2. Contents
The international business environment..........................................................6
Introduction ................................................................................................6
http://www.youtube.com/watch?v=ZUiSGe2LCfk .....................................6
http://www.youtube.com/watch?v=DipTXplOQhg.....................................6
What is Fraud ............................................................................................6
Key issues which drove the frauds of the 21st Century .............................7
Bad Cellular .............................................................................................11
The organisational planning framework ..................................................11
The role of effective financial reporting ....................................................13
The role of chief legal officer or general council ......................................15
The role of effective financial auditor .......................................................18
The role of prudent financial investors.....................................................19
Overview of “Creative Accounting” Techniques and the Red-Flags of Fraud20
Facts about Fraud ...................................................................................20
The Fraud Triangle ..................................................................................21
The Red Flags for Fraud .........................................................................21
Factors Contributing to Fraud ..................................................................22
How is Fraud Discovered? ......................................................................22
What is a Red Flag? ................................................................................22
Why are Red Flags important?................................................................22
The Importance of Red Flags for Fraud ..................................................22
The Types of Red Flags for Fraud ..........................................................23
General Red Flags ..................................................................................23
Opportunity Red Flags.............................................................................23
Employee Red Flags ...............................................................................24
Management Red Flags ..........................................................................25
2
3. Changes in Behaviour “Red Flags” .........................................................26
Red Flags in Cash/Accounts Receivable ................................................26
Red Flags in Payroll.................................................................................27
Red Flags in Purchasing/Inventory .........................................................27
Lifestyle Fraud .........................................................................................28
Common Types of Fraud ........................................................................30
Fraud perpetrated for the benefit of shareholders...................................30
Fraud perpetrated through the development of false Financial Statements 31
Fraud perpetrated through the misuse of corporate resources...............31
Fraud perpetrated through third party intervention ..................................32
Fraud perpetrated through false revenue recognition .............................32
Fraud perpetrated through the use of acquisitions..................................32
Fraud perpetrated through derivatives -reason unknown .......................33
Fraud perpetrated through the absence of proper accounting records ..34
Fraud perpetrated through override of existing controls and for the benefit of the individual 38
Other Fraud Danger Signals ...................................................................41
Next Steps ...............................................................................................41
Evaluating Red Flags ..............................................................................42
Reporting Fraud.......................................................................................46
Conclusion ...............................................................................................46
Internal Accounting and Operational Controls and Fraud .............................47
Nature and theory of Internal control structure ........................................47
Internal Controls ......................................................................................49
Limitations of Internal Controls ................................................................51
Balancing risk and Internal Controls........................................................51
Internal Operational Controls...................................................................51
Internal Accounting controls ....................................................................55
3
4. Components of Fraud Rationalisation .....................................................58
Controls and the deterrence of fraud.......................................................58
Controls and the detection of fraud .........................................................58
Controls and the investigation of fraud ..........................................................59
The back economy – awareness and profiles.........................................61
Money laundering component and the proceeds of crime ......................63
Money laundering ....................................................................................63
Governance and Business Risk overview...............................................64
Fraud Theory ...........................................................................................64
Limitations of traditional audit techniques................................................66
Strategic Fraud Prevention Plan .............................................................68
Audits..............................................................................................................70
Role of public perception v practical reality .............................................70
Reactive and proactive forensic audits....................................................75
Auditing and forensic auditing compared and contrasted .......................75
Forensic Computer Investigation.............................................................77
Financial statement fraud ........................................................................77
Fraud Schemes .......................................................................................78
Fraud Characteristics ..............................................................................78
Financial Statement Fraud Harm ............................................................78
Corporate Governance mitigating fraud ..................................................79
Earnings Manipulations and Management..............................................80
Investigations and Expert Witness Testimony ..............................................80
Introduction ..............................................................................................80
Purpose of the Fraud Response Plan .....................................................80
Action following detection – Stage 1........................................................81
Action following detection – Stage 2........................................................81
4
5. Initial Enquiries.........................................................................................82
Managers duty of care .............................................................................82
The Fraud Interview.................................................................................82
Use and protection of evidence ...............................................................84
Appointment of a case manager .............................................................84
Police Involvement ..................................................................................85
Company Fraud Register ........................................................................85
Fraud Response Plan review ..................................................................85
Practical fraud case management case tips ...........................................86
Dealing with lawyers and handling court situations in SFO Trials...........87
Conclusion - Time for a standard for corporate governance...................91
Case Study .....................................................................................................92
Differences in control procedures in a manual and a computer environment93
Internal Accounting and Operational Controls in functional areas................93
Sales Controls .........................................................................................93
Purchase Controls ...................................................................................94
Bank Controls ..........................................................................................94
Appendix – Definitions & Resources .............................................................95
Resources ...............................................................................................95
Definitions Related to Fraud ....................................................................95
5
6. The international business environment
Introduction
Chris McKittrick - Forensic Accounting
http://www.youtube.com/watch?v=ZUiSGe2LCfk
What is Forensic Accounting? Brief History of Forensic Accounting
http://www.youtube.com/watch?v=DipTXplOQhg
What is Fraud
Occupational Fraud is defined as:
“The use of one’s occupation for personal enrichment, through the deliberate misuse or
misapplication of the employing organisation’s resources or assets.” Fraud encompasses
an array of irregularities and illegal acts characterized by intentional deception.
ISA240 , The international accounting standard on Auditing, defines fraud as: “ An International act by
one or more individuals among management, those charged with corporate governance, employees or
third parties, involving the use of deception to obtain unjust or illegal advantage”, while it defines errors: “
An unintentional misstatement in the financial statements including the omission of an amount of
disclosure”.
The five elements of fraud are:
• A representation about a material fact, which is false,
• And made intentionally, knowingly, or recklessly,
6
7. • Which is believed,
• And acted upon by the victim,
• To the victim’s damage.
Fraud, like other crime, can best be explained by three factors:
1) A supply of motivated offenders;
2) The availability of suitable targets;
3) The absence of capable guardians or a control system to “mind the store.”
There are four elements that must be present for a person or employee to commit fraud:
• Opportunity
• Low chance of getting caught
• Rationalization in the fraudsters mind, and
• Justification that results from the rationalization.
Key issues which drove the frauds of the 21st Century
Why didn’t you see it? There was fraud and you missed it. Conducting a “should of” after a
fraud happens may show that red flags were present. If you had only recognized the
warning signs, then that loss may not have occurred or been substantially reduced. Based
on a recent survey by the Association of Certified Fraud Examiners (ACFE), occupational
fraud substantially increases organizational costs. It is a myth that fraud is a big scheme
that should have been uncovered sooner and easy to detect. Fraud starts small and just
gets bigger and bigger, until something becomes noticeably different or unusual.
According to a report from BDO Stoy Hayward companies’ trusted internal management
and the people they do business with every day are behind hundreds of millions of pounds
worth of losses every year. Management are robbing you bind says Simon Bevan.
The combination of spiralling debts and desperate employees spells real danger for
business warns Bevan.
Fraud damages the economy. It is not victimless, but it is indiscriminate, hitting both rich
and poor. Fraud is not just about share support operations: it has an impact on individuals
and on the economy as a whole. Fraud involves no violence, and leaves no tangible
visible scars, but it can be devastating in its effects. It is said that 16 people committed
suicide as a result of losses incurred over the Barlow Clowes fraud. It is undoubtedly
costly. The Head of the City of London Fraud Squad recently looked at the historical
picture and discovered that the economic cost of fraud to the UK economy was
~in 1985 was estimated at £1 Billion
~by 1994 had reached £4 Billion
7
8. While, the most recent comprehensive study, the third report of the Fraud Advisory Panel,
put the annual economic cost at £14 billion per year; and the authors believed that even
this was an underestimate. This equates to some £230 per head of population
There is also a strong likelihood that a significant amount of commercial fraud is never
reported by companies for fear of gaining a bad reputation. Anecdotally, I have learned
that at least one major insurance company "routinely" receives claims against fraud
insurance policies exceeding £50million, but that these are never reported to the police or
elsewhere.
I believe that we must be seen to tackle fraud effectively, for economic, social,
international and moral reasons.
Economic justification for eliminating Fraud
I have already mentioned cost, both to individuals and the economy as a whole. There is
also another economic aspect. Fraud corrodes confidence: it has a negative economic
effect. It undermines confidence and the standing of our financial services industry and our
global reputation as a place where clean business can be done. If investors lose
confidence in our ability to police our markets, they may take their business elsewhere.
The fact is that a successful economy requires a healthy and well-regulated marketplace
to retain and increase investment. Tackling fraud effectively is important for the reputation
of UK markets.
Social justification for eliminating Fraud
There is a social dimension as well. Social equality requires that we bear down on white
collar crime as effectively as on benefit fraud. Since 1997, the number of Benefits Agency
investigations resulting in successful prosecutions or cautions and penalties as an
alternative to prosecution has risen from 11,700 to 26,958, and over a similar period the
level of fraud and error in Income Support and Job Seekers’ Allowance has reduced by
£180million, or roughly 18%. This work is now undertaken by Job Centre Plus. We need to
match this approach in white collar crime. Tackling fraud effectively demonstrates an
even-handed approach to justice: dealing with white collar criminals as well as those
responsible for the bulk of crime.
International justification for eliminating Fraud
And there is an international aspect. Government wants developing countries to prosper
and free themselves from fraud and corruption – but our own house has to be in order or
we have no legitimacy to tell others to sort themselves out as a condition of aid.
We are determined to play our part in the worldwide effort to tackle international terrorism
and drug trafficking. Fraud, money laundering and the use of the proceeds of crime to
finance further crime are inextricably linked.
Moral justification for eliminating Fraud
Finally, there is an issue about the distribution of the resources of the state – where public
money is siphoned off through fraud; that means less money to go to the pensioner,
disabled person or low-income family who really need it.
8
9. In summary, tackling fraud effectively fits in to our wider economic, social and international
agenda.
Mechanisms for dealing with Fraud
In this country we have developed a sophisticated set of mechanisms for regulating the
markets and tackling City and company fraud. Principal among these, in the regulated
sector, is the Financial Services Authority with a wide range of powers of investigation,
and an impressively creative series of sanctions available to it, ranging from withdrawal of
authorisation through to fine, public censure, injunctions, restitution, prohibition orders and
banning orders. The DTI, in its policing of the company sector, has available to it the
nuclear weapon of applying for the winding up of a company, and the ability to bring
disqualification proceedings. The revenue departments are able to exact harsh financial
penalties for revenue fraud.
No-one should doubt the effectiveness of these sanctions, or the impact on individuals.
The disqualification proceedings in Barings were heavily fought at a cost of hundreds of
thousands of pounds. In the City, the loss of one’s reputation, and the inability to secure
similar employment, are devastating consequences of being caught out.
But I do believe that there is a range of cases where these sanctions are not by
themselves sufficient, and the public rightly expects:
1. That wrong-doing is marked by a conviction in the criminal courts;
2. A penalty of the kind that might be applied to any other individual guilty of
criminal behaviour. In some cases, prison will be appropriate. The courts are fully
conscious of the devastating blow of conviction and imprisonment for a
professional man. But where individuals abuse their privilege and trusted position
in order to carry out a fraud, relying in fact upon their previously impeccable
character to mask their wrong-doing, prison will often be appropriate. Equally,
courts have chosen to mark the fact that certain frauds, such as insurance
frauds, deserve imprisonment because they are difficult to discover and involve
detailed and carefully planned dishonesty, and that therefore a sentence of
imprisonment is required as a deterrent. The courts also draw a distinction
between cases of honest businesses falling into difficulties, causing a director or
controller to resort in desperation to fraud, with a situation in which a scheme
was from the start a fraudulent enterprise and substantial sums of money and
property were obtained. In such circumstances, quite severe sentences are
passed.
So there are cases where it is clear from the start that a response by a criminal
investigation and prosecution agency is required.
As some of you will know the SFO was established in 1988 as a result of a
recommendation in the Roskill report for the creation of a unified fraud investigations and
prosecution agency which would be responsible for serious and complex fraud cases
The Criminal Justice Act 1987 created the SFO. The distinctive feature was that powers of
investigation and prosecution were given to the Director of the SFO.
9
10. The SFO has not always had a fair press, so let me state unequivocally: the record of the
SFO is impressive and it has more than proved its worth.
In its 14 years of operation, the SFO has prosecuted more than 237 cases involving 516
defendants. 366 (71%) were convicted. In the period under Rosalind Wright, 69 cases
have been prosecuted involving 134 defendants. 115 (86%) were convicted. There are no
recidivists in SFO cases: convicted defendants do not reoffend. It is well known that SFO
prosecutions have a deterrent effect. Yet the SFO is delivering these lengthy and highly
complex cases on small resources – an average of 2½ staff per case.
Why is the work of the SFO important?
The money involved in these cases is in excess of £2.5 billion
A successful SFO deters fraud as well as prosecutes it and helps to maintain confidence
in the probity of business and financial services in the UK.
Other countries model themselves on the SFO approach.
There are a number of features of SFO work that are distinctive
Multi-disciplinary investigations:
Police Officers seconded on a case related basis
SFO accountancy/financial investigation team’s role is crucial. They analyse financial
information, including statutory accounts, management accounts, and cash flows. They
also manage outside accountants, supervise searches of offices and homes and most
important of all trace the money. The team involves former fraud squad officers, and
others who have gained special financial expertise in their former occupations, but let me
say a special word about forensic accountants.
In the SFO, forensic accountants play a vital role in supporting investigations both
internally and as external appointees. They provide a perspective that other investigators
do not have and are often chosen for their specific experience of the sector which is being
investigated (i.e. insurance on Independent). Forensic accountants also bring not just
numeracy but an inquiring minds (not just what happened but why). They enable the SFO
to focus investigations on issues that are important to a successful investigation rather
than issues which appear curious to an outsider.
Often it is the thoroughness of the work undertaken by forensic accountants which tips the
balance in cases. It is now rare for their work to be challenged because of the painstaking
and methodical approach that they take. Yet they are often the most compelling of
witnesses because they are able to distil the facts down to their lowest sensible level and,
when aided by suitable graphics, are able to show the "whole" picture in clear and simple
terms. They are often used in this respect to tie the case together by showing the
movement of money and documents which makes sense of the other factual evidence
which shows why people do what they are doing.
The SFO uses a considerable number of forensic accountants and many external firms at
any one time. This experience aids both them and the SFO. They get excellent experience
and an appreciation of the criminal process and the SFO gets a cadre of persons who
understand what it wants when it does get involved in cases.
10
11. Another key component of the team is the forensic computer and IT experts, who
decipher, explore, and recover computer material
Finally, of course there are the lawyers: the SFO case controller (Lawyer) responsible for
the direction of the investigation and then throughout the prosecution, supported by
assistant case controllers and investigation lawyers
And Counsel appointed to prosecute in the Crown Court who is generally involved early in
the life of the case
Bad Cellular
It turns out it was all just a case of cellular static:
The Arthur Anderson partner was on his cell phone when he said "Ship the Enron
documents to the Feds."
But his secretary heard "Rip the Enron documents to shreds."
The rest is history - how clear is YOUR cellular?!
The organisational planning framework
Planning Stage
Early in the initial planning stages of the audit, the auditor should identify and assess any
fraud risks factors that could be associated with the specific organization, its environment,
its employees, and type of audit. Auditors should also become familiar with and assess
the fraud risk factors generally applicable to all audits and upper management. Next, the
auditor designs an audit program that reflects the risk assessment by developing steps to
address any risk factors identified as being material or significant to the audit scope,
subject matter, or objectives. The team should discuss among themselves and with the
supervisor how and where the audited organization might be susceptible to fraud.
Additional Planning steps
Prior to beginning the field work phase, either at the entrance conference or another time,
the auditor should identify the appropriate management officials and ask them what fraud
or other criminal activity they are aware of within their organization. The auditor could also
inquire as to what fraud risks the organization’s management has identified and what
actions they have taken. Instead of discussing the fraud risks for each audit separately,
the auditor could choose to discuss these issues with the organization’s management
during the audit organization’s annual planning process.
11
12. Execution Phase
The fraud risk assessment process does not end with the development of the audit
program. During the execution phase, the auditor should remain alert to potential fraud
indicators. Auditors may also decide that, depending on the audit scope, they should
make inquiries of other personnel at the audited organization. These inquiries could
include what fraud risks could exist and whether the employee has any knowledge or
suspicions of fraud. An auditor should not ask every employee or manager these
questions; however, based on information or a response to another question from an
employee or manager, the auditor could decide that such follow-up questions are
appropriate. When an auditor finds fraud indicators during the audit, they should address
the indicators by performing additional audit steps or expanding transaction testing. The
auditor should revise the audit program accordingly, document the fraud indicators found,
and the additional work performed to address them.
Discussions on potential fraud
When an auditor identifies indications of potential fraud, the auditor should discuss the
indicators and possibilities of the occurrence of fraud with their supervisor. Auditors may
also consult with other auditors, supervisors, or managers who have more experience or
knowledge relating to the identified potential fraud scheme or indicators. Additionally,
auditors may discuss their concerns and findings with investigators, agency counsel, and
other agency staff responsible for fraud prevention or detection programs or activities.
Any advice received should be documented in the audit project documentation. Prior to
discussing with or notifying a DoD or other Federal government official, except for those
mentioned above, of a potential fraud, the auditor should confirm with the appropriate
investigative organization that doing so will not compromise an investigation. An auditor
should never discuss potential fraud related to a contractor’s activities with contractor
personnel unless they have obtained approval to do so from the lead criminal investigative
organization. A best practice would be to obtain written approval from a manager within
the lead criminal investigative organization versus verbally from the investigator.
Documentation
Auditors should document the entire process in the audit project documentation files, to
include:
the fraud risk assessment process,
any fraud risks factors originally identified,
how the fraud risk factors were reflected in the audit program,
any fraud risk factors or potential indicators identified during the audit,
how the audit program was expanded to address the risk factors,
any discussions with other parties on whether to make a referral; and
any fraud referral steps considered or taken.
Auditors should continuously maintain a high level of fraud awareness and appropriately
assess fraud risk during the planning and execution of the audit in order to uncover
potential fraudulent acts and protect the Government's interests.
12
13. The role of effective financial reporting
Oversight Systems Corporate Fraud Survey Finds
Sarbanes-Oxley Effective in Identifying Financial Statement Fraud
Released on = November 1, 2005, 12:07 pm
The survey results (available as a free download at www.oversightsystems.com/survey)
indicate that 65 percent of respondents feel SOX has been “somewhat effective” or “very
effective” in identifying incidences of financial-statement fraud. Only 19 percent of those
surveyed found SOX to be ineffective or serve to prevent fraud identification.
“This report is full of positive news but foreshadows a real need for continued vigilance
among executives toward intuitional fraud,” said Patrick Taylor, CEO of Oversight
Systems. “SOX legislation and the intense focus on corporate scandals have helped battle
this type of white-collar crime, but professionals seem to be worried that the C-suite might
quickly lose interest in policing corporate fraud.”
Although respondents agree that SOX serves to identify fraudulent activity, they do not
feel the recent cultural change among U.S. business leaders toward institutional integrity
and fraud prevention in the wake of account scandals will stick. Only 17 percent feel there
will be a shift among business leaders to institutional integrity and fraud prevention for the
foreseeable future. The remainder of respondents possess a more stark outlook, reporting
that interest in such actions will fade in the next five years (39 percent); that vigilance has
already begun to fade (32 percent); or that there has been no change among business
leaders (12 percent).
“The pendulum of corporate culture and attitudes toward integrity swings back and forth,”
said Dana Hermanson, Dinos Eminent Scholar Chair of Private Enterprise at Kennesaw
State University. Hermanson is also an advisor to Oversight Systems and co-author of the
COSO-sponsored research report Fraudulent Financial Reporting: 1987-1997. An
analysis of U.S. Public Companies. “We could see very little corporate fraud in the next
seven or eight years, but then another boom-and-bust economic period could ignite
another wave of financial scandals, which would lead to further accounting and
governance reforms.”
The State of Institutional Fraud
While corporate vigilance toward fraud prevention has increased at least temporarily, fraud
examiners said fraud is a bigger problem today than in the bubble market of 2000. Two-
thirds of respondents (67 percent) said institutional fraud is more prevalent today than five
years ago. Only seven percent think fraud is less prevalent, while the remaining 26
percent of respondents feel there has been no change in the amount of fraud.
Participants were asked to select the three forms of institutional fraud that present the
greatest risk to companies. Respondents identified conflicts of interest (63 percent),
fraudulent financial statements (57 percent) and billing schemes (31 percent) as most
threatening. Examples of fraud that garnered at least 20 percent support were expense
13
14. and reimbursement schemes (29 percent), bribery/economic extortion (25 percent) and
inventory and non-cash asset misuse (20 percent)
“The risk of financial statement fraud is real and not going away,” Hermanson
said.“However, the perception of increased fraud may stem from Sarbanes-Oxley’s
effectiveness in uncovering weaknesses in internal controls and the potential for fraud.
SOX compliance gives auditors and executives a better position to evaluate a company’s
financial reporting system. Instead of only inspecting the outcome, financial reports, SOX
forces companies to understand the financial reporting process as well. And like the
manufacturing quality movement of the past, SOX pushes companies toward monitoring
each step in the process to drive out errors and weaknesses.”
Stopping Institutional Fraud
When asked to identify the measure most effective in preventing or deterrent institutional
fraud, 41 percent of professional fraud examiners identified the need for a strong tone from
the top of the organization. Visible prosecution was the next most popular response
garnering 22 percent support, followed by internal controls and technology-enabled
monitoring, each receiving support from 17 percent. Manual quarterly audits and
government regulation received only minimal support, earning two and one percent,
respectively.
However, when asked what single change would result in the greatest reduction of
domestic institutional fraud, opinions were more mixed. An employer pressing charges
against employees who commit fraud garnered the most support with 39 percent. The
trend of prosecution continued with 32 percent of respondents identifying convictions and
hefty sentencing as the next most popular response. Moreover, an additional seven
percent would like stiffer laws to increase corporate transparency.
“Stiff penalties and thorough prosecution send a strong message to employees. First,
employees are less likely to go along with rogue executives who orchestrate financial
reporting schemes. Second, a company’s prosecution of fraudulent employees
establishes the corporate attitude that fraud will not be tolerated,” Hermanson said.
The Role and Views of Fraud Examiners
Survey participants report that SOX has altered the role of fraud examiners. Nearly all
participants (95 percent) explain that their duties have changed with the implementation of
SOX legislation, with 47 percent reporting that fraud examiners play a major role in the
management of corporate integrity. Additionally, nearly one-third (29 percent) of
respondents felt their work in fraud detection has become secondary to SOX compliance.
In recent years it seems white-collar crime has been a staple of the evening news. Enron,
WorldCom and Martha are just a few of the high-profile names with which Americans have
become all too familiar. When asked, the majority of professional fraud experts felt these
well-known defendants should have been found guilty of the charges against them. The
percentage of respondents who thought the following executives are guilty of the charges
against them is listed below:
• John Rigas, Adelphia Communications – 95 percent
14
15. • Jeffrey K. Skilling, Enron – 95 percent
• Kenneth L. Lay, Enron – 96 percent
• Richard Scrushy, HealthSouth – 93 percent
• Martha Stewart, Martha Stewart Living Omnimedia – 72 percent
• L. Dennis Kozlowski, Tyco International – 96 percent
• Bernard J. Ebbers, WorldCom – 97 percent
Identity Theft Update
Identity theft is one of the more prevalent forms of fraud known by the average American.
A February 2005 Federal Trade Commission report states that for the year 2004, the
commission received more than 635,000 reports of consumer fraud and identity theft, with
identity theft accounting for 246,570 of the complaints (39 percent).
The 2005 Oversight Systems Report on Corporate Fraud reveals that 22 percent of
respondents think the justice system must get tougher on the identification and
prosecution of identity thieves. Additionally, 19 percent believe that the federal government
needs to pass national identity-theft-protection legislation and another 19 percent feel
regulators and consumers must work together to manage consumer information.
Some respondents believe that individuals are the first and most important line of defence.
Taking ownership of one’s own personal information was identified by 16 percent of
respondents as the best way to reduce identity theft.
About the 2005 Oversight Systems Report on Corporate Fraud
A total of 208 certified fraud examiners participated in this survey, conducted at the
Association of Certified Fraud Examiners’ (ACFE) 16th Annual Fraud Conference and
Exhibition. Dedicated to reducing business fraud world-wide, the more than 34,000
members ACFE make up the world's premier provider of anti-fraud training and education.
Survey participants include anti-fraud professionals such as internal auditors, independent
auditors, law enforcement officials, investigators and management consultants. This study
follows the August release of the 2005 Oversight Systems Financial Executive Report on
Risk Management, which found that CEOs are placing a greater emphasis on risk
management, although many companies are struggling to implement the necessary
changes. Also recently released was the 2005 Oversight Systems Financial Executive
Report on Sarbanes-Oxley, which found that nearly half of financial executives feel the
biggest issue related to compliance is the need to maintain the morale of the employees
responsible for compliance. All these research studies can be downloaded for free by
visiting www.oversightsystems.com/survey.
The role of chief legal officer or general council
Since the Sarbanes-Oxley Act of 2002 (SOA) was signed into law, the halls of executive
suites of public companies have seen tremendous activity as CEOs and CFOs address
their corporate accountability and financial reporting oversight responsibilities. They now
15
16. realize that such efforts are more than just good business practice, as they have always
been, but also are matters that carry severe penalties under the law. Likewise, audit
committee responsibilities have expanded such that membership has become an
invitation to delve into a company's affairs at an unprecedented level of depth, subject to
the scrutiny of the external auditors as well as investors. This "new era of corporate
accountability and responsibility" means that the checks and balances of the system of
internal controls are now clearly in the purview of corporate management, including the
company's chief legal officer or general counsel (GC).
This shift has raised the bar for many GCs to a higher level of visibility and accountability.
For many companies, internal control over financial reporting, especially the related anti-
fraud controls, were previously the responsibility of the controller, middle management
functions and various process owners, and subject to review and testing by internal audit.
The focus has often been limited to third-party fraud. Now that the game has been
expanded to fraudulent financial reporting, it requires a referee. Documentation
requirements, particularly policies and procedures regarding the anti-fraud program and
the internal reporting and escalation of internal control deficiencies, could potentially now
fall to the GC to define.
In order to meet the challenges of this significant role in corporate governance, GCs need
access to resources and tools that will enable them to make informed decisions when
establishing corporate policies and, more importantly, when dealing with situations where
there has been a breakdown in internal controls and the possibility of fraud exists. Without
proper anti-fraud controls, incidents of fraud can impact a company's financial
performance, permanently damage its reputation and result in shareholder lawsuits. All of
these circumstances refocus the company resources away from their primary purpose -
the operations of the organization for the benefit of the shareholders.
An anti-fraud program and controls are those controls related to the timely prevention,
deterrence and detection of fraud. They are the controls that are intended to mitigate the
risk of fraudulent actions that could have an impact on financial reporting. Examples
include:
Fraudulent financial reporting. Inappropriate earnings management or
"cooking the books" - e.g., improper revenue recognition, intentional
overstatement of assets, understatement of liabilities, etc.;
Misappropriation of assets. Embezzlement and theft that could materially
affect the financial statements;
Expenditures and liabilities incurred for improper or illegal purposes. Bribery
and influence payments that can result in reputation loss; and
Fraudulently obtained revenue and assets and/or avoidance of costs and
expenses. Scams and tax fraud that can result in reputation loss.
In Auditing Standard No. 2, the Public Company Accounting Oversight Board (PCAOB)
clarifies that the focus on fraud, from a financial reporting context, is directed to matters
that could result in a material misstatement of the financial statements. It is within this
context that management has the responsibility to prevent, deter and detect fraud. The
PCAOB also takes the position that deficiencies in the anti-fraud program and controls are
at least a significant deficiency in internal control over financial reporting. Furthermore,
SOA and the revised NYSE and NASDAQ listing requirements, as well as PCAOB
Auditing Standard No. 2, place greater responsibility on audit committees to provide
oversight with respect to financial reporting and internal control over financial reporting.
This oversight extends to reporting, documentation, investigation, enforcement and
remediation related to fraud.
16
17. The GC's role in this oversight function can be a comprehensive one, starting with
reviewing the reporting process and assessing the risks and potential damages should
fraud occur within the company, establishing documentation retention policies, articulating
escalation policies and processes, and determining when and how investigations should
be conducted (including when it is appropriate to engage outside counsel and or other
specialists). In addition, the GC should monitor existing policies and procedures for
compliance and effectiveness, and determine the appropriate enhancements to meet the
company's anti-fraud control objectives.
A key element of any effective anti-fraud program is an anonymous, risk-free means for
employees, customers and vendors to communicate any complaints regarding accounting
matters, improper conduct of company personnel, management override of internal
controls, or any other matters that represent a potential liability to the company (in
accordance with SOA Section 301). Typically, this is implemented via a "hotline," and the
GC plays a central role in managing the recording, evaluating, investigating, resolution and
reporting of these complaints. It is critical to maintain a complete record of all actions
relating to hotline complaints, from initial receipt through factual findings, and
recommendations for corrective actions, if any.
A common task for GCs in meeting their anti-fraud responsibilities is to engage outside
auditors, counsel, fraud specialists or other experts to assist in the investigation of
allegations and in the analysis of the results. An investigation may be delegated either
within the company or to outside service providers, subject to any necessary confidentiality
measures. These activities are consistent with the Amendments to the Federal Sentencing
Guidelines (the "Guidelines"), effective November 1, 2004.
Maintaining a complaint hotline is part of the "effective compliance and ethics program"
required under the Guidelines, which calls for the entity to "É promote an organizational
culture that encourages ethical conduct and a commitment to compliance with the law."
Similarly, a GC can reasonably expect to have some involvement in other ethics- and
compliance-related activities such as:
formulating, communicating and enforcing the entity's anti-fraud policy;
developing or reviewing the content of anti-fraud training materials that are
disseminated throughout the entity;
monitoring and acting upon reported incidents of fraud and ensuring
adequate documentation of the entity's actions is maintained; and
periodically reviewing the entity's anti-fraud policies and procedures to assess
their effectiveness and to modify them as necessary to provide continued
effectiveness.
In formulating the entity's anti-fraud policy, the GC can provide input as to how a policy
can be effective from the entity's perspective and still comply with various laws and
regulations, including privacy, human rights and required disclosures. Ideally, policy
should be developed as the result of discussions among and between the audit
committee, board of directors and individuals with operational responsibility for discrete
operating units or processes (e.g., purchasing, payroll, human resources, etc.). As policy
is developed, it must be "rolled out" to the entire organization in a manner that
communicates management's commitment to preventing and detecting fraud and other
criminal behaviour. To this end, a message from the GC (or a personal appearance at an
anti-fraud training meeting) is a powerful reinforcement to an entity's employees, driving
home the notion that the policy is being taken seriously at the highest levels of the
organization. Furthermore, a program of incentives should be considered for compliance
with the policy, and there should be disciplinary measures meted out for violations.
17
18. Once an anti-fraud policy is implemented, the next logical challenge is enforcement of the
policy in the case of detected instances of fraud. This is a complex area, frequently
requiring that the GC authorize the initiation of an internal investigation to determine the
facts and then decide an appropriate course of action (criminal or civil prosecution,
termination, restitution, filing an insurance claim, etc.). Oftentimes, the GC may be ill
equipped to manage such a process due to time, budgetary or other resource constraints.
At the very least, the GC should consider retaining outside counsel and/or other specialists
(fraud examiners, forensic accountants and investigators) to assist in conducting a
thorough and independent investigation of the matter.
These outside professionals are best suited to assist the entity in fact-finding, analyses
and technical activities (e.g., copying computer hard drives, performing massive e-mail
searches, reviewing books and records, etc.) that will enable the GC (and outside counsel)
to investigate a suspected fraud thoroughly and bring it to a conclusion.
As an entity matures, so must its anti-fraud policy. Over time, employees may develop
their own procedures for doing things, some of which may defeat the intent of anti-fraud
controls. A dynamic policy is therefore one which can be altered in response to changes in
the entity's circumstances and still remain effective. Periodically, the entity's management
should assess the risk of fraud or criminal activity occurring and whether the existing anti-
fraud policy is sufficiently effective to mitigate that risk. Where it is determined to be
necessary, existing policies and procedures should be enhanced to address areas of
increased risk. As noted above, the GC should review new or proposed policies for
compliance with applicable laws.
In conclusion, the role of the GC in developing an anti-fraud policy as part of an entity's
system of internal controls is both diverse and dynamic. The various professional
pronouncements and regulatory and legal requirements to which organizations are now
subject require input from a variety of sources, both internal and external. Developing
policies, communications and training, and monitoring hotlines as well as conducting
investigations may become more a part of a GC's role. As GCs find themselves
increasingly involved in these areas, it is important to remember that very few
organizations address all of them independently and without outside assistance.
The role of effective financial auditor
Responsibility for preventing and detecting fraud rests with management entities. Although
the auditor is not and cannot be held responsible for preventing fraud and errors, in your
work, he can have a positive role in preventing fraud and errors by deterring their
occurrence.
The auditor should plan and perform the audit with an attitude of professional scepticism,
recognizing that condition or events may be found that indicate that fraud or error may
exist.
Based on the audit risk assessment, auditor should develop programs to audit procedures
by which to obtain reasonable assurance that the financial statements in their entirety, all
significant errors and fraud have been identified. It is expected that the auditor to
implement procedures that will lead to the discovery of errors or fraud without significant
impact on the financial statements cannot be held responsible for undetected such
irregularities.
The auditor should communicate with the management of his client. He should ask the
management information concerning any significant fraud or error has been detected in
18
19. order to detect key problems that could lead to certain activities, the implementation of
audit procedures more than usual However the auditor faces the risk inevitable that some
significant errors to be detected, even if the audit is planned and done properly
The role of prudent financial investors
$4m investment fraudster sentenced to 4 years
Michael Summers has today been sentenced at Bristol Crown Court to four years' imprisonment for
deceiving clients out of US $4.3 million in a fraudulent high-yield investment scheme.
Background
Michael John Summers (born 20/06/52)) of Ledbury, Hertfordshire pleaded guilty on 2 February 2006 to
thirty three counts of obtaining a money transfer by deception. The charges relate to his masterminding
a high yield investment scheme that saw more than eighteen investors in the UK lose millions of dollars.
Sentencing was adjourned until after the trial of two individuals who it was alleged had assisted
Summers in the deception. They were acquitted earlier this month.
Summers was the prime mover in the fraud. He created a bogus scheme which he called Secure
Investment Programme Agreements. During the operation of the scheme between 1997 and 2004,
investors deposited a total of over £11 million with Summers. They were promised staggering rates of
return; 60% in less than a year was not uncommon. Some investors did receive some return on their
investment but this was nothing more than money paid into the scheme by later investors. This practice
is commonly known as a “Ponzi scheme”.
The first victim was an elderly woman who resided in a retirement home in Torquay and had granted
power of attorney to the home's owner. The attorney and his accountant met with Summers and agreed
to invest £1.745m, with Summers. This sum had until then been securely invested with a reputable
financial company. Much of this money he spent on his own lifestyle before legal action initiated by the
public trustee on behalf of the elderly investor resulted in an order freezing the account into which the
money had been paid.
Investors were told that their money was being invested in bank trading programmes dealing with
medium term notes. These notes it was claimed could be traded generating very great profits. Investors
were told that such programmes were secretive and normally only available to a select few within the
financial world. The need for the investors to be discreet meant that they were dissuaded from taking
normal prudent financial advice. However none of the money paid by investors was ever used to
purchase any form of investment. Some of it went to pay earlier investors, giving the illusion that profits
were being made. The remainder went to fund Summers' lifestyle. He used part of the money to acquire
a collection of vintage Jaguar cars.
Following the investment by the elderly woman the principle source of new investors were clients
introduced by the two acquitted defendants. Written records were kept of investments and to remind
Summers when investors were due part payments of the interest due. Such part payments were an
invaluable part of the fraud. Investors who had paid over $100,000 felt reassured when after a few
months they received a $20,000 “interest payment”. Indeed some were persuaded to roll over future
interest payments into further investments and others invested even more money into the scheme.
19
20. Inevitably there came a time when investors did not receive the money to which they believed they were
entitled. Disgruntled investors were fobbed off with a range of excuses. Blame would be passed to the
banks, to the authorities who had frozen the elderly woman's money. Even the repercussions of 9/11
were used to explain delay in payments.
Proceedings
In 2002 Devon and Cornwall Constabulary investigated an unconnected suspected theft at the
aforementioned retirement home. This led their enquiries to the crooked scheme promoted by
Summers and to its subsequent referral to the Serious Fraud Office. An SFO investigation commenced,
with the continued involvement of the police, in August that year.
Michael Summers was charged in February 2004, as were two suspected co-conspirators. Summers,
the principal conspirator, pleaded guilty on 2 February 2006 to thirty three counts of obtaining a money
transfer by deception contrary to section 15A of the Theft Act 1968. Mary Mills and Bruce Mead, the
alleged co-conspirators, were tried at Bristol Crown Court on twenty seven counts and were acquitted
by jury on 7 April 2006.
Summers has been sentenced to four years' imprisonment on each of the thirty three counts, each
sentence to run concurrently. A confiscation hearing is to take place on a date in August to be agreed.
In considering sentence on Summers, HHJ Darwall Smith said that though he had taken into account
the pleas of guilty which had saved time and public money he also had in mind the evidence of victims
who had mortgaged houses or lost their life savings to invest in Summers' scheme and that the
persistence and arrogance in continuing to commit further offences whilst on bail was an aggravating
factor.
The judge commended DC Glen Bird of the Devon and Cornwall Constabulary and Gary Burtonwood
of the Serious Fraud Office for “working very hard to bring an exceptionally complex case to court”.
Overview of “Creative Accounting” Techniques and the Red-Flags of
Fraud
Facts about Fraud
According to the ACFE Report to the Nation on Occupational Fraud and Abuse, U.S.
businesses will lose an estimated $652 billion in 2006 due to fraud. The average
organization loses 5 percent of revenue to fraud and abuse. In addition, based on the
ACFE’s survey of more than 1,100 occupational fraud cases, approximately 24 percent of
these cases resulted in losses of $1 million or more.
Collusion: This ranges from employees describing goods as damaged so they can
benefit, to employees colluding to falsify accounting evidence so that they can deceive
external bodies such as auditors, shareholders or banks.
20
21. Customer Fraud: A customer pays with stolen cheques or credit cards. A more
sophisticated fraudster may make and pay for a number of small purchases to build up a
credit rating and then place a large order they do not intend to pay for.
Phantom Employee: The fraudster fails to notify the payroll department when an
employee leaves the firm, or notifies the payroll department of a fictitious employee and
then arranges for the salary to be paid into their bank account or that of an accomplice.
Supplier Fraud: Most commonly and employee crates a fictitious supplier with a similar
name to an existing supplier, and then arranges for the payment of its invoices.
The Fraud Triangle
The classic model for fraudsters continues to be Other People’s Money: A Study in the
Social Psychology
of Embezzlement. The Fraud Triangle is a term, which is used to describe and explain the
nature of fraud.
“I want something I don’t have the money for”
While the specific components of each fraud may differ, the fraud triangle may be defined
as this:
Opportunity is an open door for solving a non-shareable problem in secret by violating a
trust.
Opportunity is generally provided through weaknesses in the internal controls. Some
examples include inadequate or no:
•Supervision and review
•Separation of duties
•Management approval
•System controls
The opportunity to commit and conceal the fraud is the only element over which the local
government has significant control.
Pressure may be anything from unrealistic deadlines and performance goals to personal
vices such as gambling or drugs.
The Red Flags for Fraud
Rationalization is a crucial component of most frauds because most people need to
reconcile their behaviour with the commonly accepted notions of decency and trust. Some
examples include:
21
22. •“I really need this money and I’ll put it back when I get my pay cheque”
•“I’d rather have the company on my back than the IRS”
•“I just can’t afford to lose everything – my home, car, everything”
Factors Contributing to Fraud
Factors contributing to fraud include the following:
Poor internal controls
Management override of internal controls
Collusion between employees
Collusion between employees and third parties
How is Fraud Discovered?
Occupational fraud can be detected through a number of different methods. The ACFE’s
2006 Survey disclosed that 34.2 percent of frauds were detected through tips, 25.4
percent by accident, and 20.2 percent through internal audits.
What is a Red Flag?
A red flag is a set of circumstances that are unusual in nature or vary from the normal
activity. It is a signal that something is out of the ordinary and may need to be investigated
further. Remember that red flags do not indicate guilt or innocence but merely provide
possible warning signs of fraud.
Why are Red Flags important?
The American Institute of Certified Public Accountants has issued a Statement on Auditing
Standards (SAS) No. 99 - Consideration of Fraud in a Financial Statement Audit - that
highlights the importance of fraud detection. This statement requires the auditor to
specifically assess the risk of material misstatement due to fraud and it provides auditors
with operational guidance on considering fraud when conducting a financial statement
audit. SAS 99’s approach is also valuable for other types of audits.
Being able to recognize red flags is necessary not only for public accountants but also for
any auditor working in the public sector where the potential for fraud to occur exists
The Importance of Red Flags for Fraud
Studies of fraud cases consistently show that red flags were present, but were either not
recognized or were recognized but not acted upon by anyone. Once a red flag has been
noted, someone should take action to investigate the situation and determine if a fraud as
been committed. Sometimes an error is just an error. Red flags should lead to some kind
of appropriate action, however, sometimes an error is just an error and no fraud has
occurred. You need to be able to recognize the difference and remember that
22
23. responsibility for follow-up investigation of a red flag should be placed in the hands of a
measured and responsible person.
The Types of Red Flags for Fraud
Now that we have discussed what red flags and fraud are, it is time to talk about the types
of red flags and fraud that, unfortunately, are common in the workplace today.
General Red Flags
What are the red flags that are common to most types of fraudulent activity? Red flags that
are common to most types of fraudulent activity can be categorized as employee and
management red flags. Before we give you examples of employee and management red
flags, it is important to understand more about employee and organizational profiles of
fraud perpetrators. According to the 2006 ACFE survey of more than 1,100 occupational
fraud cases, perpetrators have the following characteristics:
Opportunity Red Flags
Nobody counts inventory or checks deviations from specifications, so losses are
not known.
People are given authority, but their work is not reviewed.
Too much trust and responsibility placed in one employee - improper separation
of duties.
The petty cash box is left unattended.
Laptops and digital cameras are left out in the open in unlocked offices.
Employees that are caught get fired, but aren’t prosecuted.
Supervisors set a bad example by taking supplies home, borrowing equipment for
personal use, padding their expense reimbursements, not paying for personal
long distance phone calls, not recording leave.
Monthly financial reports are not reviewed by managers.
There is no internal audit function.
There is a perception that it would never be detected.
Lack of detail in the nominal ledger
23
24. During the course of my internal audit review I found that many expenses had been debited to ‘expense
dump’ accounts. For example, Staff bonuses and lunches were being debited to marketing, and were
by-passing the PAYE system.
Fraud Perpetrator Profile:
The majority of occupational fraud cases (41.2 percent) are committed by employees.
However, the median loss for fraud committed by managers was $218,000, which is
almost three times greater than the loss resulting from an employee scheme.
Approximately 61 percent of the fraud cases were committed by men. The median loss
resulting from fraud by males was $250,000, which is more than twice the median loss
attributable to women.
Most fraud perpetrators (87.9 percent) have never been charged or convicted of a crime.
This supports previous research which has found that those who commit occupational
fraud are not career criminals.
Nearly 40 percent of all fraud cases are committed by two or more individuals. The median
loss in these cases is $485,000, which is almost five times greater than the median loss in
fraud cases involving one person.
The median loss attributable to fraud by older employees is greater than that of their
younger counterparts. The median loss by employees over the age of 60 was $713,000.
However, for employees 25 or younger, the median loss was $25,000.
Organizational Profile:
Most costly abuses occur within organizations with less than 100 employees.
Government and Not-for-Profit organizations have experienced the lowest median losses.
Management ignores irregularities.
High turnover with low morale.
Staff lacks training.
Employee Red Flags
Employee lifestyle changes: expensive cars, jewellery, homes, clothes
Significant personal debt and credit problems
Behavioural changes: these may be an indication of drugs, alcohol, gambling, or
just fear of losing the job
High employee turnover, especially in those areas which are more vulnerable to
fraud
24
25. Refusal to take vacation or sick leave
Lack of segregation of duties in the vulnerable area
Management Red Flags
Reluctance to provide information to auditors
Managers engage in frequent disputes with auditors
Management decisions are dominated by an individual or small group
Managers display significant disrespect for regulatory bodies
There is a weak internal control environment
Accounting personnel are lax or inexperienced in their duties
Decentralization without adequate monitoring
Excessive number of checking accounts
Frequent changes in banking accounts
Frequent changes in external auditors
Company assets sold under market value
Significant downsizing in a healthy market
Continuous rollover of loans
Excessive number of year end transactions
High employee turnover rate
In company, there were frequent changes of senior staff based on claims that they were stealing. It
transpired that the MD himself was the perpetrator and when senior staff got too close to the plot they
were sacked.
Unexpected overdrafts or declines in cash balances
Refusal by company or division to use serial numbered documents (receipts)
Compensation program that is out of proportion
Any financial transaction that doesn’t make sense - either common or business
Service Contracts result in no product
Photocopied or missing documents
25
26. Let your secretary, accounting tech, audit/budget tech, records tech,
administrative assistant do everything.
Give away your passwords and approval access codes or store them on the
desktop.
Never look at or verify your monthly financial reports.
Criticize and disregard institutional policies and procedures
Management involved in day to day accounting
I was asked to do the accounting in a family company that had seemed to loose a lot of money, where
one of the owners was responsible for the accounting, and was living a lavish lifestyle in comparison to
the other owners and had now been forced out by the other two family members. I found that the
reason for his lavish lifestyle was the fact there were two sets of books; He had been invoicing out of
two companies, the main one and a ghost company where he alone was collecting the cash.
Changes in Behaviour “Red Flags”
The following behaviour changes can be “Red Flags” for Embezzlement:
Borrowing money from co-workers
Creditors or collectors appearing at the workplace
Gambling beyond the ability to stand the loss
Excessive drinking or other personal habits
Easily annoyed at reasonable questioning
Providing unreasonable responses to questions
Refusing vacations or promotions for fear of detection
Bragging about significant new purchases
Carrying unusually large sums of money
Rewriting records under the guise of neatness in presentation
Red Flags in Cash/Accounts Receivable
Since cash is the asset most often misappropriated, local government officials
and auditors should pay close attention to any of these warning signs.
Excessive number of voids, discounts and returns
26
27. Unauthorized bank accounts
Sudden activity in a dormant banking accounts
Taxpayer complaints that they are receiving non-payment notices
Discrepancies between bank deposits and posting
Abnormal number of expense items, supplies, or reimbursement to the employee
Presence of employee checks in the petty cash for the employee in charge of
petty cash
Excessive or unjustified cash transactions
Large number of write-offs of accounts
Bank accounts not reconciled on a timely basis
Red Flags in Payroll
Red flags that show up in payroll are generally worthy of looking into. Although payroll is
usually an automated function, it is a vulnerable area, especially if collusion is involved.
Inconsistent overtime hours for a cost centre
Overtime charged during a slack period
Overtime charged for employees who normally would not have overtime wages
Budget variations for payroll by cost centre
Employees with duplicate Social Security numbers, names, and addresses
Employees with few or no payroll deductions
Red Flags in Purchasing/Inventory
Increasing number of complaints about products or service
Increase in purchasing inventory but no increase in sales
Abnormal inventory shrinkage
Lack of physical security over assets/inventory
Charges without shipping documents
Payments to vendors who aren’t on an approved vendor list
High volume of purchases from new vendors
Purchases that bypass the normal procedures
27
28. Vendors without physical addresses
Vendor addresses matching employee addresses
Excess inventory and inventory that is slow to turnover
Purchasing agents that pick up vendor payments rather than have it mailed
Internal Control Weaknesses – lack of: segregation of duties, physical
safeguards, independent checks, proper authorizations, proper documents and
records, overriding of existing controls.
Analytical Anomalies – unexplained inventory shortages,
Analytical review that Petrol costs did not correlate with the number of vehicles in stock in a car rental
company. After further substantive testing, it was revealed that the company was re-cycling petrol bills
via false petty cash claims.
Deviations from specifications, increased scrap, excess waste (above industry
standards) purchases in excess of needs.
Vendor address same as employee address
In a recent assignment I noticed that the gross profit levels were not in line with the budget. After
investigating the production records I noticed that production wastage was low whereas the finished
goods wastage was circa 10%. Further investigation revealed that stock was sent FOC to companies
on the instruction of the MD.
Too many voided transactions and returns,
Unusual cash shortages.
Lifestyle Fraud
Lifestyle Fraud is often committed by trusted employees whom management know well,
so it is important to be on the look out for employee lifestyle issues that may be “red flags”
indicating a fraud risk.
• Some embezzlers are secretive. They don’t want to be caught and will “stash” stolen
funds and be extremely careful with their spending. Other “aspiring” embezzlers want to
use, enjoy, share, and show off their fraudulently gained money. Explanations of “new
found” wealth may include:
28
29. “My husband/wife just got a great promotion.”
“I have a few little investments that have been doing really, REALLY well.”
“Great Aunt Ethel passed away and I was totally surprised – she left us quite a nice little
nest egg.”
“I finally decided to get rid of some property that’s been in the family for years.”
Fact: In many cases of fraud, perpetrators openly live beyond their means.
Lifestyle Problem Fraud deals with addictions. Someone who is dependent on drugs,
alcohol, gambling or other addictions typically experience a slow tightening noose of
financial pressures. Desperation fuels monetary needs and, therefore, the need arises to
“borrow” funds to ease the financial dilemma. Employees with addiction problems may be
tough to spot. Many people with addictions can function at fairly high or normal levels of
behaviour during work hours. Presented are a few patterns to look for:
• Absenteeism
• Regular ill health or “shaky” appearance
• Easily making and breaking promises and commitments
• Series of creative “explanations”
• High level of self absorption
• Inconsistent or illogical behaviour
• Forgetfulness or memory loss
• Family problems
• Evidence of deceit (small or large)
Financial Pressures are faced by everyone at some period of time. For a number of
reasons, perhaps beyond their control, employees may find themselves in financially
stressful situations due to a variety of factors. These may include:
• Medical bills
• Family responsibilities
• A spouse losing a job
• Divorce
• Debt requirements
• Maintaining a current lifestyle
• College tuition fees
29
30. • Gambling debts
• Illicit affairs
• High life style
Obviously not everyone who faces undue pressure commits fraud, but the higher the
stress level, the more distracted and desperate an employee may become. Fact:
Researchers conclude that the most common reason employees commit fraud has to do
with motivation – the more dissatisfied the employee, the more likely he or she will engage
in criminal behaviour.
Common Types of Fraud
Fraud perpetrated through absence of proper documentation
•Pilfering stamps
•Stealing of any kind (e.g., cash, petty cash, supplies, equipment, stock, tools, data,
records, etc.)
•Forgery (not just cheque forgery, e.g. forging department head signatures on
purchase orders)
Fraud perpetrated for the benefit of shareholders
Enron was one of the first amongst energy companies to begin trading through the
Internet, offering a free service that attracted a vast amount of customers. But while Enron
boasted about the value of products that it bought and sold online around $880 billion in
just two years, the company remained silent about whether these trading operations were
actually making any money.
It is believed that Enron began to use sophisticated accounting techniques to keep its
share price high, raise investment against its own assets and stock and maintain the
impression of a highly successful company. These techniques are referred to as
aggressive earnings management techniques.
Enron also set up independent partnerships whereby it could also legally remove losses
from its books if it passed these “assets” to these partnerships. Equally, investment money
flowing into Enron from new partnerships ended up on the books as profits, even though it
was linked to specific ventures that were not yet up and running. It now appears that
Enron used many manipulative accounting practices especially in transactions with
Special Purpose Entities (SPE) to decrease losses, enlarge profits, and keep debt away
from its financial statements in order to enhance its credit rating and protect its credibility in
the market.
The main reason behind these practices was to accomplish favourable financial statement
results, not to achieve economic objectives or transfer risk. These partnerships would
have been considered legal if reported according to present accounting rules or what is
30
31. known as “applicable accounting rules”. One of these partnership deals was to distribute
Blockbuster videos by broadband connections. The plan fell through, but Enron had
posted $110 million venture capital cash as profit.
Fraud perpetrated through the development of false Financial Statements
The Fraud Section obtained an FCPA guilty plea from a former executive of an international subsidiary
of Willbros Group, Inc., a provider of engineering and other services to the oil and gas industry, who
admitted that he arranged for payment of approximately $1.5 million in cash in Nigeria. This payment
was part of at least $6 million in corrupt payments promised to Nigerian officials to obtain and retain gas
pipeline construction business in Nigeria. The defendant also admitted that he participated in a
conspiracy involving the submission of fictitious invoices to fund corrupt payments to Nigerian officials,
as well as a conspiracy to pay at least $300,000 to Ecuadoran officials to obtain a gas pipeline
rehabilitation project in Ecuador.
Three former senior executives of General Re Corporation and a former senior executive of AIG were
indicted on conspiracy, securities fraud, and other charges stemming from a scheme to manipulate
AIG’s financial statements through, among other things, false statements in reports filed with the SEC.
The Fraud Section and the USAO for the Eastern District of Virginia executed an agreement with AIG in
which the company accepted responsibility for its actions, resolved its criminal liability, and agreed to
pay$25 million in penalties and to cooperate with the continuing criminal investigation
After doing a stock check of vehicles, the main Asset I discovered a large discrepancy between the
assets values and numbers in the balance sheet and the physical count. Sales invoices were being
suppressed to reduce VAT, and money being banked into another company as receipts from insurance
claims or elsewhere.
Fraud perpetrated through the misuse of corporate resources
• Use of the Company’s assets for private use (Tools, rooms, and computers and
software)
• Rental of facilities
Statistics relating to lost productivity due to employee cyber-loafing are well known, but employee
misuse of Corporate IT generally, such as sending and receiving personal e-mails and using computer
applications for personal purposes, is equally important.
31
32. The potential for corporate and company liability stemming from employee misuse of Corporate IT and
at the very least, adverse publicity, is a serious issue. In one recent example in the Banking sector, one
senior executive misused Corporate IT to access web sites relating to services offered in a foreign
jurisdiction where such services were legal. The resulting bad publicity was arguably as damaging for
the company’s reputation as a direct financial loss such as internal fraud.
There are many cases of people installing office software on home PC’s without prior agreement from
the Company.
http://www.youtube.com/watch?v=WFtcP0wZDUw
Fraud perpetrated through third party intervention
•Increasing vendor invoices through collusion
•Billing for services not rendered and collecting the cash
Fraud perpetrated through false revenue recognition
These sales frauds may also involve collusion between the salespeople and the customer,
or the customer may be another victim. In each of these frauds, however, the ultimate
victim is always the trading entity that employs the manager or the salesperson.
Eric Milne's article, "Damned If You Do or Damned If You Don't?" (Credit Management in Australia,
December 2005, pages 20-21), provides us with an example of one sales fraud. Eric's topic was
focused on phoenix operators. However, as an unintended bonus, this article also provides us with an
insight on how sales fraud is perpetrated.
Eric's story shows how credit managers are often encouraged by management and sales managers to
open new accounts. However, like Eric, they are not always given all the details of the new trading
terms. In Eric's situation, the directors of this new business account had operated another business,
which was in liquidation, and had left Eric's business with a large debt. Subsequently, this new business
also went into liquidation and Eric's business was left with another debt, to the same directors.
In this case, a sales fraud was perpetrated by the national sales manager, and possibly the managing
director, against the entity that employed them. They had negotiated a new trading relationship where
the complete terms were not openly known to other employees, such as Eric, who had a right to know
before the new account was authorized.
The motive for their actions was that these managers would have benefited personally from the
increased sales from the new account. Eric certainly didn't benefit, but was in fact, penalized by the
extra work required to clean up the mess created by others.
Fraud perpetrated through the use of acquisitions
32
33. The theft of assets takes many forms, from employees simply walking away with laptops
and other valuable and moveable assets, to collusion with suppliers to ship “Phantom”
goods. The creation of the Fraud Resistant Company® depends heavily on the ability of
the company to ensure it uses its invested capital for the acquisition of assets that add to
shareholder profitability. In this section your will explore:
Frauds in Capital Spending – Misrepresenting DCF Models
Leasing Frauds – The Lease – Buy Syndrome
Red Flags of Capital Spending Fraud Collusion with Suppliers
Manipulation of Depreciation Covenants
The capitalization of Operating Expenses
Accounting for fictional Assets
Solutions
Fixed Asset Management systems as a key defence tool
The Red Flags of Owned-Asset Fraud
Ratio Analysis as a Fraud Detection tool
Fraud perpetrated through derivatives -reason unknown
Kerviel, 31, a junior trader at France's second biggest bank Société Générale, is in hiding after he cost
his employers €4.9bn in the biggest-ever trading fraud by a single person. His staggering scheme of
fictitious customer accounts caused five times the damage of rogue trader Nick Leeson who sparked
the collapse of Barings bank in 1995. The French bank says family problems and mental fragility led its
rogue trader to squander €4.9bn in succession of illegal deals
Phil Stockworld (Reporter)Wed Mar172010
JPMorgan, UBS and Deutsche Bank Charged with Derivatives Fraud
33
34. Courtesy of JESSE’S CAFÉ AMÉRICAIN
More like international crime families sending out enticing emails trying to lure and trick the
unsuspecting than serious financial institutions. This is banking?
Notice that these were operating out of their London units, similar to the AIG derivative scandal that
helped to worsen the US financial crisis. The FSA is apparently working hard now to enforce its rules
and bring these banks to heel. Contrast that with the SEC in the States which seems reluctant to do
anything regarding enforcement, and even when a judge puts them to the task, are able to administer
only the mildest of financial chastisement to be passed on to the shareholders.
There is speculation that the US government cannot reform these banks because it is deeply involved in
financial transactions of a questionable nature with them itself, ranging from enormous individual
campaign contributions to market manipulation in various financial instruments in support of government
policy which is otherwise failing badly. The opacity of markets and government bodies like the ESF
makes this difficult to assess, but the outrageous size of positions amongst some of the banks, together
with the occasional slip in the redacted transcripts is the smoke that indicates more heat beneath the
surface than we might imagine.
The US Treasury Secretary himself is recently implicated in an outrageous accounting fraud perpetrated
by Lehman Brothers with the apparent complicit silence of the NY Fed which he was leading at the
time.
And yet the Congress seems to be able to do little or nothing, it is so controlled by the monied interests.
The Senate has the temerity to propose giving Consumer Protection to this very Fed as it is revealed to
be complicit in bank fraud of epic proportions, and a track record of fighting and delaying consumer
reforms and sensible regulation of OTC derivatives for years. The Republicans are unashamed of their
venality, and the Democrats are seemingly leaderless.
The banks must be restrained, the financial system reformed, and balance restored to the economy
before there can be any sustained recovery.
Fraud perpetrated through the absence of proper accounting records
Internal auditors must train themselves to recognize fraud symptoms and pursue the truth.
Fraud is seldom witnessed firsthand. It's a crime that is often shrouded in ambiguity, and
it's sometimes difficult even to determine whether or not a crime has actually been
committed. Only the symptoms of fraud, the red flags or indicators, exist to alert
management of wrongdoing. Unfortunately, many such fraud symptoms go unnoticed;
and, in some cases, signals that are recognized are not vigorously pursued.
Internal auditors must learn to recognize employee fraud indicators and discover whether
the symptoms are the result of actual fraud or if they represent other factors. In situations
where employee fraud has occurred, internal auditors must be prepared to persist and
pursue until a confession or other convincing evidence is obtained.
Fraud Indicators
34
35. Most indications of employee fraud fall into one of six categories: (1) accounting
anomalies, (2) internal control symptoms, (3) analytical anomalies, (4) lifestyle symptoms,
(5) behavioural symptoms, and (6) tips and complaints.
Accounting Anomalies
When perpetrators embezzle from their employers, accounting records -- such as
documents, journal entries, ledgers, or financial statements -- are often altered, forged, or
missing. For example, an employee fraud that involves setting up a dummy company
would involve submission of false invoices from the dummy company to the perpetrator's
employer. The employer would then send other documents, such as cheeks, to the
dummy supplier.
A fraud that involved an employee's overstatement of travel expenses might involve
submission of some document, perhaps a fictitious hotel bill, to the employer. The
employer would then give the employee a cheek, another document, for an amount larger
than the employee was entitled to receive.
Other employee frauds are concealed through fictitious journal entries. For example, a
perpetrator might embezzle cash and attempt to conceal the theft by creating a journal
entry increasing an expense. In such a case, there would probably be an invoice from a
fictitious vendor, or support for the entry would be missing.
In some cases, employee frauds are discovered through detective controls in the form of
accounting exception reports that identify anomalies. For example, banks often use
reports that detail large and unusual items and activity, suspected kiting incidents, and
strange activity in employees' bank accounts. Common accounting symptoms might
include missing documents; stale items on reconciliations; excessive voids or credits;
common names or addresses of payees or customers; increased past due accounts;
increased reconciling items; alterations on documents; duplicate payments; second
endorsement on checks; document sequences that don't make sense; questionable
handwriting or printing on documents; photocopied documents; unusual items on reports;
journal entries without documentary support; unexplained adjustments made to
receivables, payables, revenues, or expenses; journal entries that don't balance; journal
entries made by individuals who would not normally make such entries; entries made at or
near the end of accounting periods; ledgers that don't balance; master or control account
balances that don't equal the sum of the individual customer or vendor balances;
significant changes in financial statements; or unusual items on tracking reports.
An example of the kinds of accounting symptoms that accompany fraud is provided in the
case study, "The Certificate of Deposit (CD) Fraud." In that case, the following accounting
or documentary symptoms were present:
35
36. 1. Exception reports identified fraudulent transactions that had no apparent business
purpose, that involved unusually large amounts, and that exhibited unusual, atypical, and
otherwise questionable patterns of supervisor overrides. This symptom occurred at least
221 times during the fraud.
2. Journal vouchers contained only one signature or incorrect information and/or reflected
transfers between different customers' accounts. This symptom occurred at least 22 times
during the fraud.
3. Deposit slips, completed by John, contained missing information, incomplete customer
names, or a mismatch between the name of the depositor and the name on the passbook
and/or the account name in the bank's records. This symptom occurred at least 56 times
during the fraud.
4. Deposits and withdrawals exceeding $1,000 appeared in John's personal passbook
account. This symptom occurred at least 90 times during the fraud.
5. Withdrawal vouchers completed by John lacked customer names or signatures and/or
contained incomplete or inaccurate information. This symptom occurred at least 35 times
during the fraud.
6. Deposits and withdrawals from the same account were made on the same day or within
a short period of time and appeared on exception reports. This symptom occurred at least
76 times during the fraud.
7. Bank checks reflected transfers between different customers' accounts or checks with
altered dates. This symptom occurred at least 11 times during the fraud.
8. Withdrawal vouchers and cheeks contained purported customer signatures that, on
inspection, were readily distinguishable from the customer's signature and were actually
signed by John. This symptom occurred at least 73 times during the fraud.
9. Withdrawal vouchers completed by John showed a different name from the account
name. This symptom occurred at least 54 times during the fraud.
Internal Control Symptoms
36
37. Fraud occurs when pressure, opportunity, and rationalization come together. Most people
have pressures. Everyone rationalizes. When internal controls are absent or overridden,
everyone also has an opportunity to commit fraud.
Internal control is comprised of the control environment, the accounting system, and
control procedures. Common control fraud symptoms include a poor control environment,
lack of segregation of duties, lack of physical safeguards, lack of independent checks, lack
of proper authorizations, lack of proper documents and records, the overriding of existing
controls, and an inadequate accounting system.
Many studies have shown that the most common element of employee frauds is the
overriding of existing internal controls. In "The Proof Operator Fraud" case study, for
example, there were glaring internal control weaknesses, including the following:
1. All deposits and transfers of funds were to go through tellers. Yet, proof employees
were making transfers for bank officers and for themselves directly through proof. Most
people in the bank were aware of this practice; but because it was being done at the
president's request, they didn't think it was wrong.
2. All documents were to be accessible to external auditors. Yet Jane kept a locked
cabinet next to her desk, to which only she had the key. A customer whose statement had
been altered by Jane complained, but he was told that he would have to wait until Jane
returned from vacation because the documentation relating to his account was in Jane's
locked cabinet.
3. All employees and officers of the bank were required to take an uninterrupted two-week
vacation. At Jane's request, management allowed this control to be broken. Based on her
memos, which explained that "proof would get behind if she took a two-week vacation,"
Jane was allowed to take her vacation one day at a time. In addition, no one was allowed
to perform Jane's most sensitive duties while she was away.
4. General ledger tickets were supposed to be signed by two people, including one
individual other than the person who completed the ticket. In order to override this control,
Jane had her employees pre-sign ten or 12 general ledger tickets, so she would not have
to "bother" them when they were busy.
5. Opening and closing procedures were supposed to be in place to protect the bank, but
many employees had all the keys necessary to enter the bank at will.
37
38. 6. An effective internal audit function was supposed to be in place. For a period of two
years, however, no internal audit reports were issued. Even when the reports were issued,
internal auditors did not check employee accounts or perform critical control tests, such as
surprise openings of the bank's incoming and outgoing cash letters to and from the
Federal Reserve.
7. Incoming and outgoing cash letters were supposed to be microfilmed immediately. This
compensating control was violated in three ways. First, letters were not usually filmed
immediately. Second, for a time, letters were not filmed at all. Third, Jane regularly
removed items from the cash letters before they were filmed.
8. Employees' accounts were not regularly reviewed by internal auditing or management.
On the rare occasions when the accounts were reviewed, numerous deposits to, and
checks drawn on, Jane's account that exceeded her annual salary were not questioned.
9. Loans were supposed to be made to employees only if the employees met all lending
requirements, as if they were normal customers. At one point, the bank made a $170,000
mortgage loan to Jane-the largest mortgage loan made by the bank to anyone-without any
explanation as to how the loan would be repaid or how she could afford such a house.
10. Employees in proof and bookkeeping were not supposed to handle their own
statements directly. Yet, employees regularly pulled out their own checks and deposit slips
before the statements were mailed.
11. Managers were supposed to be reviewing key daily documents, such as the daily
statement of condition, the significant items and major fluctuation report, and the overdraft
report. Either managers didn't review these reports or they didn't pay close attention to
them when they did review them. There were daily fluctuations in the statement of
conditions of more than $3 million. The significant items and major fluctuation report
revealed huge deposits to, and checks drawn on, Jane's account. In addition, Jane
appeared on the overdraft report 97 times during the first four years she was employed.
Fraud perpetrated through override of existing controls and for the benefit
of the individual
•Falsifying timesheets for a higher amount of pay
•Lapping collections on customers’ accounts (definition is last page
of the
handout)
•Cheque Kiting (definition is on last page of the handout)
•Pocketing payments on customers’ accounts, issuing receipts on self-designed
receipt books
•Not depositing all cash receipts (deposits are not “intact”)
•Creating fictitious employees and collecting the pay cheques (impersonation)
38