Copyright 2010
Notes:
1. The above ACPEN courses will be available as live satellite and live webcast events on the
original date of production. The original production day is always a Wednesday. Live
Webcast Replay™ dates may Each course will begin at 9:00 am, central time and end at 5:00
pm, central time. There is a lunch break at 12:30 pm, central time, and two ten minute breaks,
one in the morning and one in the afternoon.
2. Each of these ACPEN courses provides 8 CPE hours of credit (400 minutes).
Ethics credit (General only—not state specific) will be awarded for appropriate topics.
Governmental A & A Update (July 21) will provide 8 hours of Yellow Book credit (24 Hour
Requirement). The Accounting and Auditing Update (October 20) will provide 4 Hours Yellow
Book (24 Hour Requirement) and 4 Hours Yellow Book (56 Hour Requirement).
ACPEN will award CFP credit for appropriate courses. Marketing information distributed for each
course will provide professional credit details)
3. A Live Webcast Replay™ is a webcast of the videotape of a recently produced CPE course, with
faculty members standing by, in real time, to answer questions from webcast viewers. (See,
NASBA Statement on Standards for CPE Programs, Section 400.07). Replays are not available
using satellite technology but can be used at group sites, using broadband internet technology.
http:/ /www.ACPEN.com
The ACPEN homepage will also tell you about how you can receive broadcasts live in your
company or firm, by satellite or as a webcast, or purchase ACPEN programs on DVD for in
house group study. ACPEN distance learning technology makes this the most interactive and
cutting-edge professional education you can get!!
By email:
Anne.taylor@acpen.com
Write:
Business Professionals' Network, Inc.
P.O. Box 250703
Plano, TX 75025-0703
Or Call:
972-377-8199
You are part of the broadcast!
We encourage you to ask questions of our national experts or add your insights and
perspective on the broadcast topic.
It’s as simple as calling in a question, sending a fax, or emailing the panelists during the
broadcast.
An ACPEN representative will jot down your call, receive your fax or email question and
give it to the appropriate panel member for a quick and informative answer.
To continue the learning after the broadcast, you may send your questions to panelists by email.
For two days after each broadcast you may send your questions to:
postquestions@acpen.com
Simply identify the panelist you would like to respond, if you have a preference, and they will
respond to your question, if possible. (Due to speaker schedules and commitments, and the
possible volume of questions from a national audience, answers to any particular question
cannot be guaranteed. Experience to date has been that almost all questions are answered!)
The following subjects are ACPEN broadcasts and webcasts are available as
Group Study On-Site programs, either by joining the live course as a Group Webcast or
using DVDs of the recorded event, on your own schedule. These allow your whole firm or
company to use ACPEN broadcasts in a very efficient and economical way, as the basis for
high quality, firm specific, in-house group study programming. Pricing is based on the number
of professionals in the firm and the number of titles purchased.
The Group Webcast option allows your firm to join the live event and interact with the faculty
directly.
When you purchase an On-Site DVDGroup Study program from ACPEN, you receive the
entire ACPEN course in DVD format. Each course qualifies for eight hours of CPE credit, for full
day courses, shorter webcasts carry the appropriate amount of credit based on the standard 50
minute hour. You also receive a Facilitator’s Guide, and written course materials in the form
of a print master, for easy duplication.
Plus, ACPEN On-Site Group Study becomes an even better value because your staff will
receive CPE credit for actual discussion time, in addition to the running time of the DVD.
An 8 CPE hour ACPEN program could well yield 10 or even 12 hours of CPE credit, with the
discussion that is sure to flow from the engaging DVD!
currently available:
Accounting & Auditing
Detecting Fraud in Government & Non-Profit Organizations
(Yellow Book)
Understanding and Responding to Business Fraud: Practical Skills for Controllers and
Auditors
Business Fraud Challenges & Responses: Accounting, Auditing & Legal Issues
Tax
Tax Controversy Tool Kit
Tax Practice in Light of the New Tax Preparer Penalties and Ethical Standards
Estate, Retirement & Financial Planning Principles & Techniques for CPAs
How to Get the Kids Through College after the 2001 Tax Act
Understanding and Responding to Business Fraud: Practical Skills for Controllers and
Auditors
Financial Leadership Skills for Corporate Career Success: A Guide for Running with the
Bulls Without Getting Gored!
Tax & Financial Planning for College Expenses: What Every CPA Needs to Know
Tax & Financial Planning for College Expenses after the 2001 Tax Act:
What Every CPA Needs to Know
Estate, Retirement & Financial Planning Principles & Techniques for CPAs
Personal Financial Planning for CPAs: Building and Managing a Financial Advisory
Practice in Difficult Times
Enterprise Risk Management (ERM): Cutting Edge Skills for Small Businesses
Understanding and Responding to Business Fraud: Practical Skills for Controllers and
Auditors
Personal Financial Planning for CPAs: Building and Managing a Financial Advisory
Practice in Difficult Times
Why and How CPA Professionals Should Provide Investment Advisory Services to
Clients...An Effective Strategy for the Next Century
Business Fraud Challenges & Responses: Accounting, Auditing & Legal Issues
Practice Management
Accountants’ Civil Liability: What Every CPA Needs to Know to Protect the Practice
Evolving Your Accounting Practice to Succeed in the New Millennium: A Tool Kit for the
21st Century Accountant
Budgeting and Planning for your Firm’s Technology Needs in the Next 5 Years. (4 hours)
2009-2010
Annual Curriculum
Original
Broadcast
Date Subject
May 19, 2010 Farm and Ranch Accounting & Tax Update
November 10, 2010 Business Fraud, Internal Controls, and Forensic Analysis for
the Accountability Professional
Program Content:
• Unlike some recorded programs, ACPEN On-Site Group Study programs cover
a specific, complete subject, rather than providing a subscription for generic
news or information that may or may not be of interest to accounting
professionals.
• Your firm may participate in an ACPEN course in two ways, either in the live
event, as a group webcast right in your firm, or archived, delivered as a DVD.
• Business Professionals' Network, Inc. has many topics available and each year new
titles are produced covering virtually every area of interest to accountants and
financial professionals in public practice and industry.
• ACPEN group study programs are created by and for the accounting professional by
state accounting societies through the Accounting Continuing Professional
Education Network, so you know that the content will be geared for professional
accountants and will help them succeed.
• The ACPEN network is able to attract nationally known experts in the subject area of
each broadcast, CPAs, attorneys, industry financial professionals, financial services
professionals, regulatory agency and standard setting body representatives, so that
users will receive the best possible and most up to date information.
• The program format is a highly engaging, structured, but lively discussion among
several panelists. This means that the user receives several perspectives on every
issue and the educational experience “feels” very interactive.
• Each On-Site Group Study program comes complete with a set of written materials
that helps illustrate the discussion and that provides a resource for future reference.
On-Site Group Study Product Features:
• Each program is either available a live group webcast or a complete set of DVDs of
the live, interactive CPE program that captures the original event and both provide 8
hours of CPE credit. In addition, because it is an on-site group study product, your
staff will receive additional credit for the additional time devoted to professional
discussion of the live or archived course. Thus, the 8 hour program can provide 9,
or more hours of CPE credit for each participant.
• The On-Site Group Study program will be provided on DVDs that are easy and
convenient to use.
• To make it easy to keep track of attendance for CPE credit purposes, Business
Professionals' Network provides attendance forms and will provide completion
certificates for all attendees who are certified as completing the course..
Pricing:
• Participating state societies receive a substantial royalty from all ACPEN On-Site
Group Study Sales in their jurisdiction by agreement with Business Professionals
Network
The authors and presenters who contributed articles and/or insights to these materials, to the
broadcast event, or to the Live Webcast Replay™ of the original event were carefully selected
for their knowledge and experience in the subject area. The analysis, conclusions and opinions
expressed in articles contained in these materials and by presenters participating in this
continuing education event, whether live or in a recorded medium, are solely those of the
individual author or presenter. Unless otherwise expressly agreed, any such conclusions and
opinions do not represent the official position or opinions of the state CPA society or other
professional organization sponsoring this event, the Accounting Continuing Professional
Education Network (ACPEN), or of Business Professionals' Network, Inc.
Written materials were not edited for content by the Accounting Continuing Professional
Education Network nor by the sponsoring entity. Such information is believed to be accurate at
the time it was first published or broadcast. Neither the Accounting Continuing Professional
Education Network, the sponsoring organization, Business Professionals' Network, Inc., nor the
authors and p resenters can warrant that the information contained in this book, any constituent
article, or the broadcast will continue to be accurate, nor do they warrant them to be completely
free of errors when published or broadcast.
It is the sole responsibility of attendees and users to verify the accuracy of all information
contained herein and derived from the original broadcast event. This material and the
broadcast event, whether live or recorded, are not appropriate to serve as the sole basis for any
professional opinion or action. It should be supplemented for such purposes by reference to
other current authoritative materials and the exercise of professional experience and judgement.
Any tax advice contained in any portion of this manual is not written or i ntended by the author(s)
to be used, and cannot be used, for the purpose of (1) avoiding penalties that may be imposed
on the recipient or any taxpayer or (2) promoting, recommending or marketing to another party
any transaction or matter discussed herein.
Copyright 2010
ACPEN/B P N, Inc.
This Broadcast is Presented by…
ACPEN Webcasts are sponsored by Business Professionals' Network, Inc.
Business Professionals’ Network, Inc., which produces the Accounting Professional Education
Network (ACPEN), is registered with the National Association of State Boards of Accountancy
(NASBA) as a sponsor of continuing professional education on the National Registry of CPE
Sponsors. State boards of accountancy have final authority on the acceptance of individual
courses for CPE credit.
Complaints regarding registered sponsors may be addressed to the National Registry of CPE
Sponsors, 150 Fourth Avenue North, Nashville, TN, 37219-2417. Telephone: 615.880.4200.
Web site: www.nasba.org
To assist us in improving our programs, please indicate your opinions by rating each speaker and
other program elements using the appropriate number from the scale below.
8. Paul E. Coggins, JD
Knowledge of Subject Matter 5( ) 4( ) 3( ) 2( ) 1( )
Presentation Skills 5( ) 4( ) 3( ) 2( ) 1( )
C. The written materials were accurate, relevant, and contributed to achievement of Learning
Objectives: 5( ) 4( ) 3( ) 2( ) 1( )
E. For Group Site Attendees: Rate the facility and learning environment (Note
shortcomings below): 5( ) 4 ( ) 3 ( ) 2 ( ) 1 ( )
F. For Webcast Viewers: Rate the performance of the internet technology for this
course: 5( ) 4( ) 3( ) 2( ) 1( )
___________________________________________________________________
Group location participants should return the completed evaluation to the site proctor.
Faculty Information
David L. Cotton, CPA, CFE, CGFM, is chairman of Cotton & Company LLP, Certified Public Accountants. Cotton &
Company is headquartered in Alexandria, Virginia. The firm has a practice concentration in assisting Federal and State
agencies, inspectors general, and government grantees and contractors with a variety of government program-related as-
surance and advisory services. Cotton & Company has performed grant and contract, indirect cost rate, financial state-
ment, financial related, and performance audits for more than two dozen Federal inspectors general as well as numerous
other Federal and State agencies and programs. Cotton & Company’s Federal agency audit clients have included the U.S.
Government Accountability Office, the U.S. House of Representatives, the U.S. Small Business Administration, the U.S.
Bureau of Prisons, and the U.S. Marshals Service. Cotton & Company also assists numerous Federal agencies in preparing
financial statements and improving financial management and accounting systems. Mr. Cotton received his BS in mechan-
ical engineering (1971) and an MBA in management science and labor relations (1972) from Lehigh University in Beth-
lehem, PA. He also pursued graduate studies in accounting and auditing at the University of Chicago, Graduate School
of Business (1977 to 1978). Mr. Cotton is presently serving on the Advisory Council on Government Auditing Standards.
He is a member of the Advisory Council of the Academy for Government Accountability. He is also a member of the
advisory board of the Institute for Truth in Accounting. He is serving on the Institute of Internal Auditors (IIA) Anti-
Fraud Programs and Controls Task Force, and is a former member of the American Institute of CPAs (AICPA) “Group of
100.” He served on the AICPA task force that wrote Management Override: The Achilles Heel of Fraud Prevention. He
is the past-chairman of the AICPA Federal Accounting and Auditing Subcommittee and has served on the AICPA Gov-
ernmental Accounting and Auditing Committee and the Government Technical Standards Subcommittee of the AICPA
Professional Ethics Executive Committee. Mr. Cotton served on the board of the Virginia Society of Certified Public
Accountants (VSCPA), and on the VSCPA Litigation Services Committee, Professional Ethics Committee, Quality Review
Committee, and Governmental Accounting and Auditing Committee. He is member of the Greater Washington Society
of CPAs (GWSCPA) and is serving on the GWSCPA Professional Ethics Committee. He is a member of the Association of
Government Accountants (AGA) and is past-advisory board chairman and past-president of the AGA Northern Virginia
Chapter. He is also a member of the Institute of Internal Auditors and the Association of Certified Fraud Examiners. Mr.
Cotton has testified as an expert in governmental accounting and auditing issues and fraud issues before the United States
Court of Federal Claims and other administrative and judicial bodies. Mr. Cotton served as a technical reviewer for the
1999 through 2003 editions of the AICPA Audit and Accounting Guide Audits of Federal Government Contractors. Mr.
Cotton is the author of the AICPA continuing education courses Fraud in Governmental and Not-for-Profit Audits—the
Auditor’s Responsibilities Under SAS 82 and Joint and Indirect Cost Allocations: How to Prepare and Audit Them. He has
lectured frequently on auditors’ fraud detection responsibilities under SAS 99, Consideration of Fraud in a Financial State-
ment Audit. He also has been an adjunct instructor at the Inspectors General Auditor Training Institute (Auditing the
Federal Contracting Process and Contract and Procurement Fraud) and currently teaches at the George Mason University
Small Business Development Center (Fundamentals of Accounting for Government Contracts).
Mr. Dennis F. Dycus, CFE, CPA, CGFM, presently serves as the Director of the Division of Municipal Audit for the Office
of the Comptroller of the Treasury, State of Tennessee. The Division is responsible for the annual audit of all municipali-
ties, utility districts, school activity and cafeteria funds, housing authorities, certain not-for-profit organizations and other
quasi-governmental entities in the State of Tennessee. In addition, the Division’s staff conducts numerous audits for fraud,
waste and abuse each year. From the beginning of his career with a national accounting firm, through the last 37 years of
involvement with the audits of all forms of governmental entities, he brings a wealth of practical experience to his pre-
sentations. A graduate of Western Kentucky University, Mr. Dycus is a frequent guest speaker/lecturer for various college
business/accounting classes, professional associations, local, state and national conferences and not-for-profit organiza-
tions. In 1996, the Eta Omicron Chapter of Beta Alpha Psi presented him with the Distinguished Alumnus Award in rec-
ognition of his support of the WKU Accounting Department. A 1986 graduate of the Tennessee Government Executive
Institute, Mr. Dycus is an active member of the American Institute of Certified Public Accountants where he previously
served on the Members in Government Committee, the Ad Hoc CPE Curriculum Task Force on Government and the
National CPE Curriculum Subcommittee. He is also a member of the Tennessee Society of Certified Public Accountants,
the Association of Government Accountants, where he previously served as chapter president; the Government Finance
Officers Association, and the Association of Certified Fraud Examiners, where he also served as chapter president and is a
former member of both the Association’s Board of Regent and ACFE Foundation as well as a member of their instructor
faculty on a national basis. In June, 2005, the Middle Tennessee Chapter honored him with the designation of president
emeritus in recognition of his longstanding contributions to the chapter. For the last several years, Mr. Dycus has devel-
oped and/or conducted training programs in all fifty states, Puerto Rico, Guam, Canada and Europe, for organizations
such as the Association of Certified Fraud Examiners; the American Institute of Certified Public Accountants; numerous
state CPA societies; the Government Finance Officers Association; the Association of Government Accountants; the Na-
tional Association of State Auditors, Comptrollers and Treasurers; Westcott Communications, Inc.; the Organization for
Security and Co-Operation in Europe; New York Presbyterian Hospital; IBM; HCA; NYC Presbyterian Hospital, Saturn,
Inc.; the US Department of Labor; the Government Accountability Office; the Internal Revenue Service; Bisk Education,
Inc.; Nichols Education, Inc.; numerous state audit organizations and individual professional firms. He is a frequent speak-
er at various professional conferences, both on a local and national level. In 1989 and again in 1997, he was the recipient
of the AGA’s, National Education and Training Award and has been presented with several Outstanding Discussion Leader
Awards by both the Tennessee and Florida Societies of Certified Public Accountants. In 1998 he was honored with the
Association of Certified Fraud Examiner’s, Distinguished Achievement Award for his meritorious service in the detection
and deterrence of fraud and in 2001 was one of only three individuals to receive the designation as a Fellow of the Associa-
tion of Certified Fraud Examiners in recognition for his contribution to expanding the Association’s body of knowledge
toward the detection of fraud. In 2003 he was the recipient of the Tennessee Society of CPA’s first ever, Outstanding CPA
in Government Award and in 2004 received the Association of Certified Fraud Examiners’ Outstanding CFE in Govern-
ment Award. In 2009 he was recognized as a Friend of the Association by the Tennessee Association of Utility Districts for
his contribution to the utility industry in Tennessee. This was only the second such recognition the association had made
in its 52 year history. In addition, he has authored articles on auditing for fraud for national publications.
Marshall B. Romney, PhD, CPA, CFE, is the John and Nancy Hardy Professor in the Marriott School of Management
at Brigham Young University. He is the recipient of the Marriott School’s outstanding professor award and the outstand-
ing researcher award. He is also the first recipient of Ernst & Young’s award for outstanding citizenship. Marshall holds
a Bachelor’s and Master’s degree from BYU. Upon graduation, Marshall went to work for Touche Ross where he got his
first exposure to fraud auditing as a member of the court-appointed team that investigated the Equity Funding fraud. For
the last 30 years, he has been involved in fraud prevention, detection, audit, and research. Marshall left public accounting
to earn a Ph.D. degree in accounting from the University of Texas at Austin. Marshall has published 23 different books,
including seven books on fraud and the leading text on Accounting Information Systems. He has developed 17 CPE
courses, including 13 on fraud. He authored 6 different articles on fraud for Groliers Encyclopedia. He has also had over
100 articles on fraud and other topics published in academic and professional journals or as chapters in books. Several of
the articles have been nominated for the journal’s article of the year award. Researchers in the US and in foreign countries
have cited his research numerous times, and a number of his publications have been translated and reprinted in journals
in other countries. His research on fraud has been the topic of a number radio and television interviews. Marshall has
taught for or consulted with over 50 different organizations and includes among his clients the Federal Bureau of Investi-
gation, three of the Big 4 CPA firms, the AICPA, the Arizona Auditor General’s Office, the Association of Certified Fraud
Examiners, the Institute of Internal Auditors, and twenty state CPA societies. Because of his extensive background in fraud
research, Marshall was asked to be the lead fraud researcher for the Treadway Commission. He had to turn the invita-
tion down due to other professional responsibilities. Marshall was an advisor to the National Commission on Fraudulent
Financial Reporting. Marshall is the recipient of eight research grants from CPA firms, the Institute of Internal Auditors,
and the American Accounting Association. He has made over 60 presentations at academic and professional conferences.
He has been on the editorial board of 10 academic and professional journals including the Journal of Forensic Account-
ing. Marshall is a past president of the Information Systems section of the AAA. He was a member of both the Informa-
tion Technology Executive Committee and the IT Practices Subcommittee of the American Institute of Certified Public
Accountants. He was the chairperson of the Information Technology committee for the Utah Association of CPAs, who
presented him with their outstanding chairperson award. At BYU, Marshall is the Associate Director of the School of
Accountancy and Information Systems and is the director of both the graduate and undergraduate Information Systems
programs.
Margie Reinhart, CPA, CFF, CFE, CA, has devoted her career to becoming highly skilled in the multi-facets of forensic
accounting, fraud consulting, white collar criminal investigations and forensic data analytics. Prior to founding Reinhart
Forensic Consulting, she spent over eleven years at a big four accounting firm and over three years managing the Dallas of-
fice of a boutique forensic accounting firm where she also served as the national government practice leader. Ms. Reinhart
works closely with government agencies, law firms and corporate executives, serving as an expert in forensic accounting
matters, fraud investigations, data analytics, interviews and interrogations, financial disputes, risk management, internal
audit special projects, and litigation consulting. She is a CPA, Certified in Financial Forensics, a Certified Fraud Examiner
and has practiced in both the United States and Canada.
Robert H. Spencer, PhD, for the past 30 plus years, has had many careers in business and technology , beginning with 13
years with the Department of Defense where he was part of the team that redesigned the Army’s accounting and military
pay systems. Next, Bob played key roles integrating microcomputers into training and education programs for the De-
partment of Navy in the early eighties. Along the way he owned and operated several successful companies including a
short career in real estate development and sales. Bob moved to private industry in 1984, joining a regional CPA firm as its
Director of Information Systems becoming a principal with the firm a few years later. Bob continues to consult with some
of the country’s most progressive accounting firms as well as many other industries including governmental, manufactur-
ing and distribution.
After retiring from his public accounting firm in 1995 he pursued a brief career in banking, but missing the diversity, he
returned to consulting and formed his own professional services firm. Bob believes that “Businesses today must extend
the life of their technology investment and this is done through strategic planning, management, and process engineer-
ing to more fully benefit from technology.” In today’s security-conscious world, Bob is also very active in assisting clients
with “hardening” their networks to minimize the threats of intrusion and regularly conducts security reviews and audits
for financial institutions. Dr. Spencer has pursued education with a passion throughout his career and has advanced
degrees in Computer Science and Administration as well as a Bachelors of General Studies that included studies in systems
engineering and accounting. He enjoys writing and has published a number of books over the past 20 years. In 2002 he
co-authored Technology Best Practices, published by John Wiley & Sons, with friend and partner Randy Johnston. Bob
and Randy also released their sixth edition of Accounting Software Solutions in 2005, which is available from K2 Enter-
prises at www.k2e.com. Bob has been published, and quoted, in hundreds of magazines, newspapers and journals over his
career. An estimated 26,000 CPAs read his commentaries monthly. He has been recognized by Who’s Who in Business
and Industry, Accounting Technology Magazine and many other professional organizations for his contributions. He is
invited to speak at more than 25 state, national, and international conferences each year and presents educational seminars
for CPAs as an associate of K2 Enterprises. Bob has been acknowledge as a respected and knowledgeable expert in the field
of technology and business.
Toby Bishop, CPA, CFE, is the director of the Deloitte Forensic Center for Deloitte Financial Advisory Services LLP
(Deloitte FAS). He has been named five times to Accounting Today’s Top 100 Most Influential People in the Accounting
Profession. He is co-author, with Frank Hydoski, of the book Corporate Resiliency: Managing the Growing Risk of Fraud
and Corruption (Wiley, 2009) and a related article in Harvard Business Review (October 2009). Toby is a contributing
author and a member of the board of editors of Business Crimes Bulletin, a member of the Institute of Internal Auditors’
(IIA) Board of Research and Education Advisors, a board member for the Institute for Fraud Prevention, has presented to
the Public Company Accounting Oversight Board’s (PCAOB) Standing Advisory Group, and serves on a task force for the
Center for Audit Quality’s Anti-Fraud Working Group. Toby co-authored the IIA/AICPA/ACFE guidance Managing the
Business Risk of Fraud: a practical guide. He also co-authored the AICPA guidance papers Management Antifraud Pro-
grams and Controls: Guidance to Help Prevent, Deter, and Detect Fraud and Management Override: The Achilles’ Heel of
Fraud Prevention — The Audit Committee and Oversight of Financial Reporting. Toby is the former president and chief
executive officer of the Association of Certified Fraud Examiners (ACFE), the professional association of over 50,000 anti-
fraud professionals in 125 countries. He is a thought leader in the area of fraud prevention and detection with a
special focus on the issue of financial statement fraud. A global commentator on fraud trends, Toby has been quoted in
major international publications such as The New York Times, London’s The Daily Telegraph and India Today. His mate-
rial has appeared in many publications including BusinessWeek, CFO magazine, Forbes.com, Fraud Magazine, Reuters,
USA Today, Accounting Today, The American Banker, The Auditor’s Report, Compliance and Ethics Magazine, Compli-
ance Week, Corporate Board Member, Corporate Counsel, The CPA Journal, Director’s Alert, GRC 360, Internal Auditing,
Journal of Accountancy, NACD Directorship, Rzeczpospolita, Sarbanes-Oxley Compliance Journal, Wall Street & Technol-
ogy, and White-Collar Crime Fighter. Toby has appeared on television in several countries. He has brought his thought-
provoking insights on fraud to events for organizations such as CFO Conferences, Financial Executives International, the
American Accounting Association, the American Institute of Certified Public Accountants (AICPA), state CPA societies,
the Association of Certified Fraud Examiners, Beta Alpha Psi, the Institute for International Research, the Institute of
Internal Auditors, the Institute of Management Accountants and the Wiley Faculty Network. He also provides executive
education on fraud for companies internationally. Dedicated to using education to empower others to fight fraud effec-
tively, Toby has given presentations to more than 1,000 professors to help them equip the next generation of accounting
and finance professionals. A popular invited speaker, he has given interactive presentations to thousands of undergraduate
and graduate students at universities around the world. A native of England, Toby is a graduate of Oxford University. He is
a CPA licensed in Illinois and Massachusetts, a CFE (Certified Fraud Examiner) and a fellow of the Institute of Chartered
Accountants in England & Wales (FCA).
Paul E. Coggins, JD, has been a Principal of Fish & Richardson P.C, in Dallas, Texas, since March 2001. He is the former
United States Attorney for the Northern District of Texas and, before that, Assistant United States Attorney in that office.
He is a former member, as well as Vice-Chair of Attorney General Janet Reno’s Advisory Committee. He was also a
former Texas Special Assistant Attorney General from1991-1993. In his practice, he concentrates in Complex Litigation,
Business Litigation, and White Collar Criminal Defense. His professional career also includes practice as a Partner with
Meadows, Owens, Collier, Reed & Coggins in Dallas, and with Johnson & Gibbs and with Hewett, Johnson, Swanson &
Barbee also in Dallas. He is an active member of the American, Texas and Dallas Bar Associations. He is a prolific author
of various professional books and articles and is a frequent presenter for various professional organizations, as well as
previous CLE Options courses.
Charles W. Blau, JD, is an attorney, in private practice, in Dallas, Texas. He focuses his practice on the representation of
individuals and entities that are accused of white collar crimes. Mr. Blau assists companies in discrete internal investiga-
tions both before and during governmental inquiries. He also aids corporations in fashioning, enacting and administering
compliance and ethics programs. He regularly advises clients how to prevent and detect criminal, civil and administrative
problems, often in conjunction with independent accountants and investigators. His practice concentration and experi-
ence includes criminal law and litigation: Tax Fraud, Criminal Anti-Trust and Securities Fraud, Defense Procurement
Fraud, Environmental Crimes, Health Care Fraud, Bank Fraud and Money Laundering Crimes. Mr. Blau was an Assis-
tant United States Attorney for the Southern District of Indiana in 1976 and held various federal prosecutorial positions
through 1987, including Associate Deputy Attorney General of the United States. He is a prolific author and speaker. He
is an active member of the ABA White Collar Crime Subcommittee and served as a co-chair of the Southwest Regional
Committee of the organization. He is member of the Florida, Indiana and Texas bar associations as well as many other
professional organizations. He received his undergraduate degree from Indiana University, his law degree from the Uni-
versity of Louisville and his L.L.M. in taxation from Georgetown University.
Alan M. Buie, JD, has been an Assistant United States Attorney for the Northern District of Texas since 2005. He is cur-
rently assigned to the fraud section of the criminal division in the Dallas office. Before joining the United States
Attorney’s Office, Mr. Buie was an enforcement attorney, then a branch chief and an assistant director, with the Fort Worth
office of the SEC from 2000 to 2005. He is currently focusing on the prosecution of securities-related crimes, but his
experience at the United States Attorney’s Offices in Dallas and Fort Worth has encompassed a variety of trial and appel-
late cases, including tax crimes, health care fraud, passport fraud, bank fraud, wire fraud, mail fraud, access device fraud,
and bankruptcy fraud, as well as mail theft, counterfeiting of U.S. currency, impersonation of federal officials, theft from
interstate shipments, threats against the president, bank robberies, immigration violations, international child kidnap-
ping, and firearms and narcotics offenses. Mr. Buie has been licensed to practice in Texas since 1992. He graduated from
Harvard Law School in 1992.
Table of Contents
Section Subject
3 5 C’s of Fraud
When the ACFE published its first Report to the Nation on Occupational Fraud and Abuse in 1996,
it broke new ground in anti-fraud research by providing an analysis of the costs, the methodologies
and the perpetrators of fraud within U.S. organizations. The collective body of knowledge con-
tained in the first five editions of the Report to the Nation — published between 1996 and 2008
— has become the most authoritative and widely quoted research publication on occupational
fraud.
Now, for the first time, the data contained in the Report have been drawn from fraud cases
throughout the world. As readers will see, it reflects the truly universal nature of occupational fraud. This expansion of
our research is denoted in the modified title for this study, which has now become the Report to the Nations on Occu-
pational Fraud and Abuse.
The information contained in this report is based on 1,843 cases of occupational fraud that were reported by the Certified
Fraud Examiners (CFEs) who investigated them. These offenses occurred in more than 100 countries on six continents,
and more than 43% took place outside the United States. What is perhaps most striking about the data we gathered is
how consistent the patterns of fraud are around the globe. While some regional differences exist, for the most part oc-
cupational fraud seems to operate similarly whether it occurs in Europe, Asia, South America or the United States.
The Report to the Nations is the brainchild of the ACFE’s founder and Chairman, Dr. Joseph T. Wells, CFE, CPA who
throughout his career has contributed more to the study of fraud and the development of the anti-fraud profession than
any other person. On behalf of the ACFE, and in honor of its founder, Dr. Wells, I am pleased to present the 2010 Report to
the Nations on Occupational Fraud and Abuse to practitioners, business and government organizations, academics, the
media and the general public throughout the world. The information contained in this Report will be invaluable to those
who seek to deter, detect, prevent or simply understand the global economic impact of occupational fraud.
Summary of Findings
t Survey participants estimated that the typical This Report is based on data
organization loses 5% of its annual revenue to compiled from a study of 1,843
fraud. Applied to the estimated 2009 Gross World
Product, this figure translates to a potential total cases of occupational fraud that
fraud loss of more than $2.9 trillion.
occurred worldwide between
t The median loss caused by the occupational
fraud cases in our study was $160,000. Nearly
January 2008 and December
one-quarter of the frauds involved losses of at 2009. All information was pro-
least $1 million.
vided by the Certified Fraud Ex-
t The frauds lasted a median of 18 months before
being detected. aminers (CFEs) who investigated
t Asset misappropriation schemes were the most
those cases. The fraud cases in
common form of fraud in our study by a wide our study came from 106 nations
margin, representing 90% of cases — though they
were also the least costly, causing a median loss — with more than 40% of cases
of $135,000. Financial statement fraud schemes
were on the opposite end of the spectrum in both
occurring in countries outside
regards: These cases made up less than 5% of the United States — providing a
the frauds in our study, but caused a median loss
of more than $4 million — by far the most costly truly global view into the plague
category. Corruption schemes fell in the middle,
comprising just under one-third of cases and
of occupational fraud.
causing a median loss of $250,000.
t Fraud reporting mechanisms are a critical t Internal controls alone are insufficient to fully
component of an effective fraud prevention and prevent occupational fraud. Though it is important
detection system. Organizations should implement for organizations to have strategic and effective
hotlines to receive tips from both internal and anti-fraud controls in place, internal controls will
external sources. Such reporting mechanisms not prevent all fraud from occurring, nor will they
should allow anonymity and confidentiality, and detect most fraud once it begins.
employees should be encouraged to report
t Fraudsters exhibit behavioral warning signs of their
suspicious activity without fear of reprisal.
misdeeds. These red flags — such as living beyond
t Organizations tend to over-rely on audits. External one’s means or exhibiting control issues — will not
audits were the control mechanism most widely be identified by traditional controls. Auditors and
used by the victims in our survey, but they ranked employees alike should be trained to recognize the
comparatively poorly in both detecting fraud and common behavioral signs that a fraud is occurring
limiting losses due to fraud. Audits are clearly and encouraged not to ignore such red flags, as
important and can have a strong preventative they might be the key to detecting or deterring a
effect on fraudulent behavior, but they should not fraud.
be relied upon exclusively for fraud detection.
t Given the high costs of occupational fraud,
t Employee education is the foundation of effective fraud prevention measures are critical.
preventing and detecting occupational fraud. Organizations should implement a fraud prevention
Staff members are an organization’s top fraud checklist similar to that on page 80 in order to help
detection method; employees must be trained in eliminate fraud before it occurs.
what constitutes fraud, how it hurts everyone in
the company and how to report any questionable
activity. Our data show not only that most frauds
are detected by tips, but also that organizations
that have anti-fraud training for employees and
managers experience lower fraud losses.
2010 REPORT TO THE NATIONS ON OCCUPATIONAL FRAUD AND ABUSE | 5
Introduction
A wide variety of crimes and swindles fall under the um- The stated goals of the first Report were to:
brella of fraud. From Ponzi schemes and identity theft to
t Summarize the opinions of experts on the percentage
data breaches and falsified expense reports, the ways and amount of organizational revenue lost to all
perpetrators attempt to part victims from their money are forms of occupational fraud and abuse.
extremely diverse and continually evolving. At their core, t Examine the characteristics of the employees who
however, all frauds involve a violation of trust. commit occupational fraud and abuse.
A Note to Readers: Throughout this Report, we have included several comparisons of our current findings with those from our 2008 Report. However, it is important to note that
the 2010 data include reported frauds from CFEs in 106 countries, while the 2008 data pertain to frauds reported only by CFEs in the United States. Although the populations of
respondents for the two studies are not entirely analogous, we have nonetheless included these prior-study comparisons, as we believe interesting and useful trends can be seen
by comparing and contrasting the frauds reported in the two studies. To enhance data clarity, we have included comparisons of 2008 data with both all-case data and U.S.-only data
from our 2010 research when noteworthy discrepancies in our current findings are present.
Timing Internal
Sales Bid Rigging Differences Documents
Schemes
Ficticious External
Revenues Documents
Other Other
Concealed
Liabilities and
Expenses
Improper
Disclosures
Improper
Asset
Valuations
Cash Non-Cash
Refunds Asset
Cash on Sales Receivables Requisitions
Hand and Other
and Transfers
Unconcealed Unconcealed
Fraudulent Larceny
Disbursements
Expense Register
Billing Schemes Payroll Schemes Reimbursement Check Tampering Disbursements
Schemes
Ghost Mischaracterized
Shell Company Expenses Forged Maker False Voids
Employees
Authorized
Maker
30%
29.3%
25%
23.7%
20%
Percent of Cases
18.4%
15%
10%
10.6%
8.4%
7.2%
5%
2.4%
0%
Less than $1,000 – $10,000 – $50,000 – $100,000 – $500,000 – $1,000,000
$1,000 $9,999 $49,999 $99,999 $499,999 $999,999 and up
Dollar Loss
2
Although this Report includes fraud cases from more than 100 nations, all monetary amounts presented throughout this Report are in U.S. dollars.
As indicated in the following charts, asset misappropriations Financial statement fraud is the most
are by far both the most frequent and the least costly form costly form of occupational fraud, causing
of occupational fraud. On the other end of the spectrum are a median loss of more than $4 million.
cases involving financial statement fraud. These schemes
were present in less than 5% of the cases reported to us,
but caused a median loss of more than $4 million. Corrup-
tion schemes fell in the middle category in both respects,
occurring in just under one-third of all cases involved in our
study and causing a median loss of $250,000.
2010
86.3%
Asset
Misappropriation 2008
88.7%
Type of Fraud
32.8%
Corruption
26.9%
4.8%
Financial
Statement Fraud
10.3%
Percent of Cases
2010
Financial $4,100,000
Statement Fraud 2008
$2,000,000
Type of Fraud
$250,000
Corruption
$375,000
$135,000
Asset
Misappropriation
$150,000
Median Loss
3
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
As previously mentioned, our 2010 data include fraud cases from countries throughout the world, while our 2008 data
contain only U.S.-based cases. In the following charts, we isolated the U.S. cases from our current study to make a more
direct comparison to our 2008 data. Interestingly, while financial statement fraud remained the least common and most
costly form of fraud among U.S. cases, there was a much lower percentage of financial statement cases in this study
(four percent) as compared to 2008 (ten percent). Additionally, the median losses for all three categories of fraud were
notably smaller in 2010 than they were in 2008.
2010
89.8%
Asset
Misappropriation 2008
88.7%
Type of Fraud
21.9%
Corruption
26.9%
4.3%
Financial
Statement Fraud
10.3%
Percent of Cases
4
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
2010
Financial $1,730,000
Statement Fraud 2008
$2,000,000
Type of Fraud
$175,000
Corruption
$375,000
$100,000
Asset
Misappropriation
$150,000
Median Loss
In addition to observing the frequency and median losses Percent of Total Reported Dollar Losses
caused by the three categories of fraud, we analyzed the
proportion of the total losses suffered based on scheme Asset Misappropriation
20.8%
category. The cases in our study represented a combined
Corruption
total loss of more than $18 billion. As indicated in the chart 11.3%
to the right, of the total reported losses that were attribut-
able to a specific scheme type, 21% were caused by asset
misappropriation schemes, 11% by corruption and 68%
Financial Statement Fraud
by fraudulent financial statements. 68.0%
Two of the sub-schemes — skimming and cash larceny — involve pilfering incoming cash receipts, such as sales revenues
and accounts receivable collections. The next five sub-categories — billing, expense reimbursement, check tampering,
payroll and fraudulent register disbursement schemes — involve fraudulent disbursements of cash. The eighth form of
cash misappropriation targets cash the organization has on hand, such as petty cash funds or cash in a vault. The final
sub-category of asset misappropriations covers the theft or misuse of non-cash assets, including inventory, supplies, fixed
assets, investments, intellectual property and proprietary information. The table on page 15 provides the frequency and
median loss associated with each asset misappropriation sub-category.
Payroll 24
Billing 24
Corruption 18
Cash on Hand 18
Skimming 18
Larceny 18
Non-Cash 15
Register Disbursement 12
0 5 10 15 20 25 30
5
The sum of percentages in this table exceeds 100% because several cases involved asset misappropriation schemes from more than one category.
Tip 40.2%
Management Review 15.4%
Detection Method
Percent of Cases
Percent of Tips
fraud reporting policies and programs should be publi-
30%
cized not only to employees, but also to customers, ven-
dors and other external stakeholders. 17.8%
20%
13.4%
12.1%
Impact of Anonymous Reporting 10%
Mechanisms (Hotlines) 3.7%
2.5% 1.8%
While tips have consistently been the most common way 0%
ee
nc s
s
or
r
er
n /
to detect fraud, the impact of tips is, if anything, understat-
do
ta r'
ou
w er
e
om
tit
in ato
oy
Co er
O old
n
m
pe
pl
Ve
ua tr
st
ny
eh
m
Em
cq pe
ed by the fact that so many organizations fail to implement
Cu
no
ar
A r
Pe
A
Sh
fraud reporting systems. Such systems enable employees
to anonymously report fraud or misconduct by phone or Source of Tips
6
through a web-based portal. The ability to report fraud
anonymously is key because employees often fear making repeatedly been shown to be the most effective way to
reports due to the threat of retaliation from superiors or catch fraud. The better an organization is at collecting and
negative reactions from their peers. Also, most third-party responding to fraud tips, the better it should be at detect-
hotline systems offer programs to raise awareness about ing fraud and limiting losses.
how to report misconduct. Consequently, one would ex-
pect that the presence of a fraud hotline would enhance In 67% of the cases where there was an anonymous
fraud detection efforts and foster more tips. tip, that tip was reported through an organization’s fraud
hotline. This strongly suggests that hotlines are an effec-
This turns out to be true. As seen on page 18, the pres- tive way to encourage tips from employees who might oth-
ence of fraud hotlines correlated with an increase in the erwise not report misconduct. Perhaps most important, as
number of cases detected by a tip. In organizations that noted on page 43, organizations that had fraud hotlines suf-
had hotlines, 47% of frauds were detected by tips, while fered much smaller fraud losses than organizations without
in organizations without hotlines, only 34% of cases were hotlines. Those organizations also tended to detect frauds
detected by tips. This is important because tips have seven months earlier than their counterparts.
6
For simplicity’s sake, we will refer to all reporting mechanisms as hotlines in this study.
Impact of Hotlines
47.1%
Tip 33.8%
Organizations With Hotlines
4.6%
By Accident 11.9%
3.7%
Document Examination 6.5%
3.0%
Surveillance/Monitoring
2.2%
1.4%
External Audit
7.3%
1.4%
IT Controls
0.4%
1.0%
Notified by Police
2.3%
Confession 0.9%
1.1%
Percent of Cases
43.2%
Tip 35.8% Not-for-Profit
41.1%
46.3%
13.0%
Management Review 15.4% Private Company
17.6%
11.6%
10.7%
Internal Audit 11.6% Public Company
16.7%
15.1%
6.5%
By Accident 11.2% Government
6.8%
5.3%
8.9%
Detection Method
Percent of Cases
When we look at how small businesses detect frauds, it is apparent that they catch a much lower proportion of schemes
through tips or internal audits than larger organizations. According to the chart on page 20, only 33% of small business
frauds are detected by a tip, and only 8% are detected by an internal audit. Additionally, a relatively large percentage
of frauds are caught by accident at small companies — nearly twice as many as at larger organizations. Many of these
discrepancies are likely due to the low rates of control implementation at small businesses.
Percent of Cases
Percent of Cases
7
See Appendix for a listing of countries included in each region.
Percent of Cases
Percent of Cases
Percent of Cases
Percent of Cases
Percent of Cases
By Accident 12.5%
Internal Audit 10.0%
Surveillance/Monitoring 7.5%
Account Reconciliation 2.5%
External Audit 2.5%
Document Examination 0.0%
Notified by Police 0.0%
Confession 0.0%
IT Controls 0.0%
Percent of Cases
8
See Appendix for a listing of countries included in each region.
9
The sum of percentages in these tables exceeds 100% because several cases
involved schemes from more than one category.
Oceania — 40 Cases
Number of Percent of Corruption Cases by Region
Scheme
Cases Cases We compared the proportion and cost of cases involving
Corruption 16 40.0% corruption among the regional categories in our study. The
Non-Cash 12 30.0%
results are presented in the following table.
Billing 11 27.5%
Check Tampering 7 17.5%
Readers should keep in mind that this data does not neces-
Skimming 5 12.5%
sarily reflect overall corruption levels within each region; it
Cash on Hand 4 10.0%
only reflects the specific fraud cases that were investigated
Expense Reimbursements 4 10.0%
Cash Larceny 3 7.5% and reported to us by the CFEs who took part in our study.
Payroll 2 5.0%
Register Disbursements 1 2.5%
Financial Statement Fraud 1 2.5%
In addition to experiencing the most frauds, private and public companies were also victim to the costliest schemes in
our study; the median loss for the cases at these businesses was $231,000 and $200,000, respectively (see page 28).
In contrast, the losses experienced by government agencies and not-for-profit organizations were about half as much.
Government agencies had a median loss of $100,000, while not-for-profits lost a median of $90,000.
2010
42.1%
Private Company
39.1%
Type of Victim Organization
2008
32.1%
Public Company
28.4%
16.3%
Government
18.1%
9.6%
Not-for-Profit
14.3%
Percent of Cases
2010
$231,000
Private Company
$278,000
Type of Victim Organization
2008
$200,000
Public Company
$142,000
$100,000
Government
$100,000
$90,000
Not-for-Profit
$109,000
Median Loss
Size of Organizations
Continuing the trend observed in our prior studies, small Additionally, our research has historically shown that
organizations — those with fewer than 100 employees — smaller organizations suffer disproportionately large loss-
suffered the greatest percentage of the frauds in our 2010 es due to occupational fraud. Organizations with fewer
study, accounting for more than 30% of the victim orga- than 100 employees experienced the greatest median
nizations. However, the variation between size categories loss of all categories of victim organizations in our 2008
is relatively small, with 23% of victims having between study. The same was true in our 2006 study. However,
100 and 999 employees, 26% having 1,000 to 9,999 em- that was not the case when we looked at the full body
ployees and 21% having more than 10,000 employees. of data from our current survey. Consequently, we under-
This relatively small disparity contrasts with our previous took additional analyses to see what effect, if any, the in-
studies, in which small organizations were involved in a clusion of cases from countries outside the United States
much higher percent of frauds than any other category. had on these findings.
2010
30.8%
<100
38.2%
2008
Number of Employees
22.8%
100 — 999
20.0%
25.9%
1,000 — 9,999
23.0%
20.6%
10,000+
18.9%
Percent of Cases
2010
$155,000
<100
$200,000
2008
Number of Employees
$200,000
100 — 999
$176,000
$139,000
1,000 — 9,999
$116,000
$164,000
10,000+
$147,000
Median Loss
If we make a direct comparison of the U.S. cases from our current study to the data from 2008, we can see that, though
the median loss in each category is smaller absolutely, the median losses suffered by the smallest organizations are
greater than those suffered by larger organizations. This finding is similar to our observations in previous studies and
suggests that small companies in the United States are indeed disproportionately harmed by occupational fraud.
$150,000
100 — 999
$176,000
$60,000
1,000 — 9,999
$116,000
$84,000
10,000+
$147,000
Median Loss
An analysis of the nature of losses at small businesses becomes more interesting when we expand our examination to each
region represented. For the frauds perpetrated in Europe, Asia, Canada and the United States, the median losses were signifi-
cantly greater at small organizations than at those with more than 100 employees. Conversely, the median losses experienced by
small organizations in Central/South America and the Caribbean, Africa and Oceania were notably less than those experienced
by their larger counterparts.
$200,000
Canada
$110,000
Region
$150,000
United States
$80,000
$65,000
Africa
$258,000
$195,000
Oceania
$574,000
Median Loss
As the chart below illustrates, check tampering schemes were much more common at small organizations than at all
other entities. Skimming and payroll frauds were also more common in small organizations. These trends stand to rea-
son, as the functions affected by such schemes — the check writing, cash collection and payroll functions, respectively
— are more likely to be performed by a single individual, such as a bookkeeper, and are often subject to less oversight
within a small organization than in a large company where duties are more segregated and authorization of transactions
is more formalized. In contrast, although corruption schemes were the third most common fraud scheme faced by small
businesses, they were less frequent within small companies than in bigger organizations.
28.7%
Billing 24.9%
<100 Employees
26.1%
Check Tampering
8.0%
100+ Employees
Corruption 25.5%
35.2%
21.6%
Skimming 11.0%
Type of Scheme
16.8%
Expense Reimbursement 14.2%
14.9%
Non-Cash 18.1%
14.7%
Cash on Hand 10.7%
13.4%
Payroll 6.5%
Larceny 12.3%
8.4%
5.6%
Financial Statement Fraud 4.5%
3.0%
Register Disbursements
2.9%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Percent of Cases
11
There was a small sample of only 12 cases in this industry, which may impact the reliability of the median loss data.
In the following tables, we have presented the distribution of fraud schemes for all industries in which there were more
than 50 reported cases.12 Many of the findings are not surprising. For example, theft of cash on hand — which includes the
theft of cash from a bank vault — accounted for just 12% of all cases combined, but occurred in 22% of the cases involv-
ing the banking and financial services industry. Similarly, both theft of non-cash assets and fraudulent register disburse-
ments were much more common in the retail industry than in other sectors. This makes sense, as retail establishments
tend to have more inventory- and cash-register-based transactions than entities in other industries. Examining the variation
in schemes among industries underscores the need for organizations to consider the specific fraud risks they face when
determining which processes and functions merit additional resources devoted to fraud prevention and detection.
13
Transparency International, 2008 Bribe Payers Index (Berlin: Transparency International, 2008). http://www.transparency.org/content/download/39275/622457
As mentioned in our discussion on fraud detection methods (see page 16), tips are the number one means by which fraud
is detected. However, less than half of the victim organizations in our study had a hotline in place at the time the fraud oc-
curred. There is evidence that the presence of a hotline improves organizations’ ability to detect fraud and limit fraud losses
(see page 43), which should cause more organizations to implement fraud hotlines.
Hotline 48.6%
Percent of Cases
14
The sum of percentages in this chart exceeds 100% because many victim organizations had more than one anti-fraud control in place at the time of the fraud.
15
KEY:
t External Audit of F/S = Independent external audits of the organization’s financial statements
t Internal Audit / FE Department = Internal audit department or fraud examination department
t External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
t Management Certification of F/S = Management certification of the organization’s financial statements
Perhaps most concerning is that only 15% of small businesses had a hotline in place, compared to 64% of larger orga-
nizations. As previously discussed, our research shows that hotlines are consistently the most effective fraud detection
method. Further, as discussed on page 43, the median loss for frauds at companies with hotlines was 59% smaller than
the median loss for frauds at organizations without such a mechanism. Arguably, enacting hotlines would go a long way
in helping small-business owners protect their assets from dishonest employees.
Percent of Cases
It is interesting to note the variations in use of controls by region. Specifically, for some anti-fraud controls, the propor-
tion of victim organizations utilizing the control was markedly greater in regions containing developing countries than in
those regions primarily made up of developed nations. For example, the organizations in Central/South America and the
Caribbean had the highest rate of external audits of both financial statements and internal controls over financial report-
ing, as well as of hotlines. Similarly, codes of conduct, internal audit or fraud examination departments, management
certification of financial statements, independent audit committees, anti-fraud policies and rewards for whistleblowers
were all most common among the African organizations in our study, and management review, surprise audits and job
rotation or mandatory vacation policies were most often implemented by Asian organizations. On the opposite end of
the spectrum, the United States had the lowest rate of presence for several of these controls.
16
External Audit of ICOFR = Independent audits of the organization’s internal controls
over financial reporting.
Hotline
Independent Audit Committee Region Percent of Cases
Region Percent of Cases Central/South America and Caribbean 52.9%
Africa 63.4% United States 52.0%
Canada 59.6% Africa 47.3%
Oceania 57.5% Europe 45.9%
Asia 54.7% Asia 43.3%
Central/South America and Caribbean 54.3% Canada 41.4%
Europe 54.1% Oceania 25.0%
United States 50.8%
Effectiveness of Controls
We compared the median loss experienced by those organizations that had a particular anti-fraud control against the
median loss for those organizations without that control at the time of the fraud. Hotlines were the control with the great-
est associated reduction in median loss, reinforcing their value as an effective anti-fraud measure. Employee support
programs, surprise audits and fraud training for staff members at all levels were also associated with median loss reduc-
tions of more than 50%. Interestingly, financial statement audits — the most commonly implemented control — was
among the controls with the smallest associated reduction in median loss.
Similarly, we compared the duration of fraud schemes at organizations with and without anti-fraud controls. As reflected
in the table below, the presence of each control correlated with a reduction in the duration of fraud. We found it interest-
ing that the controls associated with the greatest reduction in scheme lengths are not the same as the ones that had the
most impact on median loss.
17
KEY:
t External Audit of F/S = Independent external audits of the organization’s financial statements
t Internal Audit / FE Department = Internal audit department or fraud examination department
t External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
t Management Certification of F/S = Management certification of the organization’s financial statements
We thought it useful to examine which controls had the greatest effect on the frauds reported in our study. We asked the
CFEs who took part in our survey to rank the importance of several anti-fraud controls in detecting or limiting the fraud.
The following chart shows the respondents’ opinions regarding each control’s usefulness.
Percent of Respondents
18
KEY:
t External Audit of F/S = Independent external audits of the organization’s financial statements
t Internal Audit / FE Department = Internal audit department or fraud examination department
t External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
t Management Certification of F/S = Management certification of the organization’s financial statements
Lack of Independent
Checks/Audits Lack of Employee
Lack of Competent 5.6% Fraud Education
Personnel in 1.9%
Oversight Roles
6.9% Lack of Clear Lines
of Authority
Poor Tone at the Top 1.8%
8.4%
To further examine the unique challenges faced by small businesses, we compared internal control weaknesses at orga-
nizations with fewer than 100 employees to those at larger organizations. As shown in the chart at the top of page 46, the
small organizations had a noted deficiency in internal controls that allowed fraud to occur. In nearly half of the cases at small
companies, a lack of internal controls was cited as the factor that most contributed to the occurrence of the fraud. Control
overrides were markedly less common at small companies than at their larger counterparts, most likely because the lack of
controls in so many small organizations meant there was nothing to override.
We were also interested to see what factors led to the success of the largest frauds in our study — those causing losses of
more than $1 million. Clearly, one deficiency is much more common in the million-dollar frauds than in smaller frauds: a poor
tone at the top. This weakness was cited nearly three times as often in million-dollar cases as in cases with smaller losses.
17.5%
Lack of Management Review 100+ Employees
17.8%
12.0%
Override of Existing Internal Controls 22.3%
7.8%
Poor Tone at the Top 8.5%
7.0%
Lack of Independent Checks/Audits 5.2%
1.6%
Lack of Clear Lines of Authority 2.0%
1.2%
Lack of Employee Fraud Education 2.0%
0.2%
Lack of Reporting Mechanism 0.9%
Percent of Cases
19.0%
Override of Existing Internal Controls 19.1%
<$1 Million Cases
16.8%
Lack of Management Review 18.2%
16.3%
Poor Tone at the Top
5.8%
6.5%
Lack of Independent Checks/Audits
5.3%
0.7%
Lack of Employee Fraud Education
2.3%
0.7%
Lack of Clear Lines of Authority
2.0%
0.5%
Lack of Reporting Mechanism
0.7%
Percent of Cases
Hotline 7.9%
Percent of Cases
19
The sum of percentages in this chart exceeds 100% because many victim organizations modified more than one anti-fraud control in response to the fraud.
20
KEY:
t External Audit of F/S = Independent external audits of the organization’s financial statements
t Internal Audit / FE Department = Internal audit department or fraud examination department
t External Audit of ICOFR = Independent audits of the organization’s internal controls over financial reporting
t Management Certification of F/S = Management certification of the organization’s financial statements
Perpetrator’s Position
We asked survey respondents whether the perpetrator
was an employee, a manager or an owner/executive. Be-
low we see that the distribution of cases based on the
perpetrator’s position was fairly similar to what we found
in our 2008 study, although the 2010 distribution was
slightly more skewed toward employees and managers.
Not surprisingly, there was a strong correlation between the More than 80% of the frauds in our study
perpetrator’s position of authority and the losses caused by were committed by individuals in six
fraud. The median loss in owner/executive frauds was more
departments: accounting, operations,
than three times the loss caused by managers, and more
sales, executive/upper management,
customer service and purchasing.
than nine times higher than losses in employee fraud cases.
2010
42.1%
Employee
Position of Perpetrator
39.7% 2008
41.0%
Manager
37.1%
16.9%
Owner/Executive
23.3%
Percent of Cases
2010
$80,000
Employee
Position of Perpetrator
$70,000 2008
$200,000
Manager
$150,000
$723,000
Owner/Executive
$834,000
Median Loss
In the United States and Canada, employees were the largest block of fraud perpetrators (46% in each country). In Europe,
Asia and Central/South America, however, managers accounted for 50% or more of the reported occupational frauds. In
Africa and Oceania, the number of frauds committed by managers and employees were roughly equal.
Median Loss
Median Loss
$340,000
(percent of cases)
Employee (31.9%)
Median Loss
$150,000
(percent of cases)
Employee (44.4%)
Median Loss
Median Loss
$31,000
(percent of cases)
Employee (32.8%)
Median Loss
$338,000
(percent of cases)
Employee (40.0%)
Median Loss
Perpetrator’s Gender
Two-thirds of the frauds in our study were committed by males, which is a higher percentage than we encountered in 2008,
but consistent with the overall trend noted in prior reports that most occupational frauds are committed by men.
2010
66.7%
Male 2008
59.1%
33.3%
Female
40.9%
Percent of Cases
86.7% Male
Asia
13.3%
Female
82.1%
Europe
17.9%
75.7%
Africa
24.3%
67.5%
Oceania
32.5%
58.1%
Canada
41.9%
57.2%
United States
42.8%
Percent of Cases
Males accounted for significantly higher median fraud losses than females, which is also consistent with our previous studies.
The median loss caused by a male perpetrator was more than twice as high as the median loss caused by a female.
$232,000
Male 2008
$250,000
$100,000
Female
$110,000
Median Loss
When broken down by region, we see that fraud losses caused by male perpetrators were higher than females in every
region. The gap was particularly large in Europe and Oceania.21
$300,000 Male
Asia
$200,000
Female
$680,000
Europe
$160,000
$238,000
Africa
$182,000
$500,000
Oceania
$230,000
$145,000
Canada
$125,000
$167,000
United States
$82,000
Median Loss
To some extent, the higher losses caused by males are attributable to the fact that they tended to occupy higher posi-
tions of authority within the victim organizations. There were an equal number of male and female fraudsters at the
employee level, but the manager and owner/executive levels — which tend to cause higher losses — were dominated
by males. Seventy-four percent of all managers and 88% of all owners/executives in the study were male.
Surprisingly, though, even when we compared median losses within each position group, male fraud losses tended to be
higher. At the employee level, losses caused by males were 36% higher than those caused by females; at the manager
level, they were 67% higher, and at the owner/executive level, they were 325% higher.22
21
There was a small sample of only 40 cases in Oceania, which may impact the reliability of the findings from that region.
22
There was a small sample of only 35 frauds committed by female owners and executives, which may impact the reliability of that data.
Male
356
Employee
Position of Perpetrator
356 Female
514
Manager
184
247
Owner/Executive
35
Number of Cases
Male
$95,000
Employee
Position of Perpetrator
$70,000 Female
$250,000
Manager
$150,000
$850,000
Owner/Executive
$200,000
Median Loss
Perpetrator’s Age
The distribution of perpetrators based on their age was similar to our 2008 study, but the 2010 perpetrators tended to be
slightly younger. Our past reports have generally shown the highest levels of fraud to occur in the 36–50 age range, but this
year we found more than half of all cases were committed by individuals between the ages of 31 and 45. Generally speak-
ing, median losses tended to rise with the age of the perpetrator, which is consistent with our prior research. The most
notable difference between 2008 and 2010 is the losses caused by perpetrators older than 60. In each study, however,
we were dealing with fewer than 40 cases in that category. Given the small sample size, we believe this is more likely to
be an anomaly than an indication of any particular trend.
15%
13.7%
12.8%
Percent of Cases
12.0%
5.2% 5.2%
5% 4.6%
3.9%
2.2%
0%
<26 26 – 30 31 – 35 36 – 40 41 – 45 46 – 50 51 – 55 56 – 60 >60
Age of Perpetrator
$1,000,000
2010
$974,000
2008
$800,000
Median Loss
$636,000
$600,000
$435,000
$428,000
$400,000
$360,000
$344,000
$145,000
$321,000
$127,000
$120,000
$113,000
$270,000
$265,000
$60,000
$200,000
$50,000
$200,000
$25,000
$15,000
$0
<26 26 – 30 31 – 35 36 – 40 41 – 45 46 – 50 51 – 55 56 – 60 >60
Age of Perpetrator
Perpetrator’s Tenure
Tenure may have an effect on occupational fraud rates and losses because individuals who work for an organization for
a longer period of time tend to engender more trust from their co-workers and superiors. They also may acquire higher
levels of authority, and they tend to develop a better understanding of the organization’s internal practices and proce-
dures, which can help them design frauds that will evade internal controls.
The distribution of fraudsters based on their tenure in this study was very similar to what we found in 2008. More than
40% of perpetrators had between one and five years of experience at the victim organization when they committed the
fraud, while a very small percentage had been with the victim organization for less than a year. About half of all fraudsters
had been with the victim for more than five years (see page 58).
As would be expected, losses tended to rise as the perpetrators’ tenure increased. Employees who had more than five
years of tenure with the victim organization caused median losses of more than $200,000. Those who had been with the
victim for five years or less caused much lower losses.
40.5% 2008
40%
Percent of Cases
30% 27.5%
24.6% 25.4%
23.2%
20%
10% 7.4%
5.7%
0%
Less than 1 year 1 – 5 years 6 – 10 years 10 years or more
Tenure of Perpetrator
$200,000
Median Loss
$150,000 $142,000
$114,000
$100,000
$47,000 $50,000
$50,000
$0
Less than 1 year 1 – 5 years 6 – 10 years 10 years or more
Tenure of Perpetrator
2010
Education Level of Perpetrator
14.0%
Postgraduate Degree
10.9%
2008
38.0%
College Degree
34.4%
17.1%
Some College
20.8%
28.8%
High School Graduate
33.9%
Percent of Cases
2010
Education Level of Perpetrator
$300,000
Postgraduate Degree
$550,000
2008
$234,000
College Degree
$210,000
$136,000
Some College
$196,000
$100,000
High School Graduate
$100,000
Median Loss
Perpetrator’s Department
The table below left shows how frauds were distributed across various departments within the victim organizations. Inter-
estingly, 80% of all frauds in this study were committed by employees in six departments: accounting, operations, sales,
executive/upper management, customer service and purchasing. In our 2008 study, these six departments accounted for
83% of all cases. Additionally, the frauds in these six departments also accounted for 95% of all losses in our 2010 study,
and 99% in 2008.
The table below right presents the same data on frauds by department, but is sorted based on median losses. Among
the six highest-frequency departments we see that upper management ($829,000) and purchasing ($500,000) caused
the highest median losses. Frauds committed in the sales ($95,000) and customer service ($46,000) departments tended
to result in much lower losses.
Accounting Department
The most common schemes committed by fraudsters in the accounting department were check tampering and billing fraud,
each of which occurred in over 30% of cases. When compared to the overall distribution, we see that accounting personnel
are much more likely than other employees to commit check tampering and payroll fraud, but less likely to engage in corrup-
tion or steal non-cash assets. This distribution was similar to what we encountered in 2008.
30.8%
Billing
26.0%
All Cases
18.3%
Skimming
14.5%
16.3%
Cash Larceny
9.8%
15.8%
Payroll
Scheme Type
8.5%
13.1%
Cash on Hand 12.0%
11.4%
Expense Reimbursement
15.1%
10.4%
Corruption
32.8%
5.7%
Non-Cash
17.5%
4.1%
Financial Statement Fraud
4.8%
2.2%
Register Disbursements
3.0%
Percent of Cases
23
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Primary Operations
Fraudsters who worked in the primary operations of the victim organization most often engaged in corruption (31% of
cases) and billing fraud (22%). The distribution of frauds by operations staff was consistent with the overall distribution
of frauds.
30.8% Operations
Corruption 32.8%
22.1%
Billing 26.0%
All Cases
15.7%
Expense Reimbursement 15.1%
15.4%
Non-Cash 17.5%
14.7%
Scheme Type
Skimming 14.5%
13.0%
Cash on Hand 12.0%
11.0%
Check Tampering 13.4%
9.4%
Payroll 8.5%
9.0%
Cash Larceny 9.8%
2.7%
Financial Statement Fraud 4.8%
2.0%
Register Disbursements 3.0%
Percent of Cases
24
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
33.8%
Corruption Sales
32.8%
23.6%
Non-Cash
17.5%
All Cases
16.4%
Skimming
14.5%
15.6%
Expense Reimbursement 15.1%
13.8%
Billing
Scheme Type
26.0%
12.0%
Cash on Hand 12.0%
9.3%
Cash Larceny
9.8%
8.0%
Register Disbursements 3.0%
4.0%
Check Tampering
13.4%
3.6%
Financial Statement Fraud
4.8%
1.8%
Payroll
8.5%
Percent of Cases
25
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Billing 40.6%
26.0%
All Cases
Expense Reimbursement 29.9%
15.1%
Non-Cash 18.3%
17.5%
Payroll 16.1%
Scheme Type
8.5%
Skimming 13.8%
12.0%
Percent of Cases
26
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Corruption 21.7%
Customer Service
32.8%
19.2%
Skimming
14.5%
All Cases
18.3%
Cash on Hand
12.0%
17.5%
Non-Cash
17.5%
9.2%
Cash Larceny
Scheme Type
9.8%
8.3%
Billing
26.0%
8.3%
Check Tampering
13.4%
8.3%
Register Disbursements 3.0%
3.3%
Expense Reimbursement
15.1%
1.7%
Financial Statement Fraud
4.8%
0.8%
Payroll
8.5%
Percent of Cases
27
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Purchasing Department
The vast majority of frauds in the purchasing department involved corruption (72% of cases), and billing schemes also
occurred at a very high rate (43%). Both of these schemes were more likely to occur in the purchasing department than
in any other area of the organization, which is not surprising because the purchasing function often lends itself to bribery,
overbilling and bid rigging schemes, which are among the most costly forms of occupational fraud.
71.8%
Corruption Purchasing
32.8%
42.7%
Billing
26.0%
All Cases
13.6%
Non-Cash
17.5%
9.7%
Expense Reimbursement 15.1%
5.8%
Skimming
Scheme Type
14.5%
4.9%
Cash on Hand 12.0%
4.9%
Check Tampering
13.4%
2.9%
Cash Larceny 9.8%
1.9%
Payroll
8.5%
0.0%
Financial Statement Fraud
4.8%
0.0%
Register Disbursements
3.0%
Percent of Cases
28
The sum of percentages in this chart exceeds 100% because several cases involved schemes from more than one category.
Percent of Cases
Only 7% of the fraud perpetrators in our study had been
previously convicted of a fraud-related offense, which
60%
was virtually identical to our finding in 2008. Eighty-six
percent had never been charged with or convicted of a 40%
prior offense. The low rate of prior convictions suggests
that criminal background checks may have some effect in 20%
preventing fraud, but the effect is probably limited. 6.7% 6.8% 7.7% 5.7%
0%
Never Charged Prior Charged But
Perpetrator’s Employment Background or Convicted Convictions Not Convicted
In addition to criminal history, past employment issues
may indicate that an employee is more likely to engage Criminal Background
in fraudulent conduct in the future. Of the respondents in
our survey, 791 were able to provide information about
the perpetrator’s prior employment history. Among those Perpetrator’s Employment Background
cases, about 8% of perpetrators had been previously
100%
punished and 10% had been previously terminated for 2010
82.4% 82.6%
fraud-related conduct. 2008
80%
Percent of Cases
We presented survey respondents with a list of common behavioral red flags and asked them to identify which of these
warning signs had been displayed by the perpetrator prior to detection of the fraud. As shown in the chart below, the most
common red flags displayed by perpetrators were living beyond financial means (43% of cases), experiencing financial
difficulties (36%), excessive control issues with regard to their jobs (23%) and an unusually close association with vendors
or customers (22%). This distribution is very similar to what we found in our 2008 study. As we continue to track this
data in future studies, we hope to be able to identify consistent relationships between behavioral warning signs and
the occurrence of occupational fraud. Ideally, this data will help organizations build better fraud-detection programs that
incorporate behavioral data in addition to more standard anti-fraud controls.
43.0% 2010
Living beyond means 38.6%
36.4%
Financial difficulties 34.1% 2008
22.6%
Control issues, unwillingness to share duties 18.7%
22.1%
Unusually close association with vendor/customer 15.2%
19.2%
Wheeler-dealer attitude 20.3%
17.6%
Divorce/family problems 17.1%
14.1%
Behavioral Red Flag
11.9%
Addiction problems 13.3%
10.2%
Refusal to take vacations 6.8%
9.3%
Past employment-related problems 7.9%
7.9%
Complained about inadequate pay 7.3%
7.5%
Excessive pressure from within organization 6.5%
6.3%
Past legal problems 8.7%
5.6%
Instability in life circumstances 4.9%
5.1%
Excessive family/peer pressure for success 4.2%
4.6%
Complained about lack of authority 3.6%
Percent of Cases
29
The sum of percentages in this chart exceeds 100% because in many cases perpetrators displayed more than one behavioral red flag.
40.7%
Living beyond means 43.8% Employee
48.3%
47.6%
Financial difficulties 30.7%
26.1% Manager
15.2%
Control issues, unwillingness to share duties 25.8%
33.0%
Owner/Executive
12.1%
Unusually close association with vendor/customer 29.8%
24.9%
10.7%
Wheeler-dealer attitude 21.0%
35.2%
19.3%
Divorce/family problems 16.4%
16.5%
9.8%
Irritability, suspiciousness or defensiveness 16.9%
Behavioral Red Flag
16.5%
12.1%
Addiction problems 12.7%
10.7%
11.6%
Refusal to take vacations 10.0%
7.7%
11.1%
Past employment-related problems 7.6%
8.4%
9.8%
Complained about inadequate pay 6.8%
7.3%
4.8%
Excessive pressure from within organization 9.9%
8.4%
6.3%
Past legal problems 5.9%
7.7%
6.6%
Instability in life circumstances 4.3%
5.7%
5.8%
Excessive family/peer pressure for success 4.3%
5.7%
2.6%
Complained about lack of authority 6.7%
2.7%
Percent of Cases
30
The sum of percentages in this chart exceeds 100% because in many cases perpetrators displayed more than one behavioral red flag.
14.3%
9.3%
Addiction problems 7.4%
12.9%
14.7%
Refusal to take vacations 8.0%
10.7%
10.7%
Past employment-related problems 10.0%
9.1%
6.7%
Complained about inadequate pay 8.3%
8.6%
21.3%
Excessive pressure from within organization 11.1%
6.4%
8.0%
Past legal problems 5.9%
6.4%
2.7%
Instability in life circumstances 5.0%
5.9%
9.3%
Excessive family/peer pressure for success 6.5%
5.4%
4.0%
Complained about lack of authority 5.6%
4.7%
Percent of Cases
31
The sum of percentages in this chart exceeds 100% because in many cases perpetrators displayed more than one behavioral red flag.
Accountant 11.6%
Respondent’s Occupation
Consultant 7.1%
Attorney 1.0%
Educator 0.5%
Percent of Respondents
Experience
The professionals who took part in our study had a median of 12 years of experience in the fraud examination field. Over
80 percent of respondents had more than five years of anti-fraud experience, and nearly one-quarter of the participants
have worked in fraud examination for more than 20 years.
25% 26.5%
Percent of Participants
24.4%
20%
17.8% 17.9%
15%
13.4%
10%
5%
7.2%
0%
5 years or less 6 to 10 years 11 to 15 years 15 to 20 years More than 20 years
Experience
Law Enforcement
11.9%
In-house Examiner
53.8%
Professional
Services Firm
34.4%
Micronesia 1
New Zealand 8
The most cost-effective way to limit fraud losses is to prevent fraud from occurring. This checklist is designed to
help organizations test the effectiveness of their fraud prevention measures.
q Have the costs of fraud to the company and everyone in it — including lost profits, adverse publicity, job loss
and decreased morale and productivity — been made clear to employees?
q Do employees know where to seek advice when faced with uncertain ethical decisions, and do they believe that
they can speak freely?
q Has a policy of zero-tolerance for fraud been communicated to employees through words and actions?
q Have employees been taught how to communicate concerns about known or potential wrongdoing?
q Do employees trust that they can report suspicious activity anonymously and/or confidentially and without fear
of reprisal?
q Has it been made clear to employees that reports of suspicious activity will be promptly and thoroughly evaluated?
3. To increase employees’ perception of detection, are the following proactive measures taken and publicized to
employees?
q Is possible fraudulent conduct aggressively sought out, rather than dealt with passively?
q Does the organization send the message that it actively seeks out fraudulent conduct through fraud assessment
questioning by auditors?
q Are surprise fraud audits performed in addition to regularly scheduled fraud audits?
q Is continuous auditing software used to detect fraud and, if so, has the use of such software been made known
throughout the organization?
q Are employees surveyed to determine the extent to which they believe management acts with honesty and integrity?
q Have fraud prevention goals been incorporated into the performance measures against which managers are
evaluated and which are used to determine performance-related compensation?
q Has the organization established, implemented and tested a process for oversight of fraud risks by the board of
directors or others charged with governance (e.g., the audit committee)?
6. Are strong anti-fraud controls in place and operating effectively, including the following?
q Use of authorizations
q Physical safeguards
q Job rotations
q Mandatory vacations
7. Does the internal audit department, if one exists, have adequate resources and authority to operate
effectively and without undue influence from senior management?
q Credit checks
q Drug screening
q Education verification
q References check
9. Are employee support programs in place to assist employees struggling with addictions, mental/emotional
health, family or financial problems?
10. Is an open-door policy in place that allows employees to speak freely about pressures, providing
management the opportunity to alleviate such pressures before they become acute?
t Provides bona fide qualifications for CFEs through administration of the Uniform CFE Examination
t Serves as the global representative for CFEs to business, government and academic institutions
t Provides leadership to inspire public confidence in the integrity, objectivity, and professionalism of CFEs
Membership
Immediate access to world-class anti-fraud knowledge and tools is a necessity in the fight against fraud. Members of
the ACFE include accountants, internal auditors, fraud investigators, law enforcement personnel, lawyers, business
leaders, risk/compliance professionals and educators, all of whom have access to expert training, educational tools and
resources.
Members all over the world have come to depend on the ACFE for solutions to the challenges they face in their
professions. Whether their career is focused exclusively on preventing and detecting fraudulent activities or they
just want to learn more about fraud, the ACFE provides the essential tools and resources necessary for anti-fraud
professionals to accomplish their objectives.
The ACFE logo, ACFE seal, Certified Fraud Examiner and Fraud Magazine®
are trademarks owned by the Association of Certified Fraud Examiners, Inc.
Section 2
The Center for Audit Quality (CAQ) is dedicated to enhancing investor confidence
and public trust in the global capital markets by:
ACKNOWLEDGEMENTS
We would like to thank all those who participated in the discussions and interviews,
and the drafting of this document; this report would not have been possible
without you. We appreciate the wisdom shared throughout this process. While
there are too many who contributed to name, we would like to mention one —
Elizabeth Rader, director at Deloitte LLP — for her immense contribution in
reviewing the material and drafting this report.
Executive Summary5 0
Endnotes 5 EE
Appendix 25 #&#)!,*"35 EK
Appendix 35 ."))&)!#&5..'(.5 FE
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C ///
Executive Summary
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C <
& &
& $& (5
(!'(.>5 ."5 ,#!".5 ."#(!Y5 (5 )/(.,.-5 *,--/,5 (5 #((.#0-5 .)5
),-5) 5#,.),->5/#.5)''#..->5#(.,(&5/#.),->5(5 )''#.5 ,/@5(5."#&5/&./,5&-)5-/**),.-51&&?-#!(>5
2.,(&5/#.),-5'%5/*5."5*/)'*(35V((#&5,? [.#05 )(.,)&-5 .".5 #'#(#-"5 )**),./(#.#-5 ),5 ,/5 (5
*),.#(!5*,)--5),5U-/**&35"#(Y5(5"05)'*&'(.,35 #(,-5."5&#%&#"))5.".5 ,/51#&&55..5+/#%&3@5 (5
(5#(.,)((.5,)&-5#(5�,#(!5"#!"?+/&#.35V((#&5 #.#)(>55/&./,5) 5")(-.35(5#(.!,#.35-0,&35&#'#.-5(5
,*),.#(!5 .)5 ."5 #(0-.#(!5 */&#>5 #(&/#(!5 ."5 .,,(5 #(#0#/&9-5#&#.35.)5,.#)(- ,//&(.5.#)(-@
(5..#)(5) 5 ,/@ 5 #-/--#)(5 *,.##*(.-5 !,5 .".5 '(!'(.5
(!'(.5"-5*,#',35,-*)(-##&#.35 ),5."5V((#&5 *&3-5."5')-.5,#.#&5,)&5#(5/#&#(!55-.,)(!5."#&5/&?
,*),.#(!5 *,)--5 (5 ),5 #'*&'(.#(!5 )(.,)&-5 .)5 .,5 ./,@5 "35 '*"-#45 .".>5 .)5 )5 -)>5 -(#),5 '(!'(.5
(5..5V((#&5,*),.#(!5 ,/@5),-5) 5#,.),-5(5 '/-.5 &,&35 )''/(#.5 ."#&5 2*..#)(-5 (5 0#-#&35
/#.5)''#..-5,5,-*)(-#&5 ),5)0,-#!".5) 5."5/-#? ȗ."'@5 '*),.(.&3>5'*&)3-5(5.)5",5."5-'5
(--5 (5 ."5 )(.,)&5 (0#,)('(.@5 "5 /#.5 )''#..5 '--!-5 ,)'5 ."#,5 #''#.5 -/*,0#-),->5 /-5."35
)0,--5."5V((#&5,*),.#(!5*,)-->5."5#(.,(&5/#.5 "05 ."5 ')-.5 *)1, /&5 (5 #,.5 #(W/(5 )(5 ."5 ."#&5
/(.#)(>5(5."5)'*(39-52.,(&5/#.),-@5 $/!'(.-5) 5."#,5'*&)3-@
(.,(&5/#.),-5*&355%35,)&5#(55)'*(39-5#(.,(&5 )(5.5."5.)*5#-5,#( ),5.",)/!"5."5-.&#-"'(.5
)(.,)&5 -.,/./,5 (5 "05 5 *,) --#)(&5 ,-*)(-##&#.35 .)5 ) 55)'*,"(-#05 ,/5,#-%5'(!'(.5*,)!,'51#."55
0&/.5."5*).(.#&5 ),5."5)/,,(5) 5 ,/5(5")15 ,#&35--#&5)(V(.#&51"#-.&&)1,5*,)!,'@5 (5
."5),!(#4.#)(5'(!-5 ,/5,#-%@52.,(&5/#.),-5'/-.5 .>5-./#-5-")15.".5 ,/5')-.5) .(5#-5..5.",)/!"5
5#(*((.5) 5."5)'*(35."35/#.5(5*,)0#55*/? .#*-@5 (5'/&.#(.#)(&5),!(#4.#)(->5#.5#-5,#.#&5.".5."#-5
,*),.5)(5."5(.#.39-5((/&5V((#&5-..'(.->5#(&/? (5 ,/5 .,,(5 *,)!,'-5 &-)5 )/(.5 ),5 /&./,&5
#(!Z ),5@@5*/)'*(#-51#."56IG5'#&&#)(5),5'),5#(5 #[,(-@
',%.5*#..#)(Z(5)*#(#)(5)(5."5[.#0(--5) 5."5 ),-5(5/#.5)''#..-5-/**),.5(5,#( ),5."5
(.#.39-5#(.,(&5)(.,)&5)0,5V((#&5,*),.#(!@ .)(5 .5 ."5 .)*5 #(5 *,.5 35 "))-#(!5 ."5 ,#!".5 '(!'(.5
.'@5 /#.5 )''#..-5 )0,-5 ."5 V((#&5 ,*),.#(!55
*,)-->5 #(&/#(!5 ')(#.),#(!5 ,/5 ,#-%5 (5 ."5 ,#-%5 ) 5
Fraud Deterrence and Detection
'(!'(.5)0,,#5) 5)(.,)&-@5),->5.",)/!"5."5)'?
)15(5.")-5#(5."5V((#&5,*),.#(!5-/**&35"#(5#(#? *(-.#)(5(5/#.5)''#..->5&-)5,#( ),5."5)'*?
0#/&&35 (5 )&&),.#0&35 '#.#!.5 ."5 ,#-%5 ) 5 V((#&5 (39-5 ."#&5 0&/-5 35 ,0#1#(!5 )'*(-.#)(5 *&(->5
,*),.#(!5 ,/Q5"#&5.",5#-5()5U-#&0,5/&&.>Y5."55 -*#&&35 .")-5 ),5 -(#),5 '(!'(.>5 ),5 /(#(.(.#)(&5
#-/--#)(5*,.##*(.-5)(-#-.(.&35#(.#V5.",5."'-L #((.#0-5.)5)''#.5V((#&5,*),.#(!5 ,/@
"5#(.,(&5/#.5 /(.#)(5.-.-5(5')(#.),-5."5-#!(5
³5 5-.,)(!>5"#!"&35."#&5.)(5.5."5.)*5.".5*,'.-5."5
(5 [.#0(--5 ) 5 ,/5 *,)!,'-5 (5 #(.,(&5 )(.,)&5
),*),.5 /&./,5 :(5 [.#05 ,/5 ,#-%5 '(!'(.5
)0,5V((#&5,*),.#(!@5),#(!5.)5"5 (-.#./.5) 5 (.,?
*,)!,'5#-55%35)'*)((.5) 5."5.)(5.5."5.)*;
(&5 /#.),-5 :"5 ;>5 #(.,(&5 /#.5 -")/&5 )*,.5 1#."5
³5 %*.##-'>55+/-.#)(#(!5'#(-.5.".5-.,(!."(-5*,)? ),!(#4.#)(&5#(*((>51"#"5)'')(&35#(&/-5#?
--#)(&5)$.#0#.3>5)(5."5*,.5) 5&&5*,.##*(.-5#(5."5 ,.5 ,*),.#(!5 .)5 ."5 /#.5 )''#..5 (5 /(,-.,#.5 ?
V((#&5,*),.#(!5-/**&35"#( --5 .)5 ."5 ),5 (5 /#.5 )''#..5 -")/&5 '..,-5 ) 5
)(,(5 ,#-@5 2.,(&5 /#.),-5 "05 ."5 ,-*)(-##&#.35 .)5
³5 .,)(!5)''/(#.#)(5')(!5-/**&35"#(5*,.##*(.-
*&(5 (5 *, ),'5 (5 /#.5 .)5 ).#(5 ,-)(&5 --/,(5
& & & (& 5 -.,)(!5 ."#&5 /&./,5 -.,.-5 .5 ."5 .)*5 .".5 ."5 V((#&5 -..'(.-5 ,5 ,5 ) 5 '.,#&5 '#--..?
1#."55)'*(39-5')-.5-(#),5&,-5(5--5.",)/!"5 '(.>51".",5/-535,,),5),5 ,/@5
."5(.#,5),!(#4.#)(5.)5,.>5#(5."51),-5) 555#-?
/--#)(5*,.##*(.>55U'))5#(5."5'#&Y5(55U/445.5 (&%*.##-'5#(0)&0-5."50&#.#)(5) 5#( ),'?
."5)..)'Y5.".5,W.5(5,#( ),5."5.)(5.5."5.)*@5 .#)(5 .",)/!"5 *,)#(!5 +/-.#)(->5 ."5 ,#.#&5 ----'(.5 ) 5
),*),.5/&./,5#(W/(-5&&5.",5-#-5) 5."5 ,/5.,#? 0#(>5(5..(.#)(5.)5#()(-#-.(#-@5%*.##-'5#-5().5
(!&@55-.,)(!5."#&5/&./,5,.-5(52*..#)(5.)5U)5 (5(5#(5#.-& 5(5#-5().5'(.5.)5()/,!55")-.#&5.')?
</ C DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION
-*",5),5'#,)?'(!'(.M5#.5#-5(5--(.#&5&'(.5) 5 *(5(5,)/-.52"(!-5.".5)(-#)/-&35-.,#05.)50)#5
."5*,) --#)(&5)$.#0#.35,+/#,5) 5&&5*,.##*(.-5#(5."5 '#(#'&#-.>5)'*&#(?),#(.5#-/--#)(-51#&&53#&5'2?
V((#&5,*),.#(!5-/**&35"#(@5%*.##-'5.",)/!")/.5."5 #'/'5(V.-5 ),5&&5*,.#-@5
-/**&35"#(5#(,--5().5)(&35."5# "# &&5.".5 ,/51#&&5
5..>5/.5&-)5."5')'+ &%5.".5 ,/51#&&55..?
The Case for Collaboration: Increasing
>51"#"5,/-5."5,#-%5.".5 ,/51#&&55..'*.@5
Effectiveness Across the Financial Reporting
5#-/--#)(5*,.##*(.-5().5.".5'(!'(.52?
Supply Chain
,#--5-%*.##-'535*,#)#&&35.-.#(!5--/'*.#)(-5)/.5
V((#&5 ,*),.#(!5 *,)---5 (5 )(.,)&->5 (5 ,'#(#(!5 5 #-/--#)(5 *,.##*(.-5 !,5 .".5 1"#&5 -/**&35
)!(#4(.5) 5."5*).(.#&5 ),5 ,/>5*,.#/&,&35# 5."5),!? "#(5 *,.##*(.-5 1),%5 .)5 .,5 (5 ..5 V((#&5 ,?
(#4.#)(5 #-5 /(,5 V((#&5 *,--/,@5 "35 '*"-#45 ."5 *),.#(!5 ,/5)(5)'*(35.55.#'>5."5)&&.#05-",#(!5
#'*),.(5) 5"0#(!5),-5(5/#.5)''#..-5'*&)355 ) 5 #-5 (5 ,-)/,-5 1)/&5 !,.&35 0(5 [),.-5 .)5
-%*.#&5**,)"5#(5#-",!#(!5."#,5)0,-#!".5,-*)(-#? '#.#!.5V((#&5,*),.#(!5 ,/@
#&#.#-@5 )5 2,#-5 -%*.##-'5 [.#0&3>5 ),5 (5 /#.5 "55�-5.".5-/"5)&&),.#)(51)/&5#(5
)''#..5 '',-5 (5 5 ."),)/!"5 %()1&!5 ) 5 ."5 ("(5."5#&#.35) 5*,.##*(.-5#(5."5V((#&5,*),.#(!5
)'*(39-5/-#(--5:-*#&&35."5,#0,-5) 5#.-5,0(/5(5 -/**&35 "#(5 .)5 .,5 (5 ..5 V((#&5 ,*),.#(!5 ,/5
*,)V.#&#.3;>5#.-5#(/-.,35(5)'*.#.#05(0#,)('(.>5(5 (5.",35-/-.#(5(5("(5)(V(5#(5."5*#.&5
%35,#-%-@5 ',%.-5 )0,5 ."5 &)(!5 .,'@5 (5 #.#)(5 .)5 ."5 #-/--#)(5
),5)."5#(.,(&5(52.,(&5/#.),->5-%*.##-'5#-5(5 *,.##*(.->5 ."5 5 -)/!".5 #(*/.5 )(5 ."#-5 ,*),.5 ,)'55
#(.!,&5*,.5) 5."5)(/.5) 5."#,5*,) --#)(&5/.#->5#(? #((#&5 2/.#0-5 (.,(.#)(&5 : ;>5 ."5 .#)(&5 -?
&/#(!5."5)(-#,.#)(5) 5."5,#-%5) 5'(!'(.5)0,? -)#.#)(5) 5),*),.5#,.),-5:;>5(5"5 >5),?
,#5 ) 5 )(.,)&-@5 (.,(&5 (5 2.,(&5 /#.),-5 (5 &-)5 !(#4.#)(-5 .".5 &,35 ,5 .#0&35 (!!5 #(5 [),.-5 .)5
*,)0#5 #(-#!".5 #(.)5 ."5 )'*(39-5 ."#&5 /&./,5 (5 ."5 '#.#!.5."5,#-%5) 5V((#&5,*),.#(!5 ,/@5"5) 5."-5
[.#0(--5) 5#.-5#(.,(&5)(.,)&-5.)5--#-.5),5(5/#.5 ),!(#4.#)(-5*,)0#5-#!(#V(.5-/**),.5(5#(-#!".->5(5
)''#..5'',-5#(52,#-#(!5-%*.##-'@ 2*,--5#(.,-.5#(5 /,.",5)&&),.#)(@
(5&#!".5) 5."5*)-#.#05,*.#)(5."#-5[),.5"-5,#05
& & & &
& $& (5."5#'*),.(5) 5."#-5#--/5.)5#(0-.),5)(V(>5."5
(&,.##*(.-5#(5."55#-/--#)(-5-.,--5.".5V? 5*&(-5.)5*&355&,-"#*5,)&535()/,!#(!5)(.#(?
((#&5,*),.#(!5-/**&35"#(5*,.##*(.-5-")/&5&0,!5 /5 )&&),.#)(5 1#."5 ."-5 %35 -.%")&,-5 :(5 ).",5
."#,5 )'*&'(.,35 (5 #(.,)((.5 ,-*)(-##&#.#-5 *,) --#)(&5 ),!(#4.#)(-5 1",5 **,)*,#.;5 .)5 &0,!5
.",)/!"5 ,+/(.5 (5 ,)/-.5 )''/(#.#)(-5 .)5 -",5 #(? 2#-.#(!5,-)/,->5-",5#->5(5*,#),#.#45 /./,5.#0#?
-#!".-5(5&#'#(.5!*-5#(5."#,5)&&.#05[),.-@5 .#-5.)50(5."5.,,(5(5..#)(5) 5V((#&5,?
"5/#.5)''#..5#-55"/5 ),5'(35) 5."-5)''/? *),.#(!5 ,/@551#&&5 )/-5)/,5#(#.#&5[),.-5#(5 )/,5,-L
(#.#)(-5/-5#.5"-5#,.5,*),.#(!5&#(-5 ,)'5'(!?
³5 0(5."5/(,-.(#(!5) 5)(#.#)(-5.".5)(.,#?
'(.>5 ."5 #(.,(&5 /#.),>5 (5 ."5 2.,(&5 /#.),@5 (5
/.5.)5 ,/
#.#)(5.)5,!/&,5)''/(#.#)(-51#."5."-5!,)/*->52?
³5 ,)').5#.#)(&5[),.-5.)5#(,-5-%*.##-'
/.#05---#)(-51#."5"5) 5."'>5-51&&5-51#."5-&.5
³5
),.5 ."5 ,#-%-5 ) 5 )/-#(!5 )(&35 )(5 -"),.?.,'5
%35'*&)3->5(5550&/&5.))&5 ),5),-5(5/#.5
,-/&.-
)''#..-5.)5).#(55,)5*,-*.#05)(5."5)'*(39-5
³5 2*&),5."5,)&5) 5#( ),'.#)(5."()&)!35#(5 #&#..?
V((#&5,*),.#(!5(0#,)('(.@5&-)>5,!/&,5)''/(#?
#(!5."5.,,(5(5..#)(5) 5 ,//&(.5V((#&5
.#)(5')(!5'(!'(.>5."5#(.,(&5/#.),>5(5."52.,?
,*),.#(!5555
(&5/#.),5#-5#(.!,&5.)5."5)'*&#-"'(.5) 5"5*,.39-5
,-*)(-##&#.#-@5 "-5,-5,*,-(.5."5!#((#(!5) 55 )/-5(5)),?
)!.",>5."-5)''/(#.#)(-5(&5."5-",#(!5) 5#(? #(.5 [),.5 .)5 '#.#!.5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5
),'.#)(>5 *,-*.#0->5 (5 )(,(-5 .".5 *,)0#5 5 0#15 ,/5(5."5'!5#.5(5/-5.)5#(#0#/&5)'*(#-5
#(.)5."5)'*(35.".5#-5U!,.,5."(5."5-/'5) 5#.-5*,.-@Y5 (5."5*#.&5',%.-@5
DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION C <//
PROLOGUE
0,5."5*-.5 15->5'/&.#*&5"&#(?!,#(!5--5 ,/-5 #(0-.#!.5 35 ."5 @@5 /,#.#-5 (5 2"(!5
) 5V((#&5,*),.#(!5 ,/5.5*/)'*(#-5"05,)%5 )''#--#)(5:;5 ,)'5CKKJ5.)5DBBI5(5 )/(5.".5."5
."5*#.&5',%.-@5"-5 ,/-5"055(!.#05#'*.5)(5 '#(5 )&&,5 ')/(.5 ) 5 "5 #(-.(5 ) 5 ,/5 "5 #(?
."5*#.&5',%.-5(5,)5."5.,/-.5) 5."5#(0-.#(!5*/? ,-5.",5.#'-5 ,)'5."5&0&5#(55-#'#&,5CKKK5-./3>5
&#@5#((#&5,*),.#(!5 ,/5(5&-)5"0550-..#(!5#'? ,)'55'#(5) 56F@C5'#&&#)(5#(5."5CKKK5-./35.)56CD5'#&?
*.5)(55)'*(39-5,*/..#)(>5.)5."5*)#(.5) 5$)*,#4#(!5 &#)(@5 (5#.#)(>5."5'#(5-#45) 5."5)'*(35#(0)&05
#.-52#-.(@5 #(5 ,//&(.5V((#&5,*),.#(!5#(,-5**,)2#'.&35
"5 ,(-?2&35 .5 ) 5 DBBD5 :."5 U,(-?2&35 -#2? )&>5 ,)'56CH5'#&&#)(5.)56KE5'#&&#)(5#(5.).&5--.-5(5
.Y5),5U."5.Y;51-5(.5#(5,-*)(-5.)5."5),*),.5 ,)'56CE5'#&&#)(5.)56ID5'#&&#)(5#(5,0(/-@5
-(&-5) 5."5&.5CKKB-5(5,&35DBBB->51"#"5,-/&.5#(5
³5 5DBBK5
5-/,035) 5DBF52/.#0-5) 5@@5)'*?
'$),5&)---5 ),5#(0-.),-5(55*,#*#.)/-5&#(5#(5#(0-?
(#-51#."5((/&5,0(/-5) 56DGB5'#&&#)(5),5'),5 )/(5
.),5)(V(5#(5."5@@5*#.&5',%.-@5"5,+/#,'(.-5
.".5HG5*,(.5) 5."5,-*)((.-5)(-#,5 ,/5.)55
) 5."5,(-?2&35.51,5#(.(5.)5-.,(!."(5*/?
5-#!(#V(.5,#-%5.)5."#,5),!(#4.#)(-5#(5."5(2.53,>5
)'*(#-95#(.,(&5)(.,)&-5)0,5V((#&5,*),.#(!5(5
(5'),5."(5)(?."#,5) 5.")-5#(.#V5V((#&5,?
"05 -,05 .)5 -",*(5 ."5 )/-5 ) 5 -(#),5 '(!'(.>5
*),.#(!5 ,/5-5)(5) 5."5"#!"-.5,#-%-@C5
),-5) 5#,.),->5/#.5)''#..->5#(.,(&5/#.5*,.?
'(.->5(52.,(&5/#.),-5)(5."#,5,-*)(-##&#.#-5 ),5,? ³5 # .3?-#25 *,(.5 ) 5 ."5 **,)2#'.&35 D>CBB5 /-#(--5
&#&5V((#&5,*),.#(!@5&.")/!"5#.5#-5!(,&&35*.5 *,) --#)(&-5-/,035/,#(!55&)#..5),(-#5(?
.".5."5,(-?2&35.5"-5#'*,)05),*),.5!)0,? .,5 1-.5 )/.5 ,/#(!5 ,/5 ,#-%5 *,#.5 .".5
((5(5,-5."5#(#(5) 5 ,/>5,(.5-./#-5 '),5V((#&5-..'(.5 ,/51)/&55/()0,5#(5
(5 -/,03-5 #(#.5 .".5 #(0-.),-5 (5 '(!'(.5 )(? DBCB5(5DBCC5-5)'*,5.)5."5*,0#)/-5.",53,-@5
.#(/5.)5"05)(,(-5)/.5V((#&5-..'(.5 ,/@5),5 &')-.5 "& 5 ) 5 .")-5 -/,035 :FH5 *,(.;5 *)#(.5 .)5
2'*&L5 ."5,--#)(5-5."5,-)(5 ),5."#-5#(,-@D5
³ Provides for the disgorgement of the bonuses and profits of executives involved in fraudulent financial reporting
³ Requires evaluations and increased disclosures of a company’s internal control over financial reporting by management, and
a related report by the external auditor for certain companies
³ Requires other enhanced disclosures, including whether the company has a code of ethics for senior financial officers
³ Enhances the role of the audit committee, including requirements for financial expertise and responsibility for oversight of
the company’s external auditor
³ Requires companies to establish whistleblower programs, and makes retaliation against whistleblowers unlawful
These provisions are generally held to have helped reduce financial reporting fraud and to serve as an ongoing deterrent to such
fraud. Several CAQ discussion participants emphasized the deterrent effect of the criminal penalties for untrue certifications by
the CEO or CFO.
1
Understanding the Landscape
Why Commit Fraud — The Seductive Triangle *,--/,5 )(.#(/-5 /(.>5 1#."5 ,,5 0('(.>5
)'*(-.#)(>5 (5 0(5 )(.#(/5 '*&)3'(.5 .5 ,#-%@5
",5 )(#.#)(-5 .3*#&&35 ,5 *,-(.5 1"(5 #(#0#/&-5 "(5*,--/,5#-5.,(- ),'5#(.)5(5)---#05.,'#?
)''#.5 ,/L5*,--/,5),5(5#((.#05.)5(!!5#(5 ,/>55 (.#)(5.)5"#05!)&-5()5'..,51".5."5)-.>5#.5)'-5
*,#05)**),./(#.3>5(5."5#&#.35.)5 /(&(5 (5 *).(.#&&35 -.,/?
,.#)(- ,//&(.5 "0#),@5 "#-5 There is a pressure at an individual .#0@5".5#-51"(5#(#0#/&-5,5')-.5
U ,/5.,#(!&Y51-5V,-.50&)*535 level which I think is significantly &#%&35.)5,-),.5.)5+/-.#)(&5.#0#?
().5 .1(.#."5 (./,35 ,#'#()&)!#-.5 associated with compensation .#-5.".5'35&5.)5 ,/@
)(&5 ,--3@E5 "-5 .",5 )(#? arrangements in the organization. ,.##*(.-5#(5."55,)/(.&5
.#)(-5'352#-.51".",5."5)()'35#-5 There is also pressure at a corporate #-/--#)(-5 (5 #(.,0#1-5 #(.#V5
-.,)(!5),51%>5(>5),#(!&3>5 ,/5 level, when there is a negative ."5 .)*5 .",5 ').#0.),-5 ),5 ,/5 -5
(5 5 )''#..5 #(5 )."5 !))5 .#'-5 economic environment that makes ')*&%#2 %5 :#(&/#(!5 '2#'#4#(!5
(5@5)15."(5)5."-5 .),-5')? targets much harder to achieve. *, ),'(5)(/--5(5."50&/5) 5
.#0.5 ,/Q Both can create powerful incentives -.)%?-5 )'*(-.#)(;M5 - %2
for financial statement fraud. *&)+8+)$2 H%% #2 &#*5 :#.",5 #(?
& & & @5 ,--/,5 Ian Ball, Chief Executive Officer, .,(&5 .,!.-5 ),5 2.,(&5 (&3-.5 2?
(5 5 #.",5 5 *)-#.#05 ),5 5 (!.#05 International Federation of Accountants *..#)(-;M5(5 %22%.*2 ,)'5
),@5 "(5 !)&-5 ,5 "#0&>55 #(0-.),-5(5."5*#.&5',%.-@5#'?
*,--/,5)(.,#/.-5.)5,.#0#.3>5\#(3>5(5)'*.#? #&,&3>5 ."5 <:;:2 2 ),2 '&)+2 )/(5 .".5 ."5 ')-.5
.#0(--@5)10,>5.'*..#)(-5 ),5'#-)(/.5,#-51"(5 )'')(&35#.5').#0.#)(-5 ),5V((#&5-..'(.5 ,/5
!)&-5)5().5**,5.)55..#(&535(),'&5'(->53.5 1,5 U."5 (5 .)5 '.5 #(.,(&5 ),5 2.,(&5 ,(#(!-5 2?
FRAUD
Opportunity Rationalization
*..#)(->5 (5 ..'*.5 .)5 )(&5 ."5 I think most people who come 1-5().5 )/(@5"5-./#-5#(#.5.".5
)'*(39-5.,#),.#(!5V((#&5)(? unstuck in this context of accounting ."5 ').#0.#)(5 ),5 ,/5 #-5 ) .(5 .)5 #(?
#.#)(>5 ."5 (5 .)5 #(,-5 ."5 -.)%5 misstatement are basically honest ,-5 ),5 *,0(.5 5 ,-5 #(5 -.)%5
*,#>5."5(5.)5)&-.,5V((#&5*,? people who get caught up and *,#@G
),'(5 ),5 *(#(!5 +/#.35 ),5 .5 then they get desperate. #((#&5'#--..'(.5),5'(#*/&?
V((#(!>5 ),5 ."5 -#,5 .)5 #(,-5 Jonathan Fisher QC, Barrister, .#)(5) .(5-.,.-5-'&&>5#(.(5-5U$/-.55
'(!'(.5 )'*(-.#)(5 -5 )(5 23 Essex Street Chambers; Trustee, &#..&5$/-.'(.Y5.)5'.5,(#(!-5.,?
V((#&5 ,-/&.-@Y5 (.,-.#(!&3>5 ? Fraud Advisory Panel !.-5 ),5 !#05 ."5 )'*(35 .#'5 .)5 #'?
'#5 ,-,"5 #(#.-5 .".5 ."5 ? *,)05,-/&.-@5 (#.#&&3>5."5#(#0#/&5#(?
-#,5.)5,)/*5),50)#5&)---5#-5'/"5'),5&#%&35.)5').#? 0)&05'35().50(5)(-#,51".5#-5)(5.)55/(*.&5
0.5(5#(#0#/&5.)5(!!5#(5.#0#.#-5.".5)/&5&5.)5 ),5 ,//&(.@5/.5-5."5(5.)5'#(.#(5."5*.#)(5)(?
,/5."(5."5-#,5 ),5*,-)(&5!#(@F5 .#(/->5)(5$/-.'(.5&-5.)5().",5(5."5-)*5) 5."5
.",5 ,-,"5 "-5 )/(5 .".5 2/.#0-5 (5 '#?&0&5 ,/52*(-5/(.#&5."5*,*.,.),5#-5&)%5#(5(5"5
'(!,-5 &5.".5."35 5)(.#(/&5*,--/,5.)5'.5/-#? )1(5."5U-&#**,35-&)*Y5.)5'$),5 ,/@5
(--5 )$.#0-5 -5 1&&5 -5 ."5 -"),.?.,'5 V((#&5 !)&-5 ) 5
(&3-.-5 (5 #(0-.),-@5 (5 ."5
5 DBBJXDBBK5 %+) +02 $& & @5 0(5 1"(5 *,--/,5 #-5 2.,'>5
,)-072 GK5 *,(.5 ) 5 '(!,-5 (5 '*&)3-5 %()1&? V((#&5,*),.#(!5 ,/5(().5)/,5/(&--5(5)**),./?
!5 &#(!5*,--/,5.)5)51".0,5#.5.%-5.)5'.5/-#? (#.35#-5*,-(.@5**),./(#.35"-5.1)5-*.-L5."5#(",(.5
(--5 .,!.-M5 GD5 *,(.5  .".5 -/-*.##&#.35 ) 5 ."5 )'*(39-5 ?
."35 1)/&5 5 ,1,5 -5 )(5 ,? When we are talking about material )/(.#(!5.)5'(#*/&.#)(>5(5."5)(?
-/&.-5 ,.",5 ."(5 ."5 '(-5 /-5 .)5 financial statement fraud, it is likely #.#)(-5 1#."#(5 ."5 )'*(35 .".5 '35
"#05."'M5(5FK5*,(.5 ,5&)-? that senior management either &&)15 5 ,/5 .)5 )/,@5 "5 (./,5 ) 5
#(!5."#,5$)-5# 5."35'#--5."#,5.,!.-@5 knows about it or has caused ."5 )'*(39-5 /-#(--5 (5 )/(.?
)(-#-.(.51#."5)''(.-5 ,)'5'/&.#? it by putting so much pressure #(!5(5*,)0#5-)/,-5) 5)**),./(#.35
*&55#-/--#)(5*,.##*(.->5-0,&5 on employees. ),5 ,/5#(5."5 ),'5) 5-#!(#V(.5,?
,(.5'#5-./#-5"05 )/(5.".5 &.?*,.35 .,(-.#)(-5 )/.-#5 ."5
Scott Taub, Managing Director,
2/.#0-5 .5 )'*(#-5 /-5 ) 5 V? Financial Reporting Advisors ),#(,35 )/,-5 ) 5 /-#(--M5 5 &,!5
((#&5 ,*),.#(!5 ,/5 5 !,.,5 V? 0)&/'5 ) 5 -.#'.-5 ) 5 --.->5 &##&#?
((#&5#((.#0-5.)5#(,-5-.)%5*,#>5#(5."5 ),'5) 5-.)%5 .#->5,0(/->5),52*(--5.".5,5-/$.#05),5#\/&.5.)5
),5)*.#)(5")&#(!->5."(52/.#0-5.5)'*(#-51",5 ,/5 ),,)),.M5 (5 #-)&.>5 &,!5 .,(-.#)(-@5 )'5 &,!5
.,(-.#)(->5-*#&&35.")-5&)-5.)5*,#)?(>5(5*)-5
)'*&25 U-/-.(5 )0,5 ),'Y5 +/-.#)(-5 .".5 *,)0#55
Perceived Root Causes of Misconduct )**),./(#.#-5 ),5 '(!'(.5 .)5 (!!5 #(5 ,//&(.55
(a survey of 5,065 working adults) ,*),.#(!@H5
"5)**),./(#.35 ),5 ,/5#-5&-)5[.5355)'*(39-5
Pressure to do “whatever it takes” to meet business 59%
#(.,(&5(0#,)('(.>51"#"5#-5&,!&35#(W/(535."5(?
targets
.#.39-5 /&./,5 (5 ."5 [.#0(--5 ) 5 #.-5 #(.,(&5 )(.,)&-@5
Believe will be rewarded for results, not means 52%
.,)(!5 )(.,)&-5 (5 -#!(#V(.&35 &#'#.5 *)--##&#.#-5 ),5 ."5
Believe code of conduct not taken seriously 51%
'(#*/&.#)(5) 5,-/&.-5),5 ),5 ,//&(.5.,(-.#)(-@5 .5#-5
Lack familiarity with standards for their jobs 51%
#'*),.(.5.)5'#(.#(55-",*5 )/-5)(5)(.,)&-5#(5)."5!))5
Lack resources to get job done without cutting corners 50%
(55)()'#5.#'-@5"(5,-/&.-5,5-.,)(!5(5',?
Fear losing job if miss targets 49%
%.-5 ,5 /*>5 .",5 (5 5 5 .((35 .)1,5 )'*&(3>5
Believe policies easy to bypass or override 47%
1#."5 #'#(#-"5 )/-5 )(5 #(.,(&5 )(.,)&-5 (5 ,/5
Seek to bend rules for personal gain 34%
-,/.#(35) 5,-/&.-@5 (5.)/!"5)()'#5.#'->5)'*(#-5.,3?
KPMG LLP (U.S.) Integrity Survey 2008–2009 #(!5.)5)5'),51#."5&--5'35/.5/!.-5#(5,-5.".5)'?
*,)'#-5 ."5 [.#0(--5 ) 5 #(.,(&5 )(.,)&-@5 )."5 ."5
%& & @5 (#0#/&-5 Norman Marks, Vice President, .!,#.35(5-.,)(!5."#&50&/-@5"(5
1")5 )''#.5 V((#&5 ,*),.#(!5 ,/5 Governance, Risk and Compliance, *,--/,-5 '%5 #(#0#/&-5 -*,.5
*)----5 5 *,.#/&,5 '#(-.5 .".5 &? SAP BusinessObjects (5 )**),./(#.35 #-5 *,-(.>5 V((#&5
&)1-5 ."'5 .)5 $/-.# 35 ),5 2/-5 ."#,5 ,*),.#(!5 ,/5 )'-5 5 ,&5 *)--#?
,//&(.5 .#)(-@5 5 #-/--#)(5 *,.##*(.-5 '*"? #&#.3@5-5)(5) 5."55#-/--#)(5*,.##*(.-5)-,0>5
-#45 .".5 *,-)(&5 #(.!,#.35 #-5 ,#.#&5 #(5 .,'#(#(!5 ')-.5 *)*&5 1")5 )''#.5 ,/5 )5 ().5 -.,.5 1#."5 5 )(?
1".",5 (5 #(#0#/&5 1#&&5 5 *,)(5 .)5 ,.#)(- ,/@5 -#)/-5 -#,5 .)5 )5 -)L5 U"35 (5 /*5 .",5 /-5 ."5
)10,>5-5."5*,--/,5),5#((.#05#(,-->5#(#0#/&-5 1),&5."35,5)*,.#(!5#(5"-5&5."'5.)55"&&(!5?
'35 5 '),5 &#%&35 .)5 )(-.,/.5 -)'5 ,.#)(.#)(5 ),5 3)(5."#,5*#&#.#-@Y
,//&(.5.#)(-@5),5#(-.(>5#(5(5(0#,)('(.5) 52? ,.##*(.-5 #(5 ."5 5 ,)/(.&5 #-/--#)(-5 &-)5
.,'5*,--/,5.)5'.5),*),.5V((#&5!)&->5'',-5 /(,-),5 .".5 ."5 !,.-.5 ,#-%5 ) 5 V((#&5 ,*),.#(!5
) 5'(!'(.5),5).",5'*&)3-5'35)(&/5.".5."35 ,/5,&.-5.)51".5"-5(5&&5."5U"#&&-95"&Y5
"05()5")#5/.5.)5,-),.5.)5 ,/5.)5-05."#,5)1(5$)-5 ) 5 ,/Z."5*)--##&#.35) 5'(!'(.5)0,,#5) 5)(?
),5."5$)-5) 5).",->5),5-#'*&35.)5%*5."5)'*(35 .,)&-@I5
(!'(.5#-5#(55/(#+/5*)-#.#)(5.)5 *,*.,.5
U/(.#&5."5./,(,)/(5)'-@Y5 ,/5/-5#.5*)-----5."5*)1,5.)5)0,,#5)(.,)&->5
",5 ."5 ').#0.#)(5 ),5 ,/5 #-5 '(#*/&.5 ,),->5 (5 #&#..5
'),5&.,/#-.#5."(5*,-)(&Z.)5-05 The presence of a process to deter )&&/-#)(535**&3#(!5*,--/,5.)5'?
$)-5 ),5 %*5 ."5 )'*(35 W).Z."5 fraud doesn’t eliminate the threat *&)3-5 (5 #.",5 (&#-.#(!5 ),5 ,?
*,--/,5.)5)''#.5 ,/5&-)5(5? of people acting fraudulently. +/#,#(!5."#,5--#-.(@
)'5 ."5 ,.#)(.#)(5 ),5 #.@5 "5 (5 -)'5 -#./.#)(->5 -(#),5 &,-5
Charles M. Elson, JD,
*,)--5) 5,.#)(.#)(>5&#%5."5-&#*? )5().5*,*.,.55 ,/5#,.&3>5/.5
Edgar S. Woolard, Jr. Chair,
*,35 -&)*5 .)5 ,/>5 ) .(5 -.,.-5 1#."5 Professor of Law and Director of the #(-.5,5#(#,.&35,-*)(-#&5?
$/-.# 3#(!55-'&&5(/!5.)5."5)/(? John L. Weinberg Center for Corporate /-5."35*/.5#(),#(.5*,--/,5)(5
Governance, University of Delaware -/),#(.-5 .)5 "#05 ,-/&.-5 .".5
,#-5 ) 5 *.&5 "0#),5 /.5 ."(5
.,#),.-5 #(.)5 5 1")&-&5 &)--5 ) 5 ,5 #'*)--#&5 1#.")/.5 U))%#(!5 ."5
)$.#0#.3@5)10,>5#-/--#)(5*,.##*(.-5().5.".5# 5 ))%-@Y5 .5 &)1,5 &0&-5 #(5 ."5 ),!(#4.#)(>5 #(#0#/&-5
'*&)3-5 /(,-.(5 .".5 0#)&.#)(-5 ) 5 ."5 )'*(39-5 '35 ().5 #(#.#&&35 ,- .".5 ."35 ,5 )''#..#(!5 ,/>5
."#&5-.(,-51#&&5().55.)&,.5(5# 5."35-5-? /.5 #(-.5 -5 ."'-&0-5 -5 -#'*&35 )#(!5 1".5 #-5 2?
(#),5 '(!'(.5 �#(!5 35 -.,#.5 ."#&5 -.(,-5 (5 *.5.)5U'%5."#,5(/',-Y5),5,-*)(#(!5.)5."5,?
)(-#-.(.&35')(-.,.#(!5"#!"5#(.!,#.3>5 ,//&(.5 ? +/-.5) 55-/*,0#-),@5
"0#),5)'-5#\/&.5.)5,.#)(@5
POINT TO PONDER
-%2,%)2/+)$2')**,)72&%#022*$##2')%+2&2*% &)2
Who Commits Fraud
$%$%+2+,##02&$$ +*2),9202&2*&$2,"#2,%8
"5.",5-#-5) 5."5 ,/5.,#(!&5,5#(.,,&.@5,-? )2 ')**,)72 %2 &+)*2 %&+F2 02 %2 &.2 &2 &&2 '&'#2
-/,5 (5 /-5 -)')(5 .)5 .#0&35 -%5 )**),./(#.3>5 (5 *+)+2&.%2+2*# '')02*#&'2+&2),F2 *2 +22,%+ &%2&2 )8
*,--/,5(5)**),./(#.35(5()/,!5,.#)(.#)(@5.5 ,$*+%*F2)2 *2 +22,%$%+#2)+)2I.F
."5-'5.#'>5()(5) 5."-5 .),->5&)(5),5.)!.",>5(?
Shared Responsibility to the Investing Public for Mitigating the Risk of Financial Reporting Fraud
³ Regular management or internal audit reviews of areas of activity (such as accounting estimates) susceptible to manipulation
Some controls, such as a whistleblower program, both deter fraud by their presence and help detect incidents of fraud.
(5)."5."59-5,)/(.&5#-/--#)(-5(5#(?*."5#(?
.,0#1->5 *,.##*(.-5 1,5 /((#')/-5 .".5 (5 ),!(#4? Tone at the Top Does Matter
.#)(9-5."#&5/&./,5#-55#-#05 .),5#(5'#.#!.#(!5."5,#-%5 The Integrity Survey 2008–2009, conducted by KPMG LLP,
) 5 ,//&(.5V((#&5,*),.#(!>5(5.".5."5),*),.5/&? found that among companies with a comprehensive ethics
./,5(5#.",5.,5V((#&5,*),.#(!5 ,/5),5#'*&##.&35 and compliance program, 90 percent of the respondents
)()(5#.@5#'#&,&3>5."5,#1.,")/-))*,-2992,'8 described the environment as one where people feel mo-
tivated and empowered to do the right thing. In compa-
'#$%+2 +&2 +2 <::C2 # &%&$ 2 ) $2 ,)-02 )/(5
nies without a comprehensive ethics and compliance pro-
.".5 ID5 *,(.5 ) 5 ."5 ,-*)(#(!5 2/.#0-5 #(.#V5 #-?
gram, only 43 percent gave that response.
-/-5 ,&.#(!5 .)5 ),*),.5 /&./,5 -5 ."5 ,)).5 /-5 ) 5 #(?
,-5)()'#5,#'@5
5 -.,)(!5 ."#&5 /&./,5 -.,.-5 1#."5 (5 ),!(#4.#)(9-5
')-.5-(#),5&,-5:."/-5."5*",-5U.)(5.5."5.)*Y;5(5 ,//&(.5.#)(-@5)10,>5# 5(5'*&)35#-5').#0.535
--5)1(5.",)/!"5."5(.#,5),!(#4.#)(5.)5,.Z *,-)(&5,-)(-5-/"5-5!,5),5V((#&5(>5"5),5-"5
#(5."51),-5) 5-0,&5*,.##*(.-5#(5."55,)/(.&-5 '355#'*,0#)/-5.)5."5#(W/(5) 5),*),.5/&./,@
(5#(.,0#1-Z5U'))5#(5."5'#&Y5(55U/445.5."5
)..)'Y5.".5,W.-5(5,#( ),-5."5)'*(39-5)*,.?
Culture and Management
#(!50&/-@5),-5(5/#.5)''#..->5&)(!51#."5#(.,?
(&5/#.),->5*&350#.&5,)&-5#(5/#&#(!5(5-/-.#(#(!5."5 5&&5."5!,)/*-51#."55,)&5#(5."5V((#&5,*),.#(!5-/**&35
),!(#4.#)(9-5."#&5/&./,@ "#(>5'(!'(.5"-5."5')-.5,#.?
),*),.5 /&./,5 #(W/(-5 &&5 #&5,)&>5/-5#.5#-5,-*)(-#&5 ),5
Tone at the top is a level of
.",5 -#-5 ) 5 ."5 ,/5 .,#(!&@5 5 -..#(!5."5.)(5.5."5.)*5(5-.?
commitment to integrity, to doing
-.,)(!5."#&5/&./,5,.-5(52? &#-"#(!5."5/&./,5(5-#!(#(!5."5
the right thing at all costs despite the
*..#)(5 ) 5 )#(!5 ."5 ,#!".5 ."#(!5 -3-.'-5 .".5 ,#05 ."5 ),!(#4.#)(@5
consequences such action may have on
(5 )/(.,.-5 *,--/,-5 .)5 */-"5 (5."5)*#(#)(5) 55#-/--#)(5*,?
financial performance. Actions speak
."5 (0&)*5 .)5 '.5 -"),.?.,'5 .##*(.->5 )'*(#-5 -/-- /&5 #(5
louder than words. Observing how
!)&-@5 #%1#->5 (5 ."#&5 /&./,5 /#&#(!5(5."#&5/&./,5.".5.,-5
leaders make decisions and act on a
.3*#&&35 -/**),.-5 1&&?-#!(5 ,/5)5-)5.",)/!"55/&5**,)"@5
day-to-day basis is the most convincing
(5[.#05)(.,)&-5.".5#'#(#-"5 #,-.>5 ."35 &,&35 -..5 ."#,5 ."#&5
evidence about the cultural
)**),./(#.#-5 ),5 ,/5(5#(,-5 -.(,->5 (5 -)(>5 -(#),5 '(?
reality at a company.
."5&#%&#"))5.".5 ,/51#&&55? !'(.5 0#-#&35 �-5 35 .")-5 -.(?
Mark S. Beasley, Ph.D.,
..5 +/#%&3@5 5 /&./,5 ) 5 ")(-.35 ,-50,3535(5,#( ),-5."'5
Deloitte Professor of Enterprise Risk
(5 #(.!,#.35 (5 -0,&35 &#'#.5 (5 Management and ERM Initiative Director, .",)/!"5."5(.#,5),!(#4.#)(51#."5
#(#0#/&9-5 #&#.35 .)5 ,.#)(- North Carolina State University **,)*,#.5 -3-.'-5 (5 *,)---@5
"5 *,)---5 (5 ,#.,#5 35 1"#"5
C DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION
'(!'(.5 '%-5 #-#)(-5 ,5 ,/#&5 -5 ."35 -#!(&5 .)5 ³^5,#)#5 ."#-5 .,#(#(!5 ),5 '*&)3->5 .#&),5 .)5 ."5
."5),!(#4.#)(51".5#-5.,/&350&/@ &0&5(5(-5) 5#[,(.5'*&)35!,)/*-
5 #-/--#)(5 *,.##*(.-5 -.,--5 .".5 (5 ),!(#4? ³^5,/5 1,(--5 .,#(#(!5 .".5 /.-5 '*&)3-5 )(5
.#)(9-5 .)(5 .5 ."5 .)*5 ,W.-5 #.-5 )''#.'(.5 .)5 .,,#(!5 ."5",.,#-.#-5) 5 ,/5(5."5"0#),-5(5).",5
(5..#(!5 ,/@5 5'*&)3-5/(,-.(5."5),!(#4? ,5W!-5.".5'35-/!!-.5 ,//&(.5)(/.
.#)(9-5."#&52*..#)(->5.".5'#-)(/.51#&&5().5
³5 !/&,5 ,0#1-5 ) 5 ."#-5 *)&##-5 .)5 #(.# 35 !*-5 (5
5.)&,.>5(5-5."#,5-(#),5&,-5",#(!5-.,#.&35.)5
."5)5) 5)(/.>5."35,5&--5&#%&35.)5-//'5.)5.'*? #(),*),.5-.5*,.#-
..#)(-5.)5)''#.5 ,/5(5,5'),5&#%&35.)5,*),.5 ,/5# 5 (5#.#)(>5'(!'(.5:*,.#/&,&35-(#),5'(!?
."35-5#.@5 .9-5&&5)/.5."52'*&5-.535&,-"#*>5.5&&5 '(.;5-")/&55-(-#.#05.)5."5*,--/,-5*&5)(5'?
&0&-@5 (5).",51),->5."5%35#-5.)51&%5."5.&%@ *&)3-@5),52'*&>5'(!'(.5(-5.)5)(-#,5."5
#'*.5) 5)'*(-.#)(5*&(-5(5*, ),'(52*.?
& )& & & (& ),#(!5 .)5 .#)(-5 ),5 '*&)3->5 *,.#/&,&35 #(5 "#!"?*,--/,5 -#./?
5 #-/--#)(5 *,.##*(.->5 .)5 5 [.#0>5 5 )'*(39-5 .#)(-@5)50)#5,.#(!5/(#(.(5*,--/,5.)5 &-# 35,?
."#&5 *)&##-5 (5 -.(,-5 -")/&5 -/&.->5 '(!,-5 -")/&5 5 '#( /&5 ) 5
5/('#!/)/-&35&,5.",)/!")/.5&&5 The choices the top makes ."5-.,---5.".5."#,5'*&)3-5'35
&0&-5 ) 5 ."5 ),!(#4.#)(5 (5 #(5 &&5 are going to define what’s &5 #(5 .,3#(!5 .)5 U'%5 ."5 (/',->Y5
!)!,*"#5&).#)(-@5 .5#-5-(#),5&? acceptable ethically. (5.,35.)5-#!(5!)&-5.".5,5,&#-?
,-"#*9-5,-*)(-##&#.35.)5)''/(#.5 .#5(5"#0&@5 5."5)()'#5(?
David Larcker, Ph.D., James Irvin Miller
."-5 '--!-5 (5 )(.#(/&&35 ,#(? Professor of Accounting, Stanford 0#,)('(.5 ),5 ).",5 --/'*.#)(-5 ),5
),5 ."'5 #(5 5 135 .".5 *,'.-5 University Graduate School of Business ),#!#(&5 !)&-5 "(!>5 '(!,-5
.",)/!"5 ."5 (.#,5 ),!(#4.#)(@5 '? -")/&5)(-#,5')# 3#(!5-/"5!)&-5
*&)3-5 (5 .)5 ",5 ."5 -'5 '-? If we tell people we expect you ),#(!&3@
-!-5 ().5 )(&35 ,)'5 .)*5 &,-5 /.5 to hit this number next quarter,
&-)5 ,)'5 ."#,5 #,.5 -/*,0#-),-@5 -5 and your bonus depends on it, &
)& & &
-0,&5*,.##*(.-5#(5."55,)/(? that provides an incentive to meet &
@5"5U.&%Y5)/.5."#&5
.&-5 (5 #(.,0#1-5 *)#(.5 )/.>5 it or to lie about meeting it. "0#),5#-5#'*),.(.>5/.51".5,&&35
V,-.?&#(5 -/*,0#-),-5 "05 ."5 ')-.5 '..,->5 ),#(!5 .)5 5 #-/--#)(5
Nell Minow, Editor and Co-Founder,
*)1, /&5 (5 #,.5 #(W/(5 )(5 ."5 The Corporate Library *,.##*(.->5#-5."52'*&5-.535-?
."#&5 $/!'(.-5 ) 5 '*&)3-@5 .5 #-5 (#),5 '(!,-5 #(5 ."#,5 /-#(--5 (5
0#.&5.".5."5'))5#(5."5'#&5')(!5."-5-/*,0#-),-5 *,-)(&5 �-@5 5 &--#5 2'*&5 #-5 (,)(>5 1"#"5 .5 )(5
")5."5)'*(39-5.&%5)(5."#&50&/->5-)5.".5."50&? .#'51-5&/5 ),5#.-5)5) 5)(/.5(5),*),.5!)0?
/-5)'5*,.5) 5."5#&35)(0,-.#)(5(5."5/445.5 ,((5 *,)!,'->5 /.5 1"#"5 &%5 &,-"#*5 )''#.?
."5 )..)'@5
--!-5 -")/&5 '*"-#45 "5 '*&)39-5 '(.5 .)5 #.-5 *,#(#*&-@5
),)0,>5 ."5 -'5 -.(,-5 ) 5
/.35 .)5 ,*),.5 +/-.#)(&5 "0#),>5 (5 *, ),'(5
!)&-5(5)'*(-.#)(5*&(-5-")/&5,#( ),5."5*,#'?
35) 5."#&5)(/.@ Effective Codes of Conduct Are Based on
"5 )&&)1#(!5-.*-5(5-.,(!."(5(5),!(#4.#)(9-5'-? Principles
-!#(!5,&.5.)5."#-5(5 ,/5.,,(L5
“Exhaustively detailed codes of conduct encourage acqui-
³5 (!)#(!>5)(-#-.(.&35,(5),*),.5)''/(#.#)(-5 escence and bureaucracy but fail to inspire employees
.".5,5,)&&5)/.5,)--5'/&.#*&5 ),'-5) 5'#5(L with the spirit of ethical behavior. The most effective
X5 )''/(#.5&,5'--!-5)/.5-*#V5)$.#0- codes of conduct function not as rulebooks but as consti-
tutions that detail the fundamental principles, values, and
X5
%5(5').#)(&5**&
framework for action within an organization.”
X5 ,5/-.)'#45.)5#[,(.5'*&)35!,)/*->5
—LRN, Ethics and Compliance Risk Management, 2007
!)!,*"#->5(5/&./,-
X5 ,5,!/&,&35----5(5/*.
³ A
formal fraud risk management program that includes a code of ethics supported by the tone at the top; clear roles and
responsibilities for the board, the audit committee, management, and internal audit; and fraud awareness and reporting train-
ing for all employees
³ A
comprehensive fraud risk assessment that addresses incentives and opportunities to commit fraud and the likelihood and
significance of each potential fraud risk, including the risk of management override of controls
³ A
ctivities and controls to deter and detect fraud, including the consideration of fraud risk in the development of the annual in-
ternal audit plan and in the execution of internal audit engagements
³ Processes for the investigation of potential frauds and for corrective action when necessary
Summarized from Managing the Business Risk of Fraud: A Practical Guide, by American Institute of Certified Public Accountants,
Association of Certified Fraud Examiners, and and The Institute of Internal Auditors, 2008.
³ Organization-wide (global) and available 24/7, ideally by telephone, with professionally-trained interviewers in all local languages
³ Dual dissemination of the information received so that no single person controls the information, with criteria for immediate escala-
tion where warranted, and for notification of the audit committee when financial irregularities or senior management are involved
³ Case management protocols, including processes for the timely investigation of hotline reports and documentation of the results
³ Customization to comply with the laws of foreign jurisdictions and to address cultural differences
³ Ongoing messaging to motivate everyone in the organization, as well as vendors, to use the hotline
Summarized from Best Practices in Ethics Hotlines, T. Malone and R. Childs, The Network, 2009
The 2009 report of the NACD Blue Ribbon Commission on Risk Governance identifies the following ten principles for effective
board oversight of a company’s risk management system. These principles are intended to serve as a foundation for a compre-
hensive risk management system tailored to the specific characteristics and needs of each individual company:
3. Define the role of the full board and its standing committees with regard to risk oversight.
4. Consider whether the company’s risk management system is appropriate and has sufficient resources.
5. Work with management to understand and agree on the types of risk information the board requires.
6. Encourage a dynamic and constructive risk dialogue between management and the board, including a willingness
to challenge assumptions.
7. Closely monitor the potential risks in the company’s culture and its incentive structure.
8. Monitor critical alignments of strategy, risks, controls, compliance, incentives, and people.
9. Consider emerging and interrelated risks to help prepare for what’s around the corner.
For Management
C@5 &,&35,.#/&.5."5),!(#4.#)(9-5."#&5-.(,-5#(5 D@5 )*.5 5 -.,)(!5 .)(5 ) 5 )'*&#(>5 )''/(#.5 #.5 .)5
5 -.5 ) 5 ),5 0&/-5 (5 5 ),'&5 )5 ) 5 )(/.>5 (5 ."5(.#,5),!(#4.#)(>5(5")&5'(!'(.5)/(.?
")&5 &&5 *,-)((&5 -.,#.&35 )/(.&5 ),5 )'*&#(5 &@5%5#-#05.#)(5!#(-.5(35'',5) 5-(#),5
1#."5."5)@5( ),5#-#*&#(5 ),50#)&.#)(-5)(-#-? '(!'(.51")5)-5().5",5.)5."5)'*(39-5."?
.(.&35,)--5&&5&0&-5) 5."5),!(#4.#)(@ #&5-.(,-5(5)5) 5)(/.@
C DETERRING AND DETECTING FINANCIAL REPORTING FRAUD: A PLATFORM FOR ACTION
CHAPTER
3
Skepticism
An Enemy of Fraud
%*.##-'Z5 +/-.#)(#(!5 '#(-.5 (5 (5 ..#./5 .".5 2.,(&5/#.5(51),%5.)5)/(.,.5."5.",5 ),-5) 5."5
1#."")&-5 $/!'(.5 /(.#&5 0#(5 #-5 +/.Z*,)').-5 ,/5 .,#(!&5 (5 '#.#!.5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5
,#-%51,(--5(5#-5#(",(.&35(5('35) 5 ,/@5,.##? ,/@5 -5 )(5 ) 5 ."5 5 #-/--#)(5 *,.##*(.-5 -..>5
*(.-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35 "#(5 (./,&&35 ? U".5#-5)(5) 5."5#!!-.5.,,(.-5.)5 ,/Z%()1#(!5.".5
.".5."5),!(#4.#)(-51#."51"#"5."35,5--)#.5 *)*&5,5#(.,-.>5,5&#-.(#(!>5(51#&&5,.@Y5
"05 #(.!,#.3>5 (5 ,5 .", ),5 *,#-*)-5 .)5 .,/-.5 "5
).",@5/.5."#-5#-5.)5.,/-.5(5&-)5#("##.5,#-#(!5+/-.#)(->5
Skepticism and Management
(5#.5#-5&&5."5'),5,-)(51"35-.%")&,-5-")/&5)(?
-#)/-&35)*.5(5..#./5) 5-%*.##-'@5 5#-/--#)(5*,.##*(.-5!,5.".5[.#05'(!,-5
%*.##-'5#(0)&0-5."50&#.#)(5) 5#( ),'.#)(5.",)/!"5 ,&35)(5."5/-5) 5-%*.##-'5#(50#,./&&35&&5.#0#.#-@5"."?
*,)#(!5+/-.#)(->5,#.#&5----'(.5) 50#(>5(5..(? ,5 #(5 -#!(#(!5 -.,.!3>5 ----#(!5 ,#-%->5 -..#(!5 !)&->5 ,?
.#)(5.)5,5W!-5),5#()(-#-.(#-@5%*.##-'5)-5().5'(5 0#1#(!5 *,)!,-->5 ),5 0&/.#(!5 ,-/&.->5 '(!,-5 (5 5
5&%5) 5.,/-.@5.",>5#.5'(->5U 5.,/-.53)/>5/.5'35,-*)(-#? +/-.#)(#(!5..#./@5
#&#.#-5,+/#,5'5.)5)(V,'51".53)/5(5).",-5.&&5'@Y5 ),5 #(-.(>5 '(!'(.9-5 ----'(.>5 -#!(>5 (5
)'5, ,5.)5."#-5-5."5U.,/-.5/.50,# 3Y5**,)"@5 #'*&'(..#)(5) 5#(.,(&5)(.,)&-5)0,5V((#&5,*),.?
"5-.,.#(!5*)#(.5 ),5[.#05-%*.##-'5#-5."5,)!(#? #(!5-")/&5%()1&!5.".5."5),!(#4.#)(5(55-/-?
.#)(5.".50(5."5-.5-3-.'5) 5#(.,(&5)(.,)&5"-51%? *.#&5.)5 ,/>5-*#.5*-.52*,#(-5),5&# -5)/.5
(--->5 (5 ,/5 (5 )/,@5 [.#05 -%*.##-'5 #(0)&0-5 '*&)35 #(.!,#.3@5 -5 5 ,-/&.>5 (5 **,)*,#.5 -3-.'5 ) 5
%()1&!5) 5."5)'*(39-5/-#(-->5#(&/#(!5."5,#-%-5-? #(.,(&5 )(.,)&-5 -")/&5 ,.5 "%-5 (5 &(-5 (5
-)#.5 1#."5 ."5 #(/-.,35 (5 )'*(3>5 ."5 '((,5 #(5 -")/&5 #(&/5 *,)---5 .)5 )(.#(/&&35 ')(#.),5 (5 ,?
1"#"5."5)'*(35'(!-5.")-5,#-%->5(5."5)'*(39-5 0&/.5."5[.#0(--5) 5)(.,)&-@5
)0,&&5#(.,(&5)(.,)&5-.,/./,@5 (5,0#1#(!5)*,.#(!5(5V((#&5,*),.->5#-/--#)(5
"#&5-%*.##-'5#-55)(*.5.".5#-5*,#',#&35/-5#(5."5 *,.##*(.-5-/!!-.5.".5'(!'(.5 )&&)15/*51"(5,?
)(.2.5) 5."5*,) --#)(&5-%*.##-'5) 5(52.,(&5/#.),>5 -/&.-5-'5#()(-#-.(.51#."52*..#)(-5),51#."5)()'#5
5#-/--#)(5*,.##*(.-5-.,--5.".5."5#&#.35.)5+/-? .,(-5#(5."5)'*(39-5#(/-.,35-.),@5 (5[.>5-%*.##-'5
.#)(5 (5 ,#.#&&35 ----5 #( ),'.#)(5 #-5 5 -%#&&5 .".5 &-)5 #-55 #(0)&0-5 '(!'(.5 -.,--?.-.#(!5 #.-5 )1(5 #-#)(-5 (5
--(.#&5 ),5),->5/#.5)''#..->5'(!'(.>5(5#(? --/'*.#)(-5 )/.5 V((#&5 ,*),.#(!5 *,)---5 (5 )(?
.,(&5/#.),-5#(5."5)(/.5) 5."#,5,-*)(-##&#.#-@5? .,)&->5-51&&5-5."5#-#)(-5(51),%5) 5-/),#(.->5.)5
'#5 ,-,"5 "-5 )(V,'5 5 *)-#.#05 ,&.#)(-"#*5 ? !#(5 )(V(5 .".5 ()."#(!5 -#!(#V(.5 "-5 (5 '#--5
.1(5-%*.##-'5",.,#-.#-5(5 ,/5..#)(5-%#&&-@CK (5.".5."#(!-5,51".5."35-'@5",)/!"5."#-5*,)-->5
352,#-#(!5-%*.##-'5(5*,)').#(!5."5/&./,&52? '(!'(.5(5)[-.5'(35 ,/5,#-%5 .),-@5%*.##-'5
*..#)(5.".5+/-.#)(-5,5"&."35(5**,)*,#.>5'(? &-)5 .(-5 .)5 #'#(#-"5 ."5 *,*.#)(5 ) 5 )**),./(#.35 ),5
!'(.>5."5),>5."5/#.5)''#..>5#(.,(&5/#.>5(5 ,/5(5."5#&#.35.)5,.#)(- ,//&(.5"0#),@
³5 Search for Knowledge—A desire to investigate beyond the obvious, with a desire to corroborate
³5 Interpersonal Understanding—Recognition that people’s motivations and perceptions can lead them to provide biased or mis-
leading information
³5 Autonomy—The self-direction, moral independence and conviction to decide for oneself, rather than accepting the claims of
others
Summarized from R. Kathy Hurtt, “Development of a Scale to Measure Professional Skepticism,” Auditing: A Journal of Practice and
Theory, May 2010.
Monitoring the Risk of Management Override — Key Steps for Boards and Audit Committees
³5 Brainstorm with management, external auditors, and counsel in an executive session to identify fraud risks
³5 Assess the tone at the top and the corporate culture through an evaluation of corporate communications on ethics and the re-
sults of employee surveys
³5 Develop a broad information network that extends beyond senior management to include internal auditors, external auditors,
the compensation committee, and key employees such as business unit leaders, marketing and sales personnel, and corporate
managers just below the senior management level. Interaction with key employees during company meetings or other functions
can provide the opportunity to build relationships and establish confidential dialogues.
Summarized from Management Override of Internal Controls: The Achilles’ Heel of Fraud Prevention, American Institute of Certified
Public Accountants, 2005.
The mere mention of the word fraud can be enough to stall a conversation or at best elicit a canned
response. Also, compliance-oriented questions do not tend to yield a productive discussion. Shifting
the focus away from compliance and toward the sources of influence on the financial reporting system
that can cause fraud has proven to be an effective method of starting a productive fraud discussion.
During a conversation between the audit committee and management, the internal auditors, or
the external auditors, the audit committee should be alert for indications of where follow-up is need-
ed to validate processes and controls that deter or detect fraud. The list of questions below is not
intended to be all-inclusive; rather, it represents sample inquiries designed to elicit information from
management or the auditors about fraud risks without asking about fraud directly.
These examples are not a checklist of questions to be posed word for word. Rather, they were de-
veloped by the Center for Audit Quality to advance the thinking of audit committees around the most
likely sources of weakness, with a particular eye for business pressures that may influence accounting
judgments or decisions. It is important that audit committees fine tune these questions to fit the orga-
nization and recognize that these suggestions are only the starting point for a conversation.
1. What are the potential sources of business influence on the accounting staff’s judgments or deter-
minations?
3. What about the way the company operates causes concern or stress?
4. What areas of the company’s accounting tend to take up the most time?
5. What kind of input into accounting determinations does non-financial management have?
6. What are the areas of accounting about which you are most worried?
8. How does the company use technology to search for an unnatural accounting activity?
9. If a Wall Street Journal article were to appear about the company’s accounting, what would it most
likely talk about?
10. If someone wanted to adjust the financial results at headquarters, how would they go about it and
would anything stop them?
These questions are intended to assist in obtaining a better understanding of the sources of influ-
ence on the financial reporting system that may affect the objectivity of accounting judgments or
determinations.
The reason for this focus is that fraudulent financial reporting rarely starts with dishonesty. Rather,
it typically starts with pressures for performance that influence accounting judgments and thereby
introduce bias into the system.
A key objective of the audit committee, therefore, is to uncover potential sources of bias or influ-
ence on accounting judgments.
The International Professional Practices Framework (IPPF) of The IIA specifically requires that internal auditors address the risk of
fraud:
³5 “The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk.”
(IPPF 2120.A2)
³5 “The internal audit activity must evaluate the probability of significant errors, fraud, noncompliance, and other exposures when
developing the engagement objectives.” (IPPF 2210.A2)
In addition, The IIA recently issued a practice guide that identifies the following specific internal audit responsibilities related to
fraud:
³5 Consider fraud risks in assessing internal control design and determining audit steps to perform
³5 Have sufficient knowledge of fraud to identify red flags that fraud may have been committed
³5 Evaluate whether management is actively retaining responsibility for oversight of the fraud risk management program
³5 Communicate with the board regarding fraud risks and prevention and detection programs, as well as any incidents of actual fraud
Internal Audit and Fraud Practice Guide, The Institute of Internal Auditors, 2009
For Management H@5 0,!5 ."5 #(.,(&5 (5 2.,(&5 /#.),-5 -5 %35 ,?
C@5 %()1&!5 .".5 ,/5 (5 )/,5 (5 )(-#,5 -/"5 -)/,-@5 05 ,!/&,>5 )(V(.#&5 '.#(!-5 .1(5
,#-%-5-5*,.5) 5."5)'*(39-5,#-%5----'(.5*,)--@5 ."5/#.5)''#..5(5."5"# 5/#.52/.#0>5(5
*,"*-5-*,.&351#."5).",5-(#),5'',-5) 5."5#(?
D@5 /#&5-%*.##-'5#(.)5."5/&./,@5-.&#-"55&,52*?
.,(&5 /#.5 *,.'(.>5 -5 1&&5 -5 2/.#05 ---#)(-5
..#)(5 .".5 &&5 &0&-5 ) 5 '(!'(.5 1#&&5 +/-.#)(5 (5
1#."5."52.,(&5/#.),@
"&&(!5&&5,-/&.-5 ),51"#"5."35,5,-*)(-#&>51#."5
."5-*#V5#(.(.5) 5)(V,'#(!5.".5),*),.5-.(,-5
For Internal Auditors
) 5/,3>52&&(>5(5."#-51,5'.@
C@5 /!!-.5.)5."5),5(5/#.5)''#..5-*#V513-5#(5
E@5 !!,--#0&35*/,-/5."5,)).5/-5) 5(35V#(#-5#(5 1"#"5#(.,(&5/#.5(5*,)0#5-/**),.>51#."55*,.#/?
)(.,)&->5(5.%5,'#&5-.*-5*,)'*.&3@ &,5 )/-5)(5."5,#-%5) 5V((#&5,*),.#(!5 ,/@
Communications
Knowledge Sharing to Deter and Detect Fraud
Frequent Co
mmu
nica
tio
ns
Board of Directors
Audit
Compensation Committee Other
Committee Communications hub— Committees
Financial reporting
External Internal
Audit Audit
ions
uest
Management
Q
Communications hub—
r
tte
Operations
Be
De
ep
erU
nd
e
rs
Operating Organization ta
nd
ing
Key
.)*5 &0&5 (5 *,)0#5 0&/&5 #(-#!".-5 #(.)5 ."5 )'*(39-5
)-.5*,.##*(.-5#(5."55#-/--#)(-5(5#(.,0#1-5
/&./,5 (5 ."5 ,#-%-5 #.5 #-5 #(!@5 /#.5 )''#..-5 -")/&5 !,5.".5."5,(-?2&35.5,+/#,'(.5.".5."5/?
)(-#,5-%#(!5+/-.#)(-5-/"5-5U,53)/5*,--/,5.)5)5 #.5)''#..5(!!5."52.,(&5/#.),5"-5 #&#..5."5
(3."#(!QY5(5U".5,53)/5/()' ),.&51#."QY5 5."5 #-/--#)(5) 5#\/&.5#--/-5(5&&)15 ),5'),5[.#05
*,-)(5%()1-5.".5"#-5),5",5,-*)(-51#&&55"&5#(5)(V? )0,-#!".5) 5."5V((#&5,*),.#(!5*,)--@52.,(&5/#?
(>5."351#&&55'),5#(&#(5.)5-",5)(,(-@ .),-5,5,+/#,5.)5,*),.5((/&&35.)5."5/#.5)''#..5
)(550,#.35) 5'..,->5(5/#.5)''#..-5,5)(5-)/,5
POINT TO PONDER ) 5#(*/.5#(.)5(5/#.),9-5----'(.5) 5."5,#-%5) 5'.,#&5
)2 *2#$&*+2%-)2%&,2+ $2&%2&)2%2, +2&$8 '#--..'(.5 #(5 5 )'*(39-5 V((#&5 -..'(.-5 (5 ."5
$ ++2 %*72 %2 0+2 + $2 &%*+) %+*2 *&,#2 %&+2 ,)+ #2 ,&.5/#.5,-*)(-@5#-/--#)(5*,.##*(.-5'*"-#45
) + #2 *,** &%*92 +2 )2 +2 *+2 +% (,*2 +&2 %*,)2 .".5."-5)''/(#.#)(-5-")/&5().550#15-55,)/?
++2##2 **,*2&2&%)%2+&2+2&)2%2, +2&$$ ++2)2 .#(5)'*&#(52,#->5/.5,.",5-5."5-.,.#(!5*)#(.5 ),5
(,+#02 *,**F2 %2 '')&2 *2 +&2 $ % $ 12 &'% %2 (5 #(?*."5 #-/--#)(5 ) 5 (35 '..,-5 .".5 )(,(5 #.",5
)$)"*2%2&)$#2')*%++ &%*92+2#*2.&)"*2.##F2 ."5/#.5)''#..5),5."52.,(&5/#.),-@5
PCAOB auditing standards require the external auditor to communicate various matters to the audit committee, including, but
not limited to, the following:25
³5 The auditor’s judgments about the quality, not just the acceptability, of the company’s accounting principles
³5 Uncorrected misstatements that were determined by management to be immaterial, individually and in the aggregate
³5 Audit adjustments arising from the audit, either individually or in the aggregate, that in the auditor’s judgment could have a
significant effect on the entity’s financial reporting process
³5 Significant internal control deficiencies or material weaknesses and disagreements with management
[.#05)''/(#.#)(5')(!5."5%35-.%")&,-5#(5."5 1",5 /,.",5 )/-5 (5 -./35 ,5 1,,(.@5 "5 )0,&&5
V((#&5,*),.#(!5-/**&35"#(5#-5,#.#&5.)5-/-- /&&35? )$.#05#-5.)50(5."5#&#.#-5) 5&&5-.%")&,-5.)5?
.,,#(!5(5..#(!5 ,//&(.5V((#&5,*),.#(!@5"#&5 .,5(5..5V((#&5,*),.#(!5 ,/5.",)/!"55-*.,/'5
-/**&35"#(5*,.##*(.-5#(5#(#0#/&5),!(#4.#)(-51),%5 ) 5-*#V5.#0#.#->5-/"5-5.")-5-,#5&)1>5.)5-",5
.)5.,5(5..5V((#&5,*),.#(!5 ,/5)(5)'*(35.5 #->5-*)(-),5,-,">5(5*,"*-50&)*5(15.))&-5(5
5 .#'>5 ."5 *,) --#)(&5 ),!(#4.#)(-5 .".5 ,*,-(.5 "5 '."))&)!#-@
'$),5 -.%")&,5 !,)/*>5 #(&/#(!5 5 ),5 '(!'(.>5
5 ),5),-5(5/#.5)''#..->5"5 5 ),5#(.,(&5
Joint Commitment to Collaborate in
/#.),->5(5."55 ),5*/)'*(35/#.),->5,5?
Anti-fraud Efforts
.#0&35(!!5#(5."5[),.5.)5'#.#!.5."5,#-%5) 5V((#&5
,*),.#(!5 ,/5 ,)&35 ),5 &&5 )'*(#-@5 "5 ) 5 ."-5 "59-5[),.-5.)5)(0(5,*,-(..#0-5) 5-.%")&?
!,)/*-5 "#-.),#&&35 "-5 0&)*5 '.")->5 *,.#-5 (5 ,-5)(5."5#--/5) 5 ,/5.,,(5(5..#)(5&5.)5."5
.))&-5 .)5 --#-.5 #(5 '#.#!.#(!5 ."5 ,#-%5 ) 5 V((#&5 ,*),.#(!5 0&)*'(.5) 5."#-5,*),.5(5*,)0#55'"(#-'5 ),5)(?
,/>5 (5 ."35 ,5 )(.#(/&&35 0&)*#(!5 (15 #-5 ),5 !)#(!5 )''/(#.#)(>5 )),#(.#)(>5 (5 )&&),.#)(5
-./35(5)(/.#(!5,-,"5.)5 /,.",50(5."5-%#&&-5 ')(!5 &&5 *,.##*(.-5 #(5 ."5 V((#&5 ,*),.#(!5 -/**&35
) 5."#,5)(-.#./(.-@5 "#(@5"5)(.#(/.#)(5) 5."#-5#(.,.#)(5-")/&5 #&#..5
-5#&&/-.,.5.",)/!")/.5."#-5,*),.>5().5/(&#%5."5''? ."5 2"(!5 ) 5 2*,#(-5 (5 *,-*.#0->5 (5 )/&5
,-5) 55-*),.-5.'>5"5) 5."5*&3,-5#(5."5V((#&5,? &-)5!)5 /,.",5.)5"&*5#(.# 3513-5.)5&0,!52#-.#(!5,?
*),.#(!5-/**&35"#(5"-55#-.#(.5,)&5#(5."5.,,(5(5 -)/,-5(50&)*5(5*,#),#.#45 /./,5$)#(.5.#0#.#-5.)5
..#)(5) 5V((#&5,*),.#(!5 ,/@5/.5#.5#-5().5()/!"5 0(5."5.,,(5(5..#)(5) 5V((#&5,*),.#(!5
),5"5!,)/*5.)52&5)(5#.-5)1(@5 (5),,5.)5)'551#(? ,/@5"5!)&5) 5-/"5[),.-51)/&55.)5("(5."#(%#(!5
(#(!5.'>5"5*&3,5'/-.5-",5"#-5),5",5%()1&!5) 5 ,)/(5 ,-5 ,#.#&5 .)5 ,/5 .,,(5 (5 ..#)(>5 -5
."5)**)((.5(51),%5.)!.",@5 1&&5-5*).(.#&5.))&-5.,!.5.)5."5,)&-5(5,-*)(-##&#?
-5*,.5) 5#.-50#-#)(5.)5("(5#(0-.),5)(V(5#(5."5 .#-5) 5"5-.%")&,5!,)/*@5
*#.&5',%.->5."55.-5.)5)(0(5(5 )-.,5)&&)? >5>5(5"5 >5),!(#4.#)(-5.".5&,35,5
,.#)(51#."5).",5-.%")&,-5.)50(5."5#-/--#)(5) 5 .#0&35(!!5#(5[),.-5.)5'#.#!.5."5,#-%5) 5V((#&5,?
,#.#&5#--/-@5 (5.".5*#.3>5."55"-5#(.#V5,-5 *),.#(!5 ,/>5*&(5.)5)&&),.51#."5."5@5/,5[),.-5
) 5 )/-5 ),5 /./,5)&&),.#)(5')(!5*,.##*(.-5#(5."5 &-)51#&&5*,)0#5."5)**),./(#.35 ),5)&&),.#)(51#."5?
V((#&5 ,*),.#(!5 -/**&35 "#(@5 "5 !)&5 #-5 .)5 -.&#-"5 #.#)(&5 ),!(#4.#)(-5 1")-5 )(-.#./(.-5 "05 -*#-
)(-(-/-5)(51".5(-5.)55)(5(5.)50&)*5,-)/,? %()1&!5 #(5 *,.#/&,5 ,->5 1"#"5 -")/&5 )(.,#/.5 .)5
-5 .)5 --#-.5 -.%")&,5 [),.->5 -5 1&&5 -5 .)5 #(.# 35 ,-5 ,/5 .,,(5 (5 ..#)(@5 5 (.##*.5 .".5 ."5 ,?
CONCLUSION
"5 9-5 ,)/(.&5 #-/--#)(-5 (5 #(.,0#1-5 /(,? "5)-,0.#)(-5#(5."#-5,*),.5,*,-(.5."5!#((#(!5
-),5.".5.",5#-5()5-#&0,5/&&.5-)&/.#)(5.)5.,,#(!5(5 ) 55 )/-5(5)),#(.5&)(!?.,'5[),.5.)50(5."5
..#(!5 ,/@50,35!,)/*5#(5."5V((#&5,*),.#(!5-/*? .,,(5(5..#)(5) 5V((#&5,*),.#(!5 ,/>51#."5
*&35 "#(5 *&3-5 5 %35 ,)&Z ,)'5 -(#),5 '(!'(.5 .)5 ."5 /&.#'.5 !)&5 ) 5 (V.#(!5 #(0-.),->5 ).",5 /-,-5 ) 5 V?
),->5/#.5)''#..->5#(.,(&5/#.),->5(52.,(&5/? ((#&5,*),.->5(5*,.##*(.-5#(5."5*#.&5',%.-@5"5
#.),-@5"#&5."5,(-?2&35.5"-5&5.)5-#!(#V(.5 5#-5-*#&&35*&-5.".5 >5>5(5"5 5"05
#'*,)0'(.-5#(5V((#&5,*),.#(!5*,)--->5)(.,)&-5(5 !,5.)5$)#(51#."5/-5.)5)&&),.5(50(5."#-5)'?
)0,&&5),*),.5!)0,((>5&&5-/**&35"#(5*,.##*(.-5 *&25(50#.&5#--/@5"55&))%-5 ),1,5.)51),%#(!51#."5
'/-.5'#(.#(550#!#&(.51."5 ),5."5*,-(5) 5."5&? &&5-.%")&,-5#(5."-5(0),-@5
'(.-5) 5."5 ,/5.,#(!&@
!(5-.,#-%5:<;5#(#.-5#-/--#)(5*,.##*(.-51")5&-)5*,)0#5#(?*."5#(.,0#1-@55
SAN FRANCISCO
#-/--#)(5
),.),L5,(5'#."
#'5,()&>5"# 5/#.),>5#->5 (@5
0#5,(-.#(>5),',5"# 5)/(.#(!5\,>55 (.,.#05
)"(5@5)"(>5)''#--#)(,>5&# ),(#5/.#&#.#-5)''#--#)(5
0#5@5)(>5(#),5#5,-#(.>5#((5(5)(.,)&>5 135 (@5
,!),35/,%>5"#,>5&# ),(#5)#.35) 5,.#V5)/(.(.-5
)"(5#4>5#.),#&5!5#.),>5(5,(#-)5",)(#&5
CHICAGO
#-/--#)(5
),.),L,(5'#."
!!35),(>5),',52/.#05#5,-#(.>5(,&5)/(-&5(5,.,3>5,55),*),.#)(M5
/,,(.&35#5,-#(.>5"# 5)0,((5\,5(5),*),.5,.,3>5,/(.#&5<
#(35),(&&#>52/.#05#,.),>5(.,5 ),5/#.5/&#.35
,(5#(->5"#,5) 5."5/#.5)''#..>5\5*).5
,5)&'(>5),*),.5#5,-#(.5(5(,&5)/(-&>5>5 (@5
#"&5))*,>5)?#5"#,>5)0,(#(!5),>5(.,5 ),5/#.5/&#.3M5,-#(.585"# 5
2/.#05\,>5"5#,.),-95)/(#&5
)5/**,->5*/.35"# 52/.#05\,>5&)#..55<
#"&50>5--)#.5
(!#(!5#.),5 ),5/-#(-->5"#!)5,#/(5
)"(5
,%->5"@@>5,-#(.5(5"# 52/.#05\,>5',#(5--)#.#)(5) 5 (#0#/&5
(0-.),-5
.05,#-.5>5,-#(.>5."#&5,-"#*5,)/*5
)"(5,%-&#->5-.5,-#(.>5#((#&52/.#0-5 (.,(.#)(&5Z5"#!)5"*.,M5"#,>5#-.!5
(.,(.#)(&5 (@5<
/,.#-5,-")),>5',#./-5-,"5,) --),>5"))&5) 5)/(.(35(5
>5/&5(#0,-#.3
#(5#((.>5"@@>5--)#.5,) --),5#(5)/(.#(!5 ( ),'.#)(5(5
(!'(.>5&&)!!5
"))&5) 5
(!'(.>5),."1-.,(5(#0,-#.35
)5,>5),',&35"# 5) 5),,-*)((.->5"#!)5/,/>5/-#(--%M5/,,(.&35--)#.5
,) --),>5)&&!5) 5
)/,(&#-'5(5
--5)''/(#.#)(->5(#0,-#.35) 5,-%?#()&(
#&&#'5
@5"#.>5),',5"#,'(5) 5."5),>5&&585)1&&5)'*(3M5/,,(.&35,) --),>5
),.5@5
),'#%5"))&5) 5(!#(,#(!5(5**#(>5),."1-.,(5(#0,-#.35<
/--5#'(>5),',&35.#)(&5
(!#(!5,.(,5) 5/#.5(50#-),35,0#->5,(.5"),(.)(5
M5/,,(.&35"# 5#((#&5\,>5,(.5"),(.)(552
WASHINGTON DC
#-/--#)(5
),.),L,(5'#."
.,5,(->5(#),5-"#(!.)(5),,-*)((.>5)25/-#(--51-
,%5@5-&3>5"@@>5&)#..5,) --),5) 5(.,*,#-5#-%5
(!'(.5(5
5 (#.#.#05
#,.),>5),."5,)&#(5..5(#0,-#.35<
(35/%,5)-1&&>5,-#(.5(5"# 52/.#05\,>5,(-*,(35 (.,(.#)(&55
#."5@5,3>52/.#05#,.),>5."#-5(5)'*&#(5\,5--)#.#)(5
)"(5@5&-)(>5,.(,>5#-)(>5/((585,/.",55
#"&5@52&3>5 5)/(-&>5%,585)-..&,55<
)?)((5&',)->5"@@>5,#1.,")/-))*,-5/#.#(!5,) --),>5(#0,-#.35) 5)/.",(5
&# ),(#5
,-"&&5"))&5) 5/-#(--5
),.5
@5,)&>5,-#(.>5#!".50#-),35M5 ),',&35"# 5#((#&5\,>5@@5,585)@5
&((5@53,(-%#>5(#),5#5,-#(.>5#((#&5)'*&#(>55/,)(2.5
((5,!,>52/.#05#,.),>5)/(#&5) 5 (-.#./.#)(&5 (0-.),-5
"#-5,*),.51-5,.5/-#(!55)'#(.#)(5) 5*,#',35,-,"5."(#+/-5(5-)(,35-./#-5
)(550,#.35) 5.)*#-5.#(!5%5**,)2#'.&35CB53,-@
"5*,#',35,-,"5."(#+/-5'*&)35 ),5."#-5-./351,5-5 )&&)1-L
www.TheCAQ.org
Section 3
5 C’s of Fraud
At each step:
• Perpetrators can be detected because the action results in one or more red flags (risk
factors). For example, overstating inventory distorts inventory ratios
• Companies can implement controls to prevent fraud
We look at the first three C’s to be able to perform the last 2 C’s, which are the two most
important. It is hard to detect/prevent something you do not understand.
Knowing what fraud schemes are most likely makes it easier to focus on the 5 C’s. This can:
• Keep audit brainstorming sessions from being mundane, repetitive or cookie-cutter from
one client to another
• Help those in industry/government to do the same for a similar review
This approach can be used to examine schemes used to perpetrate misappropriation of assets (the
most frequent type of fraud) as well as fraudulent financial statements (which happen less
frequently, but are much larger and much more publicized).
Sec. 3
EMPLOYEE FRAUD
For our purposes, misappropriations of assets can be divided into two categories:
1. Theft of cash or cash equivalents
2. Theft of assets other than cash (inventory, tools, fixed assets)
The risk of cash receipt fraud is highest at the point of sale, when cash is received from a
customer.
Sec. 3
POINT-OF-SALE THEFT
Cash register employees often steal cash receipts. They sell goods or service, pocket the
payment, and don’t enter payment in the register or enter the payment in accounting records.
When cash is stolen, no conversion is necessary. Very large amounts may have to be laundered.
To conceal the fact that a sale took place the perpetrator may:
• Not ring up the sale
• Ring it up as a no-sale
• Not create a sales document or receipt
• Destroy or alter the sales record or cash register tape
• Rig the register to not record sales on tapes
• Make sale off-site or outside of normal business hours and not record or report sale
• Lap sales receipts (steal Monday receipts, turn in Tuesday receipts)
When cash is stolen at the point of sale, one of more of these red flags is often noticeable:
• Inventory is lower than the records show
• Gaps appear in pre-numbered transactions
• Tampering is physically evident with receipts, tapes, or cash registers
• Register tapes or other records are missing
• Differences between customer & company records exist
• Lower than expected revenues occur with a specific person or location involved
• Poor record keeping or collection procedures occur
Organizations can put the following controls into place to control cash receipt fraud:
• Use cash registers with internal tapes that the employee cannot manipulate. At the end of
each point-of-sale employee’s shift, compare the sales per the cash register tapes to the
actual cash in the till. At the end of their shifts, employees can usually ensure that the
amount of cash in the till is the same as the amount of sales recorded in the register. So, it
is important to periodically conduct surprise cash counts during an employee’s shift.
• Have separate individuals perform the following cash handling duties: cash receipts, cash
counts, bank deposits, deposit receipt reconciliation, posting of deposits, and cash
Sec. 3
disbursements.
• Cluster cash registers to enhance the visibility of transactions and use an elevated
supervisor station and video surveillance. This makes surveillance of cash receipts clerks
easier and less obvious.
• Teach supervisory personnel to spot the markers that employees use to keep track of the
amount of money that they have stolen. Oftentimes employees will put money in the
register even though they do not ring up the sale so that customers do not get suspicious.
When they do that, they need to keep track of how much money they have not rung up.
To do so, they will often place a marker (such as a penny for $1, a nickel for $5, etc.)
somewhere near the register so they know how much money to remove from the register
when they are not observed.
• Make hiding the theft of cash difficult by using techniques such as close supervision,
cash registers and clerks, video surveillance of employee lounges or rooms where they
store personal belongings during work hours, and not having pockets in employee
uniforms.
• Motivate customers to ask for a receipt. For example, some ice cream stores prominently
display signs that state that if your receipt has a star on it, you qualify for a free ice cream
cone. As a result, customers are more inclined to insist on a receipt, making it difficult
for the clerk to pocket the money without placing it in the register.
• Reconcile inventory often to spot high shrinkage (the amount per the books should agree
to the amount in stock). High shrinkage is often a sign of unrecorded sales cash receipts
theft.
• Monitor each register and cash receipts clerks for the number and amount of “No Sale”
transactions taking place. One good way to skim cash is to ring up a sale as a “No Sale”
rather than a sale, place the cash in the register, and then later remove the cash when
there is little risk of being observed.
• On a daily basis, account for all sequentially numbered receipts so that an employee
cannot give out a receipt to a customer and then destroy the company’s copy to hide the
theft. Likewise account for the numerical sequence of cash receipt transactions.
• Account for the numerical sequence of all cash register transactions. One enterprising
manager opened a store two hours early and pocketed all the sales during those hours.
This fraud could have been detected if someone other than the manager had, on a daily
basis, compared the prior day’s cash register transaction ending number with the next
day’s beginning cash register transaction number.
• Do not allow any unauthorized cash registers and account for all store registers on a
periodic basis. Another manager installed an extra cash register in a store and stole all
the cash receipts rung up on that register. Since the store owners did not know about the
extra register, the manager never had to report those sales. He simply destroyed the cash
register tapes for that machine and pocketed the cash.
• Test for unusual relationships. When a fraud is perpetrated, especially if the amount is
large, something is often out of balance. For example, if there were a large quantity of
unrecorded sales there would probably be a drop in gross profit margin. Auditors try and
uncover these anomalies (“this figure or relationship doesn’t make sense”) using
analytical procedures, ratios, vertical and horizontal analyses of sales accounts, and other
types of relationship tests. For control purposes, the tests that are most likely to detect a
given fraud scheme (if I skimmed cash receipts, what would most likely be out of kilter
Sec. 3
and how can I test for that relationship) should be identified and the tests performed
periodically. For example, cash receipt clerks can be compared to other clerks working at
the same time to test if any of them consistently have lower revenues than the others. You
can also analyze trends such as sales to inventory, cost of goods sold per employee,
average unit sales price, and the number of discounts, coupons, and over rings per
employee or workstation.
• Periodically inspect register tapes, cash registers, and a sampling of receipts (such as
when customers are leaving the store) for physical evidence of tampering. Scrutinize all
handwritten receipts.
• Find appropriate uses of electronic surveillance devices, such as video cameras.
• Employ secret shoppers to observe clerks and to determine if control procedures are
followed.
• Take out bond insurance on all employees handling cash receipts.
• Deposit all cash receipts daily.
• Monitor the lifestyle changes of all cash receipts clerks.
• Spot-check the authenticity of customer discounts.
• Set up a customer hot line so any unethical conduct can be reported.
• Conduct customer satisfaction surveys that also verify the price that was paid, the mode
of payment, etc.
COMMIT
CONCEAL
Concealment methods
• Most popular: lapping accounts receivable
• Destroy or alter transaction records
• Issue fake discount or credit memo to write off A/R
• Intercept or alter customer statements or late notices
• Journal entry write-off: contra revenue, bad debts, other A/R
• If a prepayment for goods: steal inventory, send it to customer
CONVERT
Sec. 3
Stolen checks can be converted to personal use by:
• Forging an endorsement or using a dual endorsement
• Setting up a false account (Smit Foods instead of Smith Foods) and depositing checks to
that account
• Altering the check payee to the employee or a controlled company
• Substituting a check for cash somewhere in the company
• Colluding with a bank employee to cash a check
Sec. 3
o Log in all cash receipts as each envelope is opened.
o Stamp "for deposit only" on all incoming checks.
o Require management to be present when the mail is opened.
o Use video surveillance of the mail room and rooms where employees store their
personal belongings during work hours.
o Forward all stamped checks to a separate person responsible for preparing the deposit
slip.
o Send a copy of the deposit slip and a list of the cash receipts and their total to a third
person, who agrees the list to the deposit slip and the amounts entered into the cash
receipts journal and the A/R ledger.
o Log all mail receipts and compare the receipts to deposit slips and other books of
record (Cash Receipts journal, A/R ledgers, etc.).
o Reconcile the number of envelopes received to the number of checks received.
Maintain control of all envelopes and monitor the trash for discarded envelopes.
• Maintain the following controls with respect to company/customer interaction:
o Mail monthly statements and request that any differences be reported to the company
o Control statements so they cannot be stolen or altered by employees.
o To prevent an employee from changing a customer’s address so that it can be sent to
him, put proper computer controls over data files and programs in place.
o Send late notices to all customers that are overdue on their payments.
o If cost effective, send an acknowledgment of all cash receipts.
• With respect to banks:
o Instruct the bank to only deposit (never cash) checks made out to the company and to
never cash a check made out to the company if it has a dual endorsement.
o Use a bank lock box, where the bank performs all mail receipt functions such as
opening the mail and depositing the checks.
o Periodically survey local banks to find account names similar to that of your
organization.
o Close all unused accounts. One fraud was perpetrated by an employee depositing
checks into a forgotten account that the perpetrator had managed to get signatory
control over.
• With respect to employees:
o Monitor employee activities, as employees who lap often have excessive weekend
work or work after business hours to keep a second, unauthorized set of books. This
set of books can often be found by searching a suspected perpetrators work area.
o Enforce mandatory vacations and job rotations. Lapping schemes are very difficult to
conceal if the perpetrator is required to take a two week vacation each year.
o Take out bond insurance on all employees handling cash receipts.
o Monitor the lifestyle changes of employees with access to cash.
o Do not deliver unopened business mail to personnel with access to accounting
records.
• With respect to A/R adjustments:
o Require supervisory approval on all write-offs.
o Conduct surprise cash counts and audits and publicize that they will occur randomly.
o Periodically scan customer accounts looking for either an unusually high number or
any unexplained: discounts, write-offs, write-downs, or other unusual debits to A/R.
Sec. 3
o Review write-offs, looking for patterns with respect to amounts, employees and cus-
tomers.
o Spot check documentation for A/R adjustments to determine if:
There is a delay between payment and posting dates
Payments match open invoice amount(s)
The name on the deposit is the name in the A/R ledger
Daily deposits match A/R postings
o Create an exception report for alterations to A/R.
o Periodically scan journal entries for illogical debits used to balance A/R or adjust
cash or inventory balances.
o Audit debits to dormant accounts. For example, a perpetrator stole a $1000 payment
from Jones, Inc. To hide the theft, she credits Jones’ A/R and debits an expense, such
as miscellaneous expenses, or another A/R that will soon be written off as
uncollectible. This no logical reason for this type of entry to be made and it should be
thoroughly investigated.
o Test for inventory shrinkage using analytical procedures, ratios, and other relationship
tests.
o Send confirmation statements to vendors. Monitor and follow up on customer com-
plaints.
o Verify aging reports for accounts that have little or no payment activity.
Understating sales and receivables is a variation of point of sale and mail receipt theft. The
difference is that in the other two methods all the money from a transaction is stolen. Here, a
portion of sales or A/R payments are reported and the rest are skimmed.
COMMIT
CONCEAL
Sec. 3
• Write off to contra revenue or bad debts
• Collude with an outside party. For example, a cashier colluded with a famous football
player at a Florida University. The player obtained hundreds of dollars’ worth of clothes
for a very small payment
• Provide customer with a full price receipt, while providing a different (usually altered)
receipt for bookkeeping purposes
CONVERT
• Segregate duties, proper personnel policies (mandatory vacations, rotate duties), and
examine write-offs as previously discussed
• Spot-check:
o Credit sales were posted to A/R accounts
o Customer discounts are authentic
o Goods shipped records agree to payment received records
o Compare customer's copy of receipt to store's copy
• Check receipts/invoices for alterations and scrutinize handwritten receipts
• Perform regular and surprise audits and frequent, unannounced cash and inventory counts
• Send account balance letters and customer satisfaction surveys to verify price paid, mode
of payment, etc.
• Monitor and follow up on all customer complaints
• Analyze trends such as
o Sales to inventory
o Gross profit margins
o Cost of goods sold per employee
o Average unit sales price
Sec. 3
o Salesperson's profit margins
o Number of discounts, coupons, and over rings per employee or workstation
• Reconcile accounts with bank records
• Have a hot line to report unethical conduct
THEFT OF CASH
Theft of cash fraud is stealing cash or cash equivalents that have already been entered into the
system. All companies are vulnerable, especially where there is a high volume of activity or a
high volume of transactions.
Theft of cash is the least frequent and least successful cash fraud. It also results in the smallest
company losses.
COMMIT
CONCEAL
• Steal cash from another register or cash drawer, placing suspicion on another employee
• Steal small amounts, saying imbalance is an error
• Cover with personal check; ensure it is not cashed
• Cover with an unused, fictitious transfer ticket
• Process false voids or refunds to reduce the amount of cash reflected on the register tape
• Use balancing entries: a write-off to contra revenue, a bad debt, or to another A/R
account
• Falsify the cash count so it includes the amount of stolen funds
Sec. 3
• Alter or destroy register tapes
CONVERT
To control cash register theft, put into place the following controls:
• Use registers with internal tapes that employees cannot manipulate. At the end of each
employee shift, reconcile the cash in the register with sales figures, returns, and other
transactions on the tapes. Make sure the cash in the register does not include personal
checks from employees. Since employees can usually ensure that cash in the till is the
same as the register sales at the end of their shifts, periodically conduct surprise cash
counts during employee shifts.
• Have separate individuals perform the following cash handling duties: cash receipts, cash
counts, bank deposits, deposit receipt reconciliation, posting of deposits, and cash
disbursements.
• Account for the numerical sequence of all cash register transactions as employees may
remove transactions from tapes to hide their theft.
• Cluster cash registers to enhance the visibility of transactions. Use elevated supervisor
stations and video camera to make surveillance of cash registers easier and less obvious.
• Teach supervisory personnel to spot the markers that employees use to keep track of the
amount of money that they have stolen.
• Make hiding the theft of cash difficult with: close supervision, cash registers and clerks,
video surveillance of employee lounges or locker rooms, and no pockets in employee
uniforms.
• Track overages/shortages by employee to help prevent the theft of small amounts of
money over long periods of time.
• Monitor each cash register and cash receipts clerk for the number and amount of “No
Sale” transactions.
• Periodically remove excess cash from the cash register to minimize the amount of cash
kept in each register.
• Review and analyze all journal entries to cash. Employees who can’t conceal fraud by
Sec. 3
altering source documents may conceal it by making journal entries to cash.
• Regularly examine reversing transactions, such as voids or refunds, which can be used to
reduce the amount of cash shown on the register tape to the amount of cash on hand after
a theft.
• Periodically inspect register tapes and cash registers for physical evidence of tampering.
• Spot check all cash counts. Sometimes employees remove cash from a cash count
envelope and alter the cash receipts tapes after the cash has been counted. This is
controlled by listing all original cash counts and comparing that count to test counts of
the cash envelopes as they are prepared for bank deposit.
• Deposit all cash on a daily basis. Do not leave cash in cash drawers or cash registers
overnight. Make sure that all cash, register tapes, and other documentation are delivered
to the appropriate personnel in a timely manner.
• Restrict access to cash registers to authorized personnel and maintain confidentiality of
register access codes.
• Take out bond insurance on all employees handling cash receipts.
• Monitor the lifestyle changes of all employees with access to cash.
• Set up a hot line so customers and employees can report any unethical conduct they
observe.
• Test for unusual relationships that indicate cash register theft.
Most organizations gather cash receipts, prepare a bank deposit, and take the deposit to the bank.
Without proper controls, cash is vulnerable to being stolen before it is deposited in the bank.
COMMIT
CONCEAL
• Prepare false deposit slips and falsifying entries in the books of record
• Show stolen funds as a deposit in transit
• Alter the receipt from the bank to show an inflated deposit
• Lap deposits; steal part of one day’s deposit, use some of next day’s deposit to cover it
CONVERT
• The same person prepares bank deposit, takes it to the bank, reconciles bank statements,
enters deposit slip data into company records
Sec. 3
• Bank deposit receipts that do not match the cash receipts journal or the deposit slips
• Deposit slips that do not match the cash receipts journal
• Bank statements and company records that do not reconcile
• Deposits that are not made in a timely manner
• Cash on hand or in bank that is lower than the records show
• Bank receipts, deposit slips, or bank statements that show evidence of alteration
To control theft from bank deposits, put into place the following controls:
• Deposit all cash receipts daily
• Reconcile daily deposit slips and entries to the cash receipts journal and A/R ledger.
Match the amounts entered and the composition of the payments (number of checks and
the amount of cash) to prevent a perpetrator from substituting a stolen check for cash.
• Make sure that two people are involved in preparing, posting, and delivering the bank
deposit.
• Have different people prepare the deposit, make the deposit, enter deposit information
into the appropriate journals and ledgers, and reconcile the bank statement and company
accounts.
• Rotate the duty of making the deposit.
• Do not leave a bank deposit unattended after it is prepared. Lock it in a company safe
until it is time to take it to the bank. Do not leave cash and deposits on company premises
overnight.
• Have an armored car service pick up bank deposits so that money can note be stolen from
the deposit on its way to the bank.
• Periodically inspect deposit slips, cash listings, and receipts looking for physical
alterations.
• Use video surveillance of the person making the deposit and the place where is it
prepared.
• Institute and enforce procedures to ensure that deposits for outside locations are received
on a timely basis by the central office.
• Take out bond insurance on all employees handling bank deposits.
• Conduct surprise cash counts and audits; publicize that they will occur randomly
• Reconcile cash as it flows through the organization. Compare all original cash listings
(cash register counts, cash and checks received in the mail, etc.) to cash entered on the
deposit slip. Compare cash actually deposited (deposit slips returned by the bank) to a
company copy of the deposit slip and the original cash listings. Ensure the amounts
entered, as well as payment composition (number of checks and cash amount) match to
prevent substituting a stolen check for cash. All documents should be compared to the
books of original entry (cash receipts journal, sales journal). Do this on a daily basis, if
possible. When bank statements are received, compare them to the above mentioned
company records.
• Audit any exceptions to a two-day clear.
• Monitor lifestyle changes of employees who prepare, post, and deliver deposits.
Sec. 3
CASH DISBURSEMENT FRAUD
Most false billing frauds involve a service. It is easier to conceal a never performed service than
goods never received.
False billing fraud is one of most common forms of asset theft because:
• The perpetrator does not have to take the risk of removing assets from the company
premise. Instead they submit a false claim against the company and the company
willingly mails them a check.
• There is lots of money to be had. The loss per incident is the highest among asset
misappropriation schemes.
• A lot of money is legitimately spent in organizations, which sometimes makes billing
fraud easier to conceal.
The most common billing schemes involve setting up one or more fake vendors.
COMMIT
1. Fictitious Vendor
Sec. 3
• Create a fictitious vendor
• Open a bank account under the fictitious name
• Bill the company
• Invoices can be professionally produced, prepared using a computer and desktop
publishing software, typewritten, or even prepared manually
• Often the most difficult aspect of a fraudulent billing scheme is getting the fake invoice
approved and paid. To do so the perpetrator can
• Approve the bill himself
• Sneak the bill past an inattentive, trusting, or “rubber stamp” manager
• Create false supporting documents such as voucher packages
• Check for fraudulent goods or services received and deposited in the fictitious company’s
checking account
The fraud occurs when the victimized company is buying the goods it needs from an
unauthorized vendor at inflated prices.
The perpetrator’s gain comes from profit from the inflated prices that are instituted while acting
as an unauthorized middle man in a necessary company transaction.
Support documents are run through the A/P system a second time; new checks are sent to the
correct vendors.
• Run the unauthorized invoice for a personal purchase through the A/P system. If the
perpetrator cannot approve the purchase, create a false purchase requisition or purchase
order to make the purchase appear legitimate, or alter existing purchase order and have
accomplice in receiving remove the excess merchandise.
• Have company order personal items or merchandise. Intercept the goods when they are
delivered, or deliver to home address or some other address, such as a spouse’s business.
Sec. 3
• Make personal purchases on company credit cards.
In all approaches the perpetrator either keeps the purchases for personal use or turns the purchase
into cash (or credit card refund) by returning the merchandise
CONVERT
CONCEAL
Concealing billing fraud is easier because the perpetrator does not have to:
• Conceal removing cash or inventory from company premises
• Company mails him a check
Concealment is harder in that creating a vendor company requires the fraudster to:
• File or forge articles of incorporation
• Obtain name, mailing address, phone number
• Open bank account and deposit and withdraw $
• Create and send vendor invoices
These items leave a trail, making it easier to find the perpetrator when the fraud is detected and
the shell company is identified.
Red flags that are present when a false billing fraud occurs include:
• Unexplained rise in services performed (services paid for but never performed)
• Payments to unapproved vendors
• Invoices approved without supporting documents
• Falsified or altered voucher documents. For example, altering a purchase order after it is
approved
• Inflated prices on goods purchased or unnecessary goods or services are ordered
• Payments to an entity controlled by an employee
• Multiple payments for the same invoice or over payments on an invoice
• Invoices frequently overpaid
• Unnecessary goods or services are ordered
Sec. 3
• Purchase orders altered after approval
• Personal purchases with company credit cards or charge accounts
• Excessive goods returned to vendors; full payment not received for items returned
• Rise in cost of goods sold or a decrease in profit margins
• Vendor with a PO box address (many PO box addresses are legitimate, but a smart
fraudster will use a PO box or address of someone else rather than his home address)
• A delivery address other than a valid company address (Perpetrators may have the goods
they ordered delivered directly to their homes rather than to the company)
To identify who set up the false company, search through the following:
• Bank records
• Public records: certificate of incorporation, business's tax identification number, etc.
• Commercial databases: names, addresses, phone numbers of person who owns vendor
• Employee data. Compare lists, and if there is no match, try spouses of employees (wife’s
maiden name often used) and relatives data
Sec. 3
the back of returned checks.
Sec. 3
returned check
• Photocopy all incoming checks when the mail is opened
• Instruct the company's bank not to cash checks payable to the company (deposit only)
• Research any vendors with names similar to the company
• Compare invoices to A/P and confirm them with the vendor
• Look for overpayment patterns; is one employee consistently involved?
• Compare invoice prices to PO prices
• Look for duplicate payments
• Review A/P records for duplicate invoice numbers
Sec. 3
• Use a competitive bidding process to make sure that the vendors with the best
combination of quality and price are consistently selected
• Periodically review payment coding for abnormal descriptions
• To control company credit cards:
o Restrict access and usage of company credit cards to those with a specific need
o Limit spending amounts and the locations where credit cards can be used
o Have card users explain and support charges before credit card accounts are paid
o Examine all credit card statements and have all purchases reviewed for post-purchase
approval by someone other than the person making the purchases
o Separate reconciling credit card statements from signature authority over the card
• Teach employees how to detect fraudulent documents
COMMIT
Submit a personal expense for reimbursement and claim it was a business expense:
• Largest type of reimbursement fraud and often perpetrated by high level employees,
owners, and officers
• Oftentimes perpetrator has authority over accounts from which expenses are reimbursed,
making the frauds particularly hard to detect
o Examples:
Claiming personal travel as a business trip
Listing dinner with friend as business development
Inflate legitimate expenses of another employee and skim the excess or split it with the
Sec. 3
employee.
CONVERT
CONCEAL
To make a fraudulent or unauthorized expense look like a legitimate business expense so it isn’t
questioned and therefore reimbursed:
• Submit all the paper work for a personal item
• Alter documentation to overstate the amount due
• Over purchase and submit the full receipt
• Submit forged or stolen receipts
• Submit different forms of documentation for the same expense
• Make photocopies of receipts for multiple reimbursements
• Forge an authorization signature
• Write a check to pay for an expense, submit a photocopy as support, destroy the check
Sec. 3
• Frequent use of photocopied receipts
• Travel not supervised and expenses for travel not reviewed
• Thoroughly review requests before payment (amounts reasonable, original receipts are
complete, compare to employees work schedule, etc.)
• Compare expense amounts to prior periods and budget
• Regularly review and reconcile expense accounts
• Compare with historical usage, budgeted amounts
• Compare the reimbursement request to the person’s work schedule to see if they were
working or not
• Compare reimbursement amounts to those of other employees (same trip, over time)
• Look for patterns (no cents, all amounts end in 0's or 5's, many just below review point )
Several control procedures can reduce the risk of expense reimbursement fraud.
• Require employees to fill out a detailed expense reimbursement form. Have the
employee explain the business purpose of the activity, expense, or purchase as well as its
location, date, and time. Require documentation for all expenses except for very small
amounts.
• Require that all expense reimbursements be carefully reviewed and approved by a
supervisor before they are reimbursed.
• Require original copies of receipts and other forms of documentation, since alterations to
receipts are much less noticeable on photo copies.
There are procedures that can be used to detect fraud if it occurs. Some of the more important
tests to control for expense reimbursement fraud are:
• Thoroughly review requests for reimbursement before payment (amounts are reasonable,
original receipts are included for all items, etc.)
• In cases of airfare and overnight travel, a personal expense can sometimes be detected by
comparing the dates of employee expenses to their work and vacation dates. Business
expenses during vacation days should be examined very carefully to ensure that they are,
in fact, legitimate expenses
• Look for unusual patterns in receipts, such as all amounts being rounded to even dollars,
all dollar amounts ending in a 0 or a 5, most reimbursements amounts just below the
review point, or reimbursement documentation that is consecutively numbered
• Compare expense amounts to prior periods, budgeted amounts, and historical usage
• Regularly review and reconcile expense accounts
• Compare reimbursement amounts to those of other employees who were on the same trip.
Over time, a pattern may emerge of consistently higher expense reimbursements
PAYROLL FRAUD
Payroll fraud is the theft of company funds using the payroll system. The perpetrator submits
Sec. 3
fake documents, time cards, sales orders, etc. Company pays out more in salary, commissions, or
governmental benefits than necessary.
COMMIT
Ghost employee: low frequency, dollar loss, highest loss/incident. Requires 5 steps:
1. Fabricate personnel and payroll records (name, address, SS#, pay rate) and get them
entered into the payroll system:
• Done by a department manager, payroll employee (with rubber stamp manager), or
unauthorized employee (poor employee database controls)
• Don’t take terminated employee off payroll
• Intercept or delay termination notices
• Change terminated person’s address, bank account
False commissions: highest total dollar losses, average loss per incident is lower than ghost
employees. Two ways to commit commission-based payroll fraud:
Sec. 3
False hours, pay rate, or salary: most common payroll fraud, but has the lowest loss per
incident
CONVERT
• Perpetrator or accomplice cashes ghost employee or inflated check, or it is deposited in
their account
• Collect undeserved workmen’s compensation
CONCEAL
• Fabricate the necessary ghost employee personnel and payroll records, including a false
name and address
• Set up a bank account or use your own
• Forge pay documentation and authorizations
• Steal manager password for computer authorization
Sec. 3
• Intercept paychecks
• Do not submit termination notices, or delay them
• Change address, bank account of terminated person
• Fake injury, collude with doctor
• Test payroll records for duplicate social security numbers, employee addresses, and bank
account numbers. Also test for similar names
• Match the number of pay checks to the number of authorized workers
• Analyze employee deductions and withholdings (ghosts don’t need insurance, pay
minimal taxes)
• Trace the names on paychecks to personnel files
• Have internal audit or someone independent of payroll conduct a surprise payroll
distribution
• Match terminated employee list to payroll register
• Review time cards: hours, authorizations, overtime (only one person getting overtime)
• Require an ID to pick up paychecks
• Review payroll records for excessive overtime
• Test: Is there a linear relationship between commission expenses and sales
• Test: does % or amount of uncollectible accounts differ substantially between salespeople
• Compare documents used to record sales and calculate commissions
• Compare employee commissions, look for outliers
• Video surveillance of time clock
• Analytical review red flags
o Number of employees paid greater than number working
o Two employees with similar names
o Employee pay rate out of authorized range
o Discrepancies in quantities and sales prices between commission calculations and
sales records
o Pattern: payments not made on fictitious sales after they are booked and commissions
are paid
• Altered sales documents
• Complaints that sales commissions are incorrect
The following control procedures can reduce the risk of payroll fraud:
• Require all time keeping information to be authorized before an employee is paid,
especially overtime hours. Do not accept any timekeeping information that does not pass
through the supervisor responsible for authorizing it and that is not immediately
forwarded to payroll.
• Separate the duties of hiring employees, entering timekeeping information, authorizing
timekeeping information, processing payroll, authorizing payroll, distributing payroll,
transferring funds to the payroll accounts, and reconciling the payroll bank account. The
data used to calculate sales commissions should be prepared by someone independent of
Sec. 3
the sales department.
• Where automated timekeeping systems are used, have a supervisor present at the
beginning and the end of shifts to ensure that an employee does not clock anyone else in
or out of the system.
• Stringent access controls (few people with closely guarded passwords allowed to make
changes, all changes reviewed and authorized, changes only made from specific terminals
during business hours, etc.) should be placed over the payroll data base so unauthorized
employees cannot add ghost employees or make changes to their hours, pay rates, salary,
or commissions.
• Install an automated time keeping system that requires an employee ID card or some
other physical form of identification. This makes it much more difficult to perpetrate
fraud since a false ID must be obtained and the perpetrator must be present to log the
ghost employee in and out of the system every day. It would also require employees to
give their ID to someone else in order for them to check them in or out of the
timekeeping system.
• Pay all employees out of a separate payroll account that uses pre-numbered checks in
sequence. Restrict access to unused checks and check signing machines.
Sec. 3
REGISTER DISBURSEMENT FRAUDS
In both cases:
• Cash register tape and cash are in agreement
• Inventory is overstated, as no merchandise was returned to place back on the shelf
CONVERT
• Stolen cash: no conversion is needed
• Credit card: balance reduced, or money spent using card
CONCEAL
Sec. 3
There are three concealment problems:
The following procedures can be used to detect register disbursement fraud if it occurs:
• Analyze voids and refunds by employee, credit card number, and amount looking for
unusual numbers, amounts or patterns
• Review register refunds and voids and their supporting documentation
• Look for unusual items like many that are just below the review limit or that do not have
proper documentation or authorization
• Analyze the amount of shrinkage (overstated inventory) and shrinkage trends, especially
for products for which refunds were granted
• Examine the procedures for authorizing voids and returns
• Ensure that they can’t be processed without approval
• Call a sample of customers who return merchandise to test the legitimacy of the return or
the void
• Periodically inspect register tapes and cash registers for physical evidence of tampering
Sec. 3
Scrutinize all handwritten refunds and voids
• Teach supervisory personnel to spot the markers that employees use to keep track of the
amount of money that they have stolen
• Oftentimes employees will put money in the register even though they do not ring up the
sale so that customers do not get suspicious
• When they do, they need to keep track of how much money they have not rung up
• To do so, they often place a marker (such as a penny for $1, a nickel for $5, etc.)
somewhere near the register so they know how much money to remove from the register
when they are not observed
• Conduct periodic unannounced surprise cash counts
• Take frequent physical counts of inventory on hand and reconcile those counts with the
inventory records to spot high shrinkage
• Monitor the lifestyle changes of all employees handling refunds and voids
• Set up a customer hot line so unethical conduct can be reported
• Look for illogical entries used to balance the books or unexplained or unsupported (no
source documents) entries to perpetual records that might hide inventory theft
The following control procedures can reduce the risk of register disbursement frauds:
• Do not let refunds or voids be processed without proper and careful approval
• Separate the following duties:
o Processing refunds and voids and authorizing them
o Handling all cash receipts (someone other than cash register clerks)
• Separate the following cash handling duties: cash receipts, cash counts, bank deposits,
deposit receipt reconciliation, posting of deposits, and cash disbursements
• Do not let clerks have access to the control keys needed to authorize a refund or void
• Make the customer a part of the internal control system by posting signs in the register
area letting customers know that they should ask for and examine their receipts
• Use cash registers with internal tapes that the employee cannot manipulate and that
requires a manager to insert a key before a void or refund can be processed
• This gives the manager a chance to see the customer that is getting the refund or the void
• Do not allow multiple cashiers and refund clerks to operate from a single cash drawer
o If they do, require separate access codes for each of them
• On a daily basis, at the end of every employee’s shift, reconcile the returns shown on the
register tape with the actual merchandise returned
• If this “matching” took place, the employee would have to go into the store, get
inventory, and place it among the returned items for the two to match. This is likely to be
noticed
• Require customers to show their receipts at the door as they leave
• The person checking the receipt should verify that the receipts and goods agree
• Cluster cash registers (including those used for refunds) to enhance the visibility of
transactions
• Use an elevated supervisor station manned by a manager, and use video surveillance
• Make hiding the theft of cash difficult by using techniques such as:
• Close supervision
Sec. 3
• Video surveillance of rooms where employees store personal belongings
• Not having pockets in employee uniforms
• Monitor each register and employee for the number and amount of refund and void
transactions
• On a daily basis, account for all sequentially numbered refund and void forms
• Take out bond insurance on all employees handling refunds and voids
• Spot-check the authenticity of customer refunds and voids
2. Borrow, use asset in a way that was not intended. Many inventory frauds start with
borrowing assets. When asset is not missed, employee realizes he will not get caught and
borrowing turns into theft. As a result, asset misuse is not a harmless crime
Common practice is using company computers, office supplies, etc. to run a personal business.
Employee, using employer’s computers and resources, often is a direct competitor to employer.
Most assets thefts committed are by people with access to the assets, such as warehouse,
inventory, shipping, receiving, and delivery personnel.
COMMIT
• Easiest way is to make no attempt to hide the theft, simply walk off with the asset
• Ship or receive short, set goods aside to steal later
• Discard the asset as scrap, then sell it
• Create a false asset movement document, steal asset while in transit
• Steal when it is transferred between buildings
• Fake a shipment
• Fake sale to accomplice, fake person or company
• Pick up asset without worrying about security, management, co-workers, or other
observers
• After-hours theft
Sec. 3
• Overstate work orders or requisitions (or create fictitious ones), steal excess
• Mark goods as defective and then steal them
• Collude with outsiders to fake a sale. For example, employee acts like they are ringing
up the goods, but they aren’t. Accomplice may later exchange the goods for cash
CONVERT
Stealing assets is one of the less convenient ways to perpetrate fraud. Stolen items usually have
to be converted to cash before the perpetrator can benefit from the crime.
CONCEAL
• Perpetrators often make no attempt to conceal
• Fake journal entries to adjust inventory records
• Misstate inventory counts to cover the amount stolen
• Write assets off as obsolete
• Sell assets or inventory to accomplice as scrap
• Charge missing inventory off to a large or soon to be written off A/R
• Allow receivable for false sale to go unpaid until it is written off or removed from the
books
• Steal sales documents before customer is billed
• Pad inventory amounts to show more inventory on hand than there is
• Empty boxes scattered among full boxes
• Boxes partially filled
• Stacks of boxes with hollow middles
• Alter documents, such as sending inventory a false receiving report, A/P a correct one
• Create false documents (transfer, movement, PO, packing, shipping, receiving, sales, etc.)
• Intentionally overstating goods needed on work orders or requisitions
• Classify goods as defective and sell at a discount
• Use computer to disguise asset request origination so the request cannot be traced to them
Sec. 3
• Scrap exceeds expected amounts, amount rising
• Fraudulent or altered documents (packing, shipping, receiving, moving, requisition, etc.)
• Shortages when goods are moved or transferred
• Unnecessary transfer requests are made
• Rising trend of customers who never pay for merchandise
• Employee who frequently visits company sites after business hours
• Material usage is higher than established standards, or than what is used by other workers
• Vendor invoices do not match receiving reports
• Documents do not agree (receiving reports in A/P & Receiving are different)
• Documents do not agree with journals or ledgers
• Unexplained entries in the perpetual inventory records
• Missing documents (no sales document that matches a shipping document, or vice versa)
• Fraudulent or altered documents (packing, shipping, receiving, moving, requisition, etc.)
Sec. 3
employees should sign the document accompanying the goods (or make the appropriate
acknowledgment of the transfer on-line) at the time the goods are transferred from
inventory to shipping or production. This procedure facilitates tracking the cause of any
inventory shortages. In addition, such accountability encourages employees to prepare
and maintain accurate records
• All inventory transfers within the company should be documented using standard, pre-
numbered forms. Goods that are awaiting transfer or shipment or that have just been
received should not be left unattended
• It is important to take frequent physical counts of inventory on hand and to reconcile
those counts with the inventory records. If all goods cannot be counted frequently, the
most critical items should be counted most frequently, and the least critical items counted
less often. All items should be double counted to prevent padding the inventory to hide a
theft. It is also important to carefully conduct the count to detect such tricks as empty or
partially filled boxes and hollow middles
• Employees responsible for the custody of inventory should be held accountable for any
shortages
• Analyze short shipments or receipts to determine if an employee is involved with an
inordinate number of them. For such employees, periodically observe and/or control the
handling of short receipts or shipments
• Look for illogical entries used to balance the books or unexplained or unsupported (no
source documents) entries to perpetual records that might hide inventory theft
• Examine all document copies for consistency; examine all companion documents
(purchase orders, receiving reports, vendor invoices) to make sure they match and are
consistent
• Periodically examine company documents and: look for ones that are fake or altered,
search for missing documents by accounting for their numerical sequence, and compare
the various copies of a document for consistency
• For each item produced, establish standard quantities for raw materials and supplies so
that an employee cannot order excess materials and walk off with them
• Establish clear criteria for scrapping raw materials, work in process, and finished goods
or for declaring them as defective. Require a person independent of the production or
selling function to authorize all scrap and to designate items as being defective
• Periodically compare customer and vendor addresses to those of employees to prevent
employees from shipping goods to themselves. Also scan the addresses for unusual ones,
such as a business address in a residential area
• Review log of afterhours visits by employees to the company looking people that visit too
frequently or have an unusual visiting pattern
• Set up a fraud hotline. In many asset thefts, someone in the organization knows about the
theft but is afraid to let anyone know about it. Their fear or reluctance might stem from:
the stigma attached to “squealers,” fear of losing their job, threats or other intimidation by
the thief, a sense of loyalty or duty to the co-worker, a management vs. labor mentality,
poor channels of communication, or any other number of reasons. Many of these things
can be overcome if the employee can make an anonymous phone call to report the theft
There are many different analytical procedures that can be used to control for fraud and detect it
if it occurs. Some of the more important tests to control for the theft of assets are:
Sec. 3
• Cost of goods sold as a percentage of sales is rising and there are no changes to purchase
prices, quantities purchased or quality of goods
• Abnormal/unusual relationships between Sales, Cost of sales, gross margin, inventory,
A/R
• Persistent or rising inventory shortages
• Scrap or shrinkage as a percentage of inventory is high or rising
• Defective goods produced as a percentage of inventory is high or rising
• Percentage or number of orders shipped or received short is high or rising
• Percentage or number of customer accounts written off is high or rising
• Percentage or number of sales returns and allowances is high or rising
• Employee materials usage higher than standard or high in relation to other employees
• Match vendor addresses to employee addresses
Sec. 3
FINANCIAL STATEMENT FRAUD SCHEMES
Fictitious revenue:
Recording unearned, fictitious or misclassified revenue
Timing differences:
Prematurely recognizing genuine transactions
Recognizing consigned goods as sales
Disclosure Failures:
Failure to disclose material facts not covered in the financial statements
All of these methods can be employed independently or together, and can involve the use of an
undisclosed related party relationship and “less than arm’s length” transactions. The use of a
related party transaction aids in the concealment and commission of the fraud.
FICTITIOUS REVENUES
COSO study of Fraudulent Financial Statements found that 50% of FFS fraud is due to
overstating revenues.
The most frequent way to cook books is to inflate revenues. Increasing revenues, without a
corresponding increase in expenses, drops the full amount of the inflated revenues to the bottom
Sec. 3
line - net income.
The most common fictitious revenues come from book bogus sales (debit A/R, credit sales).
This overstates assets, revenue, and income.
Creating fictitious revenues is easy. It is much more difficult to cover them up.
CONCEAL:
COMMIT: Create fake supporting documentation (sales invoices, shipping documents) for
bogus sale.
Sec. 3
Concealment Challenge: CONCEAL
Fictitious sales may be uncovered • Use difficult-to-confirm customers or contracts
during A/R confirmations or reviews • “Pay” major customer/contractor to provide false
of government contracts. confirmations
Over time, customer balances rise • Remove false sales with credit memos, write offs, etc.
because fictitious sales are never • Use other funds to pay off receivables (ZZZZ Best)
collected.
Customer notices false billings on Perpetrators alter or intercept monthly statements.
monthly statement
End-of-quarter sales often subject to Record false sales earlier in quarter
close scrutiny
Large or unusual transactions are • Avoid undue attention; make fictitious sales look like
subject to close scrutiny real sales
• Avoid anything too large, unusual
• Use more, smaller, less material transactions
COMMIT: Create fake customers and “sell” them goods. Phony supporting documents are
sometimes prepared
This type of fraud has all of the same risks of false sales to real customers.
The perpetrator uses the same cover-up techniques. In addition, they face the following:
TIMING DIFFERENCES
GAAP: Companies should recognize revenue when the earnings process is complete and
ownership rights (unrestricted use, risk of loss, title, ownership, liabilities) pass from seller to
buyer.
Sec. 3
Companies report activities in fiscal years (4 quarters), match revenues and expenses, and report
in the same period. Companies can manage earnings with different tactics:
• Play with lines between quarters and years
• Report revenues, expenses in wrong period
• Recognize revenues before fully earned.
The most frequent cut-off fraud consists of recognizing future sales in current reporting period.
The company holds the books open long enough to meet sales or profitability goals.
Example: Company in Boca Raton, Florida stopped time clocks at 11:45 am on last day of
each quarter and time-stamped enough shipments to meet quarterly sales targets. Then the clock
was restarted. Auditors were fortunate the company did not try to cover up the fraud - with so
many shipments stamped with the same date and time, it was not too hard to uncover the scheme
Closing the books early pushes current expenses to the next period. Companies hold unpaid bills
(and often hide unpaid invoices) and don’t record returns/allowances until later
The tactics to Hold Books Open and Close Books Early are often used together (hold the books
open for revenues and close them early for expenses).
Stuff the channel is also called trade loading or borrowing from next quarter's sales.
Revenue recognition has always been a murky area of accounting. It is hard to define many
complex components of revenue or determine when to recognize revenue.
Sec. 3
o GAAP: recognize revenue when transaction risk is removed and returns can be
estimated “reasonably.”
Most conservative approach: wait until distributors sell their products.
Less conservative: when goods shipped to distributors because it is more
prone to manipulation, earnings management
Trade loading usually occurs at quarter’s end, when sales/revenue falls, in order to help earnings
look better than they really are. The company motivates or forces customers/distributors to
accept more product than they need or want. Customers/distributors lose nothing; the profit
occurs when a company is desperate to reach a sales goal so the company offers discounts,
guaranteed returns, rebates (if prices fall before the products are sold), and/or cash advances
against future sales.
Often the fact that stuffing the channel has occurred becomes unclear when using legitimate sales
incentives crosses the line; then it becomes fraud. It is easier to determine when it is not
accidental (when the company has fraud in mind):
• Illegal sales incentives used
• Ship unordered goods near period end
Example: Some people criticize Verisign, which registers domain names, for prematurely
booking revenue.
• When Verisign sells a domain name they ask if you want to renew the name for another
year.
• Even when people say no, Verisign still books the next year's fee as deferred revenue for
half of those people, assuming they will come back.
Example: Miniscribe shipped bricks to a warehouse and recorded them as sales of hard drives.
Example: U.S. Surgical Corp overstated income of $2 million by including in sales the goods
that were on consignment to its dealers, salespeople, and certain foreign entities.
Sec. 3
6. “LEGALLY” MANAGING EARNINGS
Use this checklist to evaluate the risk that fictitious revenues and timing differences are being
used to overstate financial statements. More “yes” answers mean greater risk.
• Does the company have a history of using aggressive or shaky accounting practices?
• Are there any indications that management is overriding internal controls?
• Is management compensation substantially determined by company revenues or sales?
• Are duties inadequately segregated among order entry, shipping, billing, A/R detail, and
general ledger?
• Does one employee process the same transaction from beginning to end?
• Do cut-off tests or confirmations reveal invoices recorded in the wrong period or
unrecorded sales returns and allowances?
• Near the end of the reporting period were there any:
o Unusually large sales or other transactions affecting revenue?
o Sales with unusual or extremely favorable conditions?
o Material, unsupported revenue entries in the sales journal?
• Have there been substantial sales reversed at the beginning of a new reporting period?
• In comparison to previous periods
o Have sales increased materially?
o Have cost of sales decreased significantly?
o Is the ratio of credit sales to cash sales growing?
o Has cash decreased in comparison to sales and receivables?
o Are shipping costs higher?
o Does the allowance for doubtful accounts seem appropriate?
• Were there any abnormalities in sales and shipping such as:
o Sales or shipping invoices that are out of numerical sequence?
o Discrepancies between sales and shipping documents, such as quantities of goods
shipped but not reconciling to goods billed?
o Goods being billed before they are shipped?
o Shipping goods before a sale is consummated
• With respect to Accounts Receivable:
o Is the company negotiating financing based on receivables?
o Have receivables grown significantly?
o Have receivables increased faster than sales?
o Has accounts receivable turnover slowed?
Sec. 3
o Are there any large past due receivable balances or large receivables from related
parties or unfamiliar sources?
o Are there any circular transactions, where collect ability depends on funds from, or
continued activity with, the client?
• Does the company delay or deny access to original records?
BILL-AND-HOLD SCHEMES
GAAP: revenue must be realized or realizable and earned. It is usually recognized when goods
are sold and delivered.
SAS 99 fraud risk factor: unusual and highly complex transactions that pose difficult substance
over form questions. This is a good description of bill-and-hold sales.
Example: Sunbeam
• CEO Al Dunlop instituted aggressive sales tactics, including an end-of-the-year bill-and-
hold sales campaign to sell gas grills.
• Campaign began in the fall, many months before distributors would even think about
ordering grills.
• To motivate early sales, Sunbeam offered deep discounts, six months or more to pay, very
liberal return policies, and free storage until the distributors were ready for delivery.
• The offer was too good for most distributors to refuse and sales were brisk.
• Sunbeam recognized all sales as current revenue, a clear violation of GAAP. Sunbeam
was nowhere near completing its obligations to the distributors and had little idea as to
how many of the grills would be returned.
• SEC investigated and determined that at least one-third of Sunbeam’s 1997 earnings ($62
million of a reported $189 million) were fraudulent.
• Much of the fraud was a result of the bill-and-hold schemes
Sec. 3
• Inspect sales transaction documentation, including sales orders, shipping documents, sales
invoices, and customer payment information looking for anything that might indicate bill-
and-hold practices. For example:
o Bills of lading signed and dated by company employees when they should be signed
by a shipping company employee
o Shipments to warehouses rather than customer's regular address
o Invoices with no shipping information
o Notes or instructions on any of the documents that might indicate a bill-and-hold
transaction.
• Ask management and sales, shipping, and accounting employees if the company has any
bill-and-hold sale arrangements.
• During inventory observation, be on the alert for goods billed to customers that were not
shipped or physically segregated
• Ensure that all bill-and-hold sales follow SEC guidelines
After the various forms of revenue recognition fraud, the next most frequent type of Financial
Statement fraud is asset fraud. A 1999 Treadway Commission study showed:
• Half of FS frauds were asset misstatements
• Asset most susceptible? Inventory (often overstated)
• Many famous cases: Salad Oil Swindle, McKesson and Robbins, Crazy Eddies, Leslie
Fay, and Phar-Mor
Inventory is fraud-prone because its valuation is complex. It is also subject to theft, breakage,
and obsolescence.
Why is inventory fraud possible? Audit profession critics cite the following:
• Many auditors observing inventory are recent college graduates with little audit or
industry experience and are not familiar with the company being audited.
• The auditors supervising the new college graduates only have a few more years of
experience than they do. They also often lack client and industry experience.
• Audit partners and managers rarely observe inventory counts and are often unavailable to
answer questions that those observing inventory might have.
• Inexperienced auditors often do not recognize unusual items that might indicate fraud.
Sec. 3
When they do they may not bring them to the partner/manager’s attention.
• Little continuity of assigned staff; so often none of the auditors knows the clients
business or industry practices.
• Auditors tell companies where they will make test counts, allowing them to overstate
inventory at untested locations
• Company officials can follow auditors around and take note of the items they test count.
This makes it easy to falsify the counts of the other inventory items.
• The number of items auditors test count is way too small, making fooling the auditor
easier.
• Auditors often do not test count high value items and fail to ensure a sufficient proportion
of inventory is counted
• Auditors do not carefully examine the inventory they count. This allows management to
do things like stack empty boxes in the warehouse, make stacks look larger than they are
by having hollow middles in stacks, etc.
• Auditors sometimes do not adequately control their work papers, allowing clients to alter
them after hours
• Auditors make companies adjust for errors they find, but never consider that some errors
may indicate intentional, material, and pervasive fraud.
Perhaps the easiest inventory fraud scheme is to put fake inventory on the books by:
• Recording false journal entries
• Embellishing count sheets
• Creating fake purchase orders and receiving reports
EXAMPLE: Saxon Industries. The SEC cited three executives for creating $75 million of
fictitious inventories. They inflated inventory by:
• Adding inventory after the physical count was completed
• Programming company’s computers to automatically add inventory
• Transferring fake inventories between divisions
How does inventory overstatement affect financial statements? Let’s look at an example:
Correct Fraudulent
+ Sales 1,000,000 1,000,000
Sec. 3
Beginning Inventory + 300,000 300,000
Purchases + 600,000 600,000
Ending inventory - 400,000 500,000
- Cost of Goods Sold = 500,000 400,000
By overstating ending inventory by $100,000, Gross Margin increased by that same amount.
Net income before taxes went up by same amount.
• Some companies have inflated inventory by altering the auditor’s inventory test counts
after they have left for the day.
3. Capitalize Expenses
Capitalizing expenses and placing them in inventory or another asset account can increase
income. This also decreases expenses.
EXAMPLE: U.S. Surgical Corp. and Barden Co. The SEC sued U.S. Surgical, charging them
with an $18.4 million overstatement of pre-tax earnings. They employed several different fraud
schemes, including falsifying vendor purchase orders.
• Vendors submitted false invoices so Surgical could decrease parts costs and capitalize
over $4 million of its costs of materials.
• Improperly capitalized over $4 million of legal costs that were recurring operating
expenses
• SEC also charged Barden Co., a supplier of surgical equipment, with sending U.S.
Surgical false invoices. This allowed U.S. Surgical to capitalize costs that should have
been expensed.
• Barden returned confirmations to U.S. Surgical’s auditors stating the false invoices were
accurate
What happens when a company using the periodic inventory method does not record a purchase
and includes the inventory in the year-end count?
Sec. 3
Correct Fraudulent
+ Sales 1,000,000 1,000,000
By not recording a $50,000 purchase, Gross Margin increased by that same amount and net
income before taxes went up by $50,000.
So, if a company wants to overstate income, they can “forget” to record purchases near the end
of a reporting period.
• There is always a reason why fraud takes place. Try to evaluate possible motives by
asking yourself questions such as:
o Is upper management under extreme pressure to meet financial projections?
o Is the company attempting to obtain financing secured by inventory?
o Is the company always out of cash and struggling to find funds for expansion?
• Interview key employees in a straightforward but nonaccusatory way. Ask questions such
as:
o Has anyone asked you to inflate inventory in any way?
o Was any inventory added to the count after it was completed?
o Has anyone asked you to alter the auditor’s inventory accounts?
o Has anyone asked you to not record purchases or to delay recording them?
o Has anyone asked you to capitalize items that should be expensed?
o Do you know of anyone in the company that is committing a fraud?
Sec. 3
• Perform detailed analytical procedures and then ask yourself the following questions:
o Has the percentage of inventory to total assets increased over time?
o Has the ratio of cost of sales to total sales decreased over time?
o Have shipping costs decreased as a percentage of inventory?
o Is inventory increasing faster than sales?
o Has inventory turnover slowed over time?
o Compared to previous periods, are cost of sales too low or inventory and profits too
high?
o Is the company’s gross profit percentage in line with expectations?
• Ask yourself the following questions about the accounting processes and records
o Have there been significant adjusting entries that have increased the inventory
balance?
o Were material reversing entries made to the inventory account after the reporting
period?
o Does the cost of goods sold on the books not agree with tax returns?
o Does the company have a complex system to determine the value of inventory?
o Are the company’s cutoff procedures unclear or ineffective?
o Are there cash disbursements related to the purchase of inventory subsequent to the
end of the period that were not recorded in the purchase journal?
o Is the company involved in a volatile or rapidly changing industry such as
technology?
o Does the summarized inventory contain an unusually large quantity of high-cost
items?
o If there have been product line or technology changes or rapid declines in sales or
markets, are there the expected write downs to market or provisions for obsolescence.
o Does the company use questionable procedures for determining or aggregating
inventory costs or are there any indications that erroneous or insupportable costs have
been applied?
Sec. 3
revenue recognition)
• Sales with a guarantee from a seller-financed entity (such that the sales would be viewed
as an uncollectible receivable)
• Sales without substance (fund buyer to assure collection)
Vendor financing (lending customer money to buy products) can be valid business practices
• Lucent, Alcatel hurt after weak customers failed and defaulted on loans. Neither was
accused of fraud.
Particular concerns for risk factors at the end of the reporting period:
• Highly complex or unusual transactions
• Material revenue transactions with significant variations from normal sales terms, such as
unusual payment terms
• Significant revenue recognized near period end
Sec. 3
• Examine material cash advances, investments, and other disbursements, looking funds
dispensed to related parties
• Search for info about management, company. Use Internet search facilities and print
media (newspapers, phone books, and industry or trade publications).
To move liabilities off the books, set up a special purpose entity, synthetic lease, securitization,
or an off-balance-sheet partnership.
EXAMPLE: eBay and Novell use synthetic leases to finance buildings. A third party purchases
property and rents it to them. The building and lease obligation are not on the company’s BS
because the arrangement is treated as if it were a tenant in a traditional operating lease. This
improves key performance measures (debt-to-capital, return-on-assets ratios). Unlike a
traditional lease, synthetic leases have ownership benefits (interest, depreciation tax deductions).
The best of all worlds: no property or lease obligation, but interest and depreciation charges on
the IS.
RESERVES
Reserves should be set up that can be used for smooth financial returns:
• In good times, called cookie-jar accounting
• While restructuring, called the big bath
Since the future can’t be foreseen, estimates are just judgment calls.
Sec. 3
• Management does their best to estimate what will happen
EXAMPLE: Sears. Between 1993 and 1996, the allowance for doubtful accounts dropped from
4.72% of A/R to 3.63%. Actual losses increased to 5.43% from 3.55%. Yet, Sears was
extending credit to more customers, many of whom were less credit worthy than other
customers. Sears had seven straight quarters of double-digit earnings growth during the decline
in the allowance rate. Rising delinquencies finally resulted in two quarters of negative earnings
growth in late 1997 and early 1998.
Estimates of future expenses and accompanying reserves can be used to smooth earnings and to
commit outright fraud.
• In profitable years, companies use very high assumptions to stash large amounts of
money in a reserve account.
• In lean years, boost earnings by harvesting the reserves.
o Lower assumptions and free up some or all of the money in the reserve to increase
profits.
RESTRUCTURING CHARGES
Earnings can be smoothed by playing with write-offs and one-time restructuring charges.
When a company restructures its operations and takes a charge for doing so it:
• Estimates all related costs
• Reports all restructuring costs in the period when the changes are announced, even though
they may not be incurred until a later period.
Sec. 3
Company with a legitimate restructuring charge:
• Can throw all kinds of extra expenses into the charge
• Can reverse the charges later to increase income
If a company does not have a legitimate write-off or restructuring it can always come up with a
reason for one.
• Zacks Investment Research states that only 31 S&P 500 companies had a negative
nonrecurring item in 1992.
• Eight years later, in 2000, almost half (247 of the 500) reported negative nonrecurring
items!
• Furthermore, 28 of the largest 1,000 companies reported negative nonrecurring items for
eight quarters in a row.
If all of those charges are legitimate, they seem like a lot of bad decisions by some of the
brightest and highest paid executives in America.
An alternative explanation is that there are big bath charges that can be used in future periods to
manage earnings.
EXAMPLE: Former SEC chairman Arthur Levitt tells of a company that booked a large, one-
time loss to earnings to reimburse franchisees for equipment they had not yet purchased. At the
same time, the company announced future earnings would grow by 15% a year.
Companies can play games with their pension funds to smooth out earnings. Companies who
offer employee pensions have a pension liability, which is an estimate of the future obligations to
their current and retired employees. Those liabilities are offset by a pension account that is
funded by the organization. The company invests the money in the pension fund and earns a
return on the fund. The higher the assumed rate of return on the fund, the smaller the payment
the company has to make in any given year to fund its pension obligations. If the fund and its
expected returns exceed the expected liability and the cost to operate the fund, the company can
take the excess as a pension credit, which increases earnings.
Historically the stock market returns about 10% a year, bonds return less, and more conservative
treasury bills and savings accounts return even less than 10%. Sound investment principles
would dictate that a company spread its money around among the investment options available to
it and that a fairly hefty amount of the fund should be in more conservative and lower return
investments. Based on that, what would you expect companies to earn on their pension funds?
AT&T, General Motors and IBM expect to earn 9.5%, 10% and 10%, respectively.
Why so high? The higher the forecasted rate, the less money the company needs to invest (and,
if high enough, the higher the pension credit). This causes more revenue to drop to the bottom
line, or the credits actually add to the bottom line.
Sec. 3
EXAMPLE: In 1982, IBM estimated that its pension fund would earn 5.5%. For almost 20
years the earnings rate has almost doubled to 10% (an increase of 4.5%). In 2000, IBM’s
pension assumptions showed that the fund would earn $896 million more than would be needed
to fund its pension fund. This allowed IBM to take that money and add it to its bottom line.
Unfortunately, if the assumption of 10% proves to be too low, sometime in the future IBM is
going to have to take a hefty charge to profits to boost the pension fund so it can meet its pension
obligations.
It is not hard to see how these pension assumptions can be used to manipulate income. By raising
the estimated return on pension funds, income increases, and by decreasing the estimate income
decreases. This method sounds like a great way to manage earnings—a fact that many
organizations have discovered and used.
DISCLOSURE FAILURES
Companies can perpetrate fraud by not reporting pertinent material in their financial statements.
Understanding where fraudulent or inadequate disclosures are most likely to occur is important.
• A study of past disclosure frauds shows that there are five main areas where financial
statements are most susceptible to fraudulent disclosures.
• Understanding these four disclosure schemes will help auditors and others better prevent
and detect disclosure fraud.
2. Failure to disclose significant events. Potentially, there are many events that could
affect the financial statements now or in the future. Among them are product or
manufacturing obsolescence, competitor products, new technology, and actual or
potential lawsuits.
Sec. 3
relationships must be disclosed.
EXAMPLE: In 1997 Tei Fu and Oi-Lin Chen were charged with tax evasion for under reporting
1987-90 income by $125 million. The Chens allegedly had foreign companies they owned that
overcharged Sunrider, their US company, for ingredients. The Chen’s prepared two separate
invoices for each foreign transaction. The one for Customs showed the correct prices. The one
for tax purposes showed the inflated prices (by 50% to 900%). The scheme dramatically
understated Sunrider’s profits and their US tax liability. They paid for the ingredients by wiring
millions of dollars to overseas accounts. To bring the money back into the US, they purchased
real estate and Chinese antiques. To save customs charges they grossly understated the value of
the antiques and other items that they brought into the U.S.
Financial statements are the responsibility of management. Auditors are responsible for attesting
that the financials are presented fairly.
One of the difficulties that auditors have is making sure that all relevant disclosures are in the
financial statements. This difficulty arises from the fact that auditors may not know if
management has disclosed everything that is needed to ensure that the statement fairly presents
the condition of the company financially.
To maximize chances of uncovering items that are not disclosed by management, auditors
should:
1. Request a letter from all of the law firms that the company has used, asking them to let
you know of any potentially damaging lawsuits or other liabilities the company may
have.
2. Compare current and prior financial statements to determine whether the company has
changed accounting principles or methods.
3. Interview key company personnel, such as engineers, sales representatives, shipping and
receiving personnel, and accounting and finance employees. Ask these individuals about
possible significant events. Also, in a nonaccusatory tone, ask if they suspect anyone of
stealing from the company or misrepresenting the company’s financial statements.
4. Carefully review financial institution documentation, looking for undisclosed loan
covenants.
5. Examine legal documents (sales contracts, warranty agreements) to find contingent
liabilities.
6. Search public records (federal and state level) looking for any lawsuits that the company
is a party to. While searching state records, be on the lookout for company officers that
are owners or officers of another corporation.
7. Search the Internet for everything you can on the company and its key officers. Review
newspapers, press releases, biographical sketches, credit reports, etc. Look for clues to
Sec. 3
possible conflicts or controversy.
8. Ask for unrestricted access to company’s filing cabinets. This provides some advantages:
o It is an opportunity to assess how the client reacts. While the client can decline, if the
company puts up strong resistance, perhaps there is a reason why. While many honest
companies will not be too thrilled with the idea of auditors rummaging through their
files and may rebuff such a request, the key to pay attention to is the company’s
reaction to the request.
o When the auditor requests documents, the client has time to omit (or alter) important
accounting evidence. With unrestricted access, the auditor can look for items not in
the books and records such as memos, business plans, competitive and market
information, etc.
o A dishonest client does not have time to manufacture evidence.
Sec. 3