manner. These pressures can become so intense that a person feels that they have to act and he or she decides that fraud is the only (or the most satisfactory) solution. One inmate serving time in prison for fraud described his pressure this way: "I'm as honest as the next fellow, but I was backed up against the wall. I did not have any other alternative."


4

A perceived opportunity The perpetrator perceives an opportunity to commit and conceal the dishonest act (viewed as a way to secretly resolve the nonsharable pressure). Opportunities may be created by individuals or permitted by the company. Individuals can create opportunities by increasing their knowledge of company operations, advancing to a position of trust where they can override internal controls, or being the only person who performs a particular procedure. A company increases opportunities for fraud by allowing related-party transactions, having an unnecessarily complex business structure, and failing to create or enforce an adequate system of internal controls. A rationalization There are acceptable ways for people to meet many of the situational pressures they face. For example, they can take out loans to buy a home or car or finance big Christmas spending with credit-card financing. However, there are many situational pressures that cannot be meet in a socially acceptable manner. For example, it is hard to get a loan to repay speculative losses, gambling debts, or to feed a drug addiction. It is also hard for some people to deal in a positive way with their feelings of resentment. When a person decides to solve the problem in an illegal or socially unacceptable manner they must, in their minds, either consciously "cross the line" from being an honest person to a dishonest person, or somehow justify their actions or rationalize them as not really being dishonest. A rationalization is what a perpetrator uses to justify or reconcile his or her dishonest action with his or her personal views of integrity. The decision to commit fraud is determined by the interaction of the three forces. A person with personal integrity and little opportunity or pressure to commit fraud will most likely behave honestly. However, the conditions for fraud become more enticing as individuals with less personal integrity are placed in situations with increasing pressures and greater opportunities to commit the crime. Individuals placed in difficult circumstances may feel that the only way out is to choose between their integrity and one or more of the following: their businesses, positions in the community, their reputations, or prestige. When they choose to sacrifice their integrity, fraud is often the result. Individuals with a great deal of personal integrity may be able to withstand tremendous pressures and a great opportunity. However, some will argue that everyone has their price. It is reported that Abraham Lincoln once angrily kicked a man out of his office. When Lincoln was asked about his actions, he stated that he had just turned down a substantial bribe. Then he said "Every man has his price and he was getting close to mine." Introduction to SAS No. 99 Over the years the auditing profession has provided its members with guidance on their responsibility to detect fraud. Despite the direction, the auditing profession has been the target of litigation and criticism regarding this guidance and the failure of auditors to detect material frauds. Many members of the investing public believe that auditors should be able to detect almost all cases of fraud. In fact, one survey a number of years ago revealed that 66 percent of the respondents thought that the primary purpose of an audit is to detect fraud. Auditors, on the other hand, have maintained that it is virtually impossible for auditors to detect all cases of fraud. The result has been what some people refer to as the “expectation gap.” The following important events took place in the early 1990s and motivated the Auditing Standards Board (ASB) to develop and issue SAS No. 99, Consideration of Fraud in a Financial Statement Audit.

• In 1992, the AICPA’s Expectation Gap Roundtable raised concerns that SAS No. 53 was not sufficiently successful in narrowing the expectation gap in the area of fraud.

• In 1993, the Public Oversight Board issued a report recommending that the ASB develop guidelines to help auditors assess the likelihood that management fraud may be occurring.


5

• In 1993, the AICPA Board of Directors endorsed the recommendations of others that something be done about the “fraud problem.”

SAS N0. 82 In 1997, SAS No. 82, Consideration of Fraud in a Financial-Statement Audit, was issued by the Auditing Standards Board (ASB). Its purpose was to provide operational guidance to auditors on how to better consider material fraud while conducting a financial-statement audit. SAS No. 99 replaces SAS No. 82. The ASB felt that just as companies have a responsibility to continuously focus on fraud prevention and detection, the CPA profession has a responsibility to seek to continuously improve its ability to detect fraud in connection with external audits. The ASB perceived that the public expected auditors to detect fraud when they conduct financial-statement audits. They decided to do something to try and close the expectation gap between the profession and the users of financial statements. The result of their efforts is SAS No. 99, which establishes standards and provides guidance to auditors in fulfilling their responsibility as it relates to fraud in an audit of financial statements conducted in accordance with generally accepted auditing standards (GAAS). SAS No. 82 clarified, but did not increase, the auditor’s responsibility to detect fraud when conducting a financial-statement audit. It provided auditors with procedural and operational guidance to help them detect material misstatements in financial statements caused by fraud. It also clarified the responsibility auditors have to plan and perform an audit so that they can obtain reasonable assurance that the financial statements they audit are free from material misstatement caused by either error or by fraud. In addition, SAS No. 82 provided additional guidance on the standard of due professional care, including the need to exercise professional skepticism. SAS No. 82 was one of the auditing profession’s most highly publicized SAS’s. Many people feel it was written to re-sensitize auditors to the possibility of fraud. Auditors have always had the responsibility to detect material misstatements caused by fraud. These responsibilities have not changed. What has changed is the auditor’s performance, that is, what is required of auditors to fulfill those responsibilities. Sometime after SAS No. 82 was issued, several panels and committees were organized and several studies of fraud were funded. The purpose of both was to determine how to improve audit procedures and guidance with respect to fraud. In response to their findings, a Fraud Task Force was formed to revise SAS No. 82. The result is SAS No. 99, also titled Consideration of Fraud in a Financial Statement Audit. SAS No. 99 does not change an auditor’s responsibility to both plan and conduct audits so that reasonable assurance can be obtained about whether the financial statements are free of material misstatement, whether caused by error or fraud. However, SAS No. 99 does the following:

• It establishes standards and provides guidance with respect to fraud while conducting a financial-statement audit in accordance with generally accepted auditing standards (GAAS);

• It provides guidance on the discussions among engagement personnel that should take place regarding the risks of material misstatement due to fraud;

• It states that the audit team should design tests that are unpredictable and unexpected by the client, including testing areas, locations, and accounts that otherwise might not be tested; and

• It states that procedures should be developed to test for management override of controls on every audit.


6

It is the opinion of the ASB that the requirements and guidance in SAS No. 99 will substantially improve audit performance and increase the likelihood that auditors will detect material fraudulent financial statements. Much of the improved performance will come from an increased focus on professional skepticism as well as the requirement to ask management and other employees about the existence of fraud in the company. Unfortunately, it is not possible for an auditor to be absolutely sure that the financial statements are free of material misstatement resulting from fraud. According to SAS No. 99, a “material misstatement may not be detected because of the nature of audit evidence or because the characteristics of fraud may cause the auditor to rely unknowingly on audit evidence that appears to be valid, but is, in fact, false and fraudulent.” SAS No. 99 then explains that characteristics of fraud include concealment through:

• Collusion by both internal and third parties; • Withheld, misrepresented, or falsified documentation; and • The ability of management to override or instruct others to override what otherwise

appear to be effective controls. Although auditors have a responsibility to detect material fraud, management has the responsibility of designing and implementing controls and programs to prevent and detect fraud. SAS No. 1 (AU sec. 110.03) states "Management is responsible for adopting sound accounting policies and for establishing and maintaining internal control that will, among other things, record, process, summarize, and report transactions (as well as events and conditions) consistent with management's assertions embodied in the financial statements." However, members of the management team are not the only ones who are responsible for overseeing the financial-reporting process. For example, the board of directors and the audit committee help establish appropriate controls to prevent and detect fraud. They also have a responsibility to help set a proper organizational tone and create and maintain an organizational culture of honesty, integrity, and high ethical standards. Brief overview of SAS No. 99 The main components of SAS No. 99 are discussed in this section. Description and characteristics of fraud: Fraud is an intentional act of deceit by management, employees, or third parties, accompanied by a concealment of the true facts. According to SAS No. 99, auditors are not lawyers and “do not make legal determinations of whether fraud has occurred. Rather, the auditor's interest specifically relates to acts that result in a material misstatement of the financial statements.” Auditors are concerned about two types of misstatements: Fraudulent financial reporting and Misappropriation of assets (theft, defalcation, etc.).1 Discussion among engagement personnel regarding the risks of material misstatement due to fraud: While planning the audit, audit-team members should discuss among themselves how and where the company’s financial statements might be susceptible to material misstatement due to fraud. This will help team members remember how important it is to adopt an appropriate mind-set of professional skepticism, especially with respect to the potential for material misstatement due to fraud.2 Obtaining the information needed to identify the risks of material misstatement due to fraud: To assess the risks of material misstatement due to fraud, SAS No. 99 requires auditors to gather more information than simply considering the risk factors, as was required in SAS No. 82. The audit team now must expand their inquiries of management, the audit committee, the internal audit function, and others in the organization (such as operating management and employees in positions of authority). They must

1 SAS No. 99, Paragraphs 5-12. 2 SAS No. 99, Paragraphs 13-16.


7

also consider the results of the analytical procedures performed in planning the audit and consider fraud risk factors and other information.3 Identifying risks that may result in a material misstatement due to fraud: Auditors should use the information they gather to identify the risks that may result in a material misstatement due to fraud.4 Assessing risks after evaluation: Another important component of SAS No. 99 is assessing the identified risks after taking into account an evaluation of the entity’s programs and controls that address the risks. Auditors must evaluate an entity's programs and controls that address the identified risks of material misstatement due to fraud. They should then assess these risks based on their evaluation.5 Responding to the results of the assessment: The auditor must respond to risks that have an overall effect on how the audit is conducted, that relate to the nature, timing, and extent of the auditing procedures to be performed, and are related to material misstatements due to management override of controls.6 Evaluating audit test results: Auditors are required to assess the risk of material fraudulent misstatements throughout the audit. When the audit is completed, the auditor must evaluate whether this preliminary assessment is affected by the evidence gathered during the audit. In addition, the auditor must determine whether any identified misstatements may indicate the presence of fraud. If they do, the auditor must determine the impact of this on the financial statements and the audit.7 Communicating with management, the audit committee, and others about possible fraud: Guidance is provided on if, how, and when auditors must communicate their findings about fraud to management, the audit committee, and others.8 Documenting the auditor's consideration of fraud: SAS No. 99 significantly extends the auditor’s documentation requirements with respect to fraud. Auditors are now required to document their compliance with virtually all the major requirements of SAS No. 99 in order to help ensure that they comply with its new requirements. The items that auditors must document are listed.9 Appendices and other information: The following additional information is also provided in SAS No. 99: Appendix A: Examples of Fraud Risk Factors; Appendix B: Proposed Amendment to Statement on Auditing Standards No. 1, Codification of Auditing Standards and Procedures; and The affect of SAS No. 82 on auditing standards. What does SAS No. 99 do? SAS No. 99: Supersedes Statement on Auditing Standards No. 82, Consideration of Fraud in a Financial Statement Audit; Supersedes AU sec. 316; and Amends SAS No. 1, Codification of Auditing Standards and Procedures, vol. 1, AU sec. 230, “Due Professional Care in the Performance of Work.” Effective date: SAS No. 99 is effective for financial-statement audits beginning on or after December 15, 2002. It applies to all financial-statement audits performed in accordance with generally accepted accounting principles (GAAP).

3 SAS No. 99, Paragraphs 17-31. 4 SAS No. 99, Paragraphs 32-38. 5 SAS No. 99, Paragraphs 39-42. 6 SAS No. 99, Paragraphs 43-66. 7 SAS No. 99, paragraphs 67-77. 8 SAS No. 99, Paragraphs 78-81. 9 SAS No. 99, Paragraph 82.


8

Financial-statement audits versus fraud audits: It is important that financial-statement audits are not confused with fraud audits. These two types of audits differ in several material aspects. A financial-statement audit is conducted in accordance with generally accepted auditing standards (GAAS). Its purpose is to express an opinion on how fairly financial statements represent, in all material respects, the financial position, results of operations, and cash flows of a company, in conformity with GAAP. An auditor cannot obtain absolute assurance that material misstatements in the financial statements will be detected. There are at least two reasons why even a properly planned and performed audit may not detect a material misstatement resulting from fraud. First, there are the concealment aspects of fraud, including the fact that fraud often involves collusion or falsified documentation. Second, there is the need to apply professional judgment in the identification and evaluation of fraud risk factors and other conditions. In a fraud audit, the auditor does not express an opinion regarding the fair presentation of the financial statements. Instead, the auditor is called in as a consultant because fraud is suspected or has been discovered. In a fraud audit, the auditor may be asked to do a number of things, such as determine how the fraud occurred, who committed it, how much was taken, or the nature and amount of the misrepresentation. In the event of a lawsuit, the auditor might also be asked to serve as an expert witness or to support the litigation in some other way. Types of material misstatements Although there are many different types of fraud, auditors are most concerned with fraudulent acts that result in financial statements being materially misstated. These misstatements can result from either intentional or unintentional actions. The unintentional actions are usually referred to as errors or omissions. The intentional actions usually constitute a fraud. With respect to fraud, SAS No. 99 states that there are two different types of material misstatements that are important when auditing financial statements: (i) fraudulent financial reporting; and (ii) misappropriation of assets. These two types of material misstatements are discussed below. Fraudulent financial reporting Fraudulent financial reporting is intentional misstatements or omissions of amounts or disclosures in financial statements that are intended to deceive financial-statement users. They are usually perpetrated by management and are almost always material in amount or else they would not achieve their intended purpose. Those harmed by the fraud are usually the third-party users of the financial statements. Those who benefit directly from the fraud are the entity whose statements are misrepresented. Perpetrators benefit indirectly by such things as obtaining a raise, having the value of their stock rise, not losing their jobs, or gaining more status, power, or prestige in the company or among their peer groups. SAS No. 99 provides the following fraudulent-financial-reporting examples:

• Manipulation, falsification, or alteration of accounting records or documents from which financial statements are prepared;

• Misrepresentation or intentional omission of events, transactions, or other significant information; and

• Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure.

Example: A real estate company that was going public purchased and resold several

nursing homes. The company recognized $2 million in current and deferred profits, even though it only paid a $30,000 down payment when it bought the properties and only received $25,000 in cash when it sold them. The transaction boosted sales to $22 million from $6.7 million and converted its net income from a large loss to a gain.


9

Misappropriation of assets Misappropriation of assets is the theft of an entity’s assets, whether by a lower-level employee or by someone in management. Misappropriation of assets often involves creating or using false or misleading documents or records. It can be perpetrated by a single person, or by collusion among employees, management, outsiders, and others. The entity is the one harmed and the employee benefits directly and immediately. Although there are many more immaterial misappropriations of assets than there are material ones, the auditor is primarily concerned with material misappropriations of assets. As a result of the theft, the company’s financial statements are not presented in accordance with generally accepted accounting principles. SAS No. 99 provides the following misappropriation-of-assets examples:

• Embezzling receipts; • Stealing assets; and • Causing a company to pay for goods or services that the company did not receive.

Example: The man in charge of shipping at a large manufacturer of gas appliances and

related equipment had a wife and nine children to support on a small salary. The pressures of family expenses finally became so great that he began stealing small appliances and fixtures from the warehouse. He sold the items and used the money to help make ends meet.

As explained earlier, both types of fraud usually involve a pressure or an incentive to commit fraud, a perceived opportunity to do so, and some form of rationalization. These three conditions usually are present for both types of fraud, although the nature of the pressure, opportunity, and rationalization can be quite different. For example, top management might perpetrate fraudulent financial reporting because they are under pressure to achieve an unrealistic earnings target. On the other hand, individual employees might misappropriate assets because they are living beyond their means. Fraud risk factors Most crimes leave unmistakable evidence. For example, when a bank is robbed there are often witnesses and even videotapes of the theft. When a restaurant is robbed after hours there are broken cash registers and signs of forced entry. There are often fingerprints, hair or fiber samples, or some other evidence that might identify the unknown perpetrator. In most cases, the investigator knows that a crime has been committed but does not know who perpetrated it. In contrast, in a fraud the difficult thing to prove is that a crime actually took place. When a fraud has taken place, the perpetrator is usually known to the company; in fact it is usually one of the company’s employees. Fraud is hard to detect because it is almost never observed directly. There are no videotapes, witnesses, broken doors or locks, smoking guns, or dead bodies. Furthermore, the person committing the fraud is usually a company employee with the power and authority to process company transactions. They are supposed to have access to company records and documents, as well as the company’s information system. In most frauds the perpetrator takes great pains to conceal his or her tracks and to make everything appear normal. The perpetrator usually hides or disguises the fraudulent transactions, intermingles them with valid transactions, and processes them through the company’s accounting information system. Because the fraudulent transactions are processed as if they were legitimate business transactions, it is often difficult to spot them. If a company does stumble over one of these fraudulent transactions, it is often not clear whether it is an intentional or unintentional error. Therefore, the first step in most investigations is to determine whether or not a crime has actually been committed. Often there is no direct evidence that a fraud is taking place. Therefore, those who want to detect fraud must learn to identify the indicators, or red flags, that are present in most frauds. These clues, which are often referred to as fraud symptoms, can point to the existence of fraud.


10

A perpetrator is left exposed and leaves fraud symptoms at three key points:

• When the item of value, such as cash, is stolen or some part of the financial statement is materially misrepresented.

• When the perpetrator conceals his or her actions so that the fraud scheme is not detected. Concealment often requires documents or records to be created or altered, journal entries to be made, or some other effort made to ensure that the books balance.

• When the perpetrator converts noncash assets into a form that he or she can use or spend.

As each of these three steps is undertaken the perpetrator is vulnerable. For example, the perpetrator could be spotted taking the physical asset or misstating the information. The created or altered documents that hide the fraud can be spotted by some one else. The perpetrator could be caught trying to cash stolen checks. The vulnerability is not limited to the point in time when each of these three steps is taken. It extends for some time, often almost indefinitely. For example, it could be days or weeks later that the stolen item is missed. The auditor could note the altered document during the year-end audit. The stolen check that is cashed could be spotted by the company when it reconciles its checking account. Whenever a fraud takes places there are a number of signs or manifestations that a fraud has taken place, for example, missing assets, fraudulent documents, and forged checks. These signs or manifestations are referred to as fraud symptoms or fraud risk factors. There are symptoms at each point of the fraud: the theft, the concealment, and the conversion. Being aware of these symptoms and actively searching for them is one of the best ways to detect fraud. The fact that fraud symptoms are present is not a guarantee that fraud actually exists. At that point there are merely suspicions that a fraud might have taken place. However, every time there is a fraud one or more of these symptoms is present. Fraud symptoms should be thoroughly investigated to determine whether they are present due to fraud or due to other conditions. An active approach to searching for symptoms and investigating fraud also serves as a deterrent to further fraud taking place. Unfortunately, most people are unaware of what constitutes a fraud symptom. As a result, most fraud symptoms are never recognized. Oftentimes those that are familiar with fraud symptoms are so busy that they do not notice them. Many of those fraud symptoms that are noticed are never properly investigated. As a result, many frauds are never detected or are not uncovered as soon as they could be. The result is an ever-increasing amount lost to fraud.

Chapter 1 Review Questions

11

Chapter 1 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. Which of the following is the best definition of fraud?

A. An act that unintentionally deviates from what is correct, right, or true. B. An excessive and wrongful misuse of assets. C. An intentional act of deceit. D. The act of succumbing to temptation and beginning questionable practices.

2. Which of the following is an element or characteristic of fraud?

A. Perpetrators often save or invest the money they take. B. The longer the fraud is undetected, the more confidence the perpetrator has. C. Frauds are usually terminated voluntarily. D. As time goes on, perpetrators hide their fraud more cautiously.

3. Having an unnecessarily complex business structure is an example of which of the three

conditions necessary for fraud to occur?

A. Perceived opportunity. B. Situational pressure. C. Rationalization. D. Conversion.

4. Which employee committed fraudulent financial reporting?

A. Larry stole a laptop. B. Kathryn embezzled accounts receivable. C. Mike capitalized research and development costs. D. Anna created fictitious invoices in the name of her bogus company.

5. Which of the following is true regarding fraud risk factors or symptoms?

A. Frauds are usually caught while they are taking place. B. When there are fraud symptoms, fraud exists. C. There is often direct evidence that fraud is taking place. D. It is difficult to prove that an actual crime has taken place.

Chapter 1 Review Question Answers and Rationales

12

Chapter 1 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. Which of the following is the best definition of fraud?

A. An act that unintentionally deviates from what is correct, right, or true. Incorrect, because this is describes an error.

B. An excessive and wrongful misuse of assets. Incorrect, because this describes abuse. C. An intentional act of deceit. Correct, because fraud is an intentional act of deceit

that results in the perpetrator gaining an unfair advantage over another person. D. The act of succumbing to temptation and beginning questionable practices. Incorrect,

because this describes corruption. 2. Which of the following is an element or characteristic of fraud?

A. Perpetrators often save or invest the money they take. Incorrect, because perpetrators spend what they take; they rarely save or invest it.

B. The longer the fraud is undetected, the more confidence the perpetrator has. Correct, because perpetrators gain more confidence as their scheme goes undetected. Many will start taking larger amounts of money at more frequent intervals.

C. Frauds are usually terminated voluntarily. Incorrect, because few frauds are terminated voluntarily. Some schemes are self-perpetrating, meaning that if the fraud is to stop, the perpetrator will be discovered.

D. As time goes on, perpetrators hide their fraud more cautiously. Incorrect, because as time passes, many perpetrators grow careless or overconfident and do not take sufficient care to effectively hide their fraud.

3. Having an unnecessarily complex business structure is an example of which of the three

conditions necessary for fraud to occur?

A. Perceived opportunity. Correct, because a perceived opportunity occurs when a perpetrator is aware that the company is weak in certain areas that may allow fraud to occur. A company increases these opportunities by allowing related-party transactions, having an unnecessarily complex business structure, and failing to create or enforce adequate internal controls.

B. Situational pressure. Incorrect, because a situational pressure is a problem that motivates dishonest actions, such as high personal debt.

C. Rationalization. Incorrect, because rationalization is the justification for the dishonest action, such as the perpetrator believing he will pay the company back once he has won the stolen money back.

D. Conversion. Incorrect, because a conversion takes place when the asset stolen needs to be converted to a form that can be used personally. This is one of the steps a perpetrator usually needs to take to commit the fraud.

4. Which employee committed fraudulent financial reporting?

A. Larry stole a laptop. Incorrect, because stealing a laptop is a misappropriation of assets. Although the company will not be pleased with Larry’s actions, the auditors are primarily concerned with material misappropriation of assets.

B. Kathryn embezzled accounts receivable. Incorrect, because SAS No. 99 provides examples of misappropriation of assets which includes embezzling receipts.


13

C. Mike capitalized research and development costs. Correct, because fraudulent financial reporting includes intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or disclosure. GAAP requires research and development costs to be expensed in the period occurred. If Mike was aware of this, fraud has occurred.

D. Anna created fictitious invoices in the name of her bogus company. Incorrect, because this is an example of a misappropriation of assets. Misappropriation of assets can involve creating or using false or misleading documents or records.

5. Which of the following is true regarding fraud risk factors or symptoms?

A. Frauds are usually caught while they are taking place. Incorrect, because the time it takes to discover the fraud can extend for some time, often almost indefinitely.

B. When there are fraud symptoms, fraud exists. Incorrect, because the fact that fraud symptoms are present is not a guarantee that fraud actually exists.

C. There is often direct evidence that fraud is taking place. Incorrect, because often there is no direct evidence that fraud is taking place. Those who want to detect fraud must learn to identify the red flags that are present in most frauds.

D. It is difficult to prove that an actual crime has taken place. Correct, because fraud is difficult to prove because it is almost never observed directly.

Chapter 2: Fraudulent Financial Reporting Risk Factors

14

Chapter 2: Fraudulent Financial Reporting Risk Factors Learning Objectives After completing this section of the course, you should be able to:

1. Identify the fraudulent financial reporting risk factors identified in SAS No. 99, which include pressure/incentive risk factors, opportunity risk factors, and attitude/rationalization risk factors

SAS No. 99 has as its basis a “where there is smoke, there is fire” concept. The smoke is the clues, or conditions, that might alert auditors to the possible existence of fraud. The fire is fraud. In essence, SAS No. 99 states that one should learn to identify the smoke (what it calls “risk factors”) in order to be able to find the fire. SAS No. 99 identifies three different categories of risk factors related to fraudulent financial reporting (pressures/incentives, opportunities, and attitudes/rationalizations) and the same three categories of risk factors that relate to misstatements arising from misappropriation of assets. All six of these categories should be considered during the planning phase of an audit engagement as well as during field-work. The three fraudulent-financial-reporting categories are the topic of this chapter. In SAS No. 99 the fraud risk factors are presented in Appendix A, which is titled “Examples of Fraud Risk Factors.” Although the fraud risk factors described in Appendix A of SAS No. 99 cover a broad range of situations typically faced by auditors, they are only examples. The example risk factors in SAS No. 99 were compiled from research conducted by the author and many other researchers, as well as many practicing CPAs. Some may be of greater or lesser significance depending on the company’s size, ownership characteristics, industry, etc. In practice, the auditor should use any of the listed risk factors that are applicable to his or her client and should add additional risk factors as the situation merits. In this book, the order in which the example risk factors appear is not reflective of their frequency of occurrence or relative importance. The auditor should use professional judgment to evaluate the evidence gathered to:

• Determine if the evidence indicates that one or more fraud risk factors are present; • Assess the significance and relevance of fraud risk factors; • Identify and assess the risks of material fraud if risk factors are present; and • Determining the appropriate audit response.

Pressures/incentives risk factors The first fraudulent-financial-reporting category that SAS No. 99 identifies deals with the pressures, incentives, or motives management has for perpetrating fraud. For all practical purposes, there are scores of reasons why management is motivated to perpetrate fraud. The four most frequent are discussed below. Included among the different fraud risk factors are brief descriptions of past frauds that help to illustrate why a particular risk factor is important or how it was a factor or indicator of fraud. Threats to stability or profitability are present Management may be motivated to perpetrate fraud if it is believed that financial stability or profitability is threatened by economic, industry, or entity operating conditions. Such conditions are discussed below.

• There may be very significant competition or a high degree of market saturation, especially when accompanied by declining margins.

• The company may be highly vulnerable to rapid changes in the industry, such as changing technology or product obsolescence, or to changes in interest rates.

• The industry or overall economy may be declining with increasing business failures and significant declines in customer demand.

• Operating losses that make the threat of bankruptcy, foreclosure, hostile takeover, or


15

other threats to ownership may be imminent. There is a significant relationship between impending business failures and fraud. When faced with the choice of losing their business and everything they have worked for over the years or "fudging" (in their eyes) the numbers a little bit in order to keep the business going, owners and employees may choose the latter course.

• There may be an inability to generate cash flows from operations while reporting earnings and earnings growth, or there may be recurring negative cash flows from operations.

• Management wants to achieve, maintain, or increase a level of growth or profitability that is significantly greater than that of other organizations in the same industry or at least wants to be perceived as doing so.

Example: The Equity Funding Fraud was one of the largest computer-assisted frauds in

history. In 1969, Equity Funding's stock sold for over $80, but because of difficult times in the insurance industry the stock fell to $12 by late 1970. Company management held vast holdings of the stock and were intent on boosting its price. They felt that the only way to do that was through higher and higher earnings. Unfortunately, new sales were down for the industry and existing policyholders were not renewing their insurance. To pump up earnings, Equity Funding began reinsuring fictitious policies. Sales skyrocketed and the reported insurance in force tripled. The industry was amazed at Equity Funding's ability to turn its program around and show surprising gains while everyone else was experiencing a severe decline.

• The company may be subject to new statutory, regulatory, or accounting requirements

that could impair its financial stability or profitability. One illustration of this is the assertion made by some real estate experts that one reason for the Savings and Loan crisis was the severe downturn cause by Congress repealing all the real estate tax shelters in the mid-1980s.

Pressure to meet expectations

• Management may feel excessive pressure on management to meet the requirements or expectations of third parties. Such pressures are discussed below.

• There may be pressure to achieve overly aggressive or clearly unrealistic forecasts that arise from overly aggressive or clearly unrealistic profitability or trend-level expectations, including expectations created by management in overly optimistic press releases or annual report messages.

• There may be significant pressure to obtain additional capital or equity financing so that the company can remain competitive. This includes the need for funds to finance major research and development or capital expenditures.

• An unusually high dependence on debt or marginal ability to meet debt repayment requirements or other debt covenant requirements is another pressure factor.

• There may be a need to avoid lower-than-expected earnings or other poor financial results that would have an impact on forthcoming transactions, such as going public, a merger, or the awarding of a contract. Companies who face pressures for a certain level of earnings are sometimes motivated to fabricate those earnings or turn to sleight-of-hand tactics if they are not able to generate them honestly.

Example: In 1989 Bonneville Pacific, facing a net loss of $2.5 million, badly needed a deal

to meet investor earnings expectations and to avoid a poor showing during discussions with underwriters for a debt or equity offering. To meet those earnings, it recognized a $13.2 million dollar gain on a complex, two-step purchase and sale of assets. The bankruptcy trustee claimed the transaction was a sham to artificially boost the value of assets assigned to Bonneville. He said it involved insider dealing, inflated earnings, and secretly funneling cash


16

through an off-shore shell. An auditor with Bonneville's CPA firm wrote that the transaction presented an unusual audit risk to the CPA firm. The memo also criticized Bonneville officials for accepting such unusual risk, as well as their overly optimistic public projections of earnings, aggressive accounting policies, and their desire to promote the company and increase stock prices. Notwithstanding the memo, the CPA firm gave Bonneville a clean opinion.

Threats to personal net worth Management or the board of directors’ personal net worth is threatened by the entity’s financial performance. The reasons management or the board of directors may feel this way are discussed below.

• Much of management’s personal net worth might be tied up in stock or other ownership interests in the company.

• A significant percentage of management compensation (for example, bonuses, stock options, earn-out arrangements, and other incentives) could be contingent upon the organization achieving unduly aggressive targets for stock price, operating results, financial position, or cash flow. It is important to realize that management incentive plans may be contingent upon achieving targets relating only to certain accounts or selected activities of the entity, even though the related accounts or activities may not be material to the entity as a whole.

• There may be members of management who have personally guaranteed significant company debts, especially if they are significant to their personal net worth.

Excessive pressure to meet financial targets The board of directors or upper management could be exerting excessive pressure on operating personnel or other managers to meet financial targets, including sales or profitability incentive goals. When management sets goals or profitability incentive programs that are unrealistically aggressive for its employees or operating units, they may be motivating the employees toward fraudulent behavior rather than improved performance. In essence, they may be forcing the employees to choose between failing through no fault of their own and fraudulently reporting performance.

Example: William Nashwinter, a young, aggressive salesman with Doughtie's Foods, was promoted to be the general manager of an East coast warehouse that wholesaled frozen-food products to retail outlets. When he did not meet the profit goals Doughtie's set for the warehouse, he was severely criticized. After several such criticisms he decided to do what ever it took to meet what he felt were Doughtie's totally unrealistic profit goals. He inflated the monthly inventory balance he sent to Doughtie's in order to decrease his cost of goods sold and inflate his gross profit. Unfortunately, warehouse performance never improved and his scheme required him to fabricate ever-larger amounts of inventory to meet his goals. When he finally confessed his wrongdoing, the investigating CPA firm found that in the last year of the fraud net income was inflated by 39 percent. In essence, Nashwinter decided it was better to be dishonest than to not meet the budget.

Opportunity risk factors There are many different conditions that represent opportunity risk factors. SAS No. 99 discusses them in four main sections, each of which is presented below. The nature of the industry or the entity’s operations The opportunity to commit fraud based on the nature of the industry or the entity’s operations may present itself in the following ways:

• Significant related-party transactions -- Of concern are transactions that are not a normal part of the company’s business or that are with related entities that are not


17

audited or are audited by another firm. A related party is anyone the company deals with that can influence company management or operations. Related-party transactions include corporate officers dealing among themselves, with family members, with affiliated companies or with companies they control, or with shell companies. Related-party transactions are inherently more risky than other transactions because they are not at "arm’s length." There is, therefore, a greater potential for fraud.

Example: ESM, a brokerage company dealing in government securities, used a

multilayered organizational structure to hide a $300 million fraud. Company officers funneled cash to themselves and hid it by reporting a fictitious receivable from a related company in their financial statements.

• There may be assets, liabilities, revenues, or expenses based on significant estimates

that involve unusually subjective judgments or uncertainties that are difficult to corroborate or that are subject to a significant change in the near term in a manner that may have a financially disruptive effect on the entity. For example: The ultimate collectibility of receivables; The timing of revenue recognition; The realizability of financial instruments, based on the highly subjective valuation of collateral or difficult-to-access repayment sources; and Significant deferral of costs.

• Significant, unusual, or highly complex transactions could have been made, especially those close to year-end, that pose difficult “substance over form” questions.

• Significant operations located or conducted across international borders in jurisdictions where differing business environments and cultures exist

• Significant bank accounts or subsidiary or branch operations could have been established in tax-haven jurisdictions for which there appears to be no clear business justification.

• Operating in a crisis or rush mode -- During times of crisis, abnormal pressure, or rush jobs there are additional opportunities to commit fraud. For example, when a special project is being hurried for completion, the normal system of internal controls is often pushed aside. Signatures are obtained authorizing uncertain purchases. Reimbursements are made rapidly and with little documentation. Record keeping falls behind and cannot be reconstructed. Materials come and go rapidly and can easily be misplaced. No one is entirely sure who is doing what.

Example: One Fortune 500 company was hit with three multimillion-dollar frauds in the

same year. All three took place when the company was trying to resolve a series of crises and neglected to follow the standard internal-control procedures.

• Lack of an effective internal auditing staff -- The fear of someone checking one’s work

and looking for things that are wrong is a powerful motivator to not commit a fraud. When that fear is gone, potential perpetrators are more likely to believe that they can commit and conceal a fraud. The benefits of an effective internal audit staff are illustrated with the following example.

Example: One alert internal auditor noted that a department supervisor took the entire

office staff out to lunch in a limousine on her birthday. During the remainder of the audit he noted other evidences of an extravagant lifestyle. Questioning whether her salary could support her lifestyle, he began a more in-depth investigation. He found that she had set up several fictitious vendors, sent the company invoices from these vendors, and then cashed the checks when they were mailed to her.

Complex or unstable organizational structure Opportunities to commit fraud often present themselves in companies with complex or unstable


18

organizational structures for the reasons discussed below.

• It can be difficult to determine the organization or individual(s) that control(s) the entity. • Numerous or unusual subsidiaries and divisions, managerial lines of authority, or

contractual agreements without apparent business purpose might be part of the overly complex structure. Also of concern is having several different auditing firms, legal counsels, and banks. Unnecessary complexity makes it easier for inappropriate items to be lost in the shuffle or intentionally buried under a blizzard of paperwork. The danger appears when the purpose of the complex structure is to not allow any one party access to all the pieces or parts of any particular transaction. For example, when a company uses different auditors for its various subsidiaries, none of them are able to see the complete picture or trace transactions between subsidiaries from beginning to end.

Example: According to its bankruptcy trustee, the Bonneville Pacific Corp. fraud is one of

the most complex accounting frauds on record. Bonneville conducted business with a tangled web of subsidiaries and partnerships. It conducted a series of baffling complex transactions to produce paper profits and persuade people to invest money in Bonneville projects. Some of the transactions were so complicated that executives had to diagram them with a grease pencil and drawing board at staff meetings. During one three-year period Bonneville used more than 300,000 cash and wire transactions to shift more than $1 billion between itself and its subsidiaries and partnerships. The result was financial statements full of material misrepresentations and omissions. Losses were estimated to be $500 million dollars.

• A turnover rate that is abnormally high for board members, senior management, legal

counsel, or auditors indicates that there is the opportunity for or the presence of fraudulent activity.

Example: At Equity Funding, which was one of the largest computer-assisted frauds in

history, the company went through three different controllers in the space of a year. The first two either left when they became aware of the fraud or were fired because they were unwilling to go along with it.

Weak internal controls

• Failure to design an effective system of internal controls -- The best way to prevent fraud is to design, implement, and enforce a system with sufficient controls to make fraud difficult to perpetrate.

• Inadequate monitoring of significant internal controls, including automated controls and controls over interim financial reporting (where external reporting is required), and inadequate enforcement of internal control systems is a risk factor that has been present in more frauds that almost any other; it goes without saying that it is one of the most significant risk factors.

• An accounting department that is, on a continuous basis, inadequately staffed and overworked is also a “department at risk.”

Example: A company with an understaffed accounting staff fell three months behind in its

record keeping. An employee took advantage of the confusion to write himself checks worth $450,000. He cashed the checks, left the country, and could never be extradited.

• Another risk is a high turnover rates or employment of ineffective accounting, internal

audit, or information technology staff, or management that continues to employ an accounting, information technology, or internal auditing staff that they know are


19

ineffective or incompetent. One reason they may keep those people around is that they are less likely to discover their financial-statement misrepresentations.

• Ineffective accounting and information systems -- This is especially important when there are weaknesses or inefficiencies that represent reportable conditions.

• Management’s failure to display and communicate an appropriate attitude regarding internal control and the financial-reporting process such as a significant disregard for regulatory authorities is also a risk factor. Management that knowingly disregards government rules and regulations may not be overly concerned with misstating their financial statements.

• Management overriding the company’s system of internal controls -- When management fails to follow company controls and guidelines they set a bad example for their employees. Employees tend to see the company as having two sets of rules, one for them and another for management. When management lives by a different set of rules, employees focus more on what management does than what they say. In an employee's mind "What you do speaks so loudly that I can not hear what you say." As a result, it is easier for employees to rationalize their behavior by saying, "But management does it."

Example: At Equity Funding many employees, including nonmanagement personnel,

realized that top management was perpetrating a fraud by misstating their financial statements. They were not being detected or punished, so lower-level employees started embezzling too. Officers of one subsidiary were embezzling funds by claiming fraudulent personal travel and business expenses and by charging a wide variety of personal expenses to the company on a regular basis. In another case, employees who realized that management was overstating revenues began billing the company for hours they did not work.

Ineffective monitoring of management

• A company dominated by a single person or a small group of people without any controls to compensate -- No one in an organization should have so much power that they are able to direct and control an organization without being challenged or questioned. Such people are usually in a position to impose their views on others, including auditors and other outside independent parties.

• Ineffective board of directors or audit committee oversight over the financial-reporting process and internal control -- The importance of an effective board of directors and audit committee that oversees and directs top management activities and establishes an effective control environment is specified in auditing standards. Several standards, including SAS No. 99, require the auditor to communicate his or her findings to the board. In SAS No. 55, the auditor is required to obtain “sufficient knowledge of the control environment to understand management’s and the board of directors’ attitude, awareness, and actions concerning the control environment.” As the auditor gains an understanding of the board of directors’ attitude toward the control environment of the company, the auditor will be able to make a more complete assessment of the risk of fraud within the company. A recent study examined board of director characteristics to determine which ones are associated with less financial-statement fraud. The findings can help auditors better fulfill their responsibilities to assess fraud. In the study, 75 publicly traded companies that had experienced a material financial-statement fraud (called fraud companies) were compared to 75 publicly traded companies without a financial-statement fraud (called no-fraud companies). The study concluded that the board of directors in fraud companies differs from that of no-fraud companies. − Composition -- No-fraud companies had a higher percentage of independent

outside directors (members with no tie to the company other than the seat on the


20

board) than fraud companies. Fraud companies had a higher percentage of internal managers on their boards as well as a higher percentage of affiliated outside directors (relative of management, former employee, consultant, customer or supplier, etc.)

− Tenure -- No-fraud companies had an outside-director tenure of 6.6 years; fraud companies had a tenure of 3.8 years. One explanation for this is that outside directors with a longer tenure may feel less pressure from management, and thus, may be more likely to scrutinize management’s actions. A director with a short tenure may be reluctant to negatively comment on the actions of management.

− Ownership levels of directors -- Independent outside directors of no-fraud companies owned significantly more stock than directors of fraud companies. It may be that the more stock a director owns, the greater the incentive they have to analyze and question the actions of management.

− Presence of an active audit committee -- More of the no-fraud companies (63 percent) had audit committees than the fraud companies (41 percent). The audit committees at the no-fraud companies were more active than those at the fraud companies. In addition, the no-fraud companies had a higher percentage of outside directors than the fraud companies. Companies that maintain an active audit committee are better able to oversee the preparation and audit of the financial statements, increasing the likelihood that the financial statements fairly represent the operations of the company.

It is important for the auditor to realize that these factors alone (a board with an active audit committee and many long-tenure, independent outside directors who own large blocks of stocks) do not guarantee the absence of fraud within a company.

Attitude/rationalization risk factors Risk factors are reflective of the attitudes or rationalizations (by board members, management, or employees) that allow them to engage in and/or justify fraudulent financial reporting. It is often not easy for the auditor to observe these attitude or rationalization risk factors. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from fraudulent financial reporting. The following is a list of attitude or rationalization risk factors:

• Ineffectively communicating and supporting company ethics or values. Of equal importance is the communication of inappropriate values or ethics.

• Nonfinancial management that excessively participates in, or is preoccupied with, selecting accounting principles or determining significant estimates.

• A known history of perpetrating fraud or violating securities or other laws and regulations; or claims or allegations that the organization, its board members, or its top management have perpetrated fraud or violated securities or other laws and regulations. Great care should be taken when an entity or its senior management has a known history or has current claims against them of fraud or securities-law violations. People who have committed prior offenses are more likely to commit another offense and become repeat offenders.

Example: Tony De Angelis converted an old petroleum tank farm into salad-oil storage

tanks and hired American Express Warehousing to independently operate the warehouse. He placed 22 handpicked men at the warehouse and they were able to fool American Express inspectors. They filled tanks with seawater and then placed a layer of oil on the top. The tanks were connected by pipes and the men piped oil back and forth between the tanks. These and other tricks allowed De Angelis to claim 937 million pounds of oil when only 100 million actually existed.


21

De Angelis claimed to own and store more oil than existed in the whole country. De Angelis used the warehouse receipts issued by American Express to borrow money. When the fraud scheme collapsed, 20 banks collapsed and lenders were defrauded out of over $200 million. De Angelis also had a long history of fraud and deception.

• Management has an excessive interest in increasing (or at least maintaining) the

company’s earnings trend and, more importantly, the company’s stock price • A management practice of committing to investment analysts, institutional investors,

significant creditors, and other external third parties to achieve aggressive or unrealistic forecasts.

• Management that fails to correct, on a timely basis, any known and reportable conditions that make the company vulnerable to fraudulent activity.

Example: The Perini Corporation did not adequately control company checks, even though

they were repeatedly encouraged to do so by their outside auditors. As a result they lost $1,150,000. Perini did not control access to blank checks; it stored unused checks in an unlocked storeroom that every clerk and secretary had access to. Checks were written using a check-writing machine that automatically signed the president's name. The machine dumped signed checks into a box that was supposed to be locked and the key was supposed to be controlled by an employee from a different department. However, no such employee was assigned and the box was kept unlocked, nor did anyone pay attention to the machine's counter, which kept track of the number of checks written so that the number of checks could be compared with the number of vouchers authorized for payment. These and other inadequacies in control, which were noted and reported to management but never corrected, made the theft quite easy to commit.

• A desire to underreport the company’s net income or assets to save money on income

taxes. (This incentive is more prominent in private, rather than in publicly held clients.) • Recurring attempts by management to justify marginal or inappropriate accounting on the

basis of materiality. • Relationships between management and current or predecessor auditors that are difficult

or strained. For example:

− Frequent disputes -- These are usually about accounting, auditing, or reporting matters.

− Unreasonable demands -- For example, requiring the auditor to complete the audit or issue the report in an unreasonably short amount of time.

− Restrictions, whether formal or informal -- For example, inappropriately limiting an auditor’s access to people or information; also, restricting an auditor’s ability to communicate effectively with the audit committee or the board of directors.

− Domineering behavior in dealing with the auditor -- This is especially serious if it involves attempts to influence the scope of the auditor’s work.


22

Chapter 2 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales.

1. Jake is an accountant in the construction industry. A recent pronouncement regarding revenue recognition for construction contracts has been issued. Jake believes the company will show a significant loss if the company follows this required pronouncement.

This is an example of which type of pressure/incentive risk factor?

A. Threats to stability or profitability. B. Pressure to meet expectations. C. Threats to personal net worth. D. Excessive pressure to meet financial targets.

2. Which of the following is an example of excessive pressure to meet financial targets?

A. Steve, the CEO, has personally guaranteed a $1,000,000 line of credit for the company. B. Meredith, a CFO, is in an industry that is facing a decline in the market. She is hoping her

company won’t be as hard hit as others in the industry. C. John, a controller, is an integral part of the company’s plan to go public. D. Marina, a regional sales manager, has been repeatedly told by her boss that she must

meet her district’s profit goals. 3. Which of the following companies may experience fraud due to weak internal controls?

A. Abacus Inc. is frequently operating in “rush mode” to get jobs done. B. The Boston Company’s accounting department has consistently remained inadequately

staffed and overworked. C. The Charles Group has an audit committee on paper, but the committee isn’t really

active. D. Dizzy and Friends has numerous subsidiaries and several audit firms for each of these

entities. 4. Which type of opportunity risk factor is present if a company allows one person the ability to direct

and control the organization without being challenged or questioned?

A. Nature of the entity’s operations. B. Complex organizational structure. C. Ineffective monitoring of management. D. Weak internal controls.

5. Which attitude or rationalization risk factor was present in the Perini Corporation example as

provided in the course?

A. Inadequate monitoring of significant internal controls. B. Management failed to correct any known and reportable conditions that made the

company vulnerable to fraudulent activity. C. Frequent disputes between management and the auditors. D. Ineffectively communicating and supporting company ethics or values.


23

Chapter 2 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided.

1. Jake is an accountant in the construction industry. A recent pronouncement regarding revenue recognition for construction contracts has been issued. Jake believes the company will show a significant loss if the company follows this required pronouncement.

This is an example of which type of pressure/incentive risk factor?

A. Threats to stability or profitability. Correct, because threats to stability or profitability may be present when the company is subject to new statutory, regulatory, or accounting requirements that could impair its financial stability or profitability.

B. Pressure to meet expectations. Incorrect, because pressure to meet expectations exists when management feels to meet requirements or expectations of third parties. Jake may feel this type of pressure if the company’s stockholders are expecting a profit, but that is not clear in this case.

C. Threats to personal net worth. Incorrect, because threats to personal net worth include management owning stock in the company, tying management bonuses to profit or stock prices, or management personally guaranteeing debt of the company. This may apply in Jake’s situation, but the example does not indicate his personal net worth is threatened.

D. Excessive pressure to meet financial targets. Incorrect, because excessive pressure to meet financial targets occurs when operating personnel or managers are receiving pressure from the board of directors or upper management to meet financial targets. This most likely would not occur in Jake’s position.

2. Which of the following is an example of excessive pressure to meet financial targets?

A. Steve, the CEO, has personally guaranteed a $1,000,000 line of credit for the company. Incorrect, because this is an example of a threat to personal net worth.

B. Meredith, a CFO, is in an industry that is facing a decline in the market. She is hoping her company won’t be as hard hit as others in the industry. Incorrect, because this is an example of a threat to profitability.

C. John, a controller, is an integral part of the company’s plan to go public. Incorrect, because this is an example of a pressure to meet expectations.

D. Marina, a regional sales manager, has been repeatedly told by her boss that she must meet her district’s profit goals. Correct, because excessive pressure to meet financial targets occurs when operating personnel or managers receive pressure from the board of directors or upper management to meet financial goals. Being repeatedly told by her boss to meet certain goals may pressure Marina to fraudulently report performance if she is not meeting these goals.

3. Which of the following companies may experience fraud due to weak internal controls?

A. Abacus Inc. is frequently operating in “rush mode” to get jobs done. Incorrect, because this is an opportunity risk factor to commit fraud based on the nature of the entity’s operations.

B. The Boston Company’s accounting department has consistently remained inadequately staffed and overworked. Correct, because a company may experience fraud due to weak internal controls, which includes a failure to design an effective system of internal controls, inadequate monitoring of the controls, inadequately staffing and overworking the accounting department, and knowingly employing incompetent accounting staff.


24

C. The Charles Group has an audit committee on paper, but the committee isn’t really active. Incorrect, because this is an opportunity to commit fraud based on the ineffective monitoring of management.

D. Dizzy and Friends has numerous subsidiaries and several audit firms for each of these entities. Incorrect, because this is an opportunity to commit fraud based on a complex or unstable business structure.

4. Which type of opportunity risk factor is present if a company allows one person the ability to direct

and control the organization without being challenged or questioned?

A. Nature of the entity’s operations. Incorrect, because opportunity risk factors within an entity’s operations includes examples such as operating in a crisis or rush mode, and significant accounting estimates that involve unusually subjective judgments or uncertainties that are difficult to corroborate.

B. Complex organizational structure. Incorrect, because a complex organizational structure creates opportunity risk factors when it is difficult to determine the organization or individual that controls the entity, having numerous or unusual subsidiaries and divisions, or a high turnover rate of board members, management, or auditors.

C. Ineffective monitoring of management. Correct, because a company dominated by a single person or a small group of people without any controls to compensate is a form of ineffective monitoring of management.

D. Weak internal controls. Incorrect, because the failure to design an effective system of internal controls and inadequate monitoring of significant internal controls are examples of opportunity risk factors.

5. Which attitude or rationalization risk factor was present in the Perini Corporation example as

provided in the course?

A. Inadequate monitoring of significant internal controls. Incorrect, because although this was a risk factor in the Perini Corporation example, it is an opportunity risk factor caused by weak internal controls.

B. Management failed to correct any known and reportable conditions that made the company vulnerable to fraudulent activity. Correct, because the inadequacies in internal controls were reported to management, but never corrected, which made the fraud very easy to commit.

C. Frequent disputes between management and the auditors. Incorrect, because although frequent disputes between management and auditors is an attitude or rationalization risk factor, it is not indicated as an issue in the Perini Corporation example.

D. Ineffectively communicating and supporting company ethics or values. Incorrect, because although it is possible that Perini may have been ineffective at communicating and supporting company ethics or values since they did lose $1,150,000, it is not clear in this case if that was a factor.

Chapter 3: Misappropriation of Assets Risk Factors

25

Chapter 3: Misappropriation of Assets Risk Factors Learning Objectives After completing this section of the course, you should be able to:

1. State the risk factors associated with the misappropriation of assets, including pressure/incentive risk factors, opportunity risk factors, attitude/rationalization risk factors, and other asset appropriation risk factors

Misappropriation of assets can be accomplished in various ways, including embezzling receipts, stealing assets, or causing an entity to pay for goods or services not received. Misappropriation of assets may be accompanied by false or misleading records or documents and may involve one or more individuals among management, employees, or third parties. One study of 270 employee frauds found that 261 of the frauds involved the theft of cash. Cash is far and away the most likely asset to be stolen for the following reasons:

• Cash can easily be spent; • Cash does not need to be converted into a spendable form, as do inventory and fixed

assets; and • It is usually easier to take a larger amount of cash than any other type of asset.

The theft of cash can take many forms, including:

• Stealing cash itself (there are many ways to do this, such as underringing sales, taking petty cash, taking cash and issuing a credit memo, or giving a fictitious refund for the amount stolen, etc.);

• Using company checks or credit cards to pay personal expenses; • Submitting false expenses, such as for travel; • Overstating hours worked or increasing one’s monthly salary without authorization; • Creating fictitious employees and cashing the paychecks, or cashing the checks of a

terminated employee; • Stealing duplicate payments; • Creating a fictitious vendor, submitting fraudulent invoices to the company, and cashing

the checks to pay for the fictitious goods; • Granting loans to fictitious borrowers; and • Stealing checks made out to the company or to someone else and cashing them.

Example 1: Albert Miano, a middle manager at Reader’s Digest making $35,000 per year,

embezzled $1 million from 1982 to 1987. Miano was responsible for processing bills from the painters and carpenters at Reader’s Digest headquarters. As a test of the system, he forged the signature of a superior on an invoice for painting that was never done, submitted it to accounts payable, and told them to give him the check because the painter needed it in a hurry. When the check went through, Miano forged the painter’s endorsement on the check and deposited it in his own account. The scheme was so easy he continued it for five years, buying a $416,000 contemporary house in Connecticut, five cars, and an $18,000 motor boat.

There are many other types of misappropriation of assets, including theft of inventory or other assets, the unauthorized sale of assets, collusion with customers or suppliers, kickbacks and bribes, use of company resources for personal purposes, and false reports or entries into accounts to improve performance or cover missing assets.


26

Example 2: An information-systems manager at a Florida newspaper went to work for a competitor when he was fired. Before long, the first employer realized its reporters were constantly being scooped. The newspaper finally discovered the manager still had an active account and password and regularly browsed its computer files for information on exclusive stories.

Example 3: A Continental Illinois Bank vice president that was charged with approving $1

billion in bad loans in exchange for $585,000 in kickbacks. The loans cost the Chicago bank $800 million and helped trigger its collapse.

SAS No. 99 identifies three categories of risk factors that relate to misstatements arising from misappropriation of assets. They are the same categories used for fraudulent financial reporting frauds: pressures/incentives, opportunities, and attitudes/rationalizations. There are also a few asset-misappropriation risk factors that do not easily fit into the three categories, which are also discussed. Fraud-risk assessment is an ongoing process. The possibility of fraud is first assessed during the planning stage of the audit. Later, as fieldwork is performed, other conditions may be identified that change or support the judgment made during audit planning. Some risk factors apply to both asset misappropriation and fraudulent financial reporting. For example, risk factors related to internal-control weaknesses and poor management supervision may be present when either type of fraud occurs. Pressure/incentive risk factors Situational pressures are the problems individuals have that motivate them to act dishonestly. As previously discussed, these pressures can be:

• Financial, such as high personal debts; • Lifestyle, such as gambling or drug addiction; or • Work-related, such as peer pressures or the fear of losing a job.

Sometimes the pressure is on the company, not on the individual. For example, an urgent need for working capital or higher earnings may motivate an individual to commit fraud on behalf of the company rather than against it. SAS No. 99 indicates that auditors should plan their audits such that they consider information about the situational pressures or problems that motivate material employee dishonesty. This dishonesty could be perpetrated by anyone in the organization, from lower-level employees to top management, though material fraud is more likely among higher-level employees. If auditors become aware of additional pressure/incentive risk factors as they conduct their audits, they should consider those factors in assessing the risk of material misstatement arising from the misappropriation of assets and take appropriate action to investigate them. SAS No. 99 discusses two groupings of employee pressure/incentive risk factors that might indicate the existence of fraud: (i) personal financial obligations; and (ii) adverse relationships between the entity and employees. Personal financial obligations Just because an employee has personal financial obligations that he cannot meet does not mean they will commit a fraud. However, an employee in financial difficulty can be more motivated as well as more susceptible to the temptation to misappropriate assets than an employee who is not in financial distress. At the same time, employees that have access to cash or other assets that are easily misappropriated have a greater opportunity to perpetrate a fraud. Therefore, an employee with financial problems (a


27

pressure) that has access to cash or other easily misappropriated assets (an opportunity) is at greater risk to perpetrate fraud. The auditor should be aware of this and scrutinize these employees more closely. Financial pressure can come from many different things. Some of the more frequent pressures result under the circumstances discussed below.

• Living beyond one’s means -- Many fraud perpetrators seem to be attracted to what may be referred to as a life of conspicuous consumption. They are extroverted, fun-loving, social individuals who enjoy the feelings that come from influence, social status, and from spending large sums of money.

Example: Tony De Angelis, who perpetrated the Salad Oil Swindle, was known for his

chauffeur-driven Cadillac, his large and risky deals, his influential associates, and his free-spending habits. He often gave cash away to his many admirers.

• Bad investments or heavy financial losses.

Example: Raymond was the owner of a local grain storage company in Iowa. He built a

lavish house overlooking the Des Moines River, complete with a swimming pool, sauna, and a three-car garage. However, for reasons no one really knows, his financial situation declined. Some say he lost money speculating on the commodities markets. Others say it was a grain embargo that virtually halted the buying and selling of grain. Raymond had a severe cash shortage and went deeply in debt. He asked some farmers to wait for their money and gave others bad checks. Finally, the seven banks to which he owed over $3 million called their loans. He began the unauthorized sale of the stored grain and used the proceeds to cover his losses. One day a state auditor appeared unexpectedly. Rather than face the consequences, Raymond took his own life.

• Greed. • Gambling debts.

Example: Bernie, a New York lawyer, was a compulsive gambler. He loved to gamble in

Las Vegas and bet on the horses. On one occasion, he flew to Las Vegas with $17,000 in racetrack winnings. After several hours he built his stake up to $110,000. Bernie put it in a hotel safe-deposit box at the hotel intent on using it to pay his unpaid mortgage and other large debts. Unable to sleep with all that gambling going on below, Bernie got up and went back to the tables. He lost everything and even went $25,000 in debt to the casino. To feed his betting habits he would buy a block of shares in a penny stock company and pay brokers to bid up the price so he could unload his shares. He pulled off dozens of scams and made millions of dollars on each one.

• High personal debt -- This may result from the loss of a business or home, divorce, high

medical bills, extended periods of unemployment or underemployment, impending personal bankruptcy, bad business decisions, or reversals in the economy. In essence, the perpetrator comes to believe that solving the above pressures is more important than personal integrity. In other words, the perpetrators would prefer to commit a fraud than lose their home or business or go bankrupt. The perpetrators may not consciously make this decision, but their actions reveal what is most important to them.

Example: Alex was the 47-year-old treasurer of a credit union. His monthly payments on

his home, cars, five different credit cards, two side investments, and college for two children exceeded his take-home pay. He felt the only way to make ends meet was to commit a fraud. He misappropriated assets to help pay his crushing


28

debts and defrauded the credit union of $160,000 over a seven-year period. He was very well respected, so his actions came as a great surprise to all who knew him.

• An inadequate income.

Example: Tom was the head shipper at a large manufacturer of gas appliances and related

equipment. He had to support his wife and nine children on a small salary. The pressures of family expenses finally became so great that he began stealing small appliances and fixtures from the warehouse. He sold the items and bought all kinds of things his family needed at home.

• Trying to start or support an outside business.

Example: The controller of a small bank embezzled $158,000. Prior to working at the bank,

he had worked for one of the then-Big Six firms and had earned a CPA certification. He was the son of a judge, and had never stolen anything before. When interviewed, he indicated that one of the reasons he had committed the fraud was that his outside business was losing money and draining his personal funds.

• High tax or medical bills. • Alcohol or drug addiction. • An employer’s expectation that employees should maintain a certain lifestyle to foster a

certain image or engage in activities to bring in new business, yet the employees are not provided with an adequate income or expense account to do so.

Example: A partner in a national CPA firm felt he was expected to frequently wine and dine

clients and potential clients. As a result he seriously overextended himself financially. When an important client offered him a bribe to hide their fraudulent financial reporting, he agreed to look the other way. For a $150,000 payment, he concealed a $300 million fraud. As a result, a large savings and loan failed, as well as several other companies.

Adverse relationships between the entity and employees When there is an adverse relationship between an employee and the organization itself (or someone in the organization), the employee is more susceptible to the temptation to misappropriate assets for personal gain as well as perpetrating a fraud as a way of getting back at the organization. Again, this is especially true of employees that have access to cash or other assets that are easily misappropriated. Adverse relationships can be caused by many things, among them:

• Possible job losses due to employee layoffs, a proposed merger, a proxy contest for control, or any number of other reasons. An individual may also be motivated to cover up a poor performance or to make himself or herself look better so he or she can maintain his or her position and prestige.

Example: One executive at a management training company was placed on probation as a

result of poor evaluations from conference participants. In order to save her job, she removed the poor evaluations and replaced them with much better evaluations. This deception went on for some time until a participant complained in person to the president of the company.

• Promotions, compensation, or other rewards inconsistent with expectations. For

companies to grow and progress, it is important for them to have goals and high


29

expectations. However, when management sets goals or expectations for its employees or operating units that are totally unrealistic, they sometimes motivate them more toward fraudulent behavior rather than improved performance. In essence, some employees may believe they must choose between failing through no fault of their own or cheating.

Opportunity risk factors An opportunity is the condition or situation that allows a person to commit and conceal a dishonest act. Like situational pressures, opportunities do not in and of themselves cause fraud. Individuals can choose to behave honestly; many people successfully resist temptations to commit fraud in spite of the opportunity. However, the probability of fraud increases as the opportunities become more abundant and more convenient. This section of the course discusses some of the more important opportunity risk factors that make fraud more likely to occur. It also illustrates many of these risk factors with real-life examples. Opportunity risk factors may be created by individuals or permitted by the company. Individuals can create opportunities in the following ways:

• Increasing their knowledge of company operations; • Advancing to a position of trust where they can override internal controls; • Being the only person who performs a particular procedure.

A company increases opportunities for employee fraud in the following ways:

• Allowing related-party transactions; • Having an unnecessarily complex business structure; and • Failing to create or enforce an adequate system of internal controls.

SAS No. 99 discusses opportunity risk factors in two main sections: (i) susceptibility of assets to misappropriation; and (ii) internal-control weaknesses Susceptibility of assets to misappropriation Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation. For example, opportunities to misappropriate assets increase when any of the following conditions exist.

• There are large amounts of cash on hand or processed. If a person was going to commit a fraud he would, in almost all cases, go after cash first. Cash is easy to take and can be easily spent; that is, it does not have to be sold or otherwise converted into a form that can be spent. In employee frauds, cash is king.

• There are certain inventory characteristics, such as small size, high value, or high demand. If an employee decides to steal assets, he wants something that is small enough to be easily transported, of a high enough dollar value to be worth stealing, and that is in high demand so it can be easily converted to cash.

• There are assets available that are easily converted into cash, such as bearer bonds, diamonds, or computer chips. Ultimately, a fraud perpetrator wants money to spend, so the items taken must be easy to convert to cash.

• There are certain fixed asset characteristics, such as small size, marketability, or lack of ownership identification.

• Assets do not have to be physically taken to be susceptible to theft. An enterprising employee can also “make” money when goods are purchased or sold, without ever physically handling the assets. This usually results from mutually beneficial personal relationships with customers or suppliers, such that business transactions are no longer arm’s-length. In other words, purchasing agents and salespeople who develop close associations with vendors and customers are often able to commit a fraud. This is


30

especially true where large amounts of money are at stake. For example, vendors can easily afford to provide a purchasing agent with a kickback in order to win a multi-million-dollar contract. A purchasing agent who is struggling to make ends meet can easily be tempted by these kickbacks. Procurement frauds are especially difficult to detect since the perpetrator does not have to alter the company's books to cover up the fraud.

Example: A purchasing agent who was responsible for acquiring janitorial supplies for a

medium-sized city was approached by a paper supplier with a deal. If the purchasing agent would allow them to supply the municipality with lower-quality paper at the current price, they would give him a kickback of half of the excess profits. After this had been going on for a few months, the paper supplier began raising the prices and billing the municipality for five times what they shipped. They also reduced his share of the kickback. When he complained, they said "What are you going to do? Tell your bosses that you have been accepting a kickback?" They were right; he was trapped. There was nothing he could do short of confessing his part in the fraud.

Internal-control weaknesses Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. In contrast, an effective system of internal controls is the best method of deterring fraud within an organization. Establishing an internal-control system is the responsibility of management, and an auditor must evaluate the effectiveness of the internal-control system when assessing risk. An auditor should aid management in improving its internal-control system in order to prevent fraud. SAS No. 99 lists a number of risk factors related to controls and the author of this book has added a few more, all of which are discussed below.

• Inadequate segregation of duties -- Good internal control demands that no single employee be given enough responsibility that he is in a position to both perpetrate and conceal fraud. To achieve effective segregation of duties, the authorization, recording, and custody functions must be separated. If two of these three functions are the responsibility of a single person, problems may arise.

Example: The utilities director of Newport Beach, California, was charged with embezzling

$1.2 million. He forged invoices or easement documents (i.e., for the rights to put a water line through a person's land) authorizing payments to a real or fictitious city property owner. Finance department officials gave him the checks to deliver to the property owners. He would then forge signatures, endorse the checks to himself, and deposit them in his own accounts. He was able to perpetrate the fraud because he was given physical custody of checks relating to transactions that he had also authorized.

• Inadequate independent checks on performance -- Internal checks that evaluate the

performance of each transaction-processing function are an important control element. They should be "independent" because they are more effective if performed by someone other than the person responsible for the original operation. These independent checks include reconciliation of independently maintained records, comparison of actual quantities to recorded amounts, batch totals, and independent review.

• Inadequate or inappropriate management oversight of employees responsible for assets -- For example, inadequate supervision or monitoring of remote locations.

• Failure to perform background checks and screen job applicants -- It is especially important to screen employees that will have access to cash and other assets that can be easily misappropriated.


31

Example: Philip Crosby Associates (PCA), a consulting and training firm, undertook an exhaustive search to select a financial director. The person hired was John C. Nelson, an MBA and CPA with a glowing reference from his former employer. In reality, however, both the CPA and the reference were phony. John C. Nelson was really Robert W. Liszewski, who had recently served an 18-month jail sentence for embezzling $400,000 from a bank in Indiana. By the time PCA discovered this, Liszewski had embezzled $960,000 using wire transfers to a dummy corporation supported by forged signatures on contracts and authorization documents.

• Inadequate record keeping -- When there are no (or poor) records of assets that are

susceptible to misappropriation, it is much easier to hide the theft of those assets. • No system for authorizing and approving transactions -- For example, when goods to

be purchased are not authorized and approved by some one other than the purchasing agent, it is much easier for the purchasing agent to collude with vendors and get a kickback for ordering too many goods or goods of an inferior quality, or for ordering from a single vendor, often at higher-than-normal prices.

• Poor physical safeguards over assets -- This includes poor safeguards over assets such as cash, investments, inventory, and fixed assets. In today's world, one of a company's most important assets is its information. Accordingly, steps must be taken to safeguard both information and physical assets. If there are inadequate safeguards there is a good probability that some of the assets will "sprout wings and fly away."

Example: Jerry Schneider noticed a trash can full of papers on his way home from a Los

Angeles-area high school. Rummaging through them, he discovered they contained parts manuals and operating guides for Pacific Telephone and Telegraph’s computers. Over time, his scavenging activities resulted in an impressive technical library. He used the library to penetrate Pacific Telephone’s computer system, order equipment for himself, and instruct the computer to not send him a bill for the goods ordered. He sold the equipment to other companies and even sold some stolen equipment back to Pacific Telephone. He was able to steal $1 million worth of electronic equipment before a disgruntled employee turned him into the police. After serving 40 days in jail, Schneider established a profitable business as a computer security consultant. In essence, he told companies how to protect themselves from people like him.

Example: The former city treasurer of Fairfax, Virginia, was convicted of embezzling

$600,000 from the city treasury. When residents used cash to pay their taxes, she would keep the currency. She recorded tax collections on her property tax records but did not report them to the city controller. Eventually, an adjusting journal entry was made to bring her records into agreement with those of the controller. In addition, cash received to pay for business license fees or court fees was rung up on the cash register and then stolen. She replaced the stolen cash by substituting miscellaneous checks received in the mail that would not be missed when they went unrecorded.

• Absence of timely and appropriate transaction documentation -- For example,

credits for merchandise returns. • Failure to require mandatory vacations for employees performing key control

functions -- Many fraud schemes, such as lapping and kiting, require the ongoing attention of the perpetrator. Lapping means that cash receipts are not recorded right away but are shifted between different accounts. This is done to cover up a cash shortage. Kiting refers to writing a check against an account at one bank (which usually does not have sufficient funds to cover it) and depositing or cashing the check through a


32

different account at another bank to take advantage of the time lapse before the check clears.

Therefore, employees should be required to take an annual vacation, during which time their job functions are performed by others. If mandatory vacations were coupled with a temporary rotation of duties these types of ongoing fraud schemes would fall apart. When perpetrators take time off they run a great risk of getting caught.

Example: One perpetrator went on vacation and left his secretary very detailed instructions

as to what transactions to enter for processing and when to enter them. She followed the instructions to the letter, but the person processing the transactions made an error and called the perpetrator for help in correcting the mistake. Since the perpetrator was unavailable and the secretary knew nothing about the transactions, the person had to investigate the transaction to make the needed correction. The investigation brought the fraud to light.

Example: The former payroll director of the Los Angeles Dodgers pleaded guilty to

embezzling $330,000 from the team. He would credit employees for hours not worked and then receive a kickback of around 50 percent of their extra compensation. He also added fictitious names to the Dodgers payroll and cashed their paychecks. The fraud was discovered when the payroll director became ill and another employee took over his duties.

• Management with a poor understanding of information technology -- This lack of

understanding can make it possible, or easier, for information-technology employees to misappropriate assets.

• Inadequate access controls over automated records also make it easier for an employee to commit a fraudulent act.

• Placing too much trust in employees -- In today's environment of downsizing and re-engineering, more responsibility and trust is being placed in employees. As a result, they are more likely to operate in isolated or specialized contexts that separate them from other individuals and that make independent checks and supervision difficult. Opportunities arise when too much trust is placed in key employees and they are not subject to the normal checks and balances that are so important to safeguarding company assets. Victimized employers are often heard saying "I cannot believe he would commit a fraud. He was one of my most trusted employees."

Example: At Ribeye Corporation the payroll clerk never missed handling the payroll.

Because he was trusted, no one had the responsibility of reviewing his work. Every two weeks the clerk forwarded payroll data for each employee to an outside organization to prepare the checks. When the checks were returned, the clerk ran them through a check-signing machine and forwarded them to the restaurants for distribution. However, the clerk created extra employees and added them to the regular payroll data. It was easy for the clerk to sign the checks using the machine, to endorse them, and to deposit them into an account he controlled. Periodically, he would terminate the fictitious employees and replace them with others at different restaurants so that his exposure at any one restaurant was limited. The clerk defrauded Ribeye out of almost $300,000. Many fellow employees found it hard to believe that he was guilty of the fraud.

Attitude/rationalization As previously discussed, a rationalization is what perpetrators use to justify or reconcile their dishonest actions with their personal views of integrity. Because they judge themselves by their intentions and not their actions, many perpetrators consider themselves honest and upright citizens. That means that when


33

a person decides to solve the problem in an illegal or socially unacceptable manner, he or she must, in his or her mind, do one of the following:

• Consciously “cross the line” from being an honest person to a dishonest person; • Draw upon some internal mechanism that allows the person to rationalize his or her

actions as not actually being wrong or dishonest; and • Find or create an excuse that makes his or her actions more important than honesty and

integrity. This rationalization allows perpetrators to violate their position of trust and still have that violation be consistent with their concept of themselves as honest people. As an example of the rationalization process perpetrators use, consider the following statements by a professional car thief. “What I do is good for everybody. I create work; I hire men to find customers, paint and deliver the cars, work on the numbers, prepare the car papers, and drive them out of the state. That is good for the economy. I am also helping people get what they could never afford otherwise. A fellow wants a Cadillac but cannot afford it. He buys my cars and saves as much as $2,000. Now he is happy and so is the guy who lost his car because he gets a nice new Cadillac from the insurance company. The Cadillac company is happy because they sell another car. The only ones who do not do well are the insurance companies. But they are so big that nobody cares personally. Besides, they have a budget for this sort of thing. Come on now -- who am I really hurting?” Common rationalizations There are many rationalizations used by perpetrators. Some of the more common ones follow:

• “I am just borrowing the money.” This is perhaps the most frequent rationalization; perpetrators say they do not intend to steal, they just need a little money to tide themselves over a rough spot. They are not really dishonest because they have every intention of paying the “loan” back before it is missed. Unfortunately, these individuals must borrow larger and larger amounts of money in order to meet their needs and are never able to repay the money.

• “I am not hurting anyone.” Perpetrators who justify their actions this way claim that it is just a faceless and nameless computer system that will be affected or a large impersonal company that will not miss the money. For example, one perpetrator took pains to steal no more than $20,000, which was the maximum the insurance company would reimburse his company for losses.

• “The company owes it to me so I am really not stealing.” • “To be somebody, I must have money. Something (honesty and reputation) has to give in

order for me to be successful.” • “Everybody is a little dishonest and what I am doing is not that bad. It is just a little sin.” • “I needed it badly and it is for a good cause. Besides, no one will ever know.” • “Business is business and you have to do what you have to do to get ahead in business.”

Attitude/rationalization risk factors Risk factors reflective of employee attitudes/rationalizations that allow them to justify misappropriations of assets are generally not susceptible to observation by the auditor. Nevertheless, the auditor who becomes aware of the existence of such information should consider it in identifying the risks of material misstatement arising from the misappropriation of assets. For example, auditors may become aware of the following attitudes or behavior of employees who have access to assets susceptible to misappropriation:

• Disregard for the need for monitoring or reducing risks related to misappropriations of assets.


34

• Disregard for internal control over misappropriation of assets by overriding existing controls or by failing to correct known internal-control deficiencies.

• Employees who are known to be dissatisfied, angry, or resentful or who exhibit behavior indicating displeasure or dissatisfaction with the company or its treatment of the employee. This may result from a belief that the company is taking advantage of them, that they are treated unfairly or are underpaid and "deserving" of more money, or that their contributions are neither appreciated sufficiently nor recognized. It may be that they feel they are on the road to nowhere because they have a dead-end job that brings them no personal satisfaction and is the cause of all their problems. They may feel that no matter how hard they try, they can never achieve the unrealistic goals management has set for them.

Example: One fraud perpetrator began his career as a staff accountant at a defense

contractor. The president of the company was a workaholic and considered an eight-hour day as something a part-time employee worked. To make his mark in the company the man worked 12- to 14-hour days. After six years at the company he finally realized that his long workdays were now expected of him and that he would never be able to get out of the rat race. He became bitter about being taken advantage of (he had never received any overtime) and the lack of appreciation for his years of dedicated work. To get back at the company he colluded with a vendor to overcharge the company $1.5 million. The $80,000 he received from the vendor was his appreciation and "pay back."

• Unusual behavior or lifestyle (especially changes in lifestyle or behavior) of employees

with access to assets susceptible to misappropriation. When people who view themselves as honest cross the line and perpetrate a fraud, they usually experience a great deal of stress. Often, this stress results in significant changes in their behavior that is noticed by those they live and work with. Therefore, these changes are a risk factor. However, these changes can be the result of a lot of other things as well, such as marital problems, worries about a child or an aging parent, etc. Great care should be exercised using behavioral changes as a fraud risk indicator. They are usually used best to corroborate risk factors.

• Other behaviors associated with fraud. These include excessive pride or ambition, an overwhelming need for power or control, an insatiable intellectual challenge, an irresistible desire to beat the system, and family or peer pressure.

Other asset-misappropriation risk factors There are other conditions or risk factors that the auditor might note that do not easily fit into the three elements of the fraud triangle. Three of these are now discussed. Discrepancies in accounting records Any identified discrepancies in the accounting records might be indicative of fraud and should be viewed as fraud risk factors. Examples of these discrepancies include:

• The incomplete or untimely recording of transactions (wrong amount, period, or classification);

• Unsupported or unauthorized balances or transactions; • Last-minute adjustments that significantly affect financial results (for example, Lincoln

Savings and Loan had end-of-period adjustments for 13 straight quarters that transformed quarterly losses into gains); Journal or other entries made by someone other than the one who normally makes them;

• Journal and ledger entries that lack the appropriate supporting documents or explanations; and


35

• Unexplained or unusual entries to adjust accounts particularly susceptible to fraud such as accounts receivable, inventory, accounts payable, revenue, and expenses.

Example: The in-charge auditor for a lumber wholesaler was reviewing the work papers

prepared by her assistant, who had audited accounts receivables at a branch office. She noticed a $90,000 debit to allowance for bad debts and a credit to the accounts-receivable control account. The entry was explained as the general ledger being adjusted to the accounts-receivable trial balance at the branch. Since the explanation made no sense to her, she questioned her assistant. The branch manager had told him that, because of collection problems with some long-time customers, credit terms and criteria had been eased in an attempt to increase sales. When she compared the receivables write-offs percentages at both locations she noticed that the branch write-offs were much higher. When questioned, the controller at the main store said that credit procedures had been tightened. The auditor increased the scope of her audit tests and determined that the branch manager was stealing customer payments and concealing the fraud by writing off the accounts. Unfortunately for him, he made errors in the write-offs, necessitating the suspicious journal entry that the auditor first noted.

Conflicting or missing evidential matter Any conflicting or missing evidential matter might be indicative of fraud and should be viewed as fraud risk factors. Examples of these include:

• Significant, unexplained reconciliation items; • Inconsistent, vague, or implausible responses from management or employees; • Unusual discrepancies between the company’s records and confirmation replies; • Missing inventory or physical assets; and • Missing documents or copies of documents when the originals should exist.

Example: When Barry Minkow needed audited financial statements, he offered Mark

Morze, the ZZZZ Best accountant, a $200,000 bonus if he could fool the auditor into issuing a clean opinion. Morze created the documentation needed to support the fraudulent financial statements. He created hundreds of fake cashier's checks by making a clean photocopy of an original; whiting out the payee, date, and amount; typing in the new information; and making another photocopy. He made phony bank statements by borrowing originals, cutting and pasting individual lines on ZZZZ Best statements, and then photocopying them. He also used a copy machine to create fake invoices and work sheets. When a lender insisted on seeing a nonexistent eight-story building being restored in Arroyo Grande, he went there to take a picture. The tallest building in town was three stories high. Undaunted, he laid down and took a picture that cut off the top of the building and made it look taller than it was. This "proof" convinced the lender.

Problematic or unusual relationships between the auditor and the client Any problematic or unusual relationships between the auditor and the client might be indicative of fraud and should be viewed as fraud risk factors. Examples of these discrepancies include:

• Denying the auditor access to records, facilities, employees, customers, vendors, or others from whom audit evidence might be sought;

• Undue time pressures to resolve complex or contentious issues; • Unusual delays in providing information; and • Tips or complaints to the auditor about fraud.

Example: A bank with a large credit-card operation received a call from the ex-boyfriend of one of


36

its employees. He was upset that she had kicked him out of their apartment and would not get back together with him. To get even, he called and told the bank that she was colluding with another person at the bank to defraud it. An investigation revealed that the woman worked in the department that authorized new credit cards. She would authorize two new credit cards, one for her and one for her accomplice. They would both run the outstanding balance up to close to $1,000. Defaulted accounts of less than $1,000 were written off without being turned over to a collection agency. The accomplice worked in the department that wrote off the bad debts and she made sure the accounts were written off without questions being asked. Then the first woman would issue two more credit cards and the process would be repeated.


37

Chapter 3 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. Which of the following is true regarding the theft of cash?

A. It is more difficult to steal than other types of assets. B. It is the least likely asset to be stolen. C. It can be easily spent. D. It needs to be converted.

2. Which employee appears to have the greatest risk of perpetrating fraud by misappropriating

assets?

A. Becky, a cashier, is a single mother struggling to make ends meet. B. Arthur, a single 26 year-old, has been working at the company in the accounting

department since graduating college. C. Troy, a market research analyst, is close to filing for bankruptcy. D. Susan, married with two children, is in charge of merchandise returns.

3. George, a warehouse manager for XYZ Co., has recently been turned down for a promotion he

was assured he would get. With this information, why might an auditor scrutinize George more closely than other employees?

A. George has the opportunity to commit fraud and has personal financial obligations. B. George has an adverse relationship with his employer and the company has internal

control weaknesses. C. George has the opportunity to commit fraud and the company has internal control

weaknesses. D. George has the opportunity to commit fraud and has an adverse relationship with his

employer. 4. Joan works at New World Construction, Inc. She is responsible for approving and processing

accounts payable invoices. Why is New World Construction at risk for fraud regarding Joan?

A. Inadequate segregation of duties. B. No system for authorizing and approving transactions. C. Inadequate record keeping. D. Failure to perform background checks.

5. A discrepancy in accounting records would include:

A. Missing documents or copies of documents when originals should exist. B. Unsupported or unauthorized balances or transactions. C. Unusual delays in providing information. D. A disregard for the need for monitoring or reducing risks related to misappropriations of

assets.


38

Chapter 3 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. Which of the following is true regarding the theft of cash?

A. It is more difficult to steal than other types of assets. Incorrect, because it is easier to take a large amount of cash than any other type of asset.

B. It is the least likely asset to be stolen. Incorrect, because cash is the most likely asset to be stolen.

C. It can be easily spent. Correct, because cash is the most likely asset to be stolen because it can be easily spent, it does not need to be converted to a spendable form, and it is easier to steal more of than any other asset.

D. It needs to be converted. Incorrect, because cash does not need to be converted into a spendable form, as do inventory and fixed assets.

2. Which employee appears to have the greatest risk of perpetrating fraud by misappropriating

assets?

A. Becky, a cashier, is a single mother struggling to make ends meet. Correct, because an employee with financial problems that has access to cash or other easily misappropriated assets is at greater risk to perpetrate fraud.

B. Arthur, a single 26 year-old, has been working at the company in the accounting department since graduating college. Incorrect, because Arthur doesn’t appear to have any pressure to commit fraud, and depending on his position in the accounting department, his opportunity to commit fraud may mostly lie in financial statement fraud.

C. Troy, a market research analyst, is close to filing for bankruptcy. Incorrect, because although Troy has a pressure to commit fraud, his position as a market research analyst would make the opportunity difficult.

D. Susan, married with two children, is in charge of merchandise returns. Susan has an opportunity to commit fraud in her position of handling merchandise, but she does not appear to have a pressure to commit fraud.

3. George, a warehouse manager for XYZ Co., has recently been turned down for a promotion he

was assured he would get. With this information, why might an auditor scrutinize George more closely than other employees?

A. George has the opportunity to commit fraud and has personal financial obligations.

George may have an opportunity to commit fraud with his position as a warehouse manager, but the example does not indicate that he cannot meet his financial obligations.

B. George has an adverse relationship with his employer and the company has internal control weaknesses. Incorrect, because although George may be resentful about not getting the promotion, the example does not indicate internal control weaknesses of the company.

C. George has the opportunity to commit fraud and the company has internal control weaknesses. Incorrect, because although George may have an opportunity to commit fraud since he is a warehouse manager, the example does not indicate that the company has weaknesses in internal control.

D. George has the opportunity to commit fraud and has an adverse relationship with his employer. Correct, because George’s position as a warehouse manager may allow him the opportunity to commit fraud. George may also have an adverse relationship with the company since he was recently turned down for a promotion which he was promised. The company can help mitigate fraud by having an effective system of internal controls.


39

4. Joan works at New World Construction, Inc. She is responsible for approving and processing

accounts payable invoices. Why is New World Construction at risk for fraud regarding Joan?

A. Inadequate segregation of duties. Correct, because New World Construction has given Joan the responsibility of both authorizing and recording accounts payable. She is in a position to perpetrate and conceal fraud. If the company designates either one of the responsibilities to another employee, they will help to alleviate potential fraud.

B. No system for authorizing and approving transactions. Incorrect, because a system is in place for authorizing and approving the accounts payable transactions through Joan.

C. Inadequate record keeping. Incorrect, because the example does not indicate there is inadequate record keeping. Inadequate record keeping is when there are no, or poor, records of assets that are susceptible to misappropriation.

D. Failure to perform background checks. Incorrect, because the example does not indicate that they failed to perform a background check on Joan. The company should have performed a check on her since she is in a position to approve and process financial transactions.

5. A discrepancy in accounting records would include:

A. Missing documents or copies of documents when originals should exist. Incorrect, because missing documents or copies of documents when originals should exist is an example of conflicting or missing evidential matter.

B. Unsupported or unauthorized balances or transactions. Correct, because a discrepancy in the accounting records that might be indicative of fraud includes unsupported or unauthorized balances or transactions.

C. Unusual delays in providing information. Incorrect, because unusual delays in providing information is an example of problematic or unusual relationships between the auditor and the client.

D. A disregard for the need for monitoring or reducing risks related to misappropriations of assets. Incorrect, because a disregard for the need for monitoring or reducing risks related to misappropriations of assets is an example of attitude risk factors.

Chapter 4: Audit-Team Discussions, Obtaining Information, and Identifying and Assessing Risks

40


Learning Objectives After completing this section of the course, you should be able to:

1. Explain the audit planning requirements of SAS No. 99 2. Explain the types of inquiries and analytical procedures that should made to obtain information to

identify fraud risks 3. Explain the factors that should be considered when identifying risks 4. Explain the requirements for assessing the identified risks

Discussion among engagement personnel regarding the risks of material misstatement due to fraud SAS No. 99 has formalized the need, on every audit, for audit-team members to discuss among themselves the possibility that the client’s financial statements could be materially misstated as a result of fraudulent financial reporting or a material employee misappropriation of assets. SAS No. 99 does not require any specific means or medium of communication, only that the medium used should permit and facilitate an interactive exchange of ideas. SAS No. 99 does state that an oral discussion is preferred (as opposed to a memorandum or e-mail discussion). The most likely reason for the oral discussion is that it is the best way for audit team members to promote and facilitate the desired free interchange of ideas among themselves. The first such discussion should take place while planning the audit. In addition to discussing the potential for material misstatement due to fraud, the audit team should brainstorm with respect to how and where the client’s financial statements might be susceptible to material fraud. Another benefit of these discussions is that they will help team members remember how important it is to adopt an appropriate mindset of professional skepticism, especially with respect to the potential for material misstatement due to fraud. SAS No. 99 also provides guidance on how extensive the discussions should be, how they should occur, and who should be included. The SAS also makes it clear that audit-team members must exercise their professional judgment making these determinations. According to SAS No. 99, the audit team should consider the number of locations and possible use of specialists in its discussions. When there are multiple locations, there are at least two decisions that must be made. One is determining which locations should be audited. SAS No. 99 states that auditors need to consider the guidance provided in SAS No. 47 (AU sec. 312.18) as they select locations. The second is the discussion of the possibility of fraud. Because each of the client’s locations can be different, the key audit-team members at each location should be involved in the discussions. A second consideration is whether or not to involve specialists in the discussion and whether to assign them to the audit team. An example of when specialists may be needed is when information technology plays an import role in the client’s business operations and organization. In such cases it is often useful to include an IT specialist in the discussions and to include him or her on the audit team. Topics to be discussed SAS No. 99 also provides guidance as to what topics the audit team should discuss. The client being audited and its industry It is important for experienced audit-team members, especially the auditor who has final responsibility for the audit, to share their insights and knowledge about the organization being audited as well as the industry in which it operates.


41

Management override of internal controls A very real concern on many audits is the possibility and likelihood of management overriding the organization’s internal controls. Audit-team members should approach this discussion with a questioning mind and set aside any prior beliefs regarding management honesty and integrity. Many auditors have been fooled into thinking that management was honest and that they would not intentionally hide things from them. They have learned to their regret that appearances can be deceiving. Auditors must set aside any preconceived ideas about management integrity and approach the audit with a healthy dose of professional skepticism. Susceptibility of financial statements to fraud A third item that the audit team must discuss is how the organization’s financial statements might be susceptible to material-misstatement fraud, and where fraud is most likely to occur. This discussion should include all known external and internal factors affecting the organization that might create pressures (incentives, motives, etc.) for management or other employees to commit fraud; allow an opportunity to commit and conceal a fraud; and indicate a corporate culture or environment that enables management to rationalize fraud. Professional skepticism As mentioned above, it is important for the audit team to discuss the importance of maintaining the proper state of mind (an attitude of professional skepticism) throughout the audit. During the entire engagement, members of the audit team must remember the following:

− Have a questioning mind that recognizes that there may be material misstatements in the financial statements due to fraud;

− Constantly be on the alert for any information that indicates a potential material misstatement;

− Set aside any belief they have about management’s honesty and integrity -- they should not be satisfied with evidence that is not persuasive because they believe management is honest; and

− Critically assess audit evidence regarding the potential for material misstatement due to fraud.

Obtaining information to identify fraud risks: Making inquiries and other information To assess the risks of material misstatement due to fraud, SAS No. 99 requires auditors to gather more information than simply considering the risk factors, as was required in SAS No. 82. To obtain the information they need to identify the risks of material fraud, the audit team should perform the following procedures:

• Make inquiries of management and others within the entity about the risks of fraud; • Consider the results of the analytical procedures performed while planning the audit • Consider fraud risk factors; and • Consider other information that may be helpful in identifying risks of material

misstatement due to fraud, including information obtained:

− During the audit-team discussions held during the planning phase of the audit; − During the acceptance and continuance of clients and engagements; − While conducting reviews of interim financial statements; and − While considering audit risk, especially with respect to identified inherent risks, at the

individual-account-balance or class-of-transaction level. The last two steps listed above consider fraud risk factors and other information have already been discussed. The first two steps, inquiries and analytical procedures are now discussed. SAS No. 99 states “The auditor’s inquiries of management and others within the entity are important because fraud often is uncovered through information received in response to inquiries. One reason for


42

this is that such inquiries may provide individuals with an opportunity to convey information to the auditor that otherwise might not be communicated.” According to the Association of Certified Fraud Examiners, 80 percent of frauds are discovered through tips and complaints. In other words, the best clues or indications that fraud exists usually do not come from looking at the books or performing audit procedures, but from the people who work with the fraud perpetrators. That means that asking questions is one of the most effective audit techniques, if not the most effective technique. Asking client personnel about fraud is also a great fraud deterrent:

• It lets client personnel know you are actively looking for fraud. • This increases the likelihood that perpetrators will be found. • It also increases the “fear factor” that employees will be caught if they try to perpetrate

fraud. • Ultimately, this makes them less likely to try to commit fraud.

Joseph Wells, the president and founder of the Association of Certified Fraud Examiners, says that it is amazing what people will tell the auditor about fraud if they are asked. He also says that there are a number of myths that need to be dispelled regarding auditors who ask questions about fraud. He discussed these myths in an article in the September 2001 Journal of Accountancy; the discussion is provided below. Myth: If I ask client personnel about fraud, I will offend them. Reality: If the auditor asks correctly, few of the people that are asked about fraud will be offended. The auditor can minimize the number of people offended in the following ways:

• Building rapport with the person before asking him or her about fraud; • Asking questions about fraud at the end of another discussion, rather than jumping in to

questions about fraud at the beginning of the interview; • Explaining what is going to be asked; • Explaining why the questions are being asked (it is now required by generally accepted

auditing standards); • Starting with general questions, and ending with specific ones; • Starting with easy questions, then ending with hard ones; and • Setting sensitive questions up before asking them.

Myth: Asking about fraud could lead to legal problems. Reality: Auditors can legally ask client personnel anything, provided:

• They have a legitimate reason for doing so, and auditors do so to such degree as it is their job to ask;

• The interview is voluntary and not compulsory; • The interview is done in a reasonable way and under private conditions; and • The interview is confined to questions instead of statements. In fact, auditors are much more likely to have legal problems by NOT asking. For example, consider that a jury is unlikely to accept an auditor’s failure to ask appropriate questions about fraud because he did not want to hurt anyone’s feelings.

Myth: Why should the auditor bother asking client personnel about fraud? They will not tell the truth. Reality: Most people will not risk lying about something as important as fraud. More people than

expected will voluntarily confess. Instead of lying, people are much more likely to try and avoid the question, something the auditor should be conscious of. Evasive or vague answers, changing the subject, unnecessarily delaying answers, and other methods of evading questions should be carefully considered to determine the cause of the actions and their impact on the questions asked and the audit.


43

There are a number of concerns about inquiries that the auditor may need to address. One is that, since the auditor will be asking a number of different client personnel about fraud, there is a chance that their responses to audit inquiries will be inconsistent. Another is that, in some instances, the auditor may feel it is necessary to substantiate the information received from client personnel. In these and other instances, the auditor must exercise professional judgment in deciding what additional evidence must be gathered to resolve these concerns. Different groups auditors need to speak with about fraud Management Accounting has never been what one could call an exact science. Company management has to make many judgment calls as they record, summarize, and evaluate a company’s many and often complex transactions. It is not easy to distill a company’s business activities into just a few key numbers that accurately reflect a company’s underlying financial condition. As a result, there is more than one way to do things. This makes it possible for companies to “manage” their earnings. Corporate executives manage earnings when they try to figure out how to report “desired results” rather than how to report economic reality or actual company results. As a result, “earnings management” includes selecting GAAP accounting methods based on whether they will produce the desired results rather than whether they reflect economic reality. Questionable accounting practices are the means individuals use to manage company earnings and make their financial statements look better. Many of these questionable accounting practices are not illegal; indeed many managers feel a responsibility to report the best earnings possible in the most favorable light possible. Managers merely take advantage of GAAP's flexible rules. Companies have become increasingly aggressive about taking advantage of the many loopholes that boost the bottom line. Sometimes these earnings-management techniques distort the financial condition of a company enough that the financial statements are misleading, and therefore, are viewed as fraudulent. Other times management simply resorts to outright fraud to make their financial statements look better. SAS No. 99 states that management should be interviewed to determine their views with respect to the organization’s fraud risks and how those risks are addressed. The expanded inquiries of management should cover the following:

• Whether members of management know of any fraud that has taken place or is currently being perpetrated.

• Whether members of management know of any past or current allegations of fraudulent financial reporting. These fraud allegation tips often come from current or former employees, analysts, short sellers, or other investors.

• The fraud risks the organization faces and management’s understanding of those risks. Of particular importance are specific fraud risks the organization has identified or account balances or classes of transactions where the risk of fraud is more likely to exist.

• The controls and programs management has put in place to reduce, deter, prevent, or detect fraud risks, and the procedures management uses to monitor them.

• How, and to what extent, management monitors multiple locations and business segments.

• Whether any of the operating locations or business segments has a higher risk than normal.

• When and how management communicates its views on business practices and ethical behavior to its employees.

• The nature and extent of management reports to the audit committee (or board of directors, board of trustees, or the company’s owner) with respect to:


44

- All five interrelated components of internal control: control environment, control activities, risk-assessment processes, information and communication systems, and monitoring activities; and

- How well management believes their internal controls prevent, deter, and detect material fraud.

In addition to the inquiries required by SAS No. 99, auditors must also obtain written representations from management. SAS No. 85, Management Representations, requires the client to specify, in writing, if they are aware of any fraud involving:

• Management; • An employee who plays a significant role in the organization’s system of internal controls;

and • Others, when the financial statements might be materially affected by the fraud.

Audit committee Members of management are not the only ones who should take an active oversight role with respect to the organization’s fraud-risk assessment and the controls and programs established to deter, prevent, or detect fraud risks. Research studies show that companies are more likely to have reliable financial statements and less likely to employ “earnings-management practices” if they have independent audit committees. In other words, the earnings of companies with audit committees are of a higher quality than those without the committees. Other studies have found that “poor oversight of management through weak governance structures is an important catalyst for earnings manipulation.” SAS No. 99 states that inquiries of the audit committee should cover the following:

• How the audit committee oversees the organization’s fraud-risk assessment; • The controls, programs, and procedures the organization uses to eliminate or reduce

fraud risks; • How the audit committee views the risks of fraud; and • Whether any of the audit-committee members know of any suspected or actual fraud.

Internal audit

• The auditor also should make inquiries of appropriate internal-audit personnel. The inquiries should cover the following:

• How the internal audit function views the risks of fraud; • The procedures they performed during the year to test for fraud; • How management responds to their fraud findings, and whether their response has been

satisfactory; and • Whether any of the internal auditors know of any suspected or actual fraud.

Others in the organization

• Which individuals in an organization are most likely to know that a misappropriation-of-assets fraud is taking place?

• Not the board of directors or the audit committee. While they may be aware of material misappropriations due to fraud, they are not at the company on a daily basis and are likely to be rather isolated from company employees other than top management.

• Not the external auditors, as they only spend part of a year at the company and spend much of their time looking through a company’s books. Historically, they are not usually the ones that uncover fraud that is taking place.

• Not the internal auditors. While they are often full-time company employees, they do not work, on a daily basis, with the employees who are likely to commit fraud.

• Not top management, as they are also somewhat isolated from company employees. (However, top management are the ones -- and their subordinates whom they direct to


45

perpetrate the fraud -- most likely to know about or to discover fraudulent financial statements.)

The people in an organization that are most likely to know that a misappropriation-of-assets fraud is taking place are the co-workers, immediate supervisors, and those who work immediately underneath the perpetrators. Many of these people are torn between the obligation to protect their company and the baggage that comes with approaching someone and blowing the whistle. They find it easier to remain silent for the following reasons:

• They do not want to falsely accuse anyone, get involved, or make trouble; • They fear reprisals (getting fired, damaging their careers, etc.); • They have been taught to not “squeal”; or • They do not know whom to tell.

While these people are unlikely to approach the auditor and blow the whistle, they may complain, hint, or indicate that they know something. When directly asked about fraud, many of them welcome the chance to tell the auditor what they know. That is why it is so important that people at all levels in the organization be asked what they know about frauds that might be taking place in the company. They can often provide auditors with valuable perspectives. Auditors also need to learn to listen to the grapevine. If top management is cooking the books, employees below them will often alert the auditors. For example, Enron vice president Sherron Watkins, a former Arthur Anderson employee, warned the Andersen audit team that the company might implode in an accounting scandal. Auditors must use their professional judgment to decide who else in the organization should be asked about fraud and the extent of those inquiries. The key consideration in making this decision is whether a person can provide information that will help the auditor identify fraud risks. Auditors are most likely to make inquiries of the following:

• Anyone the auditor interacts with during the normal course of the audit, such as while obtaining an understanding of the organization’s internal-control system, observing inventory, performing cutoff tests, or investigating fluctuations uncovered during analytical procedures;

• Operating personnel who are not part of the financial reporting process; • Employees in positions of leadership or authority; • Employees who initiate, record, or process unusual or complex transactions; • Individuals who might know if there is any inappropriate or unauthorized activity with

respect to processing journal entries and other adjustments; • Employees who have custody of assets that are prone to misappropriation; and • In-house legal counsel.

The information these individuals provide can support management responses, help uncover management override of controls, and indicate how effectively management communicates standards of ethical behavior. Obtaining information to identify fraud risks: Analytical procedures Auditors perform analytical procedures on financial and nonfinancial data as they plan audits in order to identify items that need to be investigated, such as transactions, events, amounts, ratios, or trends that, based on the auditor’s understanding of the entity and its environment, do not agree with what the auditor expects to find. These analytical procedures often include ratio and trend analyses. They are typically performed on high-level, aggregated data. Because they can help auditors identify unusual relationships between key financial statement numbers, they can be a valuable tool in identifying where auditors should look to assess fraud risks.


46

It is especially important for the auditor to look for unusual or unrealistic relationships or conditions that might indicate fraud. In doing so the auditor needs to be creative, challenge explanations, and actively look for things that do not make sense. The auditor needs to look for transactions or data that are:

• Too large or too small; • Too often or too rare; • Too high or too low; • Too much or too little; or • Too early or too late.

The auditor also needs to look for transactions or data that:

• Happen at odd times or places; • Are not performed by the normal people or do not follow normal policies, procedures, or

practices; • Are out of order or sequence; or • Do not follow the normal or expected pattern.

All unusual items should be investigated to determine if they are indicative of fraud.

Example: An auditor at a manufacturing company noted that there was a payment on the company books to the local Chrysler automobile dealership for $750. The explanation for the entry was that it was for body work on the president’s Cadillac, which had been damaged in an accident. That did not seem unusual (maybe the Chrysler dealer had a better body shop than the local Cadillac dealer) until the auditor noted a payment for the exact same amount the next month. A closer examination showed the same entry every month of the year. Further examinations showed that they was no insurance claim for the supposed accident. The puzzle was solved with a call to the Chrysler dealership. As it turns out, there was no accident and no repair of the president’s Cadillac. However, the company controller had purchased a new car and the payments were $750 a month. When he was confronted, he admitted purchasing the car for his mistress and paying for it with company funds.

The following are some examples of relationships that should be investigated:

• Unexplained changes in financial-statement balances; • Deteriorating quality of earnings; • Ratios of operating performance that are much better than others in their industry; • An increase in inventory without a corresponding rise in accounts payable; • An increase in manufacturing volume without a decrease in per-unit labor and material

costs and a corresponding increase in scrap sales and purchase discounts; • Persistent inventory shortages for portable and easily sold items; • Inadequate or overly generous reserves; • Income increases without an increase in cash flow from operations;

Example: Enron, in the quarter ending June 30, 2001, reported $423 million in earnings

and negative cash flow of $527 million. • Persistent cash shortages; • Significant increase in voids, credits, reconciling items, and late charges; • Large big increases, decreases, or adjustments to "at-risk" accounts (sales, accounts

payable, accounts receivable, and inventory); • Large big increases in dormant accounts activated; and


47

• Cash disbursements that do not make sense (for example, for warehouse, storage, and handling costs and space and accounts payable and purchases).

Example: The auditor at Elann Industries (not the real name of the company) could not

understand why inventory had increased five-fold in one year. Her analytical tests revealed the following:

• Based upon the cubic volume of the warehouse and inventory, more

than two warehouses would be required to house all of the inventory. • Some rolls of sheet metal weighed 50,000 pounds; their largest forklift

could only lift 3,000 pounds. • Purchase orders supported an inventory of 30 million pounds. The

reported amount was 60 million pounds. When she confronted management with her evidence, they admitted to grossly overstating inventory to inflate profits. Inventory, originally shown at $30 million, was written down to $7 million. Management inflated inventory by preparing fictitious inventory records. Late at night a manager added the fictitious tags to the box where the auditors stored the tags they verified. Because they did not want to add too many tags, they made the mistake of including bogus tags for 50,000 pound rolls of sheet metal. The manager also had to substitute new inventory-reconciliation lists that agreed with the total of the valid and fraudulent tags.

The most frequent type of financial-statement fraud involves improper revenue recognition. Accordingly, SAS No. 99 indicates that it is especially important to perform revenue-related analytical procedures (for example, comparing monthly revenue for the current reporting period with revenue recorded in a comparable prior period). In addition, the auditor should look for and investigate unusual relationships such as:

• An increase in sales: − Without a corresponding increase in cash sales or cash balances; − Without a corresponding increase in accounts receivable or inventory; − Without a corresponding increase in freight costs; and − With the loss of major customers.

• A significant rise in the number of overdue or related-party receivables. • An increase in variable costs without a corresponding increase in revenue. • Many sales returns or credit memos after the end of the year. • Costs and expenses or returns and allowances rising faster than revenues.

Joseph T. Wells, in an August 2001 article in the Journal of Accountancy titled “Irrational Ratios”, illustrated how analytical ratios could have been used to help detect the ZZZZ Best fraud. Examine the figures shown below and note that ZZZZ Best reported a significant increase in revenues for 1986. Then spend a few minutes considering whether there is anything about these ratios that bothers you or that you think should have been investigated.


48

ZZZZ Best: 1985 1986 Sales $1,240,524 $4,845,347 Cash $30,321 $87,014 Accounts receivable 0 $693,773 Current assets $107,096 $1,727,973 Fixed assets $125,519 $2,564,532 Total assets $178,036 $5,045,671 Current liabilities $2,930 $1,768,435 Working capital $104,166 $40,462 Current ratio of assets to liabilities 36.552 0.0977 Working capital to total assets 0.5851 (0.008) Asset turnover 0.144 1.041 Debt-to-equity ratio 0.017 1.486 Cost of sales to sales 0.465 0.423 Gross margin percentage 53.51% 57.68% Return on equity 183.75% 46.58%

A close examination of these balances and ratios should raise red flags in the mind of the auditor, as they certainly do not look like indicators of a legitimate business. Some of the questions that should come to mind are:

• How could the current ratio have fallen from 36.5 to less than one and the ratio of working capital to total assets go from 0.585 to a negative number at the same time that ZZZZ Best experienced record revenues and made more money on those revenues (cost of sales decreased and gross margin went up)?

• ZZZZ Best took on much more debt (up 8,600 percent from the prior year) in 1986. Was debt understated in 1985 or overstated in 1986? If the numbers are correct, what did they use the debt for? If any of the debt resulted in cash (which makes the current ratio analysis even worse) where did all the cash go?

• What happened to make return on equity drop by more than 75 percent? • Why did the asset turnover go up 723 percent? What assets were turning over?

It is likely that other things in this analysis bothered you, and if you were the auditor you should have also investigated the discrepancies you identified. Identifying and assessing risks SAS No. 99 states that after auditors obtain the information they need to identify fraud risks by making inquiries and considering analytical review results, fraud risk factors, and other helpful information, they need to:

• Identify any and all risks that may result in a material misstatement due to fraud; and • Assess the identified risks after the auditors take into account their evaluation of the

programs and controls that address the risks. Identifying risks The number of fraudulently misstated financial statements in any given year, in comparison to the total number conducted in a year, is very small. Many auditors never run across a single case of fraudulently misstated financial statements in their entire career. As a result, many auditors can be “lulled to sleep”; that is, they become lax in their fraud-detection efforts. Other auditors, due to lack of experience, find it hard to recognize fraud risk factors or to determine what additional evidence to gather when fraud risk factors are found. In any event, it is important that auditors do not conclude that one or more fraud risks are not present in a particular entity because of inattentiveness or lack of experience.


49

Once the information needed to identify fraudulent-material-misstatement risks is obtained, the auditor needs to use it, and his or her professional judgment, to identify fraud risks. In doing so, SAS No. 99 states that auditors need to consider the following nine factors:

• The type of risk (fraudulent financial reporting or misappropriation of assets) that exists. • The significance of the risk. (Is it large enough to be material?) • The likelihood of the risk (the probability that the factor will actually result in a material

misstatement). • The pervasiveness of the risk (whether it is pervasive to the financial statements as a

whole or related to a particular assertion, account, or class of transactions). • The fraud triangle (pressures; opportunity; rationalizations). Although fraud risks are more

likely when all three conditions are observed, the auditor does not need to find all three conditions to identify a fraud risk. Some of the conditions are hard to spot without the benefit of hindsight. For example, it is hard to observe the rationalization process.

• The client’s size, complexity, and ownership attributes. • The number of operating locations or business segments, as this often requires a

separate risk identification for each location or segment. • Assertions, accounts, and classes of transactions that have high inherent risk. Because

these items are subject to significant judgment and subjectivity, members of management are better able and more likely to manipulate them. SAS No. 99 provides the following two examples:

- Liabilities resulting from a restructuring may be deemed to have high inherent

risk because of the high degree of subjectivity and management judgment involved in their estimation.

- Revenues for software developers may be deemed to have high inherent risk because of the subjectivity involved in recognizing and measuring software revenue transactions.

• Management override of controls. The auditor needs to address the risk of management

override of controls regardless of whether the auditor is able to identify specific fraud risks. Management has overridden controls and was able to perpetrate fraud using the following techniques:

− Recording fictitious journal entries, particularly those recorded close to the end of an

accounting period to manipulate operating results; − Intentionally biasing assumptions and judgments used to estimate account balances;

and − Altering records and terms related to significant and unusual transactions.

Because revenue recognition is so susceptible to manipulation, the auditor will usually determine that there is a risk of material misstatement due to management override of internal controls. For example, revenues can be overstated (premature revenue recognition or recording fictitious revenues) or understated (misapplication of cash receipts). Assessing the identified risks after evaluating the entity’s programs and controls As a preamble to discussing how to assess identified fraud risks, SAS No. 99 reviews some of the requirements of SAS No. 55. These requirements are listed as follows:

• The auditor must understand each of the five components of internal control well enough to plan the audit.

• The auditor should use his or her understanding of internal controls to:

− Identify potential misstatements; − Consider factors that affect the risk of material misstatement;


50

− Design tests of controls when applicable; and − Design substantive tests.

• The auditor should understand that manual and automated controls can be circumvented by:

− Collusion of two or more people; and − Inappropriate management override of internal control.

Organizations can implement controls to reduce or eliminate fraud on two levels:

• Specific controls can be designed to reduce or eliminate specific fraud risks (for example, controls to protect easily stolen assets such as cash or inventory); and

• General programs can be designed to prevent, deter, and detect fraud. An example is fraud-awareness training for all employees, or policies, procedures, and programs to promote a culture of honesty and ethical behavior.

Once an understanding had been obtained of the client’s general and specific controls, the auditor must determine if they have been properly designed to prevent or detect the identified risks of material misstatement due to fraud or whether specific control deficiencies may exacerbate the risks. If the programs and controls appear to be properly designed, the auditors must verify that they are actually in place and operational. Then the auditor should use the controls evaluation to assess fraud risks and determine a response to those risks. These responses are discussed in the next chapter.


51

Chapter 4 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. According to SAS No. 99, which type of audit(s) require(s) a discussion among audit team

members about the potential for fraud in a client’s financial statements?

A. First year audit only. B. Audits of comparative financial statements only. C. First year audits and audits where fraud is suspected only. D. All audits.

2. Which of the following is a topic that should be discussed by the audit team during the planning

phase of the audit according to SAS No. 99?

A. Inquiry of management. B. Professional skepticism. C. Budget preparation. D. Management letter comments.

3. In addition to the inquiries required by SAS No. 99, written representations should also be

obtained from:

A. The audit committee. B. Internal audit. C. Management. D. Co-workers of suspected or actual perpetrators.

4. Which of the following tools can help auditors identify unusual relationships in the financial

statements and where to look to assess fraud risks?

A. Inquiry of management. B. Internal control assessment. C. Analytical procedures. D. Audit-team discussion of susceptibility of fraud in the financial statements.

5. Janet, an auditor of ABC Co., calculated ABC’s current year gross margin as 35%. Last year the

gross margin was 32%. While planning the audit, Janet expected the gross margin to be about 25% since that was the industry average, which fell from 31% from the prior year. Janet asked the controller why ABC’s average actually increased while the industry average decreased. The controller responded that they expected the average to be 35% so there was nothing unusual according to him. What should Janet do next?

A. Janet should perform additional analytical procedures on revenues, expenses, and/or

inventory to help reveal what the differences are. B. Janet should document what the controller said and sign off on the workpaper that she is

satisfied with the response. C. Janet should immediately report the fraudulent activity to the CEO. D. Janet should probably withdraw from the engagement since it appears that fraudulent

activity is taking place within ABC.


52

Chapter 4 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. According to SAS No. 99, which type of audit(s) require(s) a discussion among audit team

members about the potential for fraud in a client’s financial statements?

A. First year audit only. Incorrect, because the audit team is required to have a discussion about the potential for fraud in a client’s financial statements, but other types of audits also meet the SAS No. 99 requirement.

B. Audits of comparative financial statements only. Incorrect, because SAS No. 99 does not address whether the financial statements under audit are comparative or non-comparative for the statement to apply.

C. First year audits and audits where fraud is suspected only. Incorrect, because first year audits and audits where fraud is suspected are not the only types of audits to which the statement applies. An auditor should consider not accepting an engagement where fraud is suspected, depending on the nature of the fraud and management’s response to it.

D. All audits. Correct, because SAS No. 99 requires audit-team members, on every audit, to discuss the possibility that the client’s financial statements could be materially misstated as a result of fraudulent financial reporting or misappropriation of assets.

2. Which of the following is a topic that should be discussed by the audit team during the planning

phase of the audit according to SAS No. 99?

A. Inquiry of management. Incorrect, because inquiry of management and others within the entity about the risks of fraud is part of obtaining information to identify fraud risks.

B. Professional skepticism. Correct, because SAS No. 99 provides guidance on the topics that should be addressed during the planning phase of the audit. These topics include the client being audited and its industry, management override of internal controls, susceptibility of financial statements to fraud, and professional skepticism.

C. Budget preparation. Incorrect, because although a budget is typically prepared during the planning phase of the audit, SAS No. 99 does not include it as a topic that should be discussed by all audit team members.

D. Management letter comments. Incorrect, because although prior year management letter comments (if any) might be addressed while discussing the client and its industry, it is not specifically required by SAS No. 99.

3. In addition to the inquiries required by SAS No. 99, written representations should also be

obtained from:

A. The audit committee. Incorrect, because auditors are required to make inquiries of the audit committee (or at least its chair) according to SAS No. 99, but representations are not required of the committee.

B. Internal audit. Incorrect, because the auditor is required to make inquiries of appropriate internal-audit personnel if the entity has an internal audit function, but there is no representation requirement of internal audit.

C. Management. Correct, because SAS No. 99 requires that the auditor make certain inquires of management. SAS No. 85, Management Representations, requires the client to specify, in writing, certain representations.

D. Co-workers of suspected or actual perpetrators. Incorrect, because according to SAS No. 99, professional judgment should be used to determine others in the organization which inquiries should be directed to. This group of “others” may include co-workers of


53

suspected or actual perpetrators if the auditor feels they can provide information that will be helpful to the audit. Co-workers of suspected or actual perpetrators are also not required to prepare representations to the auditor.

4. Which of the following tools can help auditors identify unusual relationships in the financial

statements and where to look to assess fraud risks?

A. Inquiry of management. Incorrect, because inquiry of management is performed to obtain an understanding of management’s views with respect to the organization’s fraud risks and how those risks are addressed.

B. Internal control assessment. Incorrect, because obtaining an understanding of a company’s internal controls, and specifically finding weaknesses in some areas of controls, might provide the auditor with an indication of where to look to assess fraud risks, but it will not help to identify unusual relationships.

C. Analytical procedures. Correct, because analytical procedures can help auditors identify unusual relationships between key financial statement numbers, and can be a valuable tool in identifying where to look to assess fraud risks. Analytical procedures are performed on both financial and nonfinancial data.

D. Audit team discussion of susceptibility of fraud in the financial statements. Incorrect, because this discussion, which takes place during the planning phase of the audit, may help to identify where to look to assess fraud risks, but it will not uncover unusual relationships in the financial statement numbers.

5. Janet, an auditor of ABC Co., calculated ABC’s current year gross margin as 35%. Last year the

gross margin was 32%. While planning the audit, Janet expected the gross margin to be about 25% since that was the industry average, which fell from 31% from the prior year. Janet asked the controller why ABC’s average actually increased while the industry average decreased. The controller responded that they expected the average to be 35% so there was nothing unusual according to him. What should Janet do next?

A. Janet should perform additional analytical procedures on revenues, expenses,

and/or inventory to help reveal what the differences are. Correct, because, when a ratio of operating performance is much better than the industry average, the auditor should investigate these results. Janet started the investigation by asking why the controller thought ABC was faring much better than the industry. His response was inadequate, and did not really address the question she asked. Janet needs to investigate further. Additional analytical procedures are a good starting point.

B. Janet should document what the controller said and sign off on the workpaper that she is satisfied with the response. Incorrect, because the controller’s response was extremely inadequate to be accepted as the reason why ABC was doing much better than the rest of the industry. Janet should document his response, but she should also investigate further.

C. Janet should immediately report the fraudulent activity to the CEO. Incorrect, because fraud has not been uncovered at this point and, even if Janet suspects fraud, she does not know the source of the fraud (it could be the CEO). Janet should also be careful about pointing fingers at suspected perpetrators since she is a CPA, and not part of the legal system.

D. Janet should probably withdraw from the engagement since it appears that fraudulent activity is taking place within ABC. Incorrect, because it is much too early to suspect that fraud is taking place, and withdrawing from the engagement is not necessarily the most appropriate response if fraud does exist. At this point, Janet should have an open mind about the potential for fraud and continue the investigation.

Chapter 5: Assessment Results Response

54

Chapter 5: Assessment Results Response Learning Objectives After completing this section of the course, you should be able to:

1. Describe the responses to identified risks, including the four overall responses included in SAS No. 99

2. Describe responses to the nature, timing, and extent of the audit procedures 3. Describe responses to the misappropriation of assets and fraudulent financial statement fraud

risks 4. List various types of inventory fraud and identify responses auditors should consider when

investigating inventory-fraud risk As previously explained, the nature and significance of fraud risks, as well as client programs and controls to address those risks, influence the auditor's response to the fraud-risk assessment. The auditor can respond to the fraud-risk assessment in four ways:

• An overall response to the identified risks -- That is, general considerations, apart from planned specific procedures, that have an overall effect on how the audit is conducted.

• A response to identified risks that involves the nature, timing, and extent of procedures to be performed

• A response to the risk that management may override controls -- Because management can often override traditional controls, substantive tests should be conducted to evaluate the risk of management overrides.

• If the auditor decides it is impracticable to design auditing procedures to sufficiently address identified fraud risks, he or she should withdraw from the engagement and communicate with the appropriate parties.

The first three responses are discussed in this chapter and the next few chapters. The fourth item is discussed in the last chapter. Overall responses to identified risks Fraud-risk judgments can have a number of overall effects on how an audit is conducted. SAS No. 99 lists the following four overall responses to identified risks:

• Professional skepticism and audit evidence; • Assignment of personnel and supervision; • Accounting principles; and • The predictability of auditing procedures.

Professional skepticism and audit evidence Professional skepticism is an attitude that auditors must have regardless of whether or not fraud risks are identified. Auditors must have a healthy dose of professional skepticism as they conduct all of their audit tests and during all of their interactions with their clients. When fraud risks are identified, it is imperative that auditors heighten their skepticism. Auditors also need to seriously consider increasing the quantity or the quality of their audit evidence (preferably both) in all areas of the audit that might be affected by the identified risk factors. SAS No. 99 lists the following examples of how audit evidence (and the process of gathering it) would be affected when fraud risks are identified.

• Design additional or different auditing procedures to obtain more reliable evidence in support of specified financial-statement account balances, classes of transactions, and related assertions.

• Obtain additional corroboration of management’s explanations or representations concerning material matters, through such processes as the following: (i) third-party


55

confirmation; (ii) the use of a specialist and/or analytical procedures; (iii) examination of documentation from independent sources; or (iv) inquiries of others within or outside the entity.

Assignment of personnel and supervision When fraud risks are identified, a CPA firm should consider making changes to the staff working on the audit. While many changes and responses are possible, and even desirable, SAS No. 99 suggests that the CPA firm consider one of more of these three changes:

• Assigning staff with specialized skill and knowledge; • Assigning more experienced personnel; and • Increasing the amount and quality of staff supervision.

Accounting principles Any time fraud risks are identified, the audit team needs to carefully consider the client’s choices with respect to the accounting principles they chose to employ. The pressure on management for ever-higher earnings can lead management to choose specific principles to prop up earnings or otherwise make the company look better. Sometimes this leads to stretching accounting principles, and in some cases it leads to outright fraud. For these reasons SAS No. 99 states that when fraud risks are identified the impact on the overall audit is the need for a closer examination of management’s selection and application of significant accounting principles to determine if an inappropriate application of the principles results in a material misstatement of the financial statements. Of particular importance are: (i) principles related to subjective measurements and complex transactions; and (ii) whether the collective application of principles indicates a bias that results in a material misstatement. Predictability of auditing procedures Auditors often perform the exact same tests every year. Armed with this knowledge, perpetrators can use concealment schemes that are not detected by these audit tests. They can also use their knowledge of the audit tests performed to help them hide the fraud.

Example: Barry Minkow, perpetrator of the ZZZZ Best fraud, knew that the tests auditors used were very predictable. He illustrated this using accounts receivable as an example. Minkow knew that when an accounts receivable confirmation was not returned that the next best type of evidence was alternative procedures, specifically subsequent cash receipts. Minkow had hundreds of thousands of dollars of fake receivables on the books. To fool the auditor into believing they were valid, he simply “paid them off” shortly after year-end by showing a subsequent cash receipt for the exact amount that was due on the receivable. He believed that the auditor would, in essence, say “Oh, the cash was received early in January on that receivable, so it must be a valid receivable.”

When risk factors are identified, the auditor should seriously consider adding an element of unpredictability to his or her selection of auditing procedures. For example, auditors could:

• Change the sampling methods used. • Test immaterial or low-risk accounts the auditor does not normally test. Many frauds are

perpetrated by “flying under the radar” of auditor materiality. Individually, a fraudulent transaction is not material, and therefore, unlikely to be tested, but in aggregate the sum of the immaterial transactions is material.

• Vary the timing of tests they perform so the tests are more unpredictable. • Perform procedures on an unannounced basis or at different locations. • Use tests the client will not expect or cannot anticipate. In the Elann Industries example

noted earlier, the auditor could not understand why inventory had increased five-fold in


56

one year, so she used some very creative analytical tests. She calculated the cubic volume of the warehouse and of inventory and compared the two, concluding that the claimed inventory would not fit in the warehouse. She also calculated the weight of inventory stored on pallets (one was 50,000 pounds) and compared that to the weight their largest forklift could lift (only lift 3,000 pounds).

Responses: The nature, timing, and extent of audit procedures The nature, timing, and extent of audit procedures performed is impacted by: (i) the types and combinations of fraud risks the auditor identifies; and (ii) account balances and transaction classes affected, and their related assertions. This is true of both substantive tests and tests of controls. In most cases, substantive tests are affected because audit risk cannot be reduced sufficiently through tests of controls, as management may be able to override controls that seem to be operating effectively. Auditing procedures can be changed in the following ways to address specifically identified fraud risks:

• The nature of the auditing procedures; • The timing of the substantive tests; and • The extent to which procedures are applied.

The nature of auditing procedures When auditors identify fraud risks, whether it is during planning or during fieldwork, they should consider obtaining more reliable evidence or obtaining additional corroborative evidence. According to SAS No. 99, the nature of the auditing procedures performed may be changed in one or more of the following ways.

• Obtain more evidential matter from independent or third-party sources. For example, the auditor might seek to obtain information that is a matter of public record with respect to both the existence and the nature of key customers, vendors, or counterparties in a major transaction.

• Physically observe or inspect more assets than are normally observed. Alternatively, or in addition, auditors may decide to observe or inspect assets that in a normal audit they would not observe.

• Make use of more, or not previously used, computer-assisted audit techniques. This facilitates the auditor gathering more extensive evidence about significant accounts and data stored in electronic data files.

• Increase the number of people, especially those in management, that are interviewed about fraud risks in order to identify issues and obtain corroborating evidence.

• Interview people in the areas where the fraud risk is identified, seeking their insights into both the identified risk and how current company controls address or do not address the risk.

• When other independent CPA firms audit the statements of subsidiaries, divisions, or branches, discuss with them how much evidence needs to be gathered to address fraud risk.

The timing of substantive tests There are a number of ways that audit-team members can vary the timing of substantive tests.

• Decide not to perform interim substantive tests. The most likely reason for this is that identified risks of intentional misstatement or manipulation make them ineffective.

• Perform substantive tests of transactions throughout the period being audited. The most likely reason for this is because intentional misstatements, such as inappropriate revenue recognition, may have taken place during the interim period.

• Perform procedures at locations on a surprise or unannounced basis. For example, the auditor could observe inventory either on unexpected dates or at unexpected locations, or both. The auditor could also count cash on a surprise basis.


57

The extent procedures are applied When fraud risks are identified, more evidence may need to be gathered. This can be done in several ways:

• Increase sample sizes. • Perform substantive analytical procedures using disaggregated data. For example, that

auditor could calculate gross profit or operating margins by location, by line of business, or by month. These calculations could then be compared to auditor-developed expectations and significant differences investigated.

• Testing electronic transactions and account files more extensively. In today’s world of information-technology advances, many companies store their data in large databases. Not only can these databases be tested using computer-assisted audit techniques, but entire populations can be tested in not much more time than is needed to process samples. These techniques also make it easy for auditors to select transactions with specific characteristics for testing.

• Supplement written confirmations with oral inquiries of major customers and suppliers. Alternatively, the confirmations could be sent to a specific person at the customer or supplier.

Responses: Misappropriation-of-assets and fraudulent-financial-statement fraud risks At various times throughout his tenure as SEC Chairman, Arthur Levitt made the following comments with respect to accounting and the preparation of financial statements.

• “Accounting has become a game of nods and winks among corporate managers, auditors, and analysts.”

• “In the zeal to satisfy consensus earnings estimates and project a smooth earnings path, wishful thinking may be winning the day over faithful representation. Integrity may be losing out to illusion.”

• “If a company fails to provide meaningful disclosure to investors about where it has been, where it is, and where it is going, a damaging pattern ensues. The bond between shareholders and the company is shaken ... the trust that is the bedrock of our capital markets is severely tested.”

• “We need to eliminate hocus-pocus accounting where financial reports reflect the desires of management, rather than the company’s underlying financial performance, in order to meet Wall Street’s earnings projections. Management’s desire to meet Wall Street’s earning projections should not become a substitute for accurate disclosure.”

• “The accounting profession is on notice that those who operate in the gray area between legitimacy and outright fraud are poisoning the reporting process.”

These comments were made before all the financial-statement problems and frauds that surfaced in the early 2000s. SAS No. 99 makes an attempt to deal with some of these problems by providing a number of examples of how the nature, timing, and extent of tests can be modified in response to specific, identified fraudulent-financial-statement risks. These include: (i) inventory quantities; (ii) revenue recognition; and (iii) management estimates. Inventory fraud and responses to inventory-fraud risk factors are discussed in this chapter. Revenue recognition and responses to revenue-recognition-fraud risk factors are discussed in Chapter 6. Chapter 7 discusses management estimates and the way auditors should respond to them and also discusses the risks of management overriding controls and the way auditors should respond to those risks. During either planning or fieldwork the auditor may identify fraud risks related to the misappropriation of assets (for example, employees that have easy access to large amounts of cash or to inventory that can easily be stolen and sold). In such cases, the appropriate audit response depends on the specific information that was identified as well as the account balance(s) in question. Here are some examples of appropriate responses:


58

• Identify and analyze the controls the company has implemented to prevent or detect the

misappropriation and then test the operating effectiveness of those controls to determine if they do, in fact, help prevent or detect fraud.

• Physically inspect the assets that are susceptible to theft or misuse at or near the end of the reporting period.

• Perform substantive analytical procedures, such as comparing expected dollar amounts to recorded amounts, to determine the nature and extent of any problems.

Inventory fraud and responses to inventory-fraud risk The second most frequent type of financial-statement fraud is asset fraud. (Revenue-recognition fraud, discussed in Chapter 6, is the most frequent type.) The Treadway Commission conducted a fraud study in 1999 and found that nearly half the fraudulent-financial-statement cases they examined dealt with asset misstatements. And which asset was most susceptible to fraud? Inventory, which was frequently overstated. That should not be surprising, as many of the famous fraud cases, such as the Salad-Oil Swindle, McKesson and Robbins, Crazy Eddie’s, Leslie Fay, and Phar-Mor were inventory frauds. The inventory account is prone to fraud because it is complex. Companies face two significant problems in trying to value their inventory at the end of the year. First, how much inventory is on hand? This can be quite a chore as the inventory account often contains a large number of items that are purchased and sold many different times during the year, often at different prices. Manufacturing companies have to deal with raw materials, work in process, and finished goods. Goods are transferred between warehouses and stores and other locations. In addition, inventory is subject to theft, breakage, and obsolescence. Second, how should the company allocate cost to the inventory once it has been counted? The company must choose an inventory costing approach (FIFO, LIFO, average cost, etc.) and then determine the appropriate unit costs for the items on hand. Critics of the auditing profession have cited the following as some of the major reasons why there are so many inventory frauds.

• Many auditors observing inventory are recent college graduates who have little audit or industry experience and are not familiar with the company being audited.

• The auditors supervising the new college graduates only have a few more years of experience than the new graduates do. They also often lack client and industry experience.

• Audit partners and managers rarely observe inventory counts and are often unavailable to answer questions that those observing inventory might have.

• Inexperienced auditors often do not recognize unusual items that might indicate fraud and when they do they sometimes fail to bring them to the attention of the partner or manager on the job.

• There is little continuity of assigned staff, so often none of the auditors knows the client’s business or industry practices.

• Auditors let companies know where they will be making test counts. This allows the companies to overstate inventory at the locations not tested.

• Company officials can follow auditors around and take note of the items they test count. This makes it easy to falsify the counts of the other inventory items.

• The number of items auditors test count is too small, which makes it easier to fool the auditor.

• Auditors often do not test count high-value items, thereby failing to ensure that a sufficient proportion of the dollar amount of the inventory is counted.

• Auditors do not carefully examine the inventory they count. This allows management to do things like stack empty boxes in the warehouse, make stacks look larger than they are by having hollow middles in stacks, etc.


59

• Auditors sometimes do not adequately control their work papers, allowing clients to alter them after hours.

• Auditors make companies adjust for errors they find, but never consider that some errors may indicate intentional, material, and pervasive fraud.

When companies want to inflate earnings, why is inventory fraud such a popular choice? Because the amount by which inventory is overstated drops straight to the bottom line. To illustrate this, consider the following example. Assume that the correct value of ending inventory is $400,000. In the fraudulent example it is overstated by $100,000.

Example: Correct Fraudulent Sales 1,000,000 1,000,000 Beginning Inventory 300,000 300,000 Purchases 600,000 600,000 Ending inventory <400,000> <500,000> Costs of goods sold 500,000 400,000 Gross margin/net income 500,000 600,000 By overstating ending inventory by $100,000, management increased the gross margin and net income by that same amount. Management could achieve the same effect by not recording purchases or otherwise toying with the way the cost of goods sold is calculated.

There are several different schemes that dishonest organizations can use to inflate inventory values or manipulate net income. The most common schemes are provided here.

• Place fictitious inventory on the books -- Perhaps the easiest way to inflate inventory is to simply place nonexistent inventory on the books by recording false journal entries, embellishing inventory count sheets, or creating fake purchase orders and receiving reports.

Example: Three executives at Saxon Industries were cited by the SEC for creating $75

million of fictitious inventories. They inflated inventory by adding inventory after the physical count was completed, programming the company’s computers to automatically add inventory, and transferring fake inventories between divisions.

• Alter the auditor’s inventory counts -- Some companies have inflated inventory by

altering the auditor’s inventory test counts after they have left for the day.

Example: Over 100 employees at MiniScribe Corp., a manufacturer of computer hard disk drives, were involved in deceiving its auditors, using a number of different schemes. Perhaps the most unusual was when they shipped bricks and claimed that the bricks were inventory in transit. Management also inflated the number of disk drives in inventory by breaking into the auditor’s locked trunks and changing the auditor’s test counts recorded in their working papers.

• Not recording purchases. What happens when a company using the periodic inventory

method does not record an inventory receipt near the end of the year, yet includes the inventory in their year-end count? The purchases account is understated, the ending inventory account is fairly stated, cost of goods sold is understated, and net income is overstated. So, if a company wants to overstate income they can just not record purchases near the end of a reporting period.

• Capitalize expenses and place them in inventory or some other asset -- Companies can increase their income if they can decrease their expenses by capitalizing them and placing them in inventory or some other asset account.


60

Example: The SEC filed a lawsuit against U.S. Surgical Corp., charging them with overstating pretax earnings by more than $18.4 million. They employed several different fraud schemes, including falsifying vendor purchase orders. The vendors then submitted false invoices so U.S. Surgical could decrease its parts costs and capitalize over $4 million of its costs of materials. They also improperly capitalized over $4 million of legal costs that were actually recurring operating expenses.

The SEC also charged Barden Co., a supplier of surgical equipment, with sending U.S. Surgical false invoices, which allowed U.S. Surgical to capitalize costs that should have been expensed. Barden also returned confirmations to U.S. Surgical’s auditors that stated that the false invoices were accurate.

Audit procedures when inventory fraud risks are identified When identified fraud risks are related to inventory quantities, the auditor should consider the following audit procedures:

• Examine inventory records to identify locations or items that, during or after the physical inventory count, require specific attention.

• Count inventory at the end of the reporting period, or on a date closer to period-end. This will help minimize the risk that account balances are manipulated between the date the count is completed and the date the reporting period ends.

• Carefully observe inventory counts. Inasmuch as possible, avoid all the inventory criticisms mentioned above. If inventory is a significant balance-sheet item, even more care must be taken to ensure that inventory is correct. When observing the count:

− Focus on high-value items so there is sufficient dollar coverage of the inventory

account; − Make sure that there is no discernable pattern to which locations are selected for

observation; − Observe inventory counts at certain locations on an unannounced basis; − Observe inventory counts at all locations on the same date; − Make sure that there is no discernable pattern with respect to the manner in

which counts are made; − Be skeptical of large or unusual test-count differences; − Be on the lookout for obsolete inventory (inventory that has not been used or

moved in some time, is stored in unusual locations or fashions, etc.); − Examine the contents of boxed items more carefully; − Examine the way goods are stacked (check for hollow squares, etc.) or labeled; − Verify the purity, grade, and concentration of liquid substances, such as specialty

chemicals; − Test more count sheets, tags, or other records to minimize the risk that they will

be altered later or compiled improperly; and − Eliminate, or at least minimize, intercompany and interplant inventory movement.

• Test the reasonableness of physical counts in other ways, such as:

− Comparing current period quantities with those of prior periods. (This is best done by inventory class or category, location, or some other criterion.);

− Agreeing count quantities to perpetual records; and − Sorting tags numerically to test tag controls or by item serial number to determine

if tags have been duplicated or omitted.

• Use a specialist.


61

• There is always a reason why fraud takes place. The auditor should try to evaluate possible motives by asking himself or herself the following questions:

− Is upper management under extreme pressure to meet financial projections? − Is the company attempting to obtain financing secured by inventory? − Is the company always out of cash and struggling to find funds for expansion?

• Interview key employees in a straightforward but nonaccusatory way. Ask the following

questions:

− Has anyone asked you to inflate inventory in any way? − Was any inventory added to the count after it was completed? − Has anyone asked you to alter the auditor’s inventory accounts? − Has anyone asked you to not record purchases or to delay recording them? − Has anyone asked you to capitalize items that should be expensed? − Do you know of anyone in the company that is committing a fraud?

• Perform detailed analytical procedures and then ask himself or herself the following questions:

− Has the percentage of inventory to total assets increased over time? − Has the ratio of cost of sales to total sales decreased over time? − Have shipping costs decreased as a percentage of inventory? − Is inventory increasing faster than sales? − Has inventory turnover slowed over time? − Compared to previous periods, are cost of sales too low or inventory and profits

too high? − Is the company’s gross-profit percentage in line with expectations?

• The auditor should ask himself or herself the following questions about the accounting processes and records:

− Have there been significant adjusting entries that have increased the inventory

balance? − Were material reversing entries made to the inventory account after the reporting

period? − Does the cost of goods sold on the books not agree with tax returns? − Does the company have a complex system to determine the value of inventory? − Are the company’s cutoff procedures unclear or ineffective? − Are there cash disbursements related to the purchase of inventory subsequent to

the end of the period that were not recorded in the purchase journal? − Is the company involved in a volatile or rapidly changing industry such as

technology? − Does the summarized inventory contain an unusually large quantity of high-cost

items? − If there have been product line or technology changes or rapid declines in sales

or markets, are there the expected write-downs to market or provisions for obsolescence?

− Does the company use questionable procedures for determining or aggregating inventory costs or are there any indications that erroneous or insupportable costs have been applied?


62

Inventory fraud case study: Phar-Mor Mickey Monus wanted to create a pharmaceutical empire by offering products at deep discounts. Unfortunately, his one store in Youngstown, Ohio was unprofitable. That small detail, however, did not stop him. He falsified his financial statements by inflating his inventory figures and used them to borrow money and lure investors. Within a year he had purchased eight additional stores. Ten years later he had 300 Phar-Mor stores. Monus had achieved most of his dream: money, prestige, power, and fame. Monus did not inflate his inventory just that one time. Rather, Phar-Mor, his financial empire, was built on inventory overstatements and phony profits. In order to avoid detection, Monus and Phar-Mor’s CFO kept two sets of books. They showed the doctored books to the auditors and used the other set to get an idea of their real condition. Customers liked the prices at Phar-Mor stores, which was no surprise as Phar-Mor sold many products for less than what they actually cost. Monus believed that the losses that resulted were only temporary, that Phar-Mor’s growth would eventually provide it with sufficient buying power to sell its way out of its losses. As the years progressed, Phar-Mor’s financial status got increasingly worse. Its cash position was so poor and accounts payable so high during its last audit that suppliers were threatening to cut them off. To hide the losses from the auditors, Phar-Mor dumped them into a clearing account and then assigned them to company stores as increases in inventory costs. Losses were so large that Phar-Mor needed several ways to cover its tracks. Fake invoices were created to support fake purchases, false journal entries were booked to transfer items in cost of goods sold to inventory, the liabilities associated with inventory purchases were omitted, and goods were counted several times. Hiding the inventory shortages from the auditors was not difficult. The auditors always let them know far in advance which of the four stores they would visit to observe inventory counts. It was a simple task to make sure that the fabricated inventory was assigned to the other stores. Monus had another dream: to be involved in professional sports. He decided to fulfill the fantasy by starting the World Basketball League (WBL) for players under six feet tall. Unfortunately, no one was interested in watching short basketball players and the league began to fail. To prop up the league, Monus invested over $10 million from Phar-Mor in it. How was the fraud uncovered? An alert travel agent received a $75,000 check from Phar-Mor to pay for player flights. He showed the check to one of Phar-Mor’s major investors. The resultant investigation exposed the half-billion-dollar fraud. And what happened to Monus? He was sent to jail for five years and the CFO was sent to jail for 33 months. Could Phar-Mor’s auditors, who had to pay over $300 million in civil judgments, have detected the fraud? With 10 years of fraud losses and bogus income buried in inventory, wouldn’t there have been some sign of this? Did they wonder how the company could make money by selling goods below cost? Could they have observed inventory on a surprise basis, rather than announce their moves months in advance?


63

Chapter 5 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. Frederick, a first-year staff auditor, believes he may have identified a fraud risk during the audit of

Big Department Store. Jerry, the audit partner, has had Big Department Store for a client for the last fifteen years, and it is his largest account. Which of the following is the best response in this situation?

A. Jerry has had this client for so long, and it is such big client, he can assume nothing

fraudulent is happening within the company since there has never been anything unusual in the past.

B. Jerry should remind Frederick to keep his eyes open for any unusual activity since the audit team is relying on Frederick to uncover any fraud.

C. Jerry should review management’s selection of accounting principles, such as which inventory method they have chosen.

D. Jerry should perform some tests that Big Department Stores will not anticipate in the area identified.

2. An example of changing the nature of the auditing procedures performed when fraud risks are

identified includes:

A. Interviewing people in the areas where the fraud risk is identified. B. Performing substantive analytical procedures using disaggregated data. C. Deciding not to perform interim substantive tests. D. Obtaining less evidential matter from independent sources.

3. Retails Unlimited uses the periodic inventory method. At the end of the year Retails Unlimited

received a shipment of goods which it included in the year-end inventory count. However, no record of the inventory receipt was made. What is the effect on Retails Unlimited financial statements?

A. The purchases account is overstated. B. Net income is overstated. C. The ending inventory is overstated. D. Cost of goods sold is overstated.

4. Which of the following is a procedure that should be performed when inventory is a significant

balance sheet item?

A. Observe inventory counts at all locations on different days. B. Make sure there is a predictable pattern in the manner in which counts are made. C. Verify the purity, grade, and concentration of liquid substances. D. Focus on high-quantity, low-value items.

5. Which of the following is a question that the auditor should ask a key employee when identified

fraud risks are related to inventory quantities?

A. Has inventory turnover slowed over time? B. Was any inventory added to the count after it was completed? C. Have there been significant adjusting entries that have increased the inventory balance? D. Is the company attempting to obtain financing secured by inventory?


64

Chapter 5 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. Frederick, a first-year staff auditor, believes he may have identified a fraud risk during the audit of

Big Department Store. Jerry, the audit partner, has had Big Department Store for a client for the last fifteen years, and it is his largest account. Which of the following is the best response in this situation?

A. Jerry has had this client for so long, and it is such big client, he can assume nothing

fraudulent is happening within the company since there has never been anything unusual in the past. Incorrect, because Jerry must respond to an identified risk with heightened skepticism. It does not matter how long Jerry has had the client, or how much revenue the client brings to the firm.

B. Jerry should remind Frederick to keep his eyes open for any unusual activity since the audit team is relying on Frederick to uncover any fraud. Incorrect; because Frederick is a first-year staff auditor he has probably had no experience with fraud. SAS No. 99 suggests that the CPA firm consider assigning staff with specialized skill and knowledge, assigning more experienced personnel, and/or increasing the amount and quality of staff supervision.

C. Jerry should review management’s selection of accounting principles, such as which inventory method they have chosen. Incorrect, because although considering management’s choices for selecting the accounting principles they apply is part of the response, Jerry should also examine how these principles are applied to help determine if there are any material misstatements.

D. Jerry should perform some tests that Big Department Stores will not anticipate in the area identified. Correct, because when the client can predict the tests the auditors will perform, the client can use their knowledge of the tests to help conceal the fraud.

2. An example of changing the nature of the auditing procedures performed when fraud risks are

identified includes:

A. Interviewing people in the areas where the fraud risk is identified. Correct, because according to SAS No. 99, one of the ways the nature of the auditing procedures performed can be changed when fraud risks are identified is by interviewing people in areas where the risk is identifies, and seeking their insights into both the identified risk and how current company controls address or do not address the risk.

B. Performing substantive analytical procedures using disaggregated data. Incorrect, because performing substantive analytical procedures is an example of changing the extent to which procedures are applied.

C. Deciding not to perform interim substantive tests. Incorrect, because deciding not to perform interim substantive tests is an example of changing the timing of substantive tests.

D. Obtaining less evidential matter from independent sources. Incorrect, because when fraud risks are identified, the auditor should consider obtaining more reliable evidence or obtaining additional corroborative evidence. The auditor will want more evidence from independent and third-party sources, not less.

3. Retails Unlimited uses the periodic inventory method. At the end of the year Retails Unlimited

received a shipment of goods which it included in the year-end inventory count. However, no record of the inventory receipt was made. What is the effect on Retails Unlimited financial statements?


65

A. The purchases account is overstated. Incorrect, because the purchases account is

understated since the inventory receipt was not recorded. B. Net income is overstated. Correct, because since the expense is understated, net

income will be overstated. C. The ending inventory is overstated. Incorrect, because the ending inventory will be fairly

stated since the company included the inventory in the year-end count. D. Cost of goods sold is overstated. Incorrect, because cost of goods sold will be

understated since the receipt of the inventory was not recorded. 4. Which of the following is a procedure that should be performed when inventory is a significant

balance sheet item?

A. Observe inventory counts at all locations on different days. Incorrect, because inventory counts should be observed at all locations on the same day. This can help avoid a situation where the company moves inventory from one location to another to be double-counted.

B. Make sure there is a predictable pattern in the manner in which counts are made. Incorrect, because the auditor should make sure there is no discernable pattern with respect to the manner in which counts are made.

C. Verify the purity, grade, and concentration of liquid substances. Correct, because the auditor should verify the purity, grade, and concentration of liquid substances, such as specialty chemicals. A specialist should be used when needed.

D. Focus on high-quantity, low value items. Incorrect, because the focus should be on high-value items so there is sufficient dollar coverage of the inventory count.

5. Which of the following is a question that the auditor should ask a key employee when identified

fraud risks are related to inventory quantities?

A. Has inventory turnover slowed over time? Incorrect, because this is a question the auditor should pose to himself after performing detailed analytical procedures.

B. Was any inventory added to the count after it was completed? Correct, because this is one of the questions an auditor should ask while interviewing a key employee. The questions should be posed in a straightforward, nonaccusatory way.

C. Have there been significant adjusting entries that have increased the inventory balance? Incorrect, because this is a question the auditor should ask herself about the accounting processes and records.

D. Is the company attempting to obtain financing secured by inventory? Incorrect, because this is a question the auditor should ask himself while evaluating possible motives for fraud to take place.

.

Chapter 6: Revenue-Recognition Fraud

66

Chapter 6: Revenue-Recognition Fraud Learning Objectives After completing this section of the course, you should be able to:

1. list the methods companies use to commit revenue-recognition fraud 2. explain techniques auditors can use to identify these risks

Booking fictitious revenues In today’s business environment, top management at public companies feel a great deal of pressure to report earnings that at least meet, if not exceed, analyst’s expectations. Failure to do so often results in a significant drop in the company’s share price, which brings even more pressure to bear on management. Missing analyst’s expectations too often can be grounds for dismissing management. This pressure to keep the earnings coming, and for ever-higher earnings, can lead to practices that are, at best, stretching accounting principles, and, at worst, outright fraud.

Example: At IDB Communications Group, top management allegedly inflated 1994's first-quarter earnings by 66 percent in order to meet analysts’ profit predictions. Knowing that earnings were misstated and that the stock would fall, the CEO and president sold $2.8 million of stock and delayed or failed to report their sales to the SEC. As a result, the SEC sought undisclosed civil penalties, repayment of the avoided losses, and court orders barring the men from future involvement in publicly held companies.

A study sponsored by COSO (the Committee on Sponsoring Organizations, a committee organized, in part, to study internal controls) found that more than 50 percent of the fraudulent-financial-statement cases it investigated were perpetrated by overstating revenues. It is logical that the most frequent way to cook the books is to inflate revenues. After all, an increase in revenues, without a corresponding increase in expenses, drops the full amount of the inflated revenues to the bottom line -- net income.

Example: Former colleagues describe him as “honorable, decent, steady, and straight as rain, the epitome of an honest and straightforward executive, a highly ethical family man”, and “squeaky clean -- he did not even swear.” But Bernard F. Bradstreet, the 51-year-old former president and co-chief executive of Kurzwell Applied Intelligence, Inc. was convicted of fraud and is going to jail. As Kurzwell sought to advance its leading-edge role in computerized speech recognition, Bradstreet and his managers found that closing sales was tougher than expected. In an attempt to show profits to investors, who had plowed $24 million into the company’s stock offering, Bradstreet and other employees collaborated and blatantly cooked the books. They booked millions of dollars in phony sales, forged customer signatures, altered and concealed crucial documents, and shifted unsold goods between warehouses.

The most common way companies create fictitious revenues is to book sales that did not occur by debiting accounts receivable and crediting sales. This results in overstated assets, overstated revenue, and overstated income. Creating fictitious revenues is easy. What is much more difficult is covering them up. Below we discuss three frequently used ways to create fictitious revenues, the challenges the perpetrator faces in covering them up, and the means used to cover them up. False journal entries To commit the fraud, the perpetrator simply records journal entries debiting accounts receivable and crediting sales. Sometimes the perpetrator prepares phony supporting documents and other times he or she does not.


67

Cover-up Challenge: Cover-up:

Since fake receivables cannot be collected, false receivables remain on the books until reversed or “paid off.” The entry and the reversal may be obvious to anyone who examines the books.

Often there is no cover up attempt for these challenges due to a lack of controls: (i) The perpetrator controls all aspects of the

transaction (custody, authorization, recording); (ii) General and subsidiary ledgers are not

reconciled; and (iii) There is inadequate supervision of the

perpetrator. Since fake sales flow through the income statement, they do not remain on the books past the current year.

General ledger does not agree with the sales journal or A/R detail

No offsetting inventory adjustment

False sales to existing customers To commit the fraud, the perpetrator usually creates fake supporting documentation, such as sales invoices and shipping documents, to support the nonexistent sale.


False sales may be uncovered during accounts receivable confirmations or reviews of government contracts.

Smart perpetrators use a few major customers (large organizations, government contracts) that are difficult to confirm. Sometimes a major customer is willing to provide false confirmations to the auditors in exchange for concessions from the perpetrating company.

Over time, customer balances rise because the false sales are never collected.

False sales are often removed with credit memos, write-offs, etc. Management may use other funds to pay off the receivables (as in the ZZZZ Best fraud).

The customer may notice the false billings when monthly statements are sent out.

Perpetrators alter or intercept monthly statements.

Sales booked near the end of the quarter are often subject to close scrutiny.

The perpetrator records the false sales earlier in the quarter.

Large or unusual transactions are subject to close scrutiny.

The perpetrator avoids undue attention to false sales by making them look like real sales. He avoids anything too large or too unusual; instead he uses more and smaller, less material transactions

False sales to fake customers To commit the fraud, the perpetrator usually creates fake customers and “sells” goods to them. Again, sometimes the perpetrator prepares phony supporting documents and other times he or she does not.

Example: In fiscal-year 1995, Home Theater Products International reported revenues of $12 million, of which $9.3 million were fictitious. To perpetrate the fraud, the chairman and a few employees created fictitious sales invoices for fake customers. They sent the invoices to addresses they controlled and to post office drop boxes. Audit confirmations were sent to the same addresses and the chairman signed and returned falsified confirmations to the auditors. Following a guilty plea to bank and securities fraud, the former chairman was required to repay $23.3 million to investors who had purchased Home Theater stock based on the fraudulently overstated revenue and income.


68

False sales to fake customers have all the risks of false sales to real customers and use the same cover-up techniques. In addition, they face the following:


Inventing customer names that are not likely to be spotted as fakes.

Smart perpetrators avoid unusual names that no one has ever heard of and use customer names that do not draw attention and sound like real, established companies.

Inventing fake customer addresses Perpetrators use a post office box, an employee’s home address, a phony address, or a valid address from the phone book.

Because there are more revenue-recognition financial-statement-frauds than almost any other type, revenue accounts are particularly susceptible to fraud. In addition, since industries can be very different, revenue recognition among industries can vary significantly. Accordingly, auditors need to develop auditing procedures based on their understanding of the entity, its environment, and its industry that take into account this additional fraud risk. If there is identified fraud risk involving improper revenue recognition, the auditor also may want to consider the following:

• Performing substantive revenue-related analytical procedures using disaggregated data. For example, the auditor could compare monthly, product-line, or business-segment revenue to a comparable prior period. Computer-assisted audit techniques are especially useful in identifying unusual or unexpected revenue relationships or transactions.

• Confirming contract terms and the absence of side agreements with customers. The following are some of the most important revenue recognition related items to confirm:

− Acceptance criteria; − Delivery and payment terms; − The absence of future or continuing vendor obligations; − The right to return the product; − Guaranteed resale amounts; and − Cancellation or refund provisions.

• Inquiring about end-of-period sales or shipments and any unusual terms or conditions

associated with them. The best people to ask are sales and marketing personnel and in-house legal counsel.

• Being physically present at one or more locations at period end to:

− Observe goods being shipped; − Observe goods being readied for shipment; − Observe returns awaiting processing; and − Perform any other sales and inventory cutoff procedures the auditor deems

appropriate.

• Testing whether controls provide assurance that recorded revenue transactions occurred and are properly recorded. This is especially important for revenue transactions that are electronically initiated, processed, and recorded.

Fictitious-revenues case study: Coated Sales, Inc. Michael Weinstein purchased a drugstore when he was 19 by borrowing $1,000 from his father. The first store was followed by others. He sold his chain of drugstores for several million dollars when he was in his thirties. Finding himself bored, too young to retire, and missing his status as a corporate bigwig, he purchased Coated Sales, Inc. The company’s products were used to coat fabrics used in items such as


69

camouflage uniforms, life vests, and parachutes. After Weinstein increased annual sales revenues from $10 million to $90 million, several business publications listed Coated Sales as the fourth fastest-growing company in the country. However, Weinstein lost a lot of money as he developed cutting-edge products, expanded markets, built factories, and bought companies. To fund the growth and support his extravagant lifestyle (which consisted of seven luxury automobiles, two mansions, several helicopters, and 10 airplanes), Weinstein needed a significant sum of money. At one point he was so highly leveraged that banks were unwilling to extend him anymore credit. He stood to lose everything, including the luxury to which he had become accustomed. So he devised a plan to get through the cash crunch and forced his accounting staff, at the risk of their jobs, to go along with his scheme. Weinstein’s staff fabricated millions of dollars of fictitious sales and added them to real customer accounts. Over a three-year period Weinstein overstated profits and equity by $55 million. He used this overstated income to borrow $67 million from various banks. The scheme was uncovered when an auditor tried to confirm that a manufacturing company had purchased 750,000 pieces of luggage from Coated Sales. When the manufacturer indicated it had not made the purchase, the auditor performed some analytical-procedure tests and found several items that did not make sense: (i) sales and accounts receivable mushrooming while cash was decreasing; (ii) the ratio of inventory to receivables increasing significantly; and (iii) receivable turnover and cost of sales falling. Digging deeper into sales and receivables, he found that 50 percent of all receivables were fictitious. The auditing firm resigned. Coated Sales was forced into bankruptcy. Investors lost an estimated $160 million and creditors lost over $17 million. Weinstein was striped of all his assets, forced to agree to a $55.9 million civil judgment, and was sentenced to serve 57 months in prison. We can learn several valuable lessons from the Coated Sales case. First, financial statements should make sense. For example, a company with rapidly increasing sales and receivables would normally see its cash balance increase, not decrease. Second, fictitious sales/receivables fraud schemes are the most frequent type of financial-statement fraud. They are simple to commit and overstated receivables can be used as collateral for loans because receivables are the next best thing to cash in the eyes of lenders. Finally, when assessing risk, remember that fraud perpetrators have motives. Carefully examine management’s numbers when top management has a significant financial stake in a company, especially if it is on the ropes. Weinstein had a powerful motivation for fraud; if Coated Sales failed, so did he. Fictitious-revenues case study: ZZZZ Best Few financial-statement frauds have received closer attention from regulators, congressional committees, and law-enforcement officials than did ZZZZ Best. ZZZZ Best, based in Los Angeles, was a carpet-cleaning and insurance restoration company. In 1987, after only six years in business, the company was a hot stock on Wall Street and had a market valuation exceeding $211 million. Barry Minkow, its 20-year-old "genius" president, was worth $109 million. However, the company, built entirely on Minkow’s lies, was a major financial-statement fraud that fooled major banks, two then-Big Eight CPA firms, an investment banking firm, and a prestigious law firm. The company collapsed and was forced into bankruptcy in July 1987. In 1981 Barry Minkow, a 15-year-old high school student, started a carpet-cleaning business in his parent’s garage and named it ZZZZ Best. Prior to that time, Minkow worked at his mother’s carpet-cleaning business on Saturdays and during summers. Because he was still in school and too young to drive when he started ZZZZ Best, Minkow hired others to clean carpets while he sat in class worrying about the weekly payroll. Minkow never made much money cleaning carpets and almost from the beginning began committing fraud to meet payroll and pay his bills. He perpetrated fraud every way he could think of: over-billing customers (which led to his downfall), stealing checks and depositing them in his bank account, kiting checks, and overdrawing his checking account. When those schemes did not provide him with the funds


70

he needed, he borrowed money based on inflated and unaudited financial statements and altered tax returns. When his loan came due he borrowed from a second bank and then a third and continued borrowing money from every bank he could for years. ZZZZ Best’s impressive growth was not nearly fast enough for the impatient Minkow and he needed money to meet expenses and expand. By 1985, ZZZZ Best had borrowed money (at rates from two percent to five percent a week) from reputed mobsters and loan sharks who had stock-fraud backgrounds. During 1985, the company brought in joint-venture partners whose investments exceeded $4 million. That same year, the insurance restoration business was conceived. During 1985 and 1986, several insurance restoration projects were supposedly undertaken, including a $2.3 million job in an eight-story building in Arroyo Grande, California, a $7 million contract in Sacramento, a $2.8 million job in San Diego, and a $13.8 million job in Dallas. None of these jobs could later be verified, however. In fact, Arroyo Grande is a town of only 13,000 people with no building over three stories. City and county officials in Sacramento never issued permits for any such job in Sacramento. The insurance company that supposedly awarded the San Diego job says they had nothing to do with any such job. In Dallas there were no restoration jobs approaching $13.8 million. In January 1986, ZZZZ Best went public by acquiring Morningstar Investments Inc., a Utah shell corporation. In order to go public, Minkow and his assistants created a quite a few fake documents to fool the auditors and cover up fake sales and receivables. In late 1986, a stock prospectus for a ZZZZ Best public offering was prepared. For the prospectus, Ernst and Whinney reviewed three months’ financial statements (May-July 1986) and gave an endorsement for the public offering. (The public offering stated that 86 percent of ZZZZ Best Corp.'s business was insurance restoration.) ZZZZ Best raised millions in the public offering, Union Bank gave them a $7 million line of credit and First Interstate Bank provided one for $3 million. With these millions Minkow covered his previous frauds and looked forward to accelerating growth. In 1987, Minkow and other investors sold their original shares; in one year an investment of $20,000 had yielded them $4.5 million. In July 1987, the Ladenburg, Thalmann & Co. brokerage house was touting the ZZZZ Best stock and a spokesman for the company was quoted in Business Week as saying "Barry Minkow is a great manager." The company had over 1,300 employees in California, Nevada, and Arizona, and it was aggressively trying to merge with Sears Key Group to become the largest national carpet-cleaning company. Drexel, Burnham and Lambert promised to loan ZZZZ Best $40 million if they could pull off the merger. The Association of Collegiate Entrepreneurs and the Young Entrepreneurs' Organization placed Mr. Minkow on their list of the 100 top young entrepreneurs in America, and the mayor of Los Angeles honored Minkow with a commendation that said Minkow had "set a fine entrepreneurial example of obtaining the status of a millionaire at the age of 18." ZZZZ Best fell apart when an unhappy carpet-cleaning customer contacted a Los Angeles Times investigative reporter to complain about ZZZZ Best overcharging her. On May 22, 1987 the Lost Angeles Times reported that the company had used customers’ credit-card numbers to run up at least $72,000 in inflated charges, mostly double and phony billings. Following the credit-card charges, other rumors surfaced that the insurance restoration work was a fraud and that the company was a massive Ponzi scheme involved in laundering money for organized crime. Trading in ZZZZ Best stock was suspended, financing dried, and the company quickly collapsed. In January 1988, a federal grand jury in Los Angeles returned a 54-count indictment charging 11 individuals -- including ZZZZ Best founder and president, Barry Minkow -- with engaging in a massive fraud scheme. They ruled that the fraud was a Ponzi scheme based upon the creation of fictitious insurance restoration work that enabled Minkow and others to take corporate funds for their personal use. More than 80 percent of the reported business was phony.


71

The assets of ZZZZ Best were sold for less than $50,000. Losses from the fraud were approximately $100 million. The CPA firms involved paid millions for their failure to uncover Minkow’s crimes. Minkow and several others were convicted and given jail sentences. Minkow was sentenced to 25 years in federal prison, served eight years, and was then paroled. So what was Minkow like? Joe Wells, founder of the Certified Fraud Examiners Association, interviewed him for a video named “Cooking the Books.” He described Minkow this way: “... the nature of [great con artists is that] they appear bright, articulate, sincere, and likable. Barry Minkow was certainly that -- and much more. ... What made Minkow believable was his verbal ability. After three decades of meeting and dealing with white-collar criminals, I would put Minkow at the very top; he is without question one of the most persuasive crooks I have ever met.” Cut-off frauds According to GAAP, companies should recognize revenue when: (i) the earnings process is complete; and (ii) the rights of ownership (an unrestricted right to use the property, title to the goods or property passes, liabilities are assumed, ownership is transferred, and risk of loss is assumed) have passed from seller to buyer. For reporting purposes, companies divide their activities into four separate quarters and into separate fiscal years. Under the accrual method of accounting, companies match revenues with their related expenses and report them in the same period. Companies are able to significantly impact profits by playing with which side of these lines between quarters and years they record revenues and expenses. In other words, net income can be manipulated by reporting revenues or expenses in the wrong reporting period or by recognizing revenues before they have been fully earned. These approaches to perpetrating financial-statement fraud are referred to as cut-off, or timing differences, fraud. Fraud experts recognize the following types of cut-off, or timing difference, problems. Some are outright fraud schemes. Others are legal, but can be misused to perpetrate a fraud. Hold the books open The most frequent way to perpetrate cut-off fraud is to recognize subsequent period sales in the current reporting period. This is done by holding the books open long enough to meet sales or profitability goals.

Example: Joe Wells, the founder of the Association of Certified Fraud Examiners, tells the story of a company in Boca Raton, Florida that stopped its time clocks at 11:45 a.m. on the last day of each quarter. All subsequent shipments were time-stamped with that date. When quarterly sales targets were met, the clock would be restarted. The company’s auditors were fortunate that the company did not make any attempt to cover up its fraud. With so many shipments stamped with the same date and time it was not too hard to uncover the scheme.

Close the books early Another way to perpetrate cut-off fraud is to close the books early and push current-period expenses into the subsequent reporting period. In other words, hold unpaid bills until the beginning of the next accounting period. Companies are usually not very sophisticated when they use this approach. Frequently, they merely hide the unpaid invoices in a desk or filing cabinet where auditors are not inclined to look. Another way to close the books early is to delay recording returns and allowances until a later period. The first two methods are often used together. That is, the books are held open for revenues and closed early for related expenses. This is illustrated in the McCormick case.

Example: A number of years ago, the SEC took action against McCormick for deferring expenses and increasing revenues by including in sales goods that, while ready to be shipped, were not shipped by the end of the reporting period. The fraud


72

was perpetrated by middle managers in an autonomous division who felt that inflating reported earnings was the only way they could meet the profit goals set by McCormick management. The managers involved rationalized their actions as a team effort that was for the benefit of the company and the division’s employees.

Ship merchandise before the sale is final One way to inflate revenue is to recognize a sale before it is complete, such as when a customer has the option to void or delay the sale. Another way is to include merchandise on consignment in sales. A more blatant way to boost revenues is to ship merchandise to private warehouses and include the shipments in sales.

Example 1: According to the SEC, Stauffer Chemical, of Westport, Connecticut, overstated 1982 earnings by $3.1 million. The company accomplished this by reporting agricultural chemicals consigned to dealers as sales in 1982, rather than in 1983 when the consigned products were actually sold.

Example 2: Another fraud scheme that U.S. Surgical Corporation used was to include in

sales goods on consignment to its dealers, salespeople, and certain foreign entities. The result: a $2 million overstatement of income

Record revenue when services are still due According to GAAP, revenue is to be recognized as services are rendered. Some companies recognize revenues prematurely by including in income things such as refundable deposits and services paid for in advance. Others ignore or inappropriately apply percentage-of-completion methods of recognizing revenues. Recognize revenue before sales contracts are finalized

Example: McKesson HBOC Inc. allegedly booked premature revenues by recognizing as revenue a significant number of contracts that had not been finalized. McKesson HBOC was forced to restate its previously reported earnings. The chairman and six other top executives were either fired or forced to resign. To help prevent the problem from happening again, the company put new internal accounting procedures into effect.

Stuff the channel Revenue recognition has always been a murky area of accounting. It is often difficult to define the many complex accounting components of revenue and to determine exactly when revenue should be recognized. For example, some companies, such as chip maker Altera, recognize revenue as soon as a product is shipped to distributors. In contrast, other companies, such as Altera’s competitor, Xilinx, do not recognize revenues until their distributors sell their products. Which of the two direct competitors recognizes revenue properly? It depends on how you interpret accounting rules. According to GAAP, sales can be counted as revenue when transaction risk is removed and returns can be estimated “reasonably.” The most conservative approach to revenue recognition is to wait until distributors sell their products. Recognizing revenues when goods are shipped to distributors is less conservative because it is more prone to manipulation, or “earnings management.” In good times, recognizing revenue when companies ship to distributors does not usually lead to problems. In times of declining sales or revenues, however, companies can be tempted to persuade distributors to accept more product than they need or want. This is referred to as “stuffing the channel,” “trade loading,” or “borrowing from next quarter's sales.” An example of channel stuffing is Gillette, who pushed many more razor blades into the channel than consumers needed. Channel stuffing usually occurs at the end of a very bad quarter and its purpose is to help earnings look better than they really are. Distributors agree to the shipments because they seldom have anything to


73

lose. In fact, they can profit when companies desperate to make quarterly sales forecasts offer them discounts, guaranteed returns, rebates if prices fall before the products are sold, or cash advances against future sales. It is not clear when (some might say if) using legitimate sales incentives to stuff the channel crosses the line and turns into fraud. It is not nearly as difficult to determine when fraud occurs when illegitimate sales incentives are used or when existing customers are shipped unordered goods near the end of the reporting period. Shipping unordered goods this way is usually not accidental; one most likely has fraud in mind.

Example: The SEC filed a lawsuit against U.S. Surgical Corporation charging them with overstating pretax earnings by more than $18.4 million between 1979 and 1981. They employed several different fraud schemes, including shipping significant quantities of unordered products to hospitals and booking the shipments as sales.

Companies can also legally manage their earnings by choosing how they time certain expenses.

• One way to increase revenue in the current period is to defer scheduled routine equipment maintenance until the next accounting period. The result is lower expenses and higher reported earnings in the current period. Unfortunately, the maintenance delay is usually not in the company’s best long-term interests.

• While GAAP requires companies to record inventory obsolescence, choosing when to record that obsolescence can be somewhat subjective. Therefore, a manager who knows that inventory has or will become obsolete can defer recording the loss until the next reporting period in order to prop up current earnings.

Detecting fictitious revenues and timing differences

• This checklist can be used to evaluate the risk that fictitious revenues and timing differences are being used to overstate financial statements. The more “yes” answers, the greater the risk.

• Does the company have a history of using aggressive or shaky accounting practices? • Are there any indications that management is overriding internal controls? • Is management compensation substantially determined by company revenues or sales? • Is there inadequate segregation of duties among order entry, shipping, billing, accounts

receivable detail, and general ledger? Does one employee process the same transaction from beginning to end?

• Do cut-off tests or confirmations reveal invoices recorded in the wrong period or unrecorded sales returns and allowances?

• Near the end of the reporting period were there any:

− Unusually large sales or other transactions affecting revenue? − Sales with unusual or extremely favorable conditions? − Material, unsupported revenue entries in the sales journal?

• Have there been substantial sales reversed at the beginning of a new reporting period? In comparison to previous periods:

− Have sales increased materially? − Has cost of sales decreased significantly? − Is the ratio of credit sales to cash sales growing? − Has cash decreased in comparison to sales and receivables? − Are shipping costs higher? − Does the allowance for doubtful accounts seem appropriate?


74

• Were there any abnormalities in sales and shipping such as:

− Sales or shipping invoices that are out of numerical sequence? − Discrepancies between sales and shipping documents, such as quantities of

goods shipped not reconciling to goods billed? − Goods being billed before they are shipped? − Shipping goods before a sale is consummated?

• With respect to accounts receivable:

− Is the company negotiating financing based on receivables? − Have receivables grown significantly? − Have receivables increased faster than sales? − Has accounts receivable turnover slowed? − Are there any large past-due receivable balances or large receivables from

related parties or unfamiliar sources? − Are there any circular transactions, where collectability depends on funds from,

or continued activity with, the client?

• Does the company delay or deny access to original records? Timing differences case study: Regina Vacuum Cleaner Co. Don Sheelan mortgaged all his personal assets to acquire Regina Vacuum Cleaner Company. The amount of debt he assumed resulted in hefty monthly payments and his only source of funds was revenue from Regina. Unfortunately, Regina was not throwing off enough cash to make the payments and meet all its other obligations. To improve profitability, Sheelan decided to develop a new generation of vacuum cleaners. New to the industry, he felt the old product line, with a reputation for products as tough as steel, was “over-engineered.” Needing money to develop and manufacture the new product, Sheelan had his CFO falsify income to boost the stock price so he could sell some stock or borrow against it. The CFO decided that extending the cut-off date for sales was the easiest and least risky way to create fake income. So Regina employees backdated sales invoices and predated shipments. Since cut-off fraud robs profits from the next period, it requires an increasingly large number of illegal cut-off transactions in subsequent periods to show desired profits. To generate additional sources of fraudulent income, the CFO began booking shipments of consignment vacuum cleaners as sales. As the need for more income grew, he began deferring expenses into subsequent periods. The schemes provided Sheelan with the cash he needed. The new Regina vacuum was introduced with a splashy, multimillion-dollar ad campaign that worked -- Regina set records selling the new vacuum. Profits soared and Sheehan had the money he needed to make his note payments. The success was short-lived, however, as two problems with the new design cropped up. Customers returned the vacuums because: (i) the internal gears stripped; or (ii) the vacuum’s internal parts melted. In his bid to increase profitability, Sheelan had substituted plastic parts for the original vacuum’s sturdy metal parts. In short order, Regina had more defective vacuum cleaners on its hands than newly manufactured ones. To hide this from its auditors, the company shipped the defective machines to a rented off-site storage site and hid all of the documentation on the returns. Before too long customers found out that the new vacuums were not reliable and the problem of declining sales was added to that of massive returns. Sheelan and his CFO found it difficult to keep track of all their lies and finally realized that it was only a matter of time until the auditors uncovered the fraud. They retained an attorney, who suggested a proactive approach: admit their guilt before it was discovered and hope that the court showed them mercy. Regina folded, and investors and creditors lost $40 million. Sheelan was jailed for over a year, but spent most of that time in a halfway house. The CFO was fortunate; he was not sent to jail. Sheelan was


75

required to pay millions of dollars in civil judgments, but it is unlikely he will ever earn enough to repay them all. There are several things we can learn from the Regina fraud. First, in most cases of financial-statement fraud, the perpetrator (the company itself or one or more of top management) faces some pressure (the motive). Understand that pressure is important in detecting the fraud. For example, Sheelan had everything riding on Regina’s success. If the auditors could have found that out, perhaps by reviewing Sheelan’s individual tax returns, they may have been able to spot that Sheelan was in hock up to his neck. Knowing his financial circumstances could have altered the approach the auditors took to the audit as well as the scope of the audit. Second, you cannot detect financial-statement fraud if you do not understand the client’s business and financial situation. The nature of Regina’s business and its financial situation changed after Sheelan bought the company. Regina discontinued its legendary metal vacuum and depended entirely on a new and unproven machine. While it is imperative that auditors verify how much revenue a company has, it should also examine the quality and stability of those revenues and how they are earned. Third, if a fraud involves the shipment or receipt of inventory, key shipping and receiving personnel know about it. For example, employees on Regina’s loading dock knew that the warehouse had been full of defective vacuums, and they also knew about the rented off-site storage, about shipping documents being backdated, and that consigned merchandise was included in sales. When auditing inventory, time spent on the loading dock can be time well spent. It is surprising what people will tell you when you make direct but nonaccusatory inquiries. Asking tough questions is not hard if you do it right. Here are some questions to consider:

• Has anyone ever asked you or any other shipping (receiving) personnel to misstate the amount of merchandise the company ships (receives)?

• Has anyone ever asked you or any other shipping (receiving) personnel to destroy, conceal, backdate, or postdate documents?

• Has anyone ever asked you or any other shipping (receiving) personnel to do anything you thought was illegal or unethical?

Finally, it is easy to get lost in details. Step back and look at the big picture. Before completing an audit, ask yourself questions such as these:

• If the company was trying to conceal financial-statement fraud, where would it show up in the accounting records or the financial statements?

• What does not make sense at the company? • Is there anything out of the ordinary or unusual that might indicate fraud?

Had Regina’s auditors done this they might have picked up on the following discrepancies:

• Sales that were never collected; • The significant increase in the cost of off-site storage; • Why the company no longer had merchandise on consignment; • Sales and expenses that were much too early or late; and • The decline in the company’s reputation.10

Bill-and-hold schemes Revenue recognition, according to GAAP, requires that revenue be realized or realizable and earned. Usually, revenues are recognized at the time goods are sold and delivered. However, there are sales arrangements where the sale and delivery do not coincide. In a bill-and-hold sale, for example, the customer agrees to purchase goods, but the seller retains possession until the customer requests

10 Adapted from “Timing is of the Essence,” by Joseph T. Wells, Journal of Accountancy, May 2001.


76

shipment. Although bill-and-hold sales can conform to GAAP, they can be difficult to evaluate and have often been used to perpetrate financial-statement fraud.

Example: After Al Dunlap took over as CEO of Sunbeam, the company instituted aggressive sales tactics, including an end-of-the-year bill-and-hold sales campaign to sell gas grills. The campaign began in the fall, many months before distributors would even think about ordering grills. To motivate them to order early, Sunbeam offered them deep discounts, six months or more to pay, very liberal return policies, and free storage until the distributors were ready for delivery. The offer was too good for most distributors to refuse. Sales were brisk and Sunbeam recognized all the sales as current revenue, which was a clear violation of GAAP since Sunbeam was nowhere near completing its obligations to the distributors and had little idea as to how many of the grills would be returned. The SEC investigated and determined that at least one-third ($62 million of a reported $189 million) of Sunbeam’s 1997 earnings were fraudulent. Much of the fraud was a result of the bill-and-hold schemes.

One fraud risk factor is unusual and highly complex transactions that pose difficult substance-over-form questions. This is a good description of bill-and-hold sales. The SEC recently stated that, to justify revenue recognition, a bill-and-hold transaction must comply with each of the following conditions:

• Ownership risk must pass to the buyer; • Customers must give the seller a fixed commitment to purchase, preferably in writing; • Buyers must have a substantial business purpose for the bill-and-hold deal and must be

the one to request the transaction; • There must be a delivery date that is fixed, reasonable, and consistent with the buyer's

business purpose; • Sellers must not have any significant specific performance obligations, such as a

responsibility to help resell the merchandise; and • Goods must be complete and ready for shipment and not available to fill other orders.

However, even meeting these six requirements is sometimes not enough for a transaction to meet revenue-recognition guidelines. The following factors also must be considered:

• The date the seller expects payment and whether or not the seller has modified its normal billing and credit terms;

• The seller's past experiences with bill-and-hold transactions; • Whether the buyer is responsible for any loss in the goods' market value; • Whether the seller's custodial risks are insurable and insured; • Whether APB Opinion No. 21, Interest on Receivables and Payables (on discounting the

related receivable), applies; and • Whether the business reasons for the transaction introduce a contingency to the buyer's

commitment. SEC enforcement case example The facts in the case are as follows:

• The seller was a toy maker with a highly seasonal business; • The seller had a clear business purpose for delaying shipment: there were customers

who were unable to accept delivery of Christmas toys before the holiday season began; • The risks of ownership did not pass to the customers; • The toy maker prepared sales invoices; and • Customers did not help determine what was ordered.


77

The deal failed the SEC test. Companies who recognize revenues in bill-and-hold transactions that do not comply with the SEC's criteria run the definite risk of being accused of fraud. Detecting bill-and-hold frauds The following procedures and tests can be used to help detect bill-and-hold frauds:

• Compare current-year monthly sales with those of the preceding year. Significant fluctuations or differences might indicate bill-and-hold transactions, or they might indicate that fraudulent bill-and-hold transactions were reversed.

• Compare the ratio of monthly (or weekly) shipments to sales for this year with those of last year. If there are significant sales without corresponding shipments, this ratio should help bring this to light. It is especially important to do this for several weeks before and after period-end.

• Examine sales and shipments for the last few weeks of the reporting period to make sure that sales at the end of the period are shipped and that shipments at the beginning of the quarter are not sales from the prior quarter.

• Inspect sales-transaction documentation, including sales orders, shipping documents, sales invoices, and customer payment information, looking for anything that might indicate bill-and-hold practices. For example, look for bills of lading signed and dated by company employees when they should be signed by a shipping company employee; shipments to warehouses rather than to the customer's regular address; invoices with no shipping information; and any notes or instructions on any of the documents that might indicate a bill-and-hold transaction.

• Ask sales, shipping, and accounting employees, as well as management, if the company has any bill-and-hold sales arrangements.

• During inventory observation, be on the alert for goods billed to customers that were not shipped or physically segregated.

Ensure that all bill-and-hold sales follow the guidelines set forth by the SEC.


78

Chapter 6 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. Rita has been creating fake invoices using a few of the company’s real customers for the last

eight months. The balances in these customer accounts are beginning to rise because the fake receivables are never collected. What might Rita do to cover up her fraud?

A. Intercept monthly statements being sent to customers. B. Remove the sales with credit memos. C. Record the false sales earlier in the quarter. D. Use smaller, less material transactions.

2. Market Software develops and sells software directly to customers. Once their customers are

emailed a code to download the software, revenue is recorded in the company’s accounting program. Which audit procedure is especially important for this type of revenue recognition fraud risk?

A. Ask the software developers about end-of-period sales and any unusual terms

associated with them. B. Observe goods being readied for shipment. C. Test whether controls provide assurance that recorded revenue transactions occurred

and are properly recorded. D. Perform any inventory cutoff procedures deemed appropriate.

3. Market Software sells support for its software to customers. Customers can purchase blocks of

time which never expire. The customer pays for the entire amount of the selected block of time before the support begins. Market Software records revenue for the entire amount purchased at the time the customer agrees to purchase the support and signs the support contract. What is Market Software doing incorrectly, possibly fraudulently?

A. Holding the books open. B. Closing the books early. C. Recording revenue when services are still due. D. Recognizing revenue before sales contracts are finalized.

4. In the case of Regina Vacuum Cleaner Co., what audit technique might have been used to

uncover the fraud that occurred after the newly designed vacuum was introduced and sold?

A. Verify the revenue the company has. B. Ensure that research and development costs for the new product were not capitalized. C. Inspect the books in greater detail. D. Inquire about the company’s declining reputation.

5. Which of the following is true regarding bill-and-hold transactions?

A. Ownership risk must remain with the seller until delivered. B. There must be a fixed delivery date. C. Sellers can help resell the merchandise. D. Goods can be used to fulfill other orders.


79

Chapter 6 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. Rita has been creating fake invoices using a few of the company’s real customers for the last

eight months. The balances in these customer accounts are beginning to rise because the fake receivables are never collected. What might Rita do to cover up her fraud?

A. Intercept monthly statements being sent to customers. Incorrect, because Rita might

reduce the risk of a customer noticing the false invoices when monthly statements are sent out by intercepting the statements before they are sent. However, this will not help the rising balances in these customer accounts.

B. Remove the sales with credit memos. Correct, because false sales are often removed with credit memos or write-offs in order to keep the balances in the customer accounts down.

C. Record the false sales earlier in the quarter. Incorrect, because Rita may record the false sales earlier in the quarter since sales near the end of the quarter are often subject to close scrutiny. This will not help the rising balances, however.

D. Use smaller, less material transactions. Incorrect, because using smaller, less material transactions avoids the attention that large or unusual transactions typically receive. However, the customer balances will continue to rise whether one large amount is used, or several smaller amounts are used.

2. Market Software develops and sells software directly to customers. Once their customers are

emailed a code to download the software, revenue is recorded in the company’s accounting program. Which audit procedure is especially important for this type of revenue recognition fraud risk?

A. Ask the software developers about end-of-period sales and any unusual terms

associated with them. Incorrect, because the best people to ask about end-of-period sales and any unusual terms associated with them are sales and marketing personnel and in-house legal counsel.

B. Observe goods being readied for shipment. Incorrect, because in this example goods are not shipped to customers. Customers download the software electronically.

C. Test whether controls provide assurance that recorded revenue transactions occurred and are properly recorded. Correct, because testing controls to provide assurance that recorded revenue transactions occurred and are properly recorded is especially important for revenue transactions that are electronically initiated, processed, and recorded.

D. Perform any inventory cutoff procedures deemed appropriate. Incorrect, because inventory cutoff is not an appropriate procedure when the client does not have a physical inventory.

3. Market Software sells support for its software to customers. Customers can purchase blocks of

time which never expire. The customer pays for the entire amount of the selected block of time before the support begins. Market Software records revenue for the entire amount purchased at the time the customer agrees to purchase the support and signs the support contract. What is Market Software doing incorrectly, possibly fraudulently?

A. Holding the books open. Incorrect, because when the books are held open, revenue that

should be recorded in the subsequent period are recorded in the current period. This would be achieved by dating invoices with an earlier date, or stamping sales shipments with an earlier date.


80

B. Closing the books early. Incorrect, because closing the books early typically involves pushing current period expenses to the subsequent period.

C. Recording revenue when services are still due. Correct, because according to GAAP, revenue must be recognized when services are rendered. Market Software is recording revenue prematurely by including services paid for in advance.

D. Recognizing revenue before sales contracts are finalized. Incorrect, because Market Software waits for the customer to sign the support contract before recording revenue.

4. In the case of Regina Vacuum Cleaner Co., what audit technique might have been used to

uncover the fraud that occurred after the newly designed vacuum was introduced and sold?

A. Verify the revenue the company has. Incorrect, because examining the quality and the stability of the revenues and how the revenue is earned may have uncovered the fraud, not just verifying the revenue the company has.

B. Ensure that research and development costs for the new product were not capitalized. Incorrect, because although this may uncover some fraud, Regina Vacuum Cleaner’s fraud did not involve capitalizing expenses.

C. Inspect the books at greater detail. Incorrect, because it is easy to get lost in the details by inspecting the books. Auditors should step back and look at the big picture in all audits.

D. Inquire about the company’s declining reputation. Correct, because after the new vacuums were introduced, many customers were unsatisfied with the results. Declining sales and heavy returns, as well as a poor company reputation were the result. The fraud may have been uncovered if the auditors inquired why the company’s reputation was declining, although the revenues increased.

5. Which of the following is true regarding bill-and-hold transactions?

A. Ownership risk must remain with the seller until delivered. Incorrect, because ownership risk must pass to the buyer.

B. There must be a fixed delivery date. Correct, because a bill-and-hold transaction must have a fixed delivery date which is reasonable and consistent with the buyer’s business purpose.

C. Sellers can help resell the merchandise. Incorrect, because sellers must not have any specific performance obligations, such as a responsibility to help resell the merchandise.

D. Goods can be used to fulfill other orders. Incorrect, because goods must be complete and ready for shipment and not available to fulfill other orders.

Chapter 7: Disclosure Failures, Concealed Information, Management Override of Controls, and Management Estimates

81



1. To describe the most likely occurrences of fraudulent or inadequate disclosures and audit procedures to detect them

2. To explain how companies conceal off-the-book information and how management estimates are used to manipulate earnings

3. To cite responses to the risk of management overriding controls

Disclosure failures and concealed liabilities and losses Disclosure failures Companies can perpetrate fraud by not reporting pertinent and important material in their financial statements. The importance of adequate disclosure is illustrated by GAAP, which requires that financial statements not be misleading and that they include all relevant and material information, either in the financial statements themselves or in the footnotes. It is important for auditors to understand where fraudulent or inadequate disclosures are most likely to occur. A study of past disclosure frauds shows that there are five main areas where financial statements are most susceptible to fraudulent disclosures. Understanding these five disclosure schemes will help auditors and others better prevent and detect disclosure fraud. Failure to disclose liabilities To present the company financial statements in a better light, management may choose to intentionally not disclose liabilities such as contingent liabilities or loan covenants. Failure to disclose significant events Potentially, there are many events that could affect financial statements now or in the future. Among them are product or manufacturing obsolescence, competitor products, new technology, and actual or potential lawsuits. Failure to disclose accounting changes A company might occasionally change accounting methods and practices, such as its depreciation method, revenue-recognition criteria, and accrual calculations. If the changes have a material impact on the financial statements, they must be disclosed. Failure to disclose related-party transactions Occasionally a member of management will have a financial interest in a customer, supplier, etc. These relationships must be disclosed. Another way to boost revenues, and therefore profits, is to set up other companies and sell them goods at inflated prices. In essence, the company becomes both the buyer and the seller. One company can show tremendous profits and the other can post losses that can be used to reduce taxes. If the company buying your goods runs short of cash, no problem. If need be, you just loan them some money so they can buy more of your products.

Example: In 1997, Tei Fu and Oi-Lin Chen were charged with tax evasion for underreporting their 1987-1990 income by $125 million. The Chens allegedly had foreign companies that they owned overcharge Sunrider, their U.S. company, for ingredients. The Chens prepared two separate invoices for each foreign transaction. One was for Customs and showed the correct prices. The other was for tax purposes and showed the inflated (by 50 percent to 900 percent) prices. This scheme dramatically understated Sunrider’s profits, and


82

therefore, their U.S. tax liability. They paid for the ingredients by wiring millions of dollars to overseas accounts. To bring the money back into the United States, they purchased real estate and Chinese antiques. To save on customs charges, they grossly understated the value of the antiques and other items they brought into the United States.

However, there are rules against this sort of behavior. According to GAAP, financial statements should reflect arm's-length transactions between independent parties, and revenue is not to be recognized on transactions between related parties. That means that in our above-mentioned example (where the first entity created and controlled the second one, making the first entity, in effect, both buyer and seller), it is usually inappropriate to recognize revenue, even if the relationship between the two entities is disclosed. In an effort to recognize revenue, some companies structure transactions so that they have the appearance of genuine sales, when, in fact, they are not. These efforts are often referred to as sham transactions. There are a number of related-party arrangements that have been associated with fraudulent financial reporting. Among the most common are the following:

• Sales with a guarantee that any unsold goods will be repurchased (thereby preventing revenue recognition);

• Sales with a guarantee from a seller-financed entity (such that the sales would be viewed as an uncollectible receivable);

• Sales without substance (such as funding the buyer so collection is assured). There can be a line between when these sales arrangements are good business practices and when they constitute fraud. For example, consider vendor financing, the practice of a company lending money to a customer to buy its product. Lucent and Alcatel, the large telecommunications suppliers, were hurt by vendor-financing practices after weak customers failed and defaulted on their loans. Neither company has been accused of fraud. What is the line between valid business practices and fraud? Analyze the three practices listed above. In part, it is removing risk from the transaction. For example, the first two sales have some form of guarantee that the buyer will not lose money. The other essential part is whether the sale has any substance to it. For example, the third sale mentioned above is a sale without substance. Failure to disclose management fraud Any type of management fraud, regardless of the amount, should be evaluated to see if it should be disclosed. Audit procedures to detect undisclosed items Financial statements are the responsibility of management, and auditors are responsible for attesting that the financial statements are presented fairly. One of the difficulties that auditors face is making sure that all relevant disclosures are in the financial statements. This difficulty arises from the fact that auditors may not know if management has disclosed everything that is needed to ensure that the statements present fairly the financial condition of the company. Auditors can maximize their chances of uncovering items that are not disclosed by management by doing whichever of the following makes sense under the circumstances:

• Request a letter from all the law firms that the company has used. Ask them to let you know in the letter of any potentially damaging lawsuits or other liabilities the company may have and of any related parties that might be doing business with the company.

• Compare current and prior financial statements to determine whether the company has changed accounting principles or methods.

• Interview key company personnel, such as engineers, sales representatives, shipping and receiving personnel, and accounting and finance employees. Ask about possible


83

significant events and related parties. Also ask, in a nonaccusatory tone, if they suspect anyone of stealing from the company or misrepresenting the company’s financial statements.

• Carefully review financial-institution documentation looking for undisclosed loan covenants.

• Examine legal documents such as sales contracts and warranty agreements to find contingent liabilities.

• Search public records at both the federal and the state levels looking for any lawsuits to which the company is a party. While searching state records, be on the lookout for company officers that are owners or officers of another corporation.

• Search the Internet to find everything you can on the company and its key officers. Review newspaper articles, press releases, biographical sketches, commercial credit reports, and other appropriate documentation. Look for clues to possible conflicts or controversy.

• Ask for unrestricted access to the company’s filing cabinets. This has three advantages:

− It provides the opportunity to assess how the client reacts. While the client has the legal right to decline, if the company puts up strong resistance to such access, perhaps there is a reason why. However, many honest companies will not be too thrilled with the idea of auditors rummaging through their files and may rebuff such a request. The key, perhaps, is the company’s reaction to the request.

− When the auditor requests documents, the client has time to omit or alter important accounting evidence. With unrestricted access, the auditor can look for items not in the books and records such as memos, business plans, competitive and market information, etc.

− A dishonest client does not have time to manufacture evidence.

• In order to identify related parties, the auditor should take the following actions:

− Ask lawyers, predecessor auditors, and others providing professional services what they know about the principal parties on the other side of material transactions.

− Ask the company’s securities counsel about management relationships, and review registration-statement disclosures.

− Ask your firm’s tax and consulting personnel what they know about management's involvement in material transactions and those who conducted the transactions.

− Review the extent and nature of business transacted with borrowers and lenders as well as major customers and suppliers. Look for significant transactions with related parties that are outside the ordinary course of business or are with unaudited entities. Also look for material revenue transactions with significant variations from normal sales terms, such as unusual payment terms.

− Review management conflict-of-interest statements. − Examine accounting records. Look for material, highly complex, unusual, or

nonrecurring transactions or balances, especially those occurring near the end of the reporting period.

− Examine payable and loan receivable confirmations, looking for guarantees. − Examine material cash advances, investments, and other disbursements, looking for

funds dispensed to related parties. − Examine the ownership structure of the organization and any organization that might

be a related party. A big red flag for related-party transactions is difficulty in determining who controls either entity in a transaction.

− Look for business practices with no apparent business purpose, such as bank accounts or material operations in tax havens, or a highly complex organizational structure.


84

Fraudulent-disclosures case study: Midland State Bank Eddie Thomas, the president of Midland State Bank (MSB), essentially robbed the bank’s shareholders. The bank was forced to shut its doors less than three months after federal bank regulators gave it a clean bill of health. Bank auditors missed the fraud for years and the external auditors missed it twice. Looking back, Thomas thinks the motivation for his fraud came from the resentment he felt toward many of his borrowers. He was a college graduate, making less than a $100,000 a year, while his bank was lending large sums of money to people he considered far less deserving. One day a bar owner came to see Thomas. Thomas told the owner that bar and restaurant loans carried too much risk and the loan was too low-margin. To get the loan, the bar owner offered Thomas a silent interest in the bar. Thomas saw himself as financially savvy and thought the bar could use his help. Besides, he liked to eat and drink a lot. Thomas approved the loan. Within two years, it was well known in Midland that if you needed a loan, Thomas was the guy to see -- provided you were willing to give him a piece of the action. Unfortunately for Thomas, none of his businesses did well; he continually had to flip an old loan to a new one to keep the lending portfolio afloat. Although the auditors and regulators did not know what was going on, the staff did. Eventually they had enough and the bank’s executive vice-president, Roger Lawton, met privately with the outside directors. They could not believe their ears, as Thomas had shown one year of profitability after another. Lawton convinced the directors to hire a new audit firm to do a surprise examination of MSB. The new auditors arrived on Friday morning, just as Thomas was arriving at work. He knew the jig was up. By the close of business that day, with the help of Thomas and the bank’s staff, the auditors had uncovered all the problem loans. None was ever collected and the bank was forced into liquidation. Thomas went to prison for three years. Although the shareholders received partial reimbursement from the original auditors for their loss, they still took a big financial hit. Several shareholders had to file for bankruptcy. So did the original CPA firm that missed the fraud during its audits of MSB. Bank documents did not reveal the fraud. Thomas concealed evidence of his secret kickbacks and self-dealing in his own personal accounts, not in those of the bank. Such transactions are known as “off-book frauds.” As the term implies, auditing the client’s books and records usually does not uncover such schemes. To detect fraudulent disclosures and other off-book frauds, the auditor almost invariably must rely on the cooperation of a company insider to provide tips. The way to do that is remarkably simple: you individually talk to the key insiders and ask them if they have any reason to believe that there are things going on outside the company’s books that you should know about. If you doubt the effectiveness of asking such a straightforward question, consider what Roger Lawton said in an interview not long after Thomas went to prison: “We [bank employees] called him “Fast Eddie” because of his lifestyle. He ate out four or five times a week, he drank and partied all the time, he had a new car, he had a Rolex, he even had a belt buckle made out of solid-gold nuggets. And he sure was not living like that on what the bank paid him. ... We did not exactly suspect he was a crook -- we pretty much knew it for a fact. ... We were dying to tell them. They never asked.”11 Concealed liabilities and losses One way a company can make its financial statements look better is to either not report some of its liabilities or losses or to move some of them off of its books. These concealed liabilities and losses are hard for auditors to examine, as it is harder to audit something that is not on the books than it is to audit something that is on the books. For example, Enron used a number of different techniques to hide its debt and book fake profits so that its financial statements would look better than they really were.

11 Wells, Joseph. “...And Nothing But the Truth: Uncovering Fraudulent Disclosures,” Journal of Accountancy, July 2001, pp.

47-52.


85

One way to move liabilities off the books is to set up special-purpose entities, synthetic leases, securitizations, or some form of off-balance-sheet partnership. Of key concern to investors, accountants, and others is whether these partnerships are material enough to report to shareholders and whether they should be shown on company financial statements.

Example: Businesses like eBay and Novell have used synthetic leases to finance their buildings. A third party purchases the property and rents it to the company. Neither the building nor the lease obligation appears on the company’s balance sheet because the company treats the arrangement as if it were a tenant in a traditional operating lease. This improves certain key performance measures, such as debt-to-capital and return-on-assets ratios. However, unlike a traditional lease, a synthetic lease has certain ownership benefits, such as the right to deduct interest payments and property depreciation from its tax bill. This provides the company with the best of all worlds: no property or lease obligation on the books and interest and depreciation charges on the income statement.

A special-purpose entity (SPE) is of special interest. An SPE is a legal entity into which its creator can dump assets and liabilities. SPEs are legal and have a valid business purpose, which is to isolate and control financial risk. For example, most banks use SPEs to issue debt secured by pools of mortgages. Credit-card companies offload loan liabilities by selling securities to outside investors who are willing to take on the risk of default in exchange for a steady income stream. Companies such as Target and Xerox use SPEs to factor their account receivables. Companies also use SPEs to finance equipment or purchases or to offload financing on big construction projects. For example, an airline that needs to purchase new planes, but does not want all that debt on its balance sheet, could set up a joint-venture SPE with some investors. The SPE could purchase the airplanes and borrow against them to finance them. The airline would lease the airplanes from the SPE and operate them. The SPE would use the lease payments to pay down debt and provide a return to the investors. Theoretically, SPEs provide protection to both the investor and the organizing company if something goes wrong. For example, if the SPE failed, the airline would only lose the money it had put into the SPE. If the airline failed, its creditors could not go after the SPE's assets. When the rash of financial-statement frauds broke out in the early 2000s, accounting rules allowed outside investors to “own” the SPE by contributing as little as three percent of the equity in the SPE. As a result, the organizing company can own 97 percent of the company and still claim, for accounting purposes, that it does not own the company. Those are pretty friendly rules: find friendly investors to put up three percent of the SPE and it qualifies for off-balance-sheet treatment. After the scandals took place, Congress began pressuring for the rules to be tightened. Due to the liberal accounting rules, most Fortune 500 companies use SPEs. Are SPEs bad? Certainly not, but they are very tempting vehicles for companies looking for legal (and in some cases, illegal) ways to spruce up their financial statements. So how does one go about evaluating companies with SPEs? How is one to know if an SPE is set up to serve a legitimate business need or to misstate financial statements? One key seems to be whether the company has, in fact, reduced its risks by shifting the burden of carrying an asset to someone else or whether it simply devised a sneaky way of eliminating a bookkeeping entry. The best way to evaluate that is by disclosing information about the SPEs, something that has been lacking in many financial statements. Many SPEs are not designed to isolate or control risk. In some SPEs designed to provide factoring services to organizations, for example, the organizing company guarantees that bondholders will not lose money or that their losses will be kept to a specified minimum. Another example is some of Enron's


86

SPEs, where options or derivatives were used to guarantee the returns promised to bondholders. While the SPEs had the appearance of assuming risk, Enron retained most or all of it. Some SPEs are tax-avoidance schemes that cleverly take advantage of differences between accounting rules and tax laws. For example, in a synthetic lease a company sells an asset to an SPE to get the asset off its balance sheet and then leases it back. While the company no longer “owns” the asset, the asset depreciates it on its tax return as if the company still owned it. Some companies, such as Enron, used SPEs to recognize fictitious or inflated income. In several cases Enron sold assets to its SPEs at inflated prices to generate the bogus revenues and income. Enron also broke the rules in other ways. For example, they set up SPEs that did not meet the three-percent rule. The problems at Enron have resulted in closer scrutiny of SPEs. In April 2002, the SEC and the Federal Reserve required PNC Bank to include three SPEs on its balance sheet, which reduced its earnings by $155 million. This scrutiny of SPEs has also caused some company officials to lose their jobs. The Provident Foundation, a not-for-profit charity in Baton Rouge, Louisiana, says one of its charitable purposes is to ease the government’s burden of building and running prisons. One way it does that is to provide public and private prison operators with off-the-books financing. In return, Provident receives fat fees, some of which Provident claims are exempt from federal income tax. In one nine-month period, Provident sold more than $420 million of bonds and acquired six prisons, eight halfway houses, and other facilities. Provident’s financial dealings with Cornell, a Houston-based for-profit prison company, caused the chairman and chief executive to lose his job and resulted in an embarrassing restatement of the company’s financial figures.

Responses Responses to the risk of management overriding controls James C. Treadway, chairman of the National Commission of Fraudulent Financial Reporting, said that management is often the source of fraudulent financial reporting due to the ways management overrides the internal controls of the organization. Management fraud is particularly difficult to detect for a number of reasons:

• Management, due to its position at the top of the organization’s hierarchy, is in a unique position to both commit and conceal fraud. Managers are able to directly or indirectly manipulate accounting records and present fraudulent financial information.

• Management is in a position to direct employees to perpetrate the fraud or to ask for their help in perpetrating the fraud.

• Management is able to override controls that, when not overridden, operate effectively and mitigate fraud risks.

• Segment or division managers are often in a position to fudge their accounting records in a way that materially misstates the organization’s consolidated financial statements.

Unless the auditor concludes that they should not be performed, the procedures to address the risk of management override of controls described below are appropriate for most audits. The procedures should always be performed for financial-statement audits of public entities because investors place pressures on management to achieve a given level of financial-performance and management can be tempted to fudge numbers in order to achieve financial performance incentives. These procedures should also be performed for nonpublic-entity financial-statement audits. Nonpublic entities also face incentives and pressures from the board of directors, contributors, investors, creditors, or vendors, and there is also pressure to meet financial or other performance targets. Although infrequent, SAS No. 99 provides three examples of when the auditor may decide that some or all of these procedures are not necessary:


87

• When the client is a nonpublic entity or a not-for-profit organization for which the auditor concludes there is little incentive or pressure to achieve specified levels of financial performance to satisfy either external or internal users of the financial statements or to inappropriately minimize income-tax liabilities;

• When an employee benefit plan performed to satisfy regulatory requirements and the auditor concludes there is little incentive or pressure to inappropriately report the financial condition or performance of the plan; an

• When a subsidiary performed solely to satisfy statutory requirements that are unrelated to financial condition or performance.

Should the auditor conclude that the procedures to test for management override of controls are not necessary, he or she should document that conclusion. Documentation requirements are discussed more fully later in the course. SAS No. 99 recommends the following three audit procedures to address the risk that management overrides controls: (i) an examination of journal entries and other adjustments, especially at or near period-end; (ii) an evaluation of significant, unusual transactions, especially at or near period-end; and (iii) a review of accounting estimates for bias. Of special importance is a retrospective review of significant management estimates. Examining journal entries and other adjustments Fraudulent financial reporting is often perpetrated using inappropriate or unauthorized journal entries. It is also perpetrated by adjusting financial-statement amounts that are not reflected in formal journal entries. Examples include consolidating adjustments, report combinations, and reclassifications. As a result, auditors should test both journal entries recorded in the general ledger and adjustments made while preparing the financial-statements, such as entries posted directly to financial statement drafts, for appropriateness and authorization. Auditors are required to understand the client’s system of internal controls. They should also obtain an understanding of whether the controls are suitably designed and have been placed in operation. Auditors are also required to understand the automated and manual procedures their clients use to prepare financial statements and related disclosures, including procedures used to: (i) enter transaction totals into the general ledger; (ii) initiate, record, and process journal entries in the general ledger; and (iii) record recurring and nonrecurring adjustments to the financial statements. Auditors should use this understanding to identify the client’s normal journal entries and adjustments (the nature or type, number, size, source, etc.) and the procedures and controls used (who is authorized to make them, required approvals, how they are recorded, etc.). This knowledge will help the auditor spot inappropriate or unauthorized journal entries and adjustments, which often have one or more of the following unique identifying characteristics:

• The entry or adjustment was made to unrelated, unusual, or seldom-used accounts or business segments;

• It was recorded at the end of the reporting period, as post-closing entries, or before or during the preparation of the financial statements;

• It often has little or no explanation or description; • It often has no account numbers; and • It contains round numbers or a consistent ending number.

In testing journal entries and adjustments, the auditor should use his or her professional judgment to determine the nature, timing, and extent of the tests. In making those decisions, the auditor should consider the following:

• Identified fraud risk factors can help the auditor select which journal entries to test and determine the extent of testing necessary.


88

• If the auditor tests the controls over the preparation and posting of journal entries and finds them effective, it may be possible to reduce the extent of substantive testing of journal entries.

• Audit procedures will be different in a manual, paper-based system than in an automated financial-reporting system. In a paper-based system, the auditor will inspect the general ledger to identify which journal entries to test and to examine support for the selected items. In a computer-based system, journal entries and adjustments often only exist in electronic form. As a result, the auditor will normally use computer-assisted audit tools to identify the items to test.

• Accounts or transactions that are complex or unusual in nature, contain significant estimates, or are associated with an identified fraud risk deserve added attention, as they are prone to fraud.

• When clients have several locations or components, the auditor should consider using the factors set forth in SAS No. 47 to select journal entries from the various locations.

• The auditor should consider testing journal entries and adjustments throughout the reporting period, as they can take place any time during the reporting period. However, special attention should be paid to end-of-period journal entries and adjustments, as that is when fraudulent entries are most likely to occur.

Evaluating the business rationale for significant unusual transactions While performing an audit, the auditor should keep his or her eyes open for significant transactions that are either: (i) not part of the organization’s normal course of business; or (ii) unusual based on the auditor’s understanding of the organization and its environment. When one of these transactions is discovered, the auditor should determine the business rationale behind the transaction and evaluate whether its purpose was to misstate the financial statements. Of particular importance is whether the other party to the transaction: (i) is an unidentified related party; or (ii) needs the financial strength of the client to support or complete the transaction. Management estimates Financial statements are full of estimates, and many financial-reporting frauds are perpetrated by intentionally misstating one or more of the estimates. Estimates are based on both objective and subjective factors and the subjective factors are susceptible to bias, even when competent personnel use relevant and accurate data to make their estimates. Since there is no way to foresee the future, these estimates are usually judgment calls where management tries to estimate what will happen to the best of their ability. As a result, these accounts are highly susceptible to simple mistakes of misestimation.

Example: Between 1993 and 1996, the allowance for doubtful accounts at Sears dropped from 4.72 percent of accounts receivable to 3.63 percent. Actual losses increased to 5.43 percent from 3.55 percent. During this period, Sears was extending credit to more customers, many of them less creditworthy than their other customers. Sears had seven straight quarters of double-digit earnings growth during the decline in the allowance rate. Rising delinquencies finally resulted in two quarters of negative earnings growth in late 1997 and early 1998.

Some of the more important estimates involve the following:

• Asset valuation and expense estimation, such as how long assets (depreciation) or natural resources (amortization) will last, losses on sales (accounts receivable), loan and credit-card losses, warranty costs, and health-care and insurance claims;

• Specific transactions, such as acquisitions, restructurings, and disposing of a business segment; and

• Significant accrued liabilities, such as pension and other post-retirement benefit obligations and environmental remediation liabilities.


89

Accounting estimates can be used to smooth earnings and in some cases to commit outright fraud. We will discuss three types of estimates: (i) reserves; (ii) restructurings; and (iii) pension estimates. Reserves Some companies use unrealistically high assumptions during highly profitable years to stash large amounts of money in a reserve account (called “cookie-jar accounting”). To smooth its earnings, in lean years the company boosts earnings by harvesting these reserves -- all they have to do is lower their assumptions and free up some or all of the money in the reserve (the cookie jar) to increase profits.

Example: As Sunbeam was collapsing in 1997, Al Dunlap showed a huge earnings increase by reversing some reserves. Cendant and Waste Management also hid their significant financial problems by reversing reserves they had set up in better times.

Restructurings Companies can also smooth earnings by playing with write-offs and one-time restructuring charges (called “the big bath”) and at some future point they use these reserves to smooth out financial returns. These types of charges are used to help companies clean up their balance sheets, close plants, exit markets, and change product mixes. When a company restructures its operations and takes a charge for doing so, it estimates all related costs (such as closing a plant, severance packages, costs to break leases, etc.). The company reports all restructuring costs in the period when the changes are announced even though they may not be incurred until a later period. Write-offs and restructuring charges invite abuse. When a company has a legitimate write-off or a restructuring charge it can throw all kinds of extra expenses into the charge that can be reversed later to increase income. This has tremendous benefits, as Wall Street usually ignores the one-time losses and focuses on future earnings, which will appear higher than they really are. It is usually not difficult for a company to come up with a reason for a write-off or a restructuring. Zacks Investment Research states that only 31 of the S&P 500 companies had a negative nonrecurring item in 1992. Eight years later, almost half (247 of the 500) of the companies reported negative nonrecurring items. Furthermore, 28 of the largest 1,000 companies reported negative nonrecurring items for eight quarters in a row. If all of those charges are legitimate, that seems like a whole lot of bad decisions by some of the brightest and highest-paid executives in America. An alternative explanation for at least some of those negative nonrecurring items might be big-bath charges that can be used in future periods to manage earnings.

Example: Former SEC chairman Arthur Levitt once spoke of a company that booked a large, one-time loss to earnings to reimburse franchisees for equipment they had not yet purchased. At the same time, the company announced future earnings would grow by 15 percent a year.

Pension estimates Companies can play games with their pension funds to smooth out earnings. Companies who offer employee pensions have a pension liability, which is an estimate of the estimated future obligations to their current and retired employees. Those liabilities are offset by a pension account that is funded by the organization. The company invests the money in the pension fund and earns a return on the fund. The higher the assumed rate of return on the fund, the smaller the payment the company has to make in any given year to fund its pension obligations. If the fund and its expected returns exceed the expected liability and the cost to operate the fund, the company can take the excess as a pension credit, which increases earnings. Historically the stock market has returned about 10 percent a year, bonds have returned less than that, and more conservative Treasury bills and savings accounts have returned much less than 10 percent. Sound investment principles would dictate that a company spread its money around among the investment options available to it and that a fairly hefty amount of the fund should be in more conservative and lower-return investments. Based on that, what would you expect companies to earn on their pension


90

funds? At one point, AT&T, General Motors, and IBM expected to earn 9.5 percent, 10 percent, and 10 percent, respectively on their pension funds. Why so high? Because the higher the forecasted rate, the less money the company needs to invest (and, if high enough, the greater the pension credit). This either leaves more revenue to drop to the bottom line or the credits actually add to the bottom line.

Example: In 1982, IBM estimated that its pension fund would earn 5.5 percent. In the next 20 years, the earnings rate doubled to 10 percent (an increase of 4.5 percent). In 2000, IBM’s pension assumptions showed that the fund would earn $896 million more than would be needed to fund the pension fund. This allowed IBM to take that money and add it to its bottom line. Unfortunately, if the assumption of 10 percent proves to be too low, sometime in the future IBM is going to have to take a hefty charge to profits to boost the pension fund so it can meet its pension obligations.

It is not hard to see how these pension assumptions can be used to manipulate income. Simply raise the estimated return on pension funds to increase income and lower them to decrease income. Sounds like a great way to manage earnings, a fact that many organizations have discovered and used. It is important to note that none of the above-mentioned companies have been accused of pension-fund fraud. They were used as examples to show how pension-fund estimates affect income. However, it is not hard to see how a company could use pension estimates to pump up its financial statements and thereby misstate them. It would not be the first time an aggressive use of a valid accounting principle has, in hindsight, been labeled fraud. Auditor response to management estimates Management has final responsibility for making most of the assumptions or judgments that are used to make these estimates. They are also responsible, on an ongoing basis, for monitoring the reasonableness of the accounting estimates. According to SAS No. 99, the auditor should consider the following in addressing fraud risk involving management estimates:

• Consider supplementing management’s estimates with additional audit evidence; • Use the supplemental information to develop an independent estimate; • Compare the auditor’s estimate to management’s estimate; • Determine if there are any differences, and if so, whether they indicate a possible bias on

the part of management; and • If a bias is suspected, the auditor should reconsider the estimates taken as a whole.

Another way to test for possible management biases is to review management judgments and assumptions from prior periods. If they were not accurate or realistic, it may indicate that current-year estimates may be biased. The best choices for these retrospective reviews are estimates significantly affected by management judgments or based on highly sensitive assumptions. It is important to realize that these reviews are not intended to call into question the auditor’s prior-year professional judgments that were based on the information available at the time. When auditors identify a possible prior-year bias in an accounting estimate, they should determine if it represents a fraud risk. If so, the auditor should reconsider the estimates taken as a whole. Management-estimates case study: W. R. Grace In the early 1990s W. R. Grace & Co. had what management considered a problem. Profits at its National Medical Care (NMC) unit were increasing over 30 percent a year, which was higher than its growth target of 24 percent. While that is a problem many companies would love to have, Grace was concerned that the rise in earnings (largely due to a change in Medicare reimbursement rules) could not be sustained, and that the subsequent fall would negatively affect stock prices.


91

The solution? Brian J. Smith, Grace’s chief financial officer, told NMC to report earnings that met the growth target and to place the excess profit in a reserve account. The intent was to later use the reserve to hide the anticipated slowing of future earnings. This would smooth out current and future company earnings and keep Wall Street happy. The deferred profits were discovered by Price Waterhouse, Grace’s auditors since 1906, when an auditor noticed a surplus in a physician-compensation reserve. Eugene Gaughan, the Price Waterhouse partner learned that this, and other surpluses, would amount to $23 million by year end 1991. Gaughan confronted Smith, who said Grace was not reporting the income because they wanted to keep NMC’s growth close to the 24-percent target. Gaughan indicated this was “inappropriate accounting,” as GAAP makes it clear that companies cannot set funds aside for a rainy day. GAAP only allows companies to reserve for liabilities that can be foreseen and quantified. Price Waterhouse tried to eliminate the reserves during the annual audit, but Grace would not allow them to make the change. Management said they wanted a “cushion for unforeseen future events.” Price Waterhouse decided that the reserves, while material to NMC, were not material to Grace’s financial statements. Using this materiality analysis as a basis, Price Waterhouse decided to give Grace’s financial statements a clean audit opinion. The reserves had grown to almost $55 million by the end of 1992. This time Price Waterhouse took a firmer stand and Grace’s management agreed to get rid of the reserve by gradually recognizing the funds as revenue. The auditors at Price Waterhouse were not the only ones to take notice of the reserves. Norman Eatough, Grace’s director of internal auditing, reported the “deliberate deferral of reporting of income” to the board of director’s audit committee. He later testified that he stopped short of calling the practice an outright fraud because he feared losing his job. The audit committee indicated they would investigate the reserves. About a month later, the committee dismissed his concerns because Mr. Gaughan and Price Waterhouse did not consider them to be material in amount. Mr. Eatough was fired in June 1994, in part because, as he claimed in a whistle-blower lawsuit, he complained about the reserves. Grace, on the other hand, claims he was fired for poor performance. The two sides settled last year on terms that were not disclosed. The SEC filed a case against Grace claiming that the company and six former executives fraudulently manipulated earnings. The defendants claim that Grace and other companies can use accounting techniques to deliver consistent earnings, as long as the amounts in question are not material to the financial statements. Others claim that most CFOs manage earnings the way Grace did and the SEC is now jumping up and down and calling the practices fraud. Without admitting or denying the charges, Grace signed a cease-and-desist order and promised $1 million to support educational programs to enhance public awareness of financial reporting and GAAP.


92

Chapter 7 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. Which of the following is true regarding GAAP rules when one entity controls another entity?

A. If a disclosure is made, sales between the parties may be recognized. B. Revenue between the parties can be recognized if they are at arm’s-length. C. Related party transactions should be disclosed, but the revenue between these parties

should not be recognized. D. Revenue between the parties can be recognized if both parties are located in the U.S.;

foreign related party transactions should be disclosed but not recognized. 2. In the Midland State Bank case, what could the original auditors have done to uncover the fraud?

A. Ask the board of directors about their knowledge of fraud. B. Talk to employees about things going on outside of the company’s books. C. Audit Eddie Thomas’ personal books. D. Scrutinize bank documents.

3. Procedures to address the risk of management override of controls should always be performed

for:

A. Financial statement audits of nonpublic entities. B. Financial statement audit of an employee benefit plan. C. Financial statement audit of a subsidiary. D. Financial statement audit of public entities.

4. How might a company boost earnings in a future year through a current year restructuring?

A. The company can over record its estimated expense for the restructuring, and then reverse the reserve in a subsequent period.

B. The company can over record assets during the restructuring period, and then write-off the assets in a subsequent period.

C. The company can use a higher rate of return for the restructuring than what is really expected, and then take the excess as a credit in a future period.

D. The company can use reserves created during highly profitable years before the restructuring, and then reverse the reserves when needed in a future period.

5. DDD Inc. is having a great year financially. The company decides to increase its allowance for

doubtful accounts from 5% of sales to 10% of sales, even though by the end of the year DDD has already collected 95% of the total sales. How should the auditor react?

A. The auditor should inquire why the reserve increased as a percent of sales, and if it

makes sense looking at the big picture. B. The auditor should not be concerned because DDD is being conservative. C. The auditor can conclude that this increase is not material to the financial statements

taken as a whole. D. The auditor can determine that DDD is fraudulently increasing its reserve to use in future,

less profitable years.


93

Chapter 7 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. Which of the following is true regarding GAAP rules when one entity controls another entity?

A. If a disclosure is made, sales between the parties may be recognized. Incorrect, because it is usually inappropriate to recognize revenue between these parties, even if the relationship is disclosed.

B. Revenue between the parties can be recognized if they are at arm’s-length. Incorrect, because an arm’s-length transaction occurs when the buyers and sellers of a product act independently and have no relationship to each other.

C. Related party transactions should be disclosed, but the revenue between these parties should not be recognized. Correct, because according to GAAP, financial statements should reflect arm’s-length transactions between independent parties, and revenue is not to be recognized on transactions between related parties. Related party disclosures are also required.

D. Revenue between the parties can be recognized if both parties are located in the U.S.; foreign related party transactions should be disclosed but not recognized. Incorrect, because the source of the revenue, whether domestic or foreign, is not a factor in determining if the revenue should be recognized.

2. In the Midland State Bank case, what could the original auditors have done to uncover the fraud?

A. Ask the board of directors about their knowledge of fraud. Incorrect, because the board of directors was surprised about the fraud Thomas has been covering. If the board of directors becomes aware of fraudulent activity, they should take steps to uncover it. In this example they hired new auditors to do a surprise examination of the bank.

B. Talk to employees about things going on outside of the company’s books. Correct, because in this case, and many others like it, employees who know about fraudulent activity are very willing to talk about it to auditors. They just need to be asked.

C. Audit Eddie Thomas’ personal books. Incorrect, because although Thomas kept his own records of the kickbacks and self-dealing in his personal accounts, auditors cannot examine an employee’s personal accounts.

D. Scrutinize bank documents. Incorrect, because bank documents did reveal the fraud. Thomas concealed the evidence in his own personal accounts, not in those of the bank.

3. Procedures to address the risk of management override of controls should always be performed

for:

A. Financial statement audits of nonpublic entities. Incorrect, because SAS No. 99 allows an exception to some or all of the procedures when the client is a nonpublic entity for which the auditor concludes there is little incentive or pressure to achieve specified levels of financial performance to satisfy either external or internal users of the financial statements or to inappropriately minimize income tax liabilities.

B. Financial statement audit of an employee benefit plan. Incorrect, because SAS No. 99 allows an exception to some or all of the procedures when an employee benefit plan audit is performed to satisfy regulatory requirements and when the auditor concludes there is little incentive or pressure to inappropriately report the financial condition or performance of the plan.

C. Financial statement audit of a subsidiary. Incorrect, because SAS No. 99 allows an exception to some or all of the procedures when the client is a subsidiary where the audit


94

is performed solely to satisfy requirements that are unrelated to financial condition or performance.

D. Financial statement audit of public entities. Correct, because the procedures should always be performed for financial statement audits of public entities because investors place pressures on management to achieve a given level of financial performance and management can be tempted to fudge numbers in order to achieve financial performance incentives.

4. How might a company boost earnings in a future year through a current year restructuring?

A. The company can over-record its estimated expense for the restructuring, and then reverse the reserve in a subsequent period. Correct, because companies can smooth earnings by playing with write-offs and one-time restructuring charges and at some point they use these reserves to smooth out financial returns. This technique is known as the big bath.

B. The company can over-record assets during the restructuring period, and then write-off the assets in a subsequent period. Incorrect, because a restructuring would typically involve writing-off or selling assets, not over recording them. Also, in the future year earnings would decrease when the assets are written off, not increase.

C. The company can use a higher rate of return for the restructuring than what is really expected, and then take the excess as a credit in a future period. Incorrect, because a rate of return is not used in a restructuring. Companies with pension plans can assume a high rate of return on the plan fund, thereby decreasing the payment the company has to make to fund the pension obligation. If the fund and its expected return exceed the expected liability and cost to operate the fund, the company can take the excess as a pension credit, which increases earnings.

D. The company can use reserves created during highly profitable years before the restructuring, and then reverse the reserves when needed in a future period. Incorrect, because in this example the reserves are created during the restructuring. Using reserves created during previous highly profitable years, such as inventory reserves, to boost earnings in a future less profitable year is another accounting technique.

5. DDD Inc. is having a great year financially. The company decides to increase its allowance for

doubtful accounts from 5% of sales to 10% of sales, even though by the end of the year DDD has already collected 95% of the total sales. How should the auditor react?

A. The auditor should inquire why the reserve increased as a percent of sales, and if

it makes sense looking at the big picture. Correct, because although it may appear that DDD is stashing reserves in a financially good year, the auditor should not jump to conclusions before investigating. The auditor should also not assume that it is always good accounting to be more conservative, especially if it doesn’t make sense in the big picture.

B. The auditor should not be concerned because DDD is being conservative. Incorrect, because even though DDD is creating more expense in the current period, it does not make the accounting estimate appropriate if there is no reason for the change.

C. The auditor can conclude that this increase is not material to the financial statements taken as a whole. Incorrect, because this example does not provide enough information to determine if the increase is material. Also, all potential adjustments to the financial statements should be aggregated before determining if they are material to the financial statements.

D. The auditor can determine that DDD is fraudulently increasing its reserve to use in future, less profitable years. Incorrect, because although DDD may be increasing its reserve during a financially good year, the auditor should not assume this is what is happening before investigating further. The auditor should maintain an attitude of professional skepticism.

Chapter 8: Evaluating Audit Tests, Communicating Results, Documenting Audit Work, and Studying Fraud Schemes

95



1. To analyze the audit test results by assessing fraud risks, using analytical procedures to detect fraud, evaluating fraud risk at the end of the audit, and responding to misstatements that may be the result of fraud

2. To express fraud findings, the SAS No. 99 documentation requirements, and steps an auditor can take to acquire further knowledge about fraud

Evaluating audit-test results SAS No. 99 discusses evaluating audit test results in four major sections: (i) assessing fraud risks throughout the audit; (ii) evaluating whether analytical procedures indicate a previously unrecognized fraud risk; (iii) evaluating fraud risk at or near the completion of the audit; and (iv) responding to misstatements that may be the result of fraud. Assessing fraud risk throughout the audit Auditors are required to assess the risk of material fraudulent misstatements throughout the audit. In doing so, they may identify conditions during fieldwork that either change or support their judgment regarding the assessment of fraud risk. SAS No. 99 lists the following examples:

• Accounting-records discrepancies, such as the following:

− Transactions that are incomplete or not recorded in a timely manner; − Transactions that are not properly recorded as to company policy, amount,

accounting period, or classification; − Balances or transactions that are unsupported or unauthorized; − Last-minute adjustments, especially those that significantly affect financial results;

and − Employees accessing the organization’s information systems or accounting records

in ways that are inconsistent with their authorized duties.

• Evidential matter that is conflicting or missing, such as the following:

− Documents that are missing; − Substituting photocopied or electronically transmitted documents for original

documents; − Items on reconciliations that are significant and unexplained; − Inconsistent, vague, or implausible responses from management or employees; − The organization’s records are significantly different from third-party responses, such

as confirmation replies; − Inventory or physical assets of significant magnitude that are missing; − Electronic evidence that is missing, unavailable, or is not maintained according to the

organization’s record-retention practices or policies; − No evidence that systems developed or updated during the year were tested prior to

and during implementation.

• Relationships between the auditor and client are problematic or unusual. For example:

− The client denies the auditor access to records, facilities, or people (employees, customers, vendors, etc.). It is important to note that this denial may represent a scope limitation that might require the auditor to qualify or disclaim an opinion on the financial statements.


96

− Management imposes undue time pressures, especially for complex or contentious issues.

− Inappropriate management actions are taken, such as intimidation of audit-team members or complaints about how the audit is conducted. This is particularly serious when it relates to the auditor’s critical assessment of audit evidence or to how potential disagreements with management are resolved.

− There are unusual delays in providing requested information. − Tips or complaints are made about alleged fraud. − The client is not willing to allow the auditor access to electronic files so the files can

be tested using computer-assisted audit techniques. − Access is denied to IT facilities and personnel (security, operations, and

development). Evaluating whether analytical procedures indicate a previously unrecognized fraud risk Auditors need to perform and review analytical procedures at least twice. First, auditors need to do so while planning the audit, in order to identify unusual or unexpected relationships that might indicate fraud risk. Any identified fraud risks should be investigated during the course of the audit. Auditors also need to perform and review analytical procedures. While reviewing audit results near the completion of the audit, to determine whether analytical procedures performed as substantive tests indicate any previously unrecognized fraud risks. SAS No. 99 gives a special emphasis to revenue-related analytical procedures, stating that they should be performed through the end of the reporting period. Any previously unrecognized fraud risks should be investigated. In analyzing the results of the analytical procedures, the auditor must exercise his or her professional judgment to determine which particular trends and relationships might indicate fraud risk. It is particularly important to carefully review year-end revenue and income. Two examples of unusual relationships that might indicate fraud are uncharacteristically large amounts of income from unusual transactions during the last few weeks of the reporting period and income that is not consistent with prior trends in cash flow from operations. When a fraud is perpetrated, normal relationships and trends are often thrown out of balance and can be spotted by the auditor. A clever perpetrator will cover his or her tracks by manipulating other data to make these relationships and trends appear normal. However, there are certain types of information that management and employees have a hard time manipulating in order to create seemingly normal or expected relationships. These unusual or unexpected analytical relationships are especially useful to auditors as they seek to uncover fraud risks and evidence of fraud. Some of the more useful relationships are presented in SAS No. 99:

• The relationship of net income to cash flows from operations may appear unusual because management recorded fictitious revenues and receivables but was unable to manipulate cash.

• A change in inventory, accounts payable, sales, or cost of sales from the prior period to the current period may be inconsistent, indicating a possible employee theft of inventory, because the employee was unable to manipulate all of these accounts.

• A comparison of the entity’s profitability to industry trends, which management cannot manipulate, may indicate trends or differences for further consideration when identifying risks of material misstatement due to fraud.

• A comparison of bad-debt write-offs to comparable industry data, which employees cannot manipulate, may provide unexplained relationships that could indicate a possible theft of cash receipts.

• An unexpected or unexplained relationship between sales volume as determined from the accounting records and production statistics maintained by operations personnel -- which may be more difficult for management to manipulate -- may indicate a possible misstatement of sales.”


97

When the auditor spots unusual relationships, one way to investigate them is to ask the client to explain what might have caused them. In such cases, it is especially important to note the client’s reactions to the questions. Responses that are vague, implausible, or are contrary with other evidential matter gathered during the audit should be investigated very carefully, as the client may be trying to cover up fraudulent activity. However, there is another good explanation for the client’s behavior and that is that he or she might not know what caused the unusual relationship and might be reluctant to admit it. Evaluating fraud risk at or near the completion of the audit Before the audit can be completed, the audit team needs to make a qualitative evaluation, based primarily on the auditor's judgment, of whether or not the evidence gathered from auditing procedures, analytical relationships, and other tests and observations affect the fraud-risk assessment made during planning. Based on this evaluation, the audit team must decide whether or not they need to perform any additional audit procedures or perform different audit procedures. During this evaluation, the person in charge of the audit must determine whether there has been appropriate and sufficient communication with other audit-team members about potential fraud risks. Responding to misstatements that may be the result of fraud When auditors identify a financial-statement misstatement, they need to determine whether or not it indicates that fraud has occurred. They also need to determine if the amount of the misstatement is material to the financial statements.

• When the amount is not material to the financial statements -- SAS No. 47 states “misstatements of relatively small amounts that come to the auditor’s attention could have a material effect on the financial statements.” So what should the auditor do if he or she believes misstatements are or may be the result of fraud, but the amount, by itself, is not material to the financial statements? According to SAS No. 99, the auditor “... should evaluate the implications, especially those dealing with the organizational position of the person(s) involved.” SAS No. 99 then gives the following two examples:

− Petty-cash-fund misappropriations normally have little effect on an auditor’s

assessment of fraud risk. Management typically does not have custody of the fund or administer it, and the amount lost is limited due to the small size of the fund.

− Immaterial fraud involving management is more serious, as it might indicate a lack of integrity on the part of management. As a result, the auditor should determine how a lack of management or employee integrity will affect the audit. In particular, the auditor should re-evaluate the fraud-risk assessment and its resulting impact on the nature, timing, and extent of the tests of balances or transactions as well as the assessment of how effective the controls are if control risk was assessed below the maximum.

• The amount is material to the financial statements -- When the misstatement is, or

may be, the result of fraud and is material to the financial statements (or materiality is unknown), the auditor should do the following:

− Determine how this impacts other aspects of the audit. − Talk to managers that are one level above those involved, with senior management,

and the audit committee. If senior management is thought to be involved, the auditor should go straight to the audit committee. These discussions should lead to a determination as to how to investigate the fraud.

− Gather additional evidence to determine whether material fraud has actually occurred or is likely to have occurred. If it has, the auditor should determine the fraud’s effect on the financial statements and the audit report.

− Where appropriate, suggest that the client consult with legal counsel.


98

• When the amount represents a significant risk of material misstatement -- When there is a significant risk of material misstatement due to fraud the auditor should consider withdrawing from the audit and letting the audit committee (or those with equivalent authority and responsibility) know why. Because each engagement is different and can have so many different variables, it is difficult to specify when withdrawal is appropriate. However, two of the most important considerations are: (i) what implications the auditors’ findings have on their evaluation of management integrity; and (ii) how diligent and cooperative the client (management, audit committee, the board of directors, etc.) is in investigating the circumstances and in taking appropriate action.

Before withdrawing, the auditor should consider consulting with legal counsel. Communicating fraud findings and documenting the auditor's consideration of fraud Communicating fraud findings When evidence that a fraud may exist is discovered, the auditor needs to bring it to the attention of an appropriate level of management. Note that SAS No. 99 does not state that if risk factors are found they must be brought to the attention of management. While the auditor may well want to bring identified risk factors to the attention of management so that they can institute controls to mitigate their effects, the auditor is not required to do so. The auditor is only required to bring evidence that a fraud may exist to the attention of management. Normally the auditor should take the evidence about fraud to management at least one level above that where the fraud is suspected or took place. The auditor should communicate this information even if the fraud is immaterial or inconsequential, such as embezzlement by a lower-level employee. To avoid disagreements or problems regarding lower-level employee misappropriations, the auditor and the audit committee should reach an understanding prior to the engagement about the expected nature and extent of communications if such a fraud takes place. When fraud involves senior management and when it causes a material misstatement of the financial statements it should be reported directly to the audit committee, who can take the matter to the entire board of directors. If an audit committee does not exist, the fraud should be reported to the senior executive in the firm. If there is a possibility that this senior executive is involved in the fraud, the auditor should consider withdrawing from the engagement. Sometimes the auditor will have to determine if the following items represent reportable conditions that should be communicated to the audit committee and senior management: (i) risk factors with continuing control implications (whether or not transactions or adjustments that could be the result of fraud have been detected); and (ii) the absence of, or the poor quality of, deficiencies in programs and controls to minimize or prevent specific fraud risks (or to otherwise help prevent, deter, and detect fraud). Conditions other than reportable conditions may also be reported if it is possible for management to take actions to address them. The fraud risks the auditor identifies during his or her risk assessment can, and probably should, be communicated to the client. This can be communicated in three ways: (i) separately to the audit committee; (ii) as a part of an overall communication of business and financial-statement risks affecting the organization; and (iii) as part of the auditor’s report on the quality of the entity’s accounting principles Ordinarily the auditor is not required to disclose possible fraud to anyone other than the client's senior management and its audit committee. In fact, the auditor's ethical or legal obligations of confidentiality do not allow him to disclose this information unless the matter is reflected in the auditor's report. However, SAS No. 99 specifies that auditors do have a responsibility, in the following circumstances, to disclose information to outsiders:

• To comply with certain legal and regulatory requirements, such as engagement termination reports (reporting auditor changes on Form 8-K or when the fraud risk factors


99

constitute a reportable event or are the source of a disagreement) or reports relating to an illegal act that has a material effect on the financial statements;

• To a successor auditor when they make an inquiry to comply with SAS No. 84, Communications Between Predecessor and Successor Auditors;

• In response to a subpoena; and • To a funding or other specified agency in accordance with requirements for the audits of

entities that receive financial assistance from the government. Before discussing any of the items in this section with parties other than the client, the auditor may wish to consult with legal counsel to avoid potential conflicts with the auditor's ethical and legal obligations for confidentiality. Documenting the auditor's consideration of fraud SAS No. 99 significantly extends the auditor’s documentation requirements with respect to fraud. Auditors are now required to document in their working papers evidence of their compliance with virtually all the major requirements of SAS No. 99 in order to help ensure that they comply with its new requirements. Required SAS No. 99 documentation SAS No. 99, paragraph 82 lists the following items that auditors must document:

• Discussions among engagement personnel while planning the audit. The documentation should include: (i) The susceptibility of the entity’s financial statements to material misstatement

due to fraud; (ii) How and when the discussion occurred; (iii) The audit-team members who participated; and (iv) The subject matter discussed.

• The procedures the audit team performed to gather the information they needed to identify and assess fraud risks.

• The fraud risk factors that were identified during planning and field work and the auditor’s response to those risks.

• When the auditor concludes that additional procedures to address the risk of management override of controls is not necessary, the support for that conclusion must be documented.

• The communications to management, the audit committee, and others regarding fraud should also be documented.

Suggested SAS No. 99 documentation Though not required by SAS No. 99, auditors may also want to consider documenting:

• How fraud risk factors were considered; • Why the auditor believes that the identified risk factors might lead to fraud; • The reasoning behind the auditor’s response to the risk factors; • Any current control policies that might alleviate the effect of risk factors; • Any actions the client plans to take to alleviate the identified risks; • All inquiries of management and other client personnel (who was asked, what was asked,

their responses, etc.); • The auditor's response to the risk factors identified, whether the response was individual

or in combination with other risk factors; and • The auditor’s conclusion as to whether or not there is a heightened risk of fraud. When

there is a heightened risk, the auditor could document his or her basis for that conclusion, including the specific risk factors found and their effect on the nature, timing, and extent of audit procedures.


100

Form of documentation The auditor is allowed significant flexibility with respect to the form of documentation used to meet documentation requirements. It might take the form of a comprehensive checklist that lists risk factors by category or a memo to document the risk factors identified and the planned response. Two other items of documentation that are important are the engagement letter and the management letter. Each of these is now discussed. Engagement letter SAS No. 99 does not mention the engagement letter, but it is important for the auditor to make sure that the responsibilities of both management and the auditors are spelled out in the engagement letter. Doing so may help reduce the legal liability of the auditor. Some audit firms currently send engagement letters with a sentence that goes something like “An audit is not designed and cannot be relied upon to detect irregularities such as defalcations and embezzlements.” Unfortunately, this sentence has not accurately described the auditor’s responsibility to detect fraud for some time. Now that SAS No. 99 has become effective, the engagement letter should describe the auditor’s responsibility for fraud detection in terms that are consistent with the new pronouncement. For example, the auditor could use terminology such as the following in their engagement letters:

“The purpose of our audit is to express an opinion on the company’s financial statements that provides reasonable assurance that those statements are free of material misstatement, whether caused by error or fraud. However, an audit cannot provide absolute assurance that all material misstatements are detected. Also, an audit is not designed to detect error or fraud that is immaterial to the financial statements and cannot be relied upon to do so.”

Representation letter SAS No. 83, Establishing an Understanding with the Client, contains an example representation letter. The letter suggests the following management representations, which can be used to partially document the requirement in SAS No. 99 that the auditor inquire about management’s knowledge of frauds:

• There has not been any fraud involving management or employees who have significant roles in internal control; and

• There has not been any fraud involving others that could have a material effect on the financial statements.

Prior to SAS No. 82, none of the communications with the client required the auditor to use the word “fraud.” Fraud, in the eyes of many, is an emotionally laden word. Therefore, it is a good idea for the auditor to verbally explain to top management that SAS No. 99 requires the use of the word “fraud” in all GAAP audits (not just their audit), rather than the word “irregularities,” which was used prior to SAS No. 82. This should help ensure that there is no misunderstanding or ill will created when they receive the engagement letter or when the suggested statements regarding fraud are requested in the management representation letter. It is certainly better to spend a little time up-front to maintain good client relations than it is to try and mend fences when a problem occurs. It is the policy of some CPA firms to require their personnel to write a memo at the end of the audit to document all client inquires and management responses concerning irregularities and illegal acts. With the issuance of SAS No. 99, this policy should be updated to include the fraud-related inquiries. If the CPA firm does not have such a policy, it is advisable that they adopt one to comply with the new fraud-related documentation requirement. To understand fraud, study fraud schemes In his article “The Proper Study of a Fraud Examiner is . . . Fraud Itself,” W. Michael Kramer, in an article in The White Paper, the semi-monthly publication of the Association of Certified Fraud Examiners, describes an experience he had that illustrates that the best way to learn about fraud is to study past fraud cases.


101

He states that some experienced fraud examiners and accountants were discussing frauds that affect banks. The fraud experts had little experience with check-kiting schemes and the group made little progress. Finally, an accountant with little fraud experience described in detail how a kite works, the circumstances that prompt it, and those likely to be involved. With this explanation, the fraud experts identified the red flags and wrote a computer program to detect them. The point: an accountant who knew little about fraud examination, but a lot about check kiting, contributed more than experts who knew a lot about fraud examination, but little about check kiting. We often spend too much time studying fraud prevention, detection, and audit and not enough studying fraud itself. If we do not understand what we are looking for -- how the schemes work, when and why they arise, and who is likely to commit them -- how can we expect to detect them? Drawing on his own experience, the author of this book, Marshall Romney, confirms this. One of his first cases involved a major retailer whose buyers were suspected of taking kickbacks. His audit team had to figure out, based on the limited information available, how the scheme operated -- who was paying whom and how. With this information they were able to get the perpetrators to confess. Then they spent a day or two in interviews to find the details of how they originated the scheme, made and concealed the payments, responded to the investigation, and thought they could avoid detection. Romney regards these sessions as the most valuable experience of his career. He claims the interviews were worth more than all the fraud courses he has ever taken and that he gained insights unavailable anywhere else that helped in future cases. Romney also saw how important understanding fraud schemes was while developing computer programs to detect procurement fraud. He identified common schemes and the red flags of each, decided which could be found by computer database queries, and wrote the program to detect them. He thought writing the program to detect indicators would be difficult, but it was easy with the necessary data. He thought identifying the red flags would be easy, but it was difficult. When he knew how the schemes worked, he could identify the red flags and write a detection program. Romney’s success did not come from a review of fraud-auditing methodology, audit programs, or available software, but from an in-depth study of the schemes themselves. Many people who have fraud-detection responsibilities do not understand the schemes or red flags they are expected to find. So, how do we acquire this knowledge?

• Review case histories within your organization. • Obtain information on fraud schemes from industry groups. • Establish contacts with law enforcement agencies who understand fraud schemes. • Debrief fraud perpetrators. Insist that the guilty parties describe in detail why and how

they committed the scheme, if anyone else was involved, and what other frauds are occurring. Employers often fire the first employee caught without inquiring about the fraud’s full scope. This is a costly mistake, as this employee can usually point you to others in the company who are committing fraud.

• Get more training on the topic so you can understand perpetrator motives and methods.

A humbled former attorney general rebuilds his life The White Paper also printed a story about Steve Clark, who descended from a family of distinguished farmers, preachers, teachers, and politicians. He completed college in three years and graduated from law school at age 25. Before he reached age 30 he was a private practitioner, a municipal judge, elected president of the Young Lawyers of Arkansas, the assistant dean of a law school, and then the governor’s chief of staff. At age 31, he became the youngest elected attorney general. Clark was the first attorney general to be elected president of the National Association of Attorneys General, the only Arkansas attorney to ever argue eight cases before the U.S. Supreme Court, and the only attorney general ever re-elected five times. Clark himself said “I had a dream and that was to be governor of Arkansas. I was on my way. I would have my dream. I was going to accomplish this goal without a doubt. I would be governor.” Clark admitted he wanted to join the league of “big dogs.”


102

As he was mounting his bid for the governor, Clark was accused of using a state-owned credit card as attorney general to entertain family, friends, and girlfriends at the state’s expense. After an investigation, he was indicted for a Class C felony, theft by deception, which carried a minimum fine of $10,000 and could be coupled with a penitentiary sentence of up to 20 years. He was convicted and fined $10,000. Clark quit his job and was stripped of his law license. Years later Steve described himself as follows: “Now let me tell you who I am. I’m twice divorced, bankrupt, an alcoholic, a felon, and a fraud. Yet, I’m probably the most blessed and most fortunate of any of the persons you’ve ever met.” Disgraced, discredited and hounded by a huge federal tax debt, Clark found himself in Austin, Texas, working for a friend’s healthcare business that eventually went bankrupt. He then applied for 70 jobs, got two interviews, and no offers. He finally found a job at Half-Price Books where he stocked books, worked the cash register, and cleaned the bathrooms. In the meantime, he remarried. His wife suggested he appeal to the state to retake the bar exam and become an attorney again. Texas is one of the few states that allow disbarred lawyers to apply for reinstatement. The state granted him permission and Clark passed the Texas bar on the third try. After a hearing, the state allowed him to practice law. He has a small general civil practice in Austin. Drawing from his lessons, Clark counsels officials to keep meticulous expense records, something he did not do. But he also has more personal recommendations. “I learned I’m not the center of the universe. I’m neither a fixture nor a necessity in this world. I’m just part of the story line. Many people practice war and not life. Life is about faith, family, and friends. I decided I want to practice life.” Fraudulent financial statements: A scenario The following scenario embodies elements from several recent financial-statement frauds and shows the path that a perpetrator might follow in committing a financial-statement fraud. You are the CEO of one of Wall Street’s darlings. Growth at your company has averaged 25 to 30 percent for the last several years. During that time you have never missed an earnings target. Market analysts are pestering you for information on the upcoming quarterly earnings announcement. They are predicting earnings of $1.25 per share, up nicely from the same quarter last year. Unfortunately, growth has slowed to 15 to 20 percent and a recently introduced product is not selling as well as expected. Profits are going to take a big hit and your company will be lucky to earn half the estimated $1.25 per share. When the word gets out, the stock price is bound to collapse. Realizing what is at stake, you wonder when, how, and IF you should tell the analysts the bad news. You consider yourself honest and ethical and believe almost everyone looks up to and admires you. Ironically, when the truth about the earnings is announced, quite a few of the people who like you so well will lose their jobs. Furthermore, there is no guarantee that you will be able to keep your job. At a minimum, your performance-based bonus and stock options will be drastically cut. Unfortunately, the situation you find yourself in is your own fault. You had such great faith in the new product line that you gambled much of the company’s future on it. What do you do? It seems to you that the lesser of two evils is to fix the numbers before the quarterly report goes out. You think to yourself “If I can just get past this quarter I will be able to fix the problems with the new product and get the company back on track.” Since there are two weeks left before the first quarter ends, you send word that you want everyone to work overtime. You tell sales to offer all large customers a five-percent discount if they will anticipate their needs for the next quarter and place the order now. To make the offer more attractive, you agree to allow the customers to pay for these goods in 90 days, rather than the normal 30 days. Production will have to work as much overtime as is required to produce all the goods that are sold so they can be shipped on


103

time. You want every order that is received to be shipped before the quarter ends. You barely meet your first-quarter earnings numbers and all is well. However, in the second quarter the new product is still not doing as well as you hoped and sales on the other products are down because you stuffed the sales channel at the end of the first quarter. With a month to go in the second quarter, you again accelerate the sales and shipping process but you soon realize that will not make second-quarter numbers. You tell your sales staff to offer a 10-percent discount. After more soul searching you decide to stretch things a bit further. “Hey, what is a day or two in the larger scheme of things?” you think to yourself as you tell the CFO to meet your earnings goals by holding the books open at the end of the quarter for as long as needed, which ends up being a week. Things are really bad in the third quarter. Customers are waiting for the end-of-quarter discount before ordering. With two months to go, you institute a 10-percent discount and then raise it to 15 percent with a week to go. Even so, you are still way off from your numbers. At this point, you realize you have dug yourself a huge hole. You cannot stop playing with sales revenue, as sales will really come crashing down, and much more than just your job is now on the line. So, in order to buy more time to fix the company’s problems, you have the CFO show all goods on consignment as third-quarter sales and bill as many customers for unshipped orders as is necessary to meet your numbers. At this point you realize, though you may not admit it to yourself, that you are no longer just stretching things in “hazy” areas. You have crossed the line and have committed a fraud. You realize your only hope is to buy more time to fix the company’s problems. However, something in the back of your mind keeps nagging you, and that is that you are now so consumed with how to manipulate the books to meet the numbers that you do not have the time to solve the company problems that got you into this mess in the first place. Eventually, someone will pick up on what you are doing or someone in the company will no longer be able to justify what they are doing and their conscience will bother them so much that they will step forward and blow the whistle. How long will it take? That all depends on how many more tricks you have up your sleeve for accelerating or manufacturing revenues. Avoiding legal liability during audits This section summarizes SAS No. 99 and suggests 13 ways that auditors can avoid legal liability when conducting audits. Recognize that plaintiff attorneys can use the detailed listing of risk factors in SAS No. 99 to measure auditor performance. In other words, they can use them against you. Make sure that you hold the discussions regarding the risks of material misstatements of the financial statements due to fraud with the audit-team members as required by SAS No. 99. You and the other audit-team members should discuss among yourselves how and where the company’s financial statements might be susceptible to material misstatement due to fraud. This will help all of you remember how important it is to adopt an appropriate mindset of professional skepticism, especially with respect to the potential for material misstatement due to fraud. You are now required to document your compliance with virtually all the major requirements of SAS No. 99. Make sure you comply with this new requirement: Document how you tailored your fieldwork based upon the fraud risk factors identified during the planning stage. If you find fraud risk factors during any stage of the audit, think very carefully before you decide not to expand testing. If you do not expand your tests, carefully document your reasons for not doing so. Make sure you obtain the information needed to identify the risks of material misstatement due to fraud. SAS No. 99 requires auditors to gather more information than simply considering the risk factors, as was required in SAS No. 82. You must also expand your inquiries, consider the results of analytical


104

procedures, and consider other information, such as information obtained during the acceptance and continuance of engagements, while conducting reviews of interim financial statements, and while considering audit risk. Make sure the required inquiries of management, the audit committee, and the internal audit function are made. However, do not limit your inquiries about fraud to them. Also make inquiries of lower-level management and the people in the organization that are responsible for fraud detection. When a fraud is being perpetrated, there is usually someone in the organization that either knows about it or has strong suspicions that it is taking place. They are usually reluctant to come forward on their own, but often are more than willing to tell all they know when asked directly about fraud. Another good reason for asking these people about fraud is that it provides the auditor with some measure of protection against legal liability. If there have been any prior fraudulent activities, carefully consider whether you need to modify your audit procedures to audit those areas in more detail. Use the information you gather to identify the risks that may result in a material misstatement due to fraud. Assess the identified risks after taking into account an evaluation of the entity’s programs and controls that address the risks. You need to evaluate your client's programs and controls that address the identified risks of material misstatement due to fraud. You should then assess these risks based on your evaluation. To avoid malpractice suits, be sure to thoroughly document your fraud-risk assessment. Do so in all stages of the audit and then at the end of the audit make sure there are no loose ends regarding the fraud risk assessment. It is especially important to document the fraud-risk assessment during the planning stage, as many malpractice cases are built on inadequate documentation in this stage. Respond to the assessment results. You must respond to risks that have an overall effect on how the audit is conducted, relate to the nature, timing, and extent of the auditing procedures to be performed, and are related to material misstatements due to management override of controls. For example, when fraud risk factors are found, assign more experienced people to the audit. It is important to not just assign people with more years in the firm to the engagement. Instead, those assigned should be experienced in the client’s industry, should have received training in fraud detection, and where possible, they should have actual experience in detecting fraud. When necessary, consider employing the services of a forensic auditor that specializes in fraud detection. Evaluate audit-test results. You are required to assess the risk of material fraudulent misstatements throughout the audit. When the audit is completed, you must evaluate whether your preliminary assessment is affected by the evidence gathered during the audit. In addition, you must determine whether any identified misstatements may indicate the presence of fraud. If they do, you must determine the impact of this on the financial statements and the audit. Communicate with management, the audit committee, and others about any possible fraud. Provide your staff with the training they need to understand SAS No. 99 and to recognize the risk factors it delineates. Auditors can work more effectively and thoroughly if they are able to recognize the signs of fraudulent activities. It is especially important that the younger staff receive adequate training in recognizing fraud symptoms, since they are the people conducting fieldwork and are most likely to uncover fraud. Be sure to discuss the requirements of SAS No. 99 with your clients. Make sure they understand the requirement to use the word “fraud,” and take the time to clear up any concerns they have. Do not be afraid to issue a modified audit report if circumstances require it. Research shows that auditors pay the lowest settlements or win the highest dismissal rates when modified reports are issued and pay the highest payments when modified repots are not appropriately issued.


105

Chapter 8 Review Questions The review questions accompanying each chapter are designed to assist you in achieving the learning objectives stated at the beginning of each chapter. The review section is not graded; do not submit it in place of your final exam. While completing the review questions, it may be helpful to study any unfamiliar terms in the glossary in addition to chapter course content. After completing the review questions for each chapter, proceed to the review question answers and rationales. 1. Which of the following would a fraud perpetrator find difficult, or impossible, to hide?

A. Whether the company is meeting debt covenants. B. Inflating inventory. C. The relationship of net income to cash flows. D. Kickbacks received from vendors.

2. What should an auditor do when unusual relationships are discovered while performing analytical

procedures?

A. Report the fraud to the board of directors. B. Investigate the results by asking the client to explain what may be the cause. C. Have management represent that no fraudulent activity has occurred even though

unusual relationships between accounts have been discovered. D. Withdraw from the engagement.

3. Karen, Bear Company’s auditor, has discovered that a senior executive has been involved in

company fraud. What should Karen do?

A. Take the evidence to management at least one level above where the suspected fraud took place.

B. Take the matter to the board of directors. C. Alert the audit committee. D. Withdraw from the engagement.

4. What form of documentation does SAS No. 99 require to be used to meet its requirements

regarding the auditor’s consideration of fraud?

A. A comprehensive checklist. B. A memorandum to the file. C. No specific type of documentation is required. D. No documentation is required.

5. What does the author suggest is a way to acquire knowledge about the schemes and red flags

auditors are expected find?

A. Obtain information on fraud schemes from industry groups. B. Study fraud prevention. C. Learn about fraud detection. D. Increase your knowledge of audit.


106

Chapter 8 Review Question Answers and Rationales Review question answer choices are accompanied by unique, logical reasoning (rationales) as to why an answer is correct or incorrect. Evaluative feedback to incorrect responses and reinforcement feedback to correct responses are both provided. 1. Which of the following would a fraud perpetrator find difficult, or impossible, to hide?

A. Whether the company is meeting debt covenants. Incorrect, because many fraud schemes involve boosting the balances of specific accounts in order to “meet” debt covenants.

B. Inflating inventory. Incorrect, because many fraud schemes involve inflating inventory. A fraud may be uncovered by comparing a change in inventory, accounts payable, sales, or cost of sales from the prior period to the current period.

C. The relationship of net income to cash flows. Correct, because SAS No. 99 provides examples of relationships that perpetrators have a hard time manipulating. The examples include the relationship of net income to cash flows which may appear unusual because management recorded fictitious revenues and receivables but was unable to manipulate cash. The focus is on the relationships between the accounts, not on the individual accounts.

D. Kickbacks received from vendors. Incorrect, because kickbacks are often difficult to uncover since they are an off-the-books item.

2. What should an auditor do when unusual relationships are discovered while performing analytical

procedures?

A. Report the fraud to the board of directors. Incorrect, because at this point the auditor should not assume fraudulent activity has occurred. If fraud is uncovered, the auditor should communicate this to a member of management one level up from the person who committed the fraud.

B. Investigate the results by asking the client to explain what may be the cause. Correct, because when the auditor spots unusual relationships, one way to investigate them is to ask the client to explain what might have caused them. The auditor should especially note the reaction the client has to the question as much as the answer to the question.

C. Have management represent that no fraudulent activity has occurred even though unusual relationships between accounts have been discovered. Incorrect, because this is not an appropriate management representation regarding fraud in the financial statements. The auditor will also want to take additional steps to determine if there is fraud in the financial statements, and not solely rely on management’s representations.

D. Withdraw from the engagement. Incorrect, because at this point, the auditor cannot assume that anything fraudulent is occurring in the company. Depending on the nature of the fraud, the auditor does not necessarily have to withdraw from the engagement.

3. Karen, Bear Company’s auditor, has discovered that a senior executive has been involved in

company fraud. What should Karen do?

A. Take the evidence to management at least one level above where the suspected fraud took place. Incorrect, because the senior executive is the uppermost management, there is no level above this.

B. Take the matter to the board of directors. Incorrect, because if fraud involves senior management, not a senior executive, the auditor should report it directly to the audit committee who in turn can take the matter to the board of directors.

C. Alert the audit committee. Incorrect, because if the fraud involves a member of senior management, not a senior executive, the auditor can take the matter to the audit


107

committee. If an audit committee does not exist, then the auditor should report the fraud to the senior executive.

D. Withdraw from the engagement. Correct, because if there is a possibility that the senior executive is involved in fraud, the auditor should consider withdrawing from the engagement. Before withdrawing, the auditor should consult with legal counsel.

4. What form of documentation does SAS No. 99 require to be used to meet its requirements

regarding the auditor’s consideration of fraud?

A. A comprehensive checklist. Incorrect, because a comprehensive checklist that lists risk factors by category is an example of the documentation that may be used, but it is not the only type.

B. A memorandum to the file. Incorrect, because a memo to document the risk factors identified and the planned response is an example of the documentation that can be used, but it is not the only type.

C. No specific type of documentation is required. Correct, because the auditor is allowed significant flexibility with respect to the form of documentation used to meet the auditor’s consideration of fraud documentation requirements. However, some form of documentation is required in the work papers.

D. No documentation is required. Incorrect, because a form of documentation is required in the work papers.

5. What does the author suggest is a way to acquire knowledge about the schemes and red flags

auditors are expected find?

A. Obtain information on fraud schemes from industry groups. Correct, because an auditor can acquire knowledge about schemes and red flags by:

• Reviewing case histories within your organization • Obtaining information on fraud schemes from industry groups • Establishing contacts with law enforcement agencies who understand fraud

schemes • Debriefing fraud perpetrators • Getting more training on the topic to understand perpetrator motives and methods

B. Study fraud prevention. Incorrect, because according to the author, too much time is spent on areas such as fraud prevention and not enough studying fraud itself.

C. Learn about fraud detection. Incorrect, because although learning about fraud detection is a start, without understanding what the auditor should be looking for, the auditor cannot be expected to detect the red flags.

D. Increase your knowledge of audit. Incorrect, because knowledge of audit is different from knowledge of fraud.

Glossary

108

Glossary This is a glossary of key terms with definitions. Please review any terms you are not familiar with. American Institute of Certified Public Accountants (AICPA): A national not-for-profit association with members in public accounting, law, education, and the government. Arm’s-length transaction: A transaction in which the buyers and sellers of a product act independently and have no relationship to each other. Asset turnover: Indicates the relationship between assets and revenue. It is calculated as revenue divided by total assets. Auditing Standards Board (ASB): The senior technical body of the AICPA which develops and issues Statements on Auditing Standards. Big bath: The strategy of manipulating a company's income statement to make poor results look even worse. The big bath is often implemented in a bad year to enhance next year's earnings artificially. Bill-and-hold sale: The customer agrees to purchase goods, but the seller retains possession until the customer requests shipment. Channel stuffing: Persuading distributors to accept more product than they need or want. This typically occurs in times of declining sales or revenues. Collusion: A secret agreement or cooperation between management, employees, or outsiders, especially for an illegal or deceitful purpose, such as concealing fraud. Committee on Sponsoring Organizations (COSO): A committee organized to study internal controls and improve the quality of financial reporting. Cookie jar accounting: An accounting practice where a company uses generous reserves from good years against losses that might be incurred in bad years. Current ratio: A measure of how much liquidity a company has. It is calculated as current assets divided by current liabilities. Debt-to-capital: A ratio that shows the proportion of a company's debt to its total capital. Earnings management: A process where management selects GAAP accounting methods based on whether they will produce the desired results rather than whether they reflect economic reality. Expectation gap: The difference between what the public expects auditors to do regarding fraud in audited companies, and what auditors are required to do. Fraud: An intentional act of deceit that results in the perpetrator gaining an unfair advantage over another person. Fraudulent financial reporting: Intentional misstatements or omissions of amounts or disclosures in financial statements that are intended to deceive financial-statement users. Gross margin: The relationship between revenue and cost of goods sold. It is calculated by subtracting cost of goods sold from revenues, or it can be expressed as a percentage, calculated as (revenues minus cost of goods sold) divided by revenues.

Glossary

109

Kiting: A fraud scheme where a check is written against an account at one bank, which usually does not have enough sufficient funds to cover it, and it is deposited or cashed through a different account at another bank to take advantage of the time lapse before the check clears. Lapping: A fraud scheme which occurs when cash receipts are not recorded right away but are shifted between different accounts. Misappropriation of assets: The theft of an entity’s assets, often involving creating or using false or misleading documents or records. Opportunity: The condition or situation that allows a person to commit and conceal a dishonest act. Perceived opportunity: The perpetrator’s belief that the company is weak in a certain area that may allow fraud to occur. Ponzi scheme: A type of illegal pyramid scheme named after Charles Ponzi. This is a type of scheme where money from new investors is used to payoff earlier investors, or a “rob-Peter-to-pay-Paul” principle. Public Oversight Board (POB): A self-regulatory system that oversees the accounting profession in the United States. Questionable accounting practices: The means individuals use to manage company earnings and make their financial statements look better. Rationalization: A justification or reconciliation of a dishonest action used by a perpetrator. Return on equity: A tool used by investors to determine management’s financial capabilities. It is calculated by dividing current year earnings by average shareholder’s equity for the year. SAS No. 99: Statement on Auditing Standards No. 99, Consideration of Fraud in a Financial Statement Audit, superseded SAS No. 82, created to improve audit performance and increase the likelihood that auditors will detect material fraudulent misstatements. Sham transaction: A transaction without substance, which will be ignored for tax purposes. Situational pressure: A problem that motivates a person to act dishonestly. Special-purpose entities: A legal entity created to fulfill narrow, specific, or temporary objectives, primarily to isolate financial risk. Statements on Auditing Standards (SAS): Statements issued by the Auditing Standards Board to provide guidance to external auditors on generally accepted auditing standards in regards to auditing an entity and issuing a report. Synthetic lease: A financing structure by which a company structures the ownership of an asset so that for financial accounting purposes (under pre-2003 GAAP), the asset is owned by a special-purpose entity and leased to the operating company under an operating lease. Working capital: A measure of a company’s liquidity. It is calculated as current assets minus current liabilities.

Index

110

Index

A

Accounting principles . 7, 8, 9, 13, 20, 54, 55, 63, 64, 66, 82, 90, 98

Accounts payable. 25, 35, 37, 39, 46, 47, 62, 96, 106, 114

American Institute of Certified Public Accountants (AICPA)...............i, 4, 5, 108, 112

Analytical procedures... 7, 40, 41, 45, 47, 51, 53, 55, 57, 58, 61, 63, 64, 65, 68, 95, 96, 104, 105, 106, 117

arm's-length transactions .................................82 Asset turnover ..........................................48, 108 Association of Certified Fraud Examiners...1, 42,

71, 100 Attitude14, 19, 20, 22, 24, 25, 32, 33, 39, 41, 54,

94, 113, 114 Audit i, 2, 4, 5, 6, 7, 8, 10, 14, 16, 17, 18, 19, 20,

21, 22, 24, 26, 35, 40, 41, 42, 43, 44, 45, 49, 51, 52, 53, 54, 55, 56, 57, 58, 60, 62, 63, 64, 67, 68, 69, 75, 78, 79, 80, 81, 82, 84, 87, 88, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 103, 104, 105, 106, 107, 108, 109, 113, 114, 115, 117, 118

Audit committee . 6, 7, 19, 20, 21, 22, 24, 43, 44, 51, 52, 91, 97, 98, 99, 104, 105, 106, 113, 115, 118

audit team.......................................40, 41, 45, 55 Auditing Standards Board (ASB)4, 5, 6, 108, 109

B

Big bath ..................................... 89, 94, 108, 117 Bill-and-hold .................. 76, 77, 78, 80, 108, 116 bill-and-hold schemes ......................................76 bill-and-hold transactions ...........................76, 77

C

channel stuffing ................................................73 Channel stuffing ...............................73, 108, 116 collusion .................................... 2, 6, 8, 9, 25, 50 Collusion............................ 2, 6, 8, 9, 25, 50, 108 Commit ... 1, 2, 3, 4, 9, 12, 16, 17, 20, 21, 23, 24,

26, 27, 29, 32, 37, 38, 41, 42, 44, 66, 67, 69, 86, 89, 101, 109, 114

committee on sponsoring organizations ..........66 Committee on Sponsoring Organizations

(COSO).................................................66, 108 Composition .....................................................19 Conceal .... 2, 4, 9, 17, 29, 30, 39, 41, 64, 75, 81,

86, 109 concealment.........................................2, 6, 8, 10 conversion....................................................1, 10 Convert.....................................................1, 2, 29

Cookie jar accounting ....................................108 cookie-jar accounting.......................................89 coso .................................................................66 Current ratio .............................................48, 108 Cut-off fraud ...............................................71, 74 cut-off frauds ....................................................71

D

Debt-to-capital..........................................85, 108 Disclosure failure .............................................81

E

Earnings management.......................43, 73, 108 engagement letter ..........................................100 Evidence .....2, 6, 7, 9, 11, 13, 14, 35, 41, 43, 47,

48, 54, 55, 56, 57, 64, 83, 84, 90, 93, 95, 96, 97, 98, 99, 104, 105, 106

evidential matter.............................35, 56, 95, 97 Expectation gap .............................4, 5, 108, 112 Extent ii, 7, 43, 45, 54, 56, 57, 58, 64, 83, 87, 88,

97, 98, 99, 104, 115

F

Falsified documentation.................................6, 8 fictitious revenues ......................................66, 73 Financial-statement audit.....................5, 7, 8, 86 financial-statement audits ..........................5, 7, 8 Fraud..1, i, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,

14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 75, 76, 77, 78, 79, 80, 81, 82, 84, 86, 87, 88, 89, 90, 91, 92, 93, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 112, 113, 114, 115, 116, 117, 118, 119, 2

Fraud audit.........................................................8 fraud audits ......................................................8 fraudulent financial reporting ....2, 6, 8, 9, 14, 20,

26, 28 Fraudulent financial reporting ...2, 6, 8, 9, 11, 12,

13, 14, 20, 26, 28, 40, 43, 49, 52, 82, 86, 87, 108, 113

fraudulent financial statements ......................1, 6

G

Generally Accepted Auditing Standards (GAAS).....................................................5, 8, 42, 109

Gross margin .........................48, 51, 53, 59, 108

Index

111

I

Incentives ... 9, 14, 16, 20, 21, 22, 23, 25, 26, 41, 73, 86, 87, 93, 94, 114

Internal audit . 6, 17, 18, 44, 51, 52, 91, 104, 115 internal control......................................29, 30, 34 internal controls..... 17, 18, 19, 41, 44, 49, 86, 87 Internal controls.... 1, 3, 4, 12, 17, 18, 19, 22, 23,

24, 29, 30, 38, 41, 44, 49, 52, 53, 66, 73, 86, 87, 108, 112, 113, 114

inventory fraud ........................ 57, 58, 59, 60, 62 Inventory-fraud .....................................54, 57, 58

K

kiting .................................................................31 Kiting ................................. 31, 69, 101, 109, 114

L

lapping..............................................................31 Lapping.............................................31, 109, 114 Legal liability...................................100, 103, 104

M

Management .... 2, 4, 5, 6, 7, 8, 9, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30, 32, 34, 35, 41, 43, 44, 45, 47, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 61, 63, 64, 66, 67, 69, 72, 73, 75, 77, 81, 82, 83, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 104, 105, 106, 108, 109, 112, 113, 114, 116, 117, 118

Management estimates... 57, 81, 87, 88, 90, 117 material misstatement . 96, 98, 99, 100, 103, 104 Material misstatement .. 5, 6, 7, 8, 20, 26, 33, 40,

41, 48, 49, 50, 55, 64, 96, 98, 99, 100, 103, 104

misappropriation of assets . 1, 6, 8, 9, 25, 26, 33, 34

Misappropriation of assets . 1, 6, 8, 9, 12, 13, 14, 25, 26, 33, 34, 40, 49, 52, 54, 57, 109, 112, 114

N

Nature... 6, 7, 8, 9, 16, 22, 23, 24, 43, 52, 54, 56, 57, 58, 63, 64, 71, 75, 83, 87, 88, 97, 98, 99, 104, 106, 113, 115

O

Opportunity..... iii, 4, 9, 12, 14, 16, 18, 22, 23, 24, 25, 26, 29, 37, 38, 41, 42, 49, 83, 109, 113, 114

P

Pension estimates......................................89, 90 Perceived opportunity ........... 3, 4, 9, 11, 12, 109 Ponzi scheme...........................................70, 109

Predictability...............................................54, 55 Pressures..3, 4, 9, 12, 14, 15, 16, 17, 20, 22, 23,

25, 26, 27, 28, 34, 35, 38, 41, 49, 55, 61, 66, 75, 86, 87, 93, 94, 96, 114, 118

professional skepticism........5, 6, 40, 41, 54, 103 Public Oversight Board (POB) ...........4, 109, 112

Q

Questionable accounting practices..........43, 109

R

rationalization.........3, 4, 9, 14, 20, 26, 32, 33, 49 Rationalization 3, 4, 9, 11, 12, 14, 20, 22, 24, 25,

32, 33, 49, 109, 113 red flags .........................................................101 related-party transactions ..........................16, 17 representation letter ....................................100 Reserves..................46, 89, 91, 92, 94, 108, 117 Responses .. ii, 12, 23, 35, 38, 43, 45, 50, 52, 54,

55, 56, 57, 58, 64, 79, 81, 86, 93, 95, 97, 99, 100, 106

Restructuring..........................49, 89, 92, 94, 117 Return on equity.......................................48, 109 Revenue recognition...17, 22, 23, 47, 49, 56, 57,

68, 72, 73, 76, 78, 79, 82, 113, 115, 116

S

SAS No. 55 ................................................19, 49 SAS No. 82 ..................5, 6, 7, 41, 100, 103, 109 SAS No. 84 ......................................................99 SAS No. 99 ....i, 1, 4, 5, 6, 7, 8, 9, 12, 14, 16, 19,

26, 29, 30, 40, 41, 43, 44, 47, 48, 49, 51, 52, 54, 55, 56, 57, 64, 86, 87, 90, 93, 95, 96, 97, 98, 99, 100, 103, 104, 105, 106, 107, 109, 112, 113, 114, 115, 117, 118

Sham transaction.....................................82, 109 situational pressure........................................3, 4 Situational pressure .......3, 4, 11, 12, 26, 29, 109 situational pressures..................................26, 29 Skepticism...5, 6, 40, 41, 51, 52, 54, 64, 94, 103,

114 special-purpose entities ...................................85 Special-purpose entities (SPE)..85, 86, 109, 117 Statements on Auditing Standards (SAS) . i, 1, 4,

5, 6, 7, 8, 9, 12, 14, 16, 19, 26, 29, 30, 40, 41, 43, 44, 47, 48, 49, 51, 52, 54, 55, 56, 57, 64, 86, 87, 88, 90, 93, 95, 96, 97, 98, 99, 100, 103, 104, 105, 106, 107, 108, 109, 112, 113, 114, 115, 117, 118

Synthetic lease...................................85, 86, 109

T

Tenure................................................20, 57, 113 the big bath ......................................................89 Timing ...7, 17, 54, 55, 56, 57, 64, 71, 73, 74, 76,

87, 97, 99, 104, 115

Index

112

timing differences .................................71, 73, 74 W

Working capital ..............................3, 26, 48, 109

Date post:	21-Oct-2015
Category:	Documents
Upload:	saccontala
View:	148 times
Download:	1 times